

- #Setting up stunnel with psk how to#
- #Setting up stunnel with psk install#
- #Setting up stunnel with psk windows#
Only TCP tunneling is supported (not UDP).There are some limitations to the stunnel SOCKS implementation however that you should be aware of: It can do so without the need of any additional software, and to top that off, you don’t need to keep any other session active for it to work 2. Stunnel on the other hand, comes with its own implementation of secure SOCKS5, SOCKS4, and SOCKS4a protocol. The most serious problem with such approach, is that you need to have an active SSH connection to the server at all times (That is unless you do some ugly hacking).

To overcome this, a very popular method for setting up a SOCKS server, is to use the OpenSSH port forwarding capability along with its built-in SOCKS support.īut using OpenSSH this way, is not always the best option. SOCKS protocol (including SOCKS5), does not provide any means of encryption by itself 1. SOCKS connections generally has a per connection overhead, which is neglectable. This is specially true when you have a per packet ones. Overhead might not look like a big deal at first, but it adds up. In such cases, setting up a SOCKS proxy might just do the trick.Īnother interesting aspect of SOCKS proxy, is that after the initial per each connection handshake, it doesn’t add much overhead to the underlying traffic.
#Setting up stunnel with psk how to#
How to run stunnel on your android device
#Setting up stunnel with psk install#
To see how to install and setup stunnel on android, take a look at: SOCKS functionality could then be directly used in your phone for apps that support it: Firefox, Telegram, etc. The peer-certificate.pem file needs to contain the server certificate.Stunnel can be used on your Android phone. The following configuration requires stunnel version 4.46 or higher: The ca-certs.pem file contains the certificates of trusted certificate authorities.Īlternatively, a technique known as certificate pinning can be used. The following configuration requires stunnel 5.15 or later: Stunnel can use an existing PKI (Public Key Infrastructure). The "key" option may be omitted if cert.pem also contains the private key. A certificate can also be purchased from one of the available commercial certificate authorities. On Unix platforms, a certificate can be built with "make cert".
#Setting up stunnel with psk windows#
The Windows installer of stunnel automatically builds a certificate.

Unless PSK authentication is configured, each stunnel server needs a certificate with the corresponding private key. The advantage of this configuration is that it does not require individual secrets for each of the clients. Certificatesįor simplicity, this tutorial only covers server authentication. Otherwise, all the clients sharing the same key will have to be reconfigured if the key is compromised. The psk1.txt file only needs a single line: test1:oaP4EishaeSaishei6rio6xeeph3azĮach client needs a separate secret. The psk.txt file contains one line for each client: test1:oaP4EishaeSaishei6rio6xeeph3az Server ConfigurationĪ trivial configuration example: PSK authentication requires stunnel version 5.09 or higher. PSK is also the fastest TLS authentication. It provides both client and server authentication. The easiest way to configure authentication is with PSK (Pre-Shared Key). Client authentication allows for restricting access for individual clients (access control).Server authentication prevents Man-In-The-Middle (MITM) attacks on the encryption protocol.Either the TLS client, the TLS server, or both need to be authenticated:
