https://wiki.ledhed.net/index.php?action=history&feed=atom&title=StunnelsStunnels - Revision history2026-05-12T18:09:20ZRevision history for this page on the wikiMediaWiki 1.23.2//wiki.ledhed.net/index.php?title=Stunnels&diff=2654&oldid=prevLedhed: Created page with 'Secure Tunnels or "stunnels" as they are commonly referred to are an amazing feature of SSH. They allow you to perform port redirection through an encrypted tunnel between hosts....'2012-07-04T19:17:03Z<p>Created page with 'Secure Tunnels or "stunnels" as they are commonly referred to are an amazing feature of SSH. They allow you to perform port redirection through an encrypted tunnel between hosts....'</p>
<p><b>New page</b></p><div>Secure Tunnels or "stunnels" as they are commonly referred to are an amazing feature of SSH.<br />
They allow you to perform port redirection through an encrypted tunnel between hosts.<br />
Think of it as an application specific VPN.<br />
<br />
Possible Uses:<br />
* Remote Desktop to a PC behind a firewall.<br />
* Bypass my employers Proxy server, by forcing all my HTTP traffic through my home firewall (and its all encrypted).<br />
<br />
<br />
== Linux / BSD ==<br />
This example can be used to connect to a remote proxy server.<br />
<br />
ssh -f -N -L 8080:<remote_host.in>:3128 <user@remote_host.out><br />
<br />
Explaination:<br />
8080 = Local listening port<br />
<remote_host.in> = The IP or Hostname of the SSH server you will be connecting to (in most cases this will be the Inside/Private Interface).<br />
3128 = The remote hosts listening port (in this case its squid's default listening port).<br />
user@remote_host.out = The IP or Hostname of the SSH server you will be connecting to (in most cases this will be the Outside/Public Interface).<br />
<br />
<br />
<br />
== Windows ==<br />
<br />
We will use the same example as above, only for windows we will use [http://www.chiark.greenend.org.uk/~sgtatham/putty/ Putty] to establish the connection.<br />
<br />
'''Setup the Secure Tunnel'''<br><br />
[[File:Putty-stunnel.png]]<br />
<br />
<br />
'''Connecting to the Remote SSH Server'''<br><br />
[[File:Putty-connect.png]]<br />
<br />
<br />
<br />
== RDP behind Firewall ==<br />
Here is an example of how to use a stunnel to connect to a remote PC behind a firewall (assuming the firewall allows SSH connections).<br />
<br />
'''Setup the Secure Tunnel'''<br><br />
[[File:Putty-stunnel-rdp.png]]<br />
<br />
<br />
'''Connecting to the Remote SSH Server'''<br><br />
[[File:Putty-connect.png]]<br />
<br />
<br />
'''Launch an RDP session'''<br><br />
This may seem counter intuitive for an RDP connection, but the stunnel's local listening port is waiting for connections on 127.0.0.1 (aka localhost) at port 55555.<br><br />
All traffic (in this case RDP) sent to this port will be encrypted and passed through the tunnel and out the other side to <remote_pc.in>:3389 (where 3389 = default RDP port).<br><br />
[[File:Rdp-thru-stunnel.png]]<br />
<br />
<remote_pc.in> = The IP or Hostname of the PC you want to RDP into behind the firewall.<br />
<br />
<br />
The Linux / BSD command line equivalent is:<br />
ssh -f -N -L 55555:<remote_pc.in>:3389 <user@remote_host.out><br />
<br />
<br />
<br />
<br />
<br />
<br />
== SSH Command Reference ==<br />
-f Run in the background.<br />
-N Do NOT execute a remote command.<br />
-L Local binding address.<br />
<br />
<br />
<br />
[[Category:SSH]]</div>Ledhed