Route all OpenVPN traffic via SSL Stunnel port 443

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
Winter2020
OpenVpn Newbie
Posts: 1
Joined: Wed Feb 19, 2020 6:30 am

Route all OpenVPN traffic via SSL Stunnel port 443

Post by Winter2020 » Wed Feb 19, 2020 7:28 am

Good day,

since I have to spend the night in the hotel more often and there is very often an FW that blocks all sorts of things, I wanted to build an OpenVPn server with an SSL tunnel stunnel.
It now seems that everything is going well. But the log entries unsettle me.
Since many ports in hotels are blocked and I can see in the last line in the log that my PC is establishing a connection via port 63356, I wonder if this is the right one.

Code: Select all

2020.02.19 08:06:35 LOG5[main]: stunnel 5.56 on x64-pc-mingw32-gnu platform
2020.02.19 08:06:35 LOG5[main]: Compiled/running with OpenSSL 1.1.1c  28 May 2019
2020.02.19 08:06:35 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,OCSP,PSK,SNI
2020.02.19 08:06:35 LOG5[main]: Reading configuration from file stunnel.conf
2020.02.19 08:06:35 LOG5[main]: UTF-8 byte order mark detected
2020.02.19 08:06:35 LOG4[main]: Service [my=stunnel-conf] needs authentication to prevent MITM attacks
2020.02.19 08:06:35 LOG5[main]: Configuration successful
2020.02.19 08:06:45 LOG5[0]: Service [my=stunnel-conf] accepted connection from 127.0.0.1:63356
2020.02.19 08:06:45 LOG5[0]: s_connect: connected server.IP:443
2020.02.19 08:06:45 LOG5[0]: Service [my=stunnel-conf] connected remote server from 192.168.178.195:63357
Is all traffic really tunneled here via Stunnel and port 443 to the OpenVPN server at port 443? Or did I do something wrong?

Wed Feb 19 08:06:52 2020 MANAGEMENT: >STATE:1582096012,CONNECTED,SUCCESS,10.8.0.2,127.0.0.1,1194,127.0.0.1,63356 :?:

This is the log file from the OpenVPN server


OpenVPN LOG

Code: Select all

Wed Feb 19 08:06:45 2020 OpenVPN 2.4.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2019
Wed Feb 19 08:06:45 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Feb 19 08:06:45 2020 library versions: OpenSSL 1.1.0l  10 Sep 2019, LZO 2.10
Enter Management Password:
Wed Feb 19 08:06:45 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:PORT
Wed Feb 19 08:06:45 2020 Need hold release from management interface, waiting...
Wed Feb 19 08:06:45 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:Port
Wed Feb 19 08:06:45 2020 MANAGEMENT: CMD 'state on'
Wed Feb 19 08:06:45 2020 MANAGEMENT: CMD 'log all on'
Wed Feb 19 08:06:45 2020 MANAGEMENT: CMD 'echo all on'
Wed Feb 19 08:06:45 2020 MANAGEMENT: CMD 'bytecount 5'
Wed Feb 19 08:06:45 2020 MANAGEMENT: CMD 'hold off'
Wed Feb 19 08:06:45 2020 MANAGEMENT: CMD 'hold release'
Wed Feb 19 08:06:45 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Feb 19 08:06:45 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Feb 19 08:06:45 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1194
Wed Feb 19 08:06:45 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Feb 19 08:06:45 2020 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1194 [nonblock]
Wed Feb 19 08:06:45 2020 MANAGEMENT: >STATE:1582096005,TCP_CONNECT,,,,,,
Wed Feb 19 08:06:45 2020 TCP connection established with [AF_INET]127.0.0.1:1194
Wed Feb 19 08:06:45 2020 TCP_CLIENT link local: (not bound)
Wed Feb 19 08:06:45 2020 TCP_CLIENT link remote: [AF_INET]127.0.0.1:1194
Wed Feb 19 08:06:45 2020 MANAGEMENT: >STATE:1582096005,WAIT,,,,,,
Wed Feb 19 08:06:45 2020 MANAGEMENT: >STATE:1582096005,AUTH,,,,,,
Wed Feb 19 08:06:45 2020 TLS: Initial packet from [AF_INET]127.0.0.1:1194, sid=e8ce1554 906780b3
Wed Feb 19 08:06:45 2020 VERIFY OK: depth=1, CN=ChangeMe
Wed Feb 19 08:06:45 2020 VERIFY KU OK
Wed Feb 19 08:06:45 2020 Validating certificate extended key usage
Wed Feb 19 08:06:45 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Feb 19 08:06:45 2020 VERIFY EKU OK
Wed Feb 19 08:06:45 2020 VERIFY OK: depth=0, CN=server
Wed Feb 19 08:06:45 2020 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Feb 19 08:06:45 2020 [server] Peer Connection Initiated with [AF_INET]127.0.0.1:1194
Wed Feb 19 08:06:47 2020 MANