courteousorbit 2 Posted ... so ive got Stunnel up and running , im using the Stunnel Package from the Pfsense Gui , now in my System log it says :" Service [Stunnel] needs authentication to prevent MITM attacks" Question is ,how do i add the Stunnel.crt , since when i open it up in notepad im not getting the private key data, only the certificate data, i want to add the Stunnel.crt to use in the Stunnel Options and not any Command line please , ive seen those threads , thanks Quote Share this post Link to post
go558a83nk 364 Posted ... I've wondered the same thing! Just posting so that I get notified of any real answer. Quote Share this post Link to post
Staff 10016 Posted ... Hello, we wish (in our setup, we mean) that stunnel accepts any connection to bypass restrictions, even when it will have certificate replacement and therefore it is subjected to MITM exploits. The integrity and data security layer is ensured by the underlying OpenVPN tunnel. stunnel is not there to add anything to security when you use OpenVPN over SSL, it is there to try to punch a hole in the filters through which OpenVPN can establish its tunnel. Kind regards Quote Share this post Link to post
courteousorbit 2 Posted ... Sorry for the late reply , busy as usual, anyhow, so youre saying to me the Stunnel.crt is nothing we require for a secure Stunnel setup in Pfsense, and yes id prefer even thou OpenVpn traffic is encrypted not to have my traffic blocked by man in the middle attacks leaking my obfuscated stunnel traffic as Vpn traffic , if thats understandable, thanks Quote Share this post Link to post
cosmoresearcher 0 Posted ... Could the staf confirm that certificate is not required for stunnel on PFsense? Quote Share this post Link to post
Staff 10016 Posted ... Hello, once again: we wish (in our setup, we mean) that stunnel accepts any connection to bypass restrictions, even when it will have certificate replacement and therefore it is subjected to MITM exploits. The integrity and data security layer is ensured by the underlying OpenVPN tunnel. stunnel is not there to add anything to security when you use OpenVPN over SSL, it is there to try to punch a hole in the filters through which OpenVPN can establish its tunnel. In other words, the stunnel configuration is intentionally "insecure", as in our case stunnel must "punch a hole" and nothing else, while all the packets security, integrity, authentication etc. is up to the underlying ("inside" stunnel) OpenVPN tunnel. Kind regards Quote Share this post Link to post