Results 1 to 6 of 6
  1. #1
    Untanglit
    Join Date
    Apr 2020
    Posts
    18

    Default STunnel (443) and OpenVPN (1194) - possible?

    Hi there, I have a STUNNEL setup from my untangle FW to my remote server, on top of which I connect "locally" with OpenVPN. Stunnel runs on port 443 and OpenVPN on 1194.

    Have it up and running with a Windows client and it works like a charm, super speedy and stable as hell.
    Now my only problem is how to get this setup into untangle... Has anybody had any experience?

    Ideally, I wanted to use the Tunnel VPN application as I like the ability to tag devices that either pass through the VPN or bypass it. I don't need my ENTIRE traffic to go through the VPN...

    Appreciate anybody's thoughts or experience. I reached to the Untangle Support team (paying member) and got told to take a hike to the forums. The fact that I haven't seen much here about stunnel + openvpn makes me worry...

  2. #2
    Master Untangler TirsoJRP's Avatar
    Join Date
    Oct 2010
    Posts
    454

    Default

    Quote Originally Posted by untangledfan View Post
    The fact that I haven't seen much here about stunnel + openvpn makes me worry...
    First time in 10+ years of using OpenVPN / Untangle

    Quote Originally Posted by untangledfan View Post
    I reached to the Untangle Support team (paying member) and got told to take a hike to the forums.
    Probably because this setup is outside of the normal usage of UT and probably requires modifications that will not survive an upgrade.

    Can you post a diagram of your network and how do you want it to work?

  3. #3
    Untanglit
    Join Date
    Apr 2020
    Posts
    18

    Question

    Hi there and thanks for the reply! The reason I need this (to provide some context) is that I live a in a country with VPN blocking (not throttling) and very sophisticated DPI. As such, I need Untangle to create a VPN connection shielded by SSL (Stunnel was my choice).

    I then use tags to a) pass non-critical traffic unfiltered and b) pass critical traffic through the tunnel

    Right now I can't access my network diagram but it's really easy:

    [LAN of Computers]---[Untangle FW]---[ISP]---[Internet]---[My OpenVPN Server with Stunnel configured]

    Noteworthy: the initial connection happens on port 443 with stunnel, the openvpn connection is then a "local" connection on port 1194.
    Both works fine from my Windows workstation to the server in question (very fast!).

    The only thing is that I can't see how to "bundle" this in the tunnelvpn app and whether TunnelVPN can actually cater to this requirement (as the upload of options "zip" and "conf" are quite myserious and not neccessarily well documented..).

    Appreciate any insight, I don't want to tinker around at the OS level, I'd then probably move back to PFSENSE (very reluctantly) as it was quite easy to set up their..

  4. #4
    Untangle Ninja
    Join Date
    May 2008
    Posts
    1,526

    Default

    I think you can set ovpn to 443 at yourip/admin/index.do#service/openvpn/advanced. Move the untangle web to some other port at yourip/admin/index.do#config/network/services.

    Not sure about tunnelvpn. That is probably up to the provider.
    Last edited by donhwyo; 04-28-2021 at 06:51 AM.

  5. #5
    Untanglit
    Join Date
    Apr 2020
    Posts
    18

    Default

    sorry but how would that help? It's not about using openvpn on port 443 as DPI will still kick in... I guess what I am looking for is an stunnel implementation for untangle :-) Thanks for the thought, though!

  6. #6
    Untangle Ninja
    Join Date
    May 2008
    Posts
    1,526

    Default

    Well I have to admit I don't know about stunnel or how to set it up. It is installed in untangle. You can see here.

    Code:
    root @ homeuntangle] ~ # locate stunnel |grep conf         
    /etc/stunnel/untangle-relay.conf
    /usr/share/doc/untangle-stunnel-config
    /usr/share/doc/stunnel4/examples/stunnel.conf-sample
    /usr/share/doc/untangle-stunnel-config/changelog.Debian.gz
    /usr/share/doc/untangle-stunnel-config/copyright
    /var/lib/dpkg/info/stunnel4.conffiles
    /var/lib/dpkg/info/untangle-stunnel-config.conffiles
    /var/lib/dpkg/info/untangle-stunnel-config.list
    /var/lib/dpkg/info/untangle-stunnel-config.md5sums
    /var/lib/dpkg/info/untangle-stunnel-config.postinst
    You will have to do it at the command line. That will mean you wont have official support. Maybe somebody here might help.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2