Installing Stunnel on OpenWRT

Stunnel is a general purpose SSL/TLS proxy. I explained in my last posting how to use stunnel with Android, so that Android apps can communicate with a server through SSL/TLS with mutal authentication and encryption. For many people, running stunnel on their home router as a gatekeeper might a good option. OpenWRT is an open source operating system, that can be flashed on many routers and wireless LAN access points an other device.

How to install OpenWRT is not covered by this posting. Instead I suggest reading the general documentation on the OpenWRT website. After OpenWRT is running, there are two ways how to install stunnel.

Install with opkg

The easiest way to install stunnel on OpenWRT is opkg. Just execute:

opkg update; opkg install stunnel

However, the space on many routers is limited, and this might fail.

Install with ImageBuilder

For those, who don’t have enough space on their router, they can still try the ImageBuilder. Here, a new firmware image is generated, that compresses stunnel much better. Here, we need to build an image like:

make image PACKAGES="stunnel"

And possibly, other options need to be set, depending on your plattform. After the image has been generated, it can be flashed on the device.

Configuring stunnel

Because some paths are different, we need to adjust the stunnel.conf from the last posting.

cert = /etc/stunnel/cert-server.pem
key = /etc/stunnel/key-server.pem
CAfile = /etc/stunnel/cert-client.pem
sslVersion = SSLv3
chroot = /var
setuid = nobody
setgid = nogroup
pid = /
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
accept  = ZZZZZ
connect = 192.168.XXX.YYY:80
verify = 2

All certificate and key files are placed in /etc/stunnel/. How we can start it with /etc/init.d/stunnel start. Also, just doing a reboot on the device might be a good idea, to check if stunnel still works after a reboot.

Comments are closed.