{"id":41,"date":"2012-01-29T23:04:20","date_gmt":"2012-01-29T22:04:20","guid":{"rendered":"http:\/\/www.datenzone.de\/blog\/?p=41"},"modified":"2012-01-29T23:04:20","modified_gmt":"2012-01-29T22:04:20","slug":"installing-stunnel-on-openwrt","status":"publish","type":"post","link":"https:\/\/www.datenzone.de\/blog\/2012\/01\/installing-stunnel-on-openwrt\/","title":{"rendered":"Installing Stunnel on OpenWRT"},"content":{"rendered":"<p><a href=\"http:\/\/www.stunnel.org\/\">Stunnel<\/a> is a general purpose SSL\/TLS proxy. I explained\u00c2\u00a0<a href=\"http:\/\/www.datenzone.de\/blog\/2012\/01\/using-ssltls-client-certificate-authentification-in-android-applications\/\">in my last posting<\/a> how to use <em>stunnel<\/em> with <a href=\"http:\/\/www.android.com\/developers\/\">Android<\/a>, so that Android apps can communicate with a server through SSL\/TLS with mutal authentication and encryption. For many people, running stunnel on their home router as a gatekeeper might a good option. <a href=\"https:\/\/openwrt.org\/\">OpenWRT<\/a> is an open source operating system, that can be flashed on many routers and wireless LAN access points an other device.<\/p>\n<p>How to install OpenWRT is not covered by this posting. Instead I suggest reading the <a href=\"http:\/\/wiki.openwrt.org\/doc\/howto\/generic.flashing\">general documentation<\/a> on the OpenWRT website. After OpenWRT is running, there are two ways how to install stunnel.<\/p>\n<h1>Install with opkg<\/h1>\n<p>The easiest way to install stunnel on OpenWRT is opkg. Just execute:<\/p>\n<pre>opkg update; opkg install stunnel<\/pre>\n<p>However, the space on many routers is limited, and this might fail.<\/p>\n<h1>Install with ImageBuilder<\/h1>\n<p>For those, who don&#8217;t have enough space on their router, they can still try the <a href=\"http:\/\/wiki.openwrt.org\/doc\/howto\/obtain.firmware.generate\">ImageBuilder<\/a>. Here, a new firmware image is generated, that compresses stunnel much better. Here, we need to build an image like:<\/p>\n<pre>make image <strong>PACKAGES=\"stunnel\"<\/strong><\/pre>\n<p>And\u00c2\u00a0possibly, other options need to be set, depending on your plattform. After the image has been generated, it can be flashed on the device.<\/p>\n<h1>Configuring stunnel<\/h1>\n<p>Because some paths are different, we need to adjust the stunnel.conf from the last posting.<\/p>\n<pre lang=\"text\">cert = \/etc\/stunnel\/cert-server.pem\r\nkey = \/etc\/stunnel\/key-server.pem\r\nCAfile = \/etc\/stunnel\/cert-client.pem\r\nsslVersion = SSLv3\r\nchroot = \/var\r\nsetuid = nobody\r\nsetgid = nogroup\r\npid = \/stunnel.pid\r\nsocket = l:TCP_NODELAY=1\r\nsocket = r:TCP_NODELAY=1\r\n[service]\r\naccept  = ZZZZZ\r\nconnect = 192.168.XXX.YYY:80\r\nverify = 2<\/pre>\n<p>All certificate and key files are placed in <em>\/etc\/stunnel\/<\/em>. How we can start it with\u00c2\u00a0<em>\/etc\/init.d\/stunnel start<\/em>. Also, just doing a reboot on the device might be a good idea, to check if stunnel still works after a reboot.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Stunnel is a general purpose SSL\/TLS proxy. I explained\u00c2\u00a0in my last posting how to use stunnel with Android, so that Android apps can communicate with a server through SSL\/TLS with mutal authentication and encryption. For many people, running stunnel on &hellip;<\/p>\n<p class=\"read-more\"><a href=\"https:\/\/www.datenzone.de\/blog\/2012\/01\/installing-stunnel-on-openwrt\/\">Read more &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-41","post","type-post","status-publish","format-standard","hentry","category-android"],"_links":{"self":[{"href":"https:\/\/www.datenzone.de\/blog\/wp-json\/wp\/v2\/posts\/41","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.datenzone.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.datenzone.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.datenzone.de\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.datenzone.de\/blog\/wp-json\/wp\/v2\/comments?post=41"}],"version-history":[{"count":3,"href":"https:\/\/www.datenzone.de\/blog\/wp-json\/wp\/v2\/posts\/41\/revisions"}],"predecessor-version":[{"id":44,"href":"https:\/\/www.datenzone.de\/blog\/wp-json\/wp\/v2\/posts\/41\/revisions\/44"}],"wp:attachment":[{"href":"https:\/\/www.datenzone.de\/blog\/wp-json\/wp\/v2\/media?parent=41"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.datenzone.de\/blog\/wp-json\/wp\/v2\/categories?post=41"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.datenzone.de\/blog\/wp-json\/wp\/v2\/tags?post=41"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}