Jump to content
Not connected, Your IP: 3.144.17.181
Sign in to follow this  
Herpetto666

SSL for AirVPN under Ubuntu

Recommended Posts

Hi all,

 

I have just finished configuring the SSL tunnel for AirVPN under Linux (Ubuntu). I think the guide at https://airvpn.org/ssl/ needs to be updated.

If you use

apt-get install stunnel

Ubuntu will install stunnel4, but the softlink which is used in

stunnel "AirVPN <..> - SSL <..>.ssl"

points at version stunnel3.

So first, go to /usr/bin/ and change the softlink to point at stunnel4 instead of 3:

sudo -ln -s /usr/bin/stunnel4 /usr/bin/stunnel

[EDIT from Staff: the correct command is "sudo ln ..."]

 

Second point is, stunnel needs to know where the ssl certificate is located, if you don't point it to the right directory, the connection will end with the error:

End of section stunnel: SSL server needs a certificate

So to get rid of this, you have to go to /etc/stunnel and create a file stunnel.conf (also check the README there for more infos) and in it insert 2 lines:

cert=/path/to/pemkey=/path/to/key

Last but not least you have to generate a stunnel private key:

openssl req -new -x509 -days 365 -nodes

Just remember to put it in the folder, which is listed in the stunnel.conf file.

Now you should be able to run the connection through a tunnel

Because I'm not a Linux wiz, I have used help from the following guides:

Google 
http://serverfault.com/questions/424619/stunnel-not-reading-configuration-file
http://www.onsight.com/faq/stunnel/stunnel-faq-a.html
https://www.stunnel.org/pipermail/stunnel-users/2011-September/003261.html

Share this post


Link to post

Hi,

 

a real clear way of explaining how a/the stunnel works under Ubuntu isn't available here. I think its a great idea from the op the bring this under the footlight.

Yes I get it working. Somehow. But I can't monitor the traffic, although Wireshark is your friend here. And yes but working with many errors in the terminal.

Your post. This:

 

 

sudo -ln -s /usr/bin/stunnel4 /usr/bin/stunnel
 

doesn´ t work. Afaik the syntax is wrong. But indeed there are stunnel3 and stunnel4 files in Ubuntu. That is a potential problem.

 

End of section stunnel: SSL server needs a certificate

 

Sometimes I get a handshake failure, no missing certificates.

 

/etc/stunnel and create a file stunnel.conf

with this:

cert=/path/to/pem
key=/path/to/key

 A bit of a problem. The generator does not provide a .pem afaik. And what key's has to be placed in this file exactly?

 

 

 openssl req -new -x509 -days 365 -nodes
 

Stunnel works "fine" here without this. Although I got many timeout errors.

 

By the way when closing the terminal. Openvpn and stunnel are still active. I kill them with:

 

 

sudo killall openvpn
sudo killall stunnel4
 

 

Share this post


Link to post

How it works here: 

 

Navigate to your /home with the conf. of Airvpn. Mine is .airvpn

Terminal 1

 

cd .airvpn
 

 

 

stunnel4 AirVPN_CH-Virginis_SSL-443.ssl
 

Terminal 2

 

 

cd .airvpn
 

 

 sudo openvpn AirVPN_CH-Virginis_SSL-443.ovpn
 

The server is an example...duh

 

edit to be more exact

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...