通过Stunnel隧道加密流量
测试环境
- Server
Ubuntu 18.04
- Client
Windows 10 1903
- Software
stunnel 5.44
实验步骤
Server配置
-
安装stunnel
sudo yum install -y stunnel
-
生成证书
1 2 3
sudo openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel.pem sudo cp -R stunnel.pem /etc/stunnel/ sudo chmod 644 /etc/stunnel/stunnel.pem
-
配置stunnel.conf文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
pid = /var/run/stunnel4/stunnel.pid debug=7 output = /var/log/stunnel4/stunnel.log socket=l:TCP_NODELAY=1 socket=r:TCP_NODELAY=1 fips=no sslVersion = TLSv1 client=no cert = /etc/stunnel/stunnel.pem key = /etc/stunnel/stunnel.pem CAfile=/etc/stunnel/stunnel.pem verify = 3 [test] ;监听端口 accept = 9001 ;要转发到的地址 connect = 127.0.0.1:5000
-
防火墙等配置略
-
开启服务
sudo stunnel4 /etc/stunnel/stunnel.conf
客户端配置
-
安装stunnel略
-
配置stunnel.conf文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
debug = 7 output = E:\log\stunnel.log socket=l:TCP_NODELAY=1 socket=r:TCP_NODELAY=1 ;服务器生成的证书 cert = C:\Program Files (x86)\stunnel\config\stunnel.pem fips=no sslVersion = TLSv1 client=yes [vpn] ;本地监听端口 accept = 8089 ;转发到服务器对应端口 connect = 192.1.23.12:9001
-
启动服务
说明
实验效果是所有需要加密转发的流量,直接转到本地端口,然后本地端口加密后,转发到服务器对应的端口,由服务器进行解密后再转发到最终需要到达的地址,回传一样道理。