I'm using port 81 here to leave standard HTTP port available.įor troubleshooting configuration, you should start stunnel from a command prompt with the "foreground = yes" parameter in its configuration. The section is where the decapsulation happens : traffic is received as SSL on port 81 and resent to the target server on the RDP port. The 3 commented lines are debug parameters that can be used to troubleshoot the configuration. Update the configuration file as folllowing chroot = /var/lib/stunnel4/ Sudo cp /usr/share/doc/stunnel4/examples/nf-sample /etc/stunnel/nf Create a certificate using the configuration file.OrganizationalUnitName = Organizational Unit Name (eg, section)Ġ.commonName = Common Name (FQDN of your server) OrganizationName_default = My Organization OrganizationName = Organization Name (eg, company) StateOrProvinceName = State or Province Name (full name) ĬountryName = Country Name (2 letter code) We're not going to fully check them, their only use will be to encrypt the tunnel, not to secure the communication : we're tunneling RDP which is itself encrypted and reasonably protected. It doesn't protect the private key, so it's potentailly vulnerable. The following is a basic default configuration to generate SSL certificates with openssl. Create a certificate configuration file.If you don't use a gateway at all or use a Windows gateway, stunnel is available on Windows and can be installed as a service to start automatically. Use one of the non official patch to allow multiple RDP connection on Windows client if you feel the need (this is not allowed by the product license.) stunnel can then finally send the packet to the server_private_address:3389 port.Ĭheck that the users used for remote connection all have a password. ![]() The router routes the request to the gateway port 81, where stunnel can decapsulate the RDP traffic from HTTPS. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |