Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Stunnel removed with 2.3 ?

    Scheduled Pinned Locked Moved pfSense Packages
    14 Posts 10 Posters 8.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      Kekskrümel
      last edited by

      Hi,

      can't find Stunnel in 2.3 and also can't find any Info in the Changelog.

      Is Stunnel removed, do you plan to bring it back to pfSense if so ?

      Thx & Greetings

      1 Reply Last reply Reply Quote 0
      • chpalmerC
        chpalmer
        last edited by

        Looks to be gone-  refer to this

        https://doc.pfsense.org/index.php/2.3_Removed_Packages

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        1 Reply Last reply Reply Quote 0
        • C
          CS-JS
          last edited by

          Very sad to hear about the removal - any chance it will be back? :)

          1 Reply Last reply Reply Quote 0
          • C
            CS-JS
            last edited by

            Can someone give me a roundabout what time and skills it would take to maintain that package?

            1 Reply Last reply Reply Quote 0
            • C
              Cam73
              last edited by

              I tried installing stunnel manually on PFsense 2.3 but couldn't get it to work. But then I don't really know what I'm doing. I'm a hobbyist network admin with some Linux experience who loves Pfsense, and I really miss stunnel.  I have a installation I cannot upgrade from 2.2, as this has stunnel which I use frequently.

              Just wanted to put my hand up and ask this question also - will stunnel be returning any time soon?

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                what is your use case for stunnel?  Can you not just use openvpn?

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • C
                  cosmoxl
                  last edited by

                  @johnpoz:

                  what is your use case for stunnel?  Can you not just use openvpn?

                  Hello.  I'm new here, registered just to reply to this thread.

                  My use case is actually using stunnel in combination with openvpn.  Some VPN providers (e.g. AirVPN) have the option of tunneling openvpn through an SSL tunnel created by stunnel.

                  This works to defeat throttling/rejection of openvpn traffic detected by deep packet inspection because they would only see an SSL connection, not the openvpn "inside".

                  I would appreciate having this option for my pfsense setup.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    so why not just install it?

                    http://pkg.freebsd.org/freebsd:10:x86:64/latest/All/stunnel-5.31,1.txz

                    Why can you not install this?  You can request it get it added to the pfsense repo..

                    [2.3.1-RELEASE][root@pfSense.local.lan]/tmp: pkg install stunnel-5.31,1.txz
                    Updating pfSense-core repository catalogue…
                    pfSense-core repository is up-to-date.
                    Updating pfSense repository catalogue...
                    Fetching meta.txz: 100%    944 B  0.9kB/s    00:01
                    Fetching packagesite.txz: 100%  104 KiB 106.1kB/s    00:01
                    Processing entries: 100%
                    pfSense repository update completed. 386 packages processed.
                    Checking integrity... done (0 conflicting)
                    The following 1 package(s) will be affected (of 0 checked):

                    New packages to be INSTALLED:
                            stunnel: 5.31,1 [unknown-repository]

                    Proceed with this action? [y/N]: y
                    [1/1] Installing stunnel-5.31,1…
                    ===> Creating groups.
                    Creating group 'stunnel' with gid '341'.
                    ===> Creating users
                    Creating user 'stunnel' with uid '341'.
                    [1/1] Extracting stunnel-5.31,1: 100%
                    Message from stunnel-5.31,1:


                    To create and install a new certificate, type "make cert"

                    And don't forget to check out the FAQ at http://www.stunnel.org/


                    [2.3.1-RELEASE][root@pfSense.local.lan]/tmp:

                    Sure looks like installs to me..

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • C
                      cosmoxl
                      last edited by

                      @johnpoz:

                      so why not just install it?

                      http://pkg.freebsd.org/freebsd:10:x86:64/latest/All/stunnel-5.31,1.txz

                      Why can you not install this?  You can request it get it added to the pfsense repo..

                      [2.3.1-RELEASE][root@pfSense.local.lan]/tmp: pkg install stunnel-5.31,1.txz
                      Updating pfSense-core repository catalogue…
                      pfSense-core repository is up-to-date.
                      Updating pfSense repository catalogue...
                      Fetching meta.txz: 100%    944 B  0.9kB/s    00:01
                      Fetching packagesite.txz: 100%  104 KiB 106.1kB/s    00:01
                      Processing entries: 100%
                      pfSense repository update completed. 386 packages processed.
                      Checking integrity... done (0 conflicting)
                      The following 1 package(s) will be affected (of 0 checked):

                      New packages to be INSTALLED:
                              stunnel: 5.31,1 [unknown-repository]

                      Proceed with this action? [y/N]: y
                      [1/1] Installing stunnel-5.31,1…
                      ===> Creating groups.
                      Creating group 'stunnel' with gid '341'.
                      ===> Creating users
                      Creating user 'stunnel' with uid '341'.
                      [1/1] Extracting stunnel-5.31,1: 100%
                      Message from stunnel-5.31,1:


                      To create and install a new certificate, type "make cert"

                      And don't forget to check out the FAQ at http://www.stunnel.org/


                      [2.3.1-RELEASE][root@pfSense.local.lan]/tmp:

                      Sure looks like installs to me..

