[prev in list] [next in list] [prev in thread] [next in thread] 

List:       stunnel-users
Subject:    Configuring STUNNEL 4.05 on AIX 5.xL
From:       "Rob Mattox" <rmattox () isg-inc ! net>
Date:       2004-06-21 20:04:02
Message-ID: 5EC371755FCFD1498ADD333988053184014842A9 () exchange ! ufcoop ! biz
[Download RAW message or body]

All -
I co-admin roughly 125 offsite IBM RS/6000 servers that run various
versions of AIX (4.3.3 - 5.2L) I intend to use STUNNEL 4.05 to remotely
manage these servers (instead of SSH or SSL-enabled telnet). I have one
local support server that we presently use to connect to these remote
servers (through the help of a KMODEM script that spawns a telnet
session to the remote site name chosen from a menu). I would like to
force the KMODEM script to use telnet through a STUNNEL session, while
still preserving my ability to launch an unprotected telnet session from
the command line. Essentially, I would like to use STUNNEL selectively,
and only on sessions that leave our LAN and cross insecure networks,
while still allowing normal telnet functionality on both my local LAN
and each respective remote LAN. I have read through the STUNNEL
documentation and I must admit I'm somewhat confused.

Q1a: Is it possible to launch STUNNEL from the command line (or script)
with version 4.05? (so I can determine when to use it and when NOT to
use it through the use of scripts)
Q1b: If so, what is the syntax to start it as a client via command line
or script (the documentation references a "-d" switch, which only works
for version 3.x)
Q1c: I do not want to inhibit the ability of others on the same machine
to simply telnet to other local machines. If I configure and launch a
telnet session through a "STUNNEL", will it affect the entire server and
force all future outgoing telnet sessions to use STUNNEL as well? i.e I
want to choose which outgoing sessions to wrap in STUNNEL and all others
should default to normal telnet.

Q2: What startup method and syntax (for AIX 5.x) is recommended to start
STUNNEL (4.05) as a SERVER on the remote machines, to always listen for
and accept incoming "STUNNELED" telnet sessions. Keeping in mind that I
want that same server to also accept "UN-STUNNELED", (i.e. normal TCP
port 23) telnet sessions.

My current -version information is below:

stunnel 4.05 on powerpc-ibm-aix5.1.0.0 PTHREAD with OpenSSL 0.9.6m 17
Mar 2004

Global options
cert            = /usr/local/etc/stunnel/stunnel.pem
ciphers         = ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH
debug           = 5
key             = /usr/local/etc/stunnel/stunnel.pem
pid             = /usr/local/var/run/stunnel.pid
RNDbytes        = 64
RNDoverwrite    = yes
session         = 300 seconds
verify          = none

Service-level options
TIMEOUTbusy     = 300 seconds
TIMEOUTclose    = 60 seconds
TIMEOUTidle     = 43200 seconds

I'd be happy to provide more information about my particular situation
if needed. Thank you very much for any help you can offer.

- RCM


[prev in list] [next in list] [prev in thread] [next in thread]