Results 1 to 2 of 2
  1. #1
    Untanglit
    Join Date
    Apr 2020
    Posts
    18

    Question Streisand VPN - OpenVPN (wrapped in stunnel) - HowTo?

    Hi everyone, I'm super new to the forum and untangle, appreciate your patience. I currently run a pfsense home installation on a little ZOTAC mini PC and am quite happy. It's been up for 2 years now without a problem. My main reason for considering untangle is that I want to be a bit more flexible on devices bypassing the VPN if need be. I'm not a sysadmin and my knowledge on firewall routing, rules, etc. are quite limited.

    Here's what I want to accomplish:

    [LAN]----[FIREWALL]----[STREISAND_VPN_WITH STUNNEL]----[INTERNET]

    I have a small, rented VPS Ubuntu 16.04 server with Streisand VPN configured. Streisand (to those not familiar), provides a one-click VPN server solution, generating automatic config files for the client.

    In particular, streisand creates the usual .opvn fine and the stunnel.conf files.
    When installing STUNNEL on my Windows Desktop and importing the .ovpn config into OpenVPN, the connection works fine!

    My question now: how do I setup openvpn + stunnel with untangle's "TunnelVPN", as I live in a region with highly censored internet and DPI and I need the STUNNEL to block the DPI from seeing the VPN traffic.

    Thanks!

    Code:
    client = yes
    [stunnel]
    accept = 127.0.0.1:41194
    connect = XX.XXX.XX.XX:993
    Code:
    client
    remote 127.0.0.1 41194
    proto tcp
    dev tun
    cipher AES-256-CBC
    auth SHA256
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    remote-cert-tls server
    verify-x509-name XXXXXXXXXXXXXX name
    tls-version-min 1.2
    compress
    verb 3
    route XX.XXX.XX.XX 255.255.255.255 net_gateway
    
    <ca>
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
    </ca>
    
    <cert>
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
    </cert>
    
    <key>
    -----BEGIN RSA PRIVATE KEY-----
    ...
    -----END RSA PRIVATE KEY-----
    </key>
    
    <tls-crypt>
    #
    # 2048 bit OpenVPN static key
    #
    -----BEGIN OpenVPN Static key V1-----
    ...
    -----END OpenVPN Static key V1-----
    </tls-crypt>
    Last edited by untangledfan; 04-10-2020 at 01:10 AM.

  2. #2
    Untanglit
    Join Date
    Apr 2020
    Posts
    18

    Default

    Hm, probably I'm too impatient but I found a work-around by configuring my .ovpn file to use port 443 and SSL. This seems to work (i.e. not blocked) but I'm not sure how safe it is vs. DPI... does anybody know?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2