Jump to content


Photo
- - - - -

Setting up stunnel on dd-wrt


  • Please log in to reply
50 replies to this topic

#46 123

123

    Cocoonut

  • Registered
  • PipPipPipPip
  • 2011 posts
  • Location:Montreal, QC
  • Experience:average
  • Software:Premise
  • Hardware:Elk M1

Posted 02 June 2012 - 12:47 PM

I'm with Pete; just add what you need and leave the rest untouched. I modified the [ssmtp] section and, if memory serves me correctly, uncommented the "client = yes " line.

FWIW
Now that I'm a bit more comfortable with Tomato, I installed pixelserv and an ad-blocking script. Ads on a web-page are redirected to pixelserv which delivers a gif file containing a single transparent pixel. In other words, no ads are displayed in any browser (on PC, phone, or tablet) within the house ("whole home ad-blocking").

Edited by 123, 02 June 2012 - 12:56 PM.


#47 CAI_Support

CAI_Support

    Cocoonut

  • Manufacturers
  • PipPipPipPip
  • 1865 posts
  • Location:California

Posted 26 February 2015 - 02:09 PM

Sorry for digging up this old thread, does anyone know how to setup stunnel on ASUS AC-68U wifi router?



#48 pete_c

pete_c

    Cocoonut

  • -=Gold Supporter=-
  • 5462 posts
  • Location:House
  • Experience:average
  • Software:Main Lobby, Open Source Automation
  • Hardware:HAI OmniPro II, Mi Casa Verde Vera, Ocelot
  • Tech:X10-PLC, X10-RF, UPB, INSTEON, Z-Wave, ZigBee, 1-Wire, xAP, xPL, ALC
  • Audio:Russound
  • Video:MythTV
  • CCTV:analog, ip, dvr
  • Phone:Asterisk, FreePBX, Ooma, POTS, VoIP via ISP

Posted 26 February 2015 - 07:55 PM

Its just a few steps.

 

1 - ipkg install stunnel

If you get an error then you need to install Optware on your DD-WRT box.

 

2 - edit the stunnel.config file

An example provided by a CT member of an important section is:

; Use it for client mode
client
= yes

[smtp]
accept=5999
connect=<server>:465

 

3 - paste the following in the Startup section of the Administration...Commands tab in the GUI:

 

/opt/sbin/stunnel&

 

4 - reboot your box.



#49 John11

John11

    Newbie

  • New Member
  • Pip
  • 2 posts

Posted 17 March 2015 - 07:58 PM

I need a little help with STUNNEL on TOMATOUSB and a RT-N66U.

 

I successfully installed optware on a usb flash drive (ext3).  After that, I have this this error when I try to install STUNNEL: 

 

Installing stunnel (4.26-2) to /opt/...  Downloading http://ipkg.nslu2-linux.org/feeds/optware/ddwrt/cross/stable/stunnel_4.26-2_mipsel.ipk  Configuring stunnel    Creating /opt/etc/stunnel/stunnel.pem (server certificate) ...  Generating a 1024 bit RSA private key  .................................++++++  ...++++++  unable to write 'random state'  writing new private key to '/opt/etc/stunnel/stunnel.pem'  -----  You are about to be asked to enter information that will be incorporated  into your certificate request.  What you are about to enter is what is called a Distinguished Name or a DN.  There are quite a few fields but you can leave some blank  For some fields there will be a default value,  If you enter '.', the field will be left blank.  -----  Country Name (2 letter code) [PL]:problems making Certificate Request  unable to load certificate  

5053:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:645:Expecting: TRUSTED CERTIFICATE  
2015.03.17 19:12:07 LOG7[5057:1024]: RAND_status claims sufficient entropy for the PRNG  
2015.03.17 19:12:07 LOG7[5057:1024]: PRNG seeded successfully  
2015.03.17 19:12:07 LOG4[5057:1024]: Wrong permissions on /opt/etc/stunnel/stunnel.pem  
2015.03.17 19:12:07 LOG7[5057:1024]: Certificate: /opt/etc/stunnel/stunnel.pem  
2015.03.17 19:12:07 LOG3[5057:1024]: Error reading certificate file: /opt/etc/stunnel/stunnel.pem  
2015.03.17 19:12:07 LOG3[5057:1024]: error stack: 140DC009 : error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib  2015.03.17 19:12:07 LOG3[5057:1024]: SSL_CTX_use_certificate_chain_file: 906D06C: error:0906D06C:PEM routines:PEM_read_bio:no start line  postinst script returned status 1  ERROR: stunnel.postinst returned 1  Successfully terminated. 

 

 

I can CHMOD the stunnel.pem to 600 and the "wrong permissions" error is gone.

 

But, I can't get the service to start:

 


2015.03.17 20:56:41 LOG7[6334:1024]: RAND_status claims sufficient entropy for the PRNG 
2015.03.17 20:56:41 LOG7[6334:1024]: PRNG seeded successfully 
2015.03.17 20:56:41 LOG7[6334:1024]: Certificate: /opt/etc/stunnel/stunnel.pem 
2015.03.17 20:56:41 LOG3[6334:1024]: Error reading certificate file: /opt/etc/stunnel/stunnel.pem 
2015.03.17 20:56:41 LOG3[6334:1024]: error stack: 140DC009 : error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib 

2015.03.17 20:56:41 LOG3[6334:1024]: SSL_CTX_use_certificate_chain_file: 906D06C: error:0906D06C:PEM routines:PEM_read_bio:no start line  

 

 

Any help will be welcomed please.



#50 John11

John11

    Newbie

  • New Member
  • Pip
  • 2 posts

Posted 18 March 2015 - 02:37 PM

Ok I found my problem.  You have to use TELNET to install the package.  I was using the system commands in GUI of tomato shibby.



#51 pete_c

pete_c

    Cocoonut

  • -=Gold Supporter=-
  • 5462 posts
  • Location:House
  • Experience:average
  • Software:Main Lobby, Open Source Automation
  • Hardware:HAI OmniPro II, Mi Casa Verde Vera, Ocelot
  • Tech:X10-PLC, X10-RF, UPB, INSTEON, Z-Wave, ZigBee, 1-Wire, xAP, xPL, ALC
  • Audio:Russound
  • Video:MythTV
  • CCTV:analog, ip, dvr
  • Phone:Asterisk, FreePBX, Ooma, POTS, VoIP via ISP

Posted 18 March 2015 - 03:16 PM

Good news John.

 

Your post reminded me about moving my stunnel instance over to the PFSense firewall.  It is a plugnplay installation offered as an optional plugin.

 

Update link shows:  (its just a click and install thing).

 

Attached File  pfsense-stunnel.jpg   12.51K   5 downloads

 

The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote servers. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the program's code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries. It calls the underlying crypto libraries, allowing stunnel to support whatever cryptographic algorithms were compiled into the crypto package.

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users