Jump to content
Not connected, Your IP: 3.135.193.166
courteousorbit

Help with Pfsense 2.4.4_3 and Stunnel.crt

Recommended Posts

so ive got Stunnel up and running  , im using the Stunnel Package from the Pfsense Gui , now in my System log it says :" Service [Stunnel] needs authentication to prevent MITM attacks"  Question is ,how do i add the Stunnel.crt , since when i open it up in notepad im not getting the private key data, only the certificate data, i want to add the Stunnel.crt to use in the Stunnel Options and not any Command line please , ive seen those threads , thanks

Share this post


Link to post

Hello,

we wish (in our setup, we mean) that stunnel accepts any connection to bypass restrictions, even when it will have certificate replacement and therefore it is subjected to MITM exploits. The integrity and data security layer is ensured by the underlying OpenVPN tunnel. stunnel is not there to add anything to security when you use OpenVPN over SSL, it is there to try to punch a hole in the filters through which OpenVPN can establish its tunnel.

Kind regards
 

Share this post


Link to post

Sorry for the late reply , busy as usual, anyhow, so youre saying to me the Stunnel.crt is nothing we require for a secure Stunnel setup in Pfsense, and yes id prefer even thou OpenVpn traffic is encrypted not to have my traffic blocked by man in the middle attacks leaking my obfuscated stunnel traffic as Vpn traffic , if thats understandable, thanks

Share this post


Link to post

Hello,

once again:

we wish (in our setup, we mean) that stunnel accepts any connection to bypass restrictions, even when it will have certificate replacement and therefore it is subjected to MITM exploits. The integrity and data security layer is ensured by the underlying OpenVPN tunnel. stunnel is not there to add anything to security when you use OpenVPN over SSL, it is there to try to punch a hole in the filters through which OpenVPN can establish its tunnel.

In other words, the stunnel configuration is intentionally "insecure", as in our case stunnel must "punch a hole" and nothing else, while all the packets security, integrity, authentication etc. is up to the underlying ("inside" stunnel) OpenVPN tunnel.

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...