                      I'm new here because I'm new to pfsense.  I didn't know to just look at the freebsd repo.  It took me a few minutes to learn that "fetch" is app to use, not wget.  Downloaded the package and it installed just fine.  Thanks.

                      1 Reply Last reply Reply Quote 0
                      • MikeV7896M
                        MikeV7896
                        last edited by

                        Just keep in mind that its settings are not part of pfSense like they may have been when it was an actual pfSense package, so you may want to back up the config file for it separately once you get it working.

                        The S in IOT stands for Security

                        1 Reply Last reply Reply Quote 0
                        • N
                          newlinux
                          last edited by

                          I'm new to pfsense too. I just setup openvpn on port 443 but that's not enough in a couple places, so im looking at stunnel as well. I'm  pretty new to setting up my own vpns and doung anything like stunnel. Did you get it working? Any pointers to getting it setup before I dive in? Thanks.

                          1 Reply Last reply Reply Quote 0
                          • C
                            Cam73
                            last edited by

                            To the software developers/programmers who give us these products - a credit to you, we would not have all this without you!To the newbies and basic admins that "just want it all to work - here is the benefit of my experience.

                            Here's what I did to get stunnel working on pfsense 2.3.

                            pkg add http://pkg.freebsd.org/freebsd:10:x86:64/latest/All/stunnel-5.35_1,1.txz    (as of Aug 2016, check the link in a web browser if it doesn't work)

                            My /usr/local/etc/stunnel/stunnel.conf as follows
                            WAN-IP should in most cases be your static wan ip address, but lan ip works as well.
                            –---------------------------------------------
                            cert = /usr/local/etc/stunnel/stunnel.pem
                            chroot = /var/tmp/stunnel
                            setuid = stunnel
                            setgid = stunnel

                            [stunnel]
                            key = /usr/local/etc/stunnel/f8ea8f75.key
                            cert = /usr/local/etc/stunnel/f8ea8f75.chain
                            local = your-WAN-IP
                            accept = your-WAN-IP:443
                            connect = your-WAN-IP:1194
                            TIMEOUTclose = 0
                            –----------------------------------------------------

                            --OpenVPN server must be be set for TCP and not UDP.

                            Then, if /var/tmp/stunnel doesn't exist we need to create it:

                            mkdir /var/tmp/stunnel

                            then

                            chown -R stunnel:stunnel /var/tmp/stunnel

                            Install the Shellcmd package and add the following under shellcmd so that stunnel starts on boot up:

                            /usr/local/etc/rc.d/stunnel onestart

                            and then start stunnel

                            /usr/local/etc/rc.d/stunnel onestart

                            Diagnostics > sockets  now shows stunnel listening on port 443

                            1 Reply Last reply Reply Quote 0
                            • A
                              abuseif
                              last edited by

                              Hello everyone,

                              I have been trying to make openvpn (Airvpn) to work with Stunnel,  on pfsense version 2.4.1, I managed to install Stunnel from the GUI, and then when I try to create the tunnel from the GUI I could not load the certificate (stunnel.crt) provided by AirVpn. So, the tunnel does not start.  Any help will be appreciated.

                              Also I managed to create the stunnel manually from the configuration file provided by AirVpn (stunnel.ssl), and the tunnel is working fine, when I try to use the openvpn client created by the pfsense  GUI through the manually crated stunnel, it connects to Airvpn but the connection is not stable at all, it stays up for 1 min. and then reconnect again.

                              when I tried to use the manually created stunnel with a manually created openvpn client with the configuration provided by Airvpn (airvpn.ovpn) it works fine and it does not disconnect for more than 2 hours, but I can not route my traffic through this manually created client.

                              I'm sorry it sounds complicated, but I'm relay stuck.

                              Any help will be highly appreciated

                              1 Reply Last reply Reply Quote 0
                              • valnarV
                                valnar
                                last edited by

                                Hey guys.  Sorry to revive a thread but I figured the important people are all here.

                                I was wondering if someone could help with the stunnel package?  Here's the problem we're having in the latest version.
                                https://forum.pfsense.org/index.php?topic=142463

                                It doesn't seem to be running on a reboot, so it's probably just missing an entry somewhere to start it?  I assume it would be easy for a Linux/BSD guy to fix, but alas that's not me.

                                Thank you!

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.