OpenVPN through Stunnel



  • Looked at various guides in getting openvpn to work through stunnel on my fairly-fresh/mint Linode VPS server. (running Ubuntu 18.04 LTS in case it matters)

    no luck all afternoon and fresh out of ideas. What I've done is below. welcome any ideas on how to fix.

    I have openvpn (without the stunnel) working on my windows laptop
    copy the .ovpn file - change the line with the VPS IP and 1194 to 127.0.0.1 20000

    Have the stunnel sorted to take the openvpn from port 20000 and put to my VPS on port 20001

    tcpdump shows activity on 20001 when I try to connect

    however the openvpn log is

    client openvpn is showing:

    Sun Feb 23 22:31:06 2020 TCP connection established with [AF_INET]127.0.0.1:20000
    Sun Feb 23 22:31:06 2020 TCP_CLIENT link local: (not bound)
    Sun Feb 23 22:31:06 2020 TCP_CLIENT link remote: [AF_INET]127.0.0.1:20000
    Sun Feb 23 22:31:06 2020 MANAGEMENT: >STATE:1582468266,WAIT,,,,,,
    Sun Feb 23 22:31:08 2020 Connection reset, restarting [-1]
    Sun Feb 23 22:31:08 2020 SIGUSR1[soft,connection-reset] received, process restarting
    Sun Feb 23 22:31:08 2020 MANAGEMENT: >STATE:1582468268,RECONNECTING,connection-reset,,,,,
    Sun Feb 23 22:31:08 2020 Restart pause, 5 second(s)

    server side openvpn logs show the following:

    linode_tcp/XXXXX:60802 Incoming Data Channel: Cipher 'AES-256-GCM' initi
    alized with 256 bit key
    linode_tcp/XXXXX:60802 Connection reset, restarting [-1]
    linode_tcp/XXXXX:60802 SIGUSR1[soft,connection-reset] received, client-i
    nstance restarting



  • @kellytrinh

    Two questions, why are you trying to run a VPN over another encrypted connection? Also, doesn't Stunnel only support TCP? That means you'd have to run OpenVPN via TCP, instead of the normal UDP.



  • I am planning to use this setup in China where they block OpenVPN by packet inspection. By using stunnel, hoping to have additional layer so the Govt can't tell it is VPN traffic. I understand there is a performance hit but would be better than being blocked.



  • @kellytrinh

    Ah yes, the Great Firewall of China. Still, if you run OpenVPN, you'll need to use TCP. Are you doing that?


Log in to reply