Hi Derek, You will need a proxy software on your server as the endpoint. (For e.g. squid)
If you are emulating a VPN, then you'd need a VPN software (OpenVPN) as the endpoint. On 23 Oct 2014 22:08, "Derek Cole" <[email protected]> wrote: > Hello, > > Is it possible to use stunnel server as a transparent proxy? I was digging > through the manpage and I see the > > transparent= > > option. What I would like to do is have an stunnel client connect to the > stunnel server, and once traffic is at the server, go to the original > destination that the traffic going to the stunnel client was destined for. > > I.E. Can I have firefox proxy to my stunnel client, which connects to my > stunnel server, and then that traffic goes to whatever website the end user > was trying to hit in firefox? > > > My Stunnel server is on a CentOS box: > > [root@CentOSTunTest ~]# uname -a > Linux CentOSTunTest 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC > 2013 x86_64 x86_64 x86_64 GNU/Linux > > And my stunnel.conf > > foreground = yes >> debug = 7 >> options = NO_SSLv2 >> fips = no >> output=/usr/local/etc/stunnel/stunnel.log >> >> >> [https] >> cert=/usr/local/etc/stunnel/stunnel.pem >> accept = 443 >> connect = 80 >> >> [Internet] >> cert=/usr/local/etc/stunnel/stunnel.pem >> sni = https:Internet >> transparent=destination >> > > > So basically in the transparent option is Internet is what I am wondering > if it works the way I expect. I see this in the log file: > > 2014.10.23 09:57:05 LOG3[11414]: setsockopt SO_ORIGINAL_DST: Protocol not > available (92) > 2014.10.23 09:57:05 LOG5[11414]: Connection reset: 0 byte(s) sent to SSL, > 0 byte(s) sent to socket > > I see this in the stunnel manpage: > > For a connect target installed on the same host: > > /sbin/iptables -t nat -I OUTPUT -p tcp --dport <redirected_port> \ > -m ! --uid-owner <stunnel_user_id> \ > -j DNAT --to-destination <local_ip>:<stunnel_port> > > For a connect target installed on a remote host: > > /sbin/iptables -I INPUT -i eth0 -p tcp --dport <stunnel_port> -j ACCEPT > /sbin/iptables -t nat -I PREROUTING -p tcp --dport <redirected_port> \ -i > eth0 -j DNAT --to-destination <local_ip>:<stunnel_port> > > > What does it mean "for a connect target installed on the same host" > I thought transparent meant I was not using a connect target except the > original destination. Does this mean I should implement the IPTables for a > remote host, since I want my client to just reach the internet? > > > Thanks for the help in advance! > > > > > > > > _______________________________________________ > stunnel-users mailing list > [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > >
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
