OpenWrt stunnel config

1. root@OpenWrt:/etc/stunnel#
2. root@OpenWrt:/etc/stunnel# cat stunnel.conf
3. ; Sample stunnel configuration file by Michal Trojnara 2002-2009
4. ;
5. ; some options used here may not be adequate for your particular configuration
6. ; please read the manual and make sure you understand them
7.  
8. ; certificate/key is needed in server mode and optional in client mode
9. cert = /tmp/ssl/test/server.example.net.crt
10. key = /tmp/ssl/test/server.example.net.key
11.  
12. ; protocol version (all, SSLv2, SSLv3, TLSv1)
13. sslVersion = all
14.  
15. ; security enhancements for UNIX systems - comment them out on Win32
16. ; for chroot a copy of some devices and files is needed within the jail
17. chroot = /var
18. setuid = nobody
19. setgid = nogroup
20. ; PID is created inside the chroot jail
21. pid = /stunnel.pid
22.  
23. ; performance tunings
24. socket = l:TCP_NODELAY=1
25. socket = r:TCP_NODELAY=1
26. ;compression = zlib
27.  
28. ; workaround for Eudora bug
29. ;options = DONT_INSERT_EMPTY_FRAGMENTS
30.  
31. ; authentication stuff needs to be configured to prevent MITM attacks
32. ; it is not enabled by default!
33. verify = 2
34. ; don't forget to c_rehash CApath
35. ; CApath is located inside chroot jail
36. ;CApath = /certs
37. ; it's often easier to use CAfile
38. CAfile = /tmp/ssl/test/myCA/cacert.pem
39. ; don't forget to c_rehash CRLpath
40. ; CRLpath is located inside chroot jail
41. ;CRLpath = /crls
42. ; alternatively CRLfile can be used
43. ;CRLfile = /etc/stunnel/crls.pem
44.  
45. ; debugging stuff (may useful for troubleshooting)
46. ;debug = 7
47. ;output = /var/log/stunnel.log
48.  
49. ; SSL client mode
50. ;client = yes
51.  
52. ; service-level configuration
53.  
54. [https-proxy]
55. accept  = 8443
56. connect = 8888
57. TIMEOUTclose = 0
58.  
59. ; vim:ft=dosini
60. root@OpenWrt:/etc/stunnel#
61. root@OpenWrt:/etc/stunnel# diff -u stunnel.conf.orig stunnel.conf
62. --- stunnel.conf.orig   2012-08-02 07:29:31.000000000 +0900
63. +++ stunnel.conf    2013-11-07 23:15:59.343956484 +0900
64. @@ -4,8 +4,8 @@
65. ; please read the manual and make sure you understand them
66.  
67. ; certificate/key is needed in server mode and optional in client mode
68. -cert = /etc/stunnel/stunnel.pem
69. -;key = /etc/stunnel/stunnel.pem
70. +cert = /tmp/ssl/test/server.example.net.crt
71. +key = /tmp/ssl/test/server.example.net.key
72.  
73. ; protocol version (all, SSLv2, SSLv3, TLSv1)
74. sslVersion = all
75. @@ -28,12 +28,12 @@
76.  
77. ; authentication stuff needs to be configured to prevent MITM attacks
78. ; it is not enabled by default!
79. -;verify = 2
80. +verify = 2
81. ; don't forget to c_rehash CApath
82.  ; CApath is located inside chroot jail
83.  ;CApath = /certs
84.  ; it's often easier to use CAfile
85. -;CAfile = /etc/stunnel/certs.pem
86. +CAfile = /tmp/ssl/test/myCA/cacert.pem
87. ; don't forget to c_rehash CRLpath
88.  ; CRLpath is located inside chroot jail
89.  ;CRLpath = /crls
90. @@ -49,26 +49,9 @@
91.  
92.  ; service-level configuration
93.  
94. -;[pop3s]
95. -;accept  = 995
96. -;connect = 110
97. -
98. -;[imaps]
99. -;accept  = 993
100. -;connect = 143
101. -
102. -;[ssmtp]
103. -;accept  = 465
104. -;connect = 25
105. -
106. -[https]
107. -accept  = 443
108. -connect = 80
109. -TIMEOUTclose = 0
110. -
111. -[chilli]
112. -accept  = 3443
113. -connect = 3442
114. +[https-proxy]
115. +accept  = 8443
116. +connect = 8888
117.  TIMEOUTclose = 0
118.  
119.  ; vim:ft=dosini
120. root@OpenWrt:/etc/stunnel#