I'm ultimately trying to get this to connect into Google's Secure LDAP service and I've tried referencing quite a few articles to no avail.
I've been trying every combination I can think of but have not been able to get this to work. I figured I'd shift gears from r/gsuite over to hear as this seems to have nothing to do with the secure ldap system.yet This entry was posted in Uncategorized by Angus. The interested reader should look into FoxyProxy to see how this might be used. So the final configuration looks like this. There is usually one other modification I have in my ssh config and that is a DynamicProxy so that stateful packet inspection doesn’t interfere. Prox圜ommand /usr/bin/socat - OPENSSL::443,verify=0 If you get errors from Prox圜ommand about your keys or if you used a self signed certificate you will need to turn off key verification. Prox圜ommand /usr/bin/socat - OPENSSL::443įrom the client you should now be able to connect to your server by doing Add the section below to your ~/.ssh/config on your client machine The ssh session needs to wrapped in the ssl session to be able to connect to the server so I used the ssh Prox圜ommand to accomplish this. Once all of the above is complete and assuming that you have an ssh server that you can connect to on port 22 of your server the ssh client can be setup to use the ssl tunnel. This would be another good time to test the stunnel -> sslh -> httpd redirection by visiting “” in your browser. The sslh documentation says that OpenVPN, tinc, XMPP are also supported but I didn’t need those so my configuration doesn’t support them. The minimum services I wanted are ssh and http so my configuration in /etc/default/sslh looks like this. Sslh will redirect the sessions decrypted by stunnel to the correct port on your server. To prep for the sslh configuration changeĪnd then restart stunnel again. Restart stunnel to use the new configuration.Īt this point you can test the stunnel setup by going to “” with your browser and you will have a secure connection to your http server. You also need to enable stunnel in /etc/default/nf by setting ENABLED=1 So the setup in /etc/stunnel/nf I am using looks like thisĬert = /etc/letsencrypt/live//fullchain.pem I think he’s limited the ciphers for increased security but I found it was not necessary. With your certificate installed on the server you can now setup stunnel to use it. You could also use a self signed key but that may cause you problems with stateful firewalls. Just follow letsencrypt’s documentation to generate a key for your "" that will get used in the rest of these instructions.
Stunnel ciphers how to#
I’m not going to go into how to get the certificate as there are too many ways depending on your configuration. The easiest way to do this is to use letsencypt’s certbot.
Stunnel ciphers software#
Setup letsencrypt keysįor the SSL connection to be secure and trusted by browsers and other software you need to have a certificate signed by a recognised certificate authority. Once the setup below is complete your https connections will get seamlessly forwarded to port 80. The instructions below will also conflict with a webserver listening on port 443 ( https ) so you’ll need to disable it. The instructions below assume you are using Ubuntu 16.04 but they will work for other Linuxes with minor modifications.
0 kommentar(er)
