Jump to content
Not connected, Your IP: 54.173.229.84
agarret

howto: Linux + NetworkManager + stunnel

Recommended Posts

Hi,

 

I've been using AirVPN for almost a year now and I am very pleased, thanks AirVPN.

 

I need the SSL tunnel to be able to connect, which always meant manually starting stunnel and openvpn from console. (I know about Eddie, but no thanks, thats not my style .

But today I figured out how to automaticly connect using a systemd service for stunnel and a slight route adjustment.

 

Disclaimer: i am no network expert and might be doing something horribly wrong, but this works for me and seems legit.

 

If you want to follow this guide, you should be familiar with these excellent guides: https://airvpn.org/ssl/   and https://airvpn.org/topic/11432-using-airvpn-with-ubuntu-network-manager/

 

1. stunnel service

2. Add route to your network device

3. Import VPN

 

1.) Go to https://airvpn.org/generator/, select SSL, you know, the usual stuff

Place the .ssl file and the certificate (.crt) somewhere (lets say /airvpn/airvpn.ssl and /airvpn/airvpn.crt)

 

Create a file

    /etc/systemd/system/airvpn_stunnel.service

 

[unit]
Description=Stunnel

[service]
ExecStart=/bin/stunnel /airvpn/airvpn.ssl

[install]
WantedBy=default.target

 

Enable the service

  systemctl enable airvpn_stunnel

 

2. Add a route to your connection (e.g. your ethernet connection)

When you add a vpn connection all* connections go through the vpn tunnel, but your ssl tunnel should not!

This is why you should add a route, that explicitly states to connect to your vpn server normally.

Get your server ip ( <IP> )

Edit your connnection -> IPv4 -> Routes add a route with 

   Address: <VPN Ip>

   Netmask: 255.255.255.255

   Gateway:  your 'normal' gateway, usually your router, something like 192.168.1.1
 

3. Import the .ovpn file  (*chm chm*  https://airvpn.org/topic/11432-using-airvpn-with-ubuntu-network-manager/)

 

You should now be able to connect to your favorite VPN server through a ssl tunnel using networkmanager.

 

 

Good luck

 

- someonefromyourintranet

Share this post


Link to post

Hello!

 

Thank you for sharing your knowledge with us and making a contribution to the community! . Very nice of you.

Be right back, I need to give Eddie a pat on the back and tell him you still love him and will remain friends


Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you.
Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily.

Share this post


Link to post

Just a small security notice:

Stunnel is able to run custom executables using the "exec = EXECUTABLE_PATH"

command, which can be placed in the .ssl config file.

 

So when you create a random .ssl file, such as in your example in /airvpn/airvpn.ssl,

make sure to set proper permissions on it for your current user, or the user you intend

to run stunnel with.

Otherwise, if the permissions are too open, a malicious program will be able to modify

the content of the .ssl file and launch itself under the context of the stunnel uid/gid.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...