Setting up stunnel on dd-wrt

[123]

I'm with Pete; just add what you need and leave the rest untouched. I modified the [ssmtp] section and, if memory serves me correctly, uncommented the "client = yes " line.

FWIW
Now that I'm a bit more comfortable with Tomato, I installed pixelserv and an ad-blocking script. Ads on a web-page are redirected to pixelserv which delivers a gif file containing a single transparent pixel. In other words, no ads are displayed in any browser (on PC, phone, or tablet) within the house ("whole home ad-blocking").

 

[CAI_Support]

Sorry for digging up this old thread, does anyone know how to setup stunnel on ASUS AC-68U wifi router?

 

[pete_c]

Its just a few steps.
 
1 - ipkg install stunnel
If you get an error then you need to install Optware on your DD-WRT box.
 
2 - edit the stunnel.config file
An example provided by a CT member of an important section is:

; Use it for client mode
client = yes

[smtp]
accept=5999
connect=<server>:465

 
3 - paste the following in the Startup section of the Administration...Commands tab in the GUI:
 

/opt/sbin/stunnel&

 
4 - reboot your box.

 

[John11]

I need a little help with STUNNEL on TOMATOUSB and a RT-N66U.
 
I successfully installed optware on a usb flash drive (ext3).  After that, I have this this error when I try to install STUNNEL: 
 

Installing stunnel (4.26-2) to /opt/...  Downloading http://ipkg.nslu2-linux.org/feeds/optware/ddwrt/cross/stable/stunnel_4.26-2_mipsel.ipk  Configuring stunnel    Creating /opt/etc/stunnel/stunnel.pem (server certificate) ...  Generating a 1024 bit RSA private key  .................................++++++  ...++++++  unable to write 'random state'  writing new private key to '/opt/etc/stunnel/stunnel.pem'  -----  You are about to be asked to enter information that will be incorporated  into your certificate request.  What you are about to enter is what is called a Distinguished Name or a DN.  There are quite a few fields but you can leave some blank  For some fields there will be a default value,  If you enter '.', the field will be left blank.  -----  Country Name (2 letter code) [PL]roblems making Certificate Request  unable to load certificate 

5053:error:0906D06CEM routinesEM_read_bio:no start lineem_lib.c:645:Expecting: TRUSTED CERTIFICATE 
2015.03.17 19:12:07 LOG7[5057:1024]: RAND_status claims sufficient entropy for the PRNG 
2015.03.17 19:12:07 LOG7[5057:1024]: PRNG seeded successfully 
2015.03.17 19:12:07 LOG4[5057:1024]: Wrong permissions on /opt/etc/stunnel/stunnel.pem 
2015.03.17 19:12:07 LOG7[5057:1024]: Certificate: /opt/etc/stunnel/stunnel.pem 
2015.03.17 19:12:07 LOG3[5057:1024]: Error reading certificate file: /opt/etc/stunnel/stunnel.pem 
2015.03.17 19:12:07 LOG3[5057:1024]: error stack: 140DC009 : error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_fileEM lib  2015.03.17 19:12:07 LOG3[5057:1024]: SSL_CTX_use_certificate_chain_file: 906D06C: error:0906D06CEM routinesEM_read_bio:no start line  postinst script returned status 1  ERROR: stunnel.postinst returned 1  Successfully terminated. 
 
 
I can CHMOD the stunnel.pem to 600 and the "wrong permissions" error is gone.
 
But, I can't get the service to start:
 

2015.03.17 20:56:41 LOG7[6334:1024]: RAND_status claims sufficient entropy for the PRNG 
2015.03.17 20:56:41 LOG7[6334:1024]: PRNG seeded successfully 
2015.03.17 20:56:41 LOG7[6334:1024]: Certificate: /opt/etc/stunnel/stunnel.pem 
2015.03.17 20:56:41 LOG3[6334:1024]: Error reading certificate file: /opt/etc/stunnel/stunnel.pem 
2015.03.17 20:56:41 LOG3[6334:1024]: error stack: 140DC009 : error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_fileEM lib 
2015.03.17 20:56:41 LOG3[6334:1024]: SSL_CTX_use_certificate_chain_file: 906D06C: error:0906D06CEM routinesEM_read_bio:no start line  
 
 
Any help will be welcomed please.

 

[John11]

Ok I found my problem.  You have to use TELNET to install the package.  I was using the system commands in GUI of tomato shibby.

 

[pete_c]

Good news John.
 
Your post reminded me about moving my stunnel instance over to the PFSense firewall.  It is a plugnplay installation offered as an optional plugin.
 
Update link shows:  (its just a click and install thing).
 

 
The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote servers. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the program's code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries. It calls the underlying crypto libraries, allowing stunnel to support whatever cryptographic algorithms were compiled into the crypto package.