SSL for AirVPN under Ubuntu

[Herpetto666 2]

Hi all,

 

I have just finished configuring the SSL tunnel for AirVPN under Linux (Ubuntu). I think the guide at https://airvpn.org/ssl/ needs to be updated.

If you use

apt-get install stunnel

Ubuntu will install stunnel4, but the softlink which is used in

stunnel "AirVPN <..> - SSL <..>.ssl"

points at version stunnel3.

So first, go to /usr/bin/ and change the softlink to point at stunnel4 instead of 3:

sudo -ln -s /usr/bin/stunnel4 /usr/bin/stunnel

[EDIT from Staff: the correct command is "sudo ln ..."]

 

Second point is, stunnel needs to know where the ssl certificate is located, if you don't point it to the right directory, the connection will end with the error:

End of section stunnel: SSL server needs a certificate

So to get rid of this, you have to go to /etc/stunnel and create a file stunnel.conf (also check the README there for more infos) and in it insert 2 lines:

cert=/path/to/pemkey=/path/to/key

Last but not least you have to generate a stunnel private key:

openssl req -new -x509 -days 365 -nodes

Just remember to put it in the folder, which is listed in the stunnel.conf file.

Now you should be able to run the connection through a tunnel

Because I'm not a Linux wiz, I have used help from the following guides:

Google 
http://serverfault.com/questions/424619/stunnel-not-reading-configuration-file
http://www.onsight.com/faq/stunnel/stunnel-faq-a.html
https://www.stunnel.org/pipermail/stunnel-users/2011-September/003261.html

[choq 7]

Hi,

 

a real clear way of explaining how a/the stunnel works under Ubuntu isn't available here. I think its a great idea from the op the bring this under the footlight.

Yes I get it working. Somehow. But I can't monitor the traffic, although Wireshark is your friend here. And yes but working with many errors in the terminal.

Your post. This:

 

 

sudo -ln -s /usr/bin/stunnel4 /usr/bin/stunnel
 

doesn´ t work. Afaik the syntax is wrong. But indeed there are stunnel3 and stunnel4 files in Ubuntu. That is a potential problem.

 

End of section stunnel: SSL server needs a certificate

 

Sometimes I get a handshake failure, no missing certificates.

 

/etc/stunnel and create a file stunnel.conf

with this:

cert=/path/to/pem
key=/path/to/key

 A bit of a problem. The generator does not provide a .pem afaik. And what key's has to be placed in this file exactly?

 

 

 openssl req -new -x509 -days 365 -nodes
 

Stunnel works "fine" here without this. Although I got many timeout errors.

 

By the way when closing the terminal. Openvpn and stunnel are still active. I kill them with:

 

 

sudo killall openvpn
sudo killall stunnel4
 

 

[choq 7]

How it works here: 

 

Navigate to your /home with the conf. of Airvpn. Mine is .airvpn

Terminal 1

 

cd .airvpn
 

 

 

stunnel4 AirVPN_CH-Virginis_SSL-443.ssl
 

Terminal 2

 

 

cd .airvpn
 

 

 sudo openvpn AirVPN_CH-Virginis_SSL-443.ovpn
 

The server is an example...duh

 

edit to be more exact