Stunnel removed with 2.3 ?
-
Hi,
can't find Stunnel in 2.3 and also can't find any Info in the Changelog.
Is Stunnel removed, do you plan to bring it back to pfSense if so ?
Thx & Greetings
-
Looks to be gone- refer to this
-
Very sad to hear about the removal - any chance it will be back? :)
-
Can someone give me a roundabout what time and skills it would take to maintain that package?
-
I tried installing stunnel manually on PFsense 2.3 but couldn't get it to work. But then I don't really know what I'm doing. I'm a hobbyist network admin with some Linux experience who loves Pfsense, and I really miss stunnel. I have a installation I cannot upgrade from 2.2, as this has stunnel which I use frequently.
Just wanted to put my hand up and ask this question also - will stunnel be returning any time soon?
-
what is your use case for stunnel? Can you not just use openvpn?
-
what is your use case for stunnel? Can you not just use openvpn?
Hello. I'm new here, registered just to reply to this thread.
My use case is actually using stunnel in combination with openvpn. Some VPN providers (e.g. AirVPN) have the option of tunneling openvpn through an SSL tunnel created by stunnel.
This works to defeat throttling/rejection of openvpn traffic detected by deep packet inspection because they would only see an SSL connection, not the openvpn "inside".
I would appreciate having this option for my pfsense setup.
-
so why not just install it?
http://pkg.freebsd.org/freebsd:10:x86:64/latest/All/stunnel-5.31,1.txz
Why can you not install this? You can request it get it added to the pfsense repo..
[2.3.1-RELEASE][root@pfSense.local.lan]/tmp: pkg install stunnel-5.31,1.txz
Updating pfSense-core repository catalogue…
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
Fetching meta.txz: 100% 944 B 0.9kB/s 00:01
Fetching packagesite.txz: 100% 104 KiB 106.1kB/s 00:01
Processing entries: 100%
pfSense repository update completed. 386 packages processed.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):New packages to be INSTALLED:
stunnel: 5.31,1 [unknown-repository]Proceed with this action? [y/N]: y
[1/1] Installing stunnel-5.31,1…
===> Creating groups.
Creating group 'stunnel' with gid '341'.
===> Creating users
Creating user 'stunnel' with uid '341'.
[1/1] Extracting stunnel-5.31,1: 100%
Message from stunnel-5.31,1:
To create and install a new certificate, type "make cert"
And don't forget to check out the FAQ at http://www.stunnel.org/
[2.3.1-RELEASE][root@pfSense.local.lan]/tmp:
Sure looks like installs to me..
-
so why not just install it?
http://pkg.freebsd.org/freebsd:10:x86:64/latest/All/stunnel-5.31,1.txz
Why can you not install this? You can request it get it added to the pfsense repo..
[2.3.1-RELEASE][root@pfSense.local.lan]/tmp: pkg install stunnel-5.31,1.txz
Updating pfSense-core repository catalogue…
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
Fetching meta.txz: 100% 944 B 0.9kB/s 00:01
Fetching packagesite.txz: 100% 104 KiB 106.1kB/s 00:01
Processing entries: 100%
pfSense repository update completed. 386 packages processed.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):New packages to be INSTALLED:
stunnel: 5.31,1 [unknown-repository]Proceed with this action? [y/N]: y
[1/1] Installing stunnel-5.31,1…
===> Creating groups.
Creating group 'stunnel' with gid '341'.
===> Creating users
Creating user 'stunnel' with uid '341'.
[1/1] Extracting stunnel-5.31,1: 100%
Message from stunnel-5.31,1:
To create and install a new certificate, type "make cert"
And don't forget to check out the FAQ at http://www.stunnel.org/
[2.3.1-RELEASE][root@pfSense.local.lan]/tmp:
Sure looks like installs to me..
I'm new here because I'm new to pfsense. I didn't know to just look at the freebsd repo. It took me a few minutes to learn that "fetch" is app to use, not wget. Downloaded the package and it installed just fine. Thanks.
-
Just keep in mind that its settings are not part of pfSense like they may have been when it was an actual pfSense package, so you may want to back up the config file for it separately once you get it working.
-
I'm new to pfsense too. I just setup openvpn on port 443 but that's not enough in a couple places, so im looking at stunnel as well. I'm pretty new to setting up my own vpns and doung anything like stunnel. Did you get it working? Any pointers to getting it setup before I dive in? Thanks.
-
To the software developers/programmers who give us these products - a credit to you, we would not have all this without you!To the newbies and basic admins that "just want it all to work - here is the benefit of my experience.
Here's what I did to get stunnel working on pfsense 2.3.
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/latest/All/stunnel-5.35_1,1.txz (as of Aug 2016, check the link in a web browser if it doesn't work)
My /usr/local/etc/stunnel/stunnel.conf as follows
WAN-IP should in most cases be your static wan ip address, but lan ip works as well.
–---------------------------------------------
cert = /usr/local/etc/stunnel/stunnel.pem
chroot = /var/tmp/stunnel
setuid = stunnel
setgid = stunnel[stunnel]
key = /usr/local/etc/stunnel/f8ea8f75.key
cert = /usr/local/etc/stunnel/f8ea8f75.chain
local = your-WAN-IP
accept = your-WAN-IP:443
connect = your-WAN-IP:1194
TIMEOUTclose = 0
–------------------------------------------------------OpenVPN server must be be set for TCP and not UDP.
Then, if /var/tmp/stunnel doesn't exist we need to create it:
mkdir /var/tmp/stunnel
then
chown -R stunnel:stunnel /var/tmp/stunnel
Install the Shellcmd package and add the following under shellcmd so that stunnel starts on boot up:
/usr/local/etc/rc.d/stunnel onestart
and then start stunnel
/usr/local/etc/rc.d/stunnel onestart
Diagnostics > sockets now shows stunnel listening on port 443
-
Hello everyone,
I have been trying to make openvpn (Airvpn) to work with Stunnel, on pfsense version 2.4.1, I managed to install Stunnel from the GUI, and then when I try to create the tunnel from the GUI I could not load the certificate (stunnel.crt) provided by AirVpn. So, the tunnel does not start. Any help will be appreciated.
Also I managed to create the stunnel manually from the configuration file provided by AirVpn (stunnel.ssl), and the tunnel is working fine, when I try to use the openvpn client created by the pfsense GUI through the manually crated stunnel, it connects to Airvpn but the connection is not stable at all, it stays up for 1 min. and then reconnect again.
when I tried to use the manually created stunnel with a manually created openvpn client with the configuration provided by Airvpn (airvpn.ovpn) it works fine and it does not disconnect for more than 2 hours, but I can not route my traffic through this manually created client.
I'm sorry it sounds complicated, but I'm relay stuck.
Any help will be highly appreciated
-
Hey guys. Sorry to revive a thread but I figured the important people are all here.
I was wondering if someone could help with the stunnel package? Here's the problem we're having in the latest version.
https://forum.pfsense.org/index.php?topic=142463It doesn't seem to be running on a reboot, so it's probably just missing an entry somewhere to start it? I assume it would be easy for a Linux/BSD guy to fix, but alas that's not me.
Thank you!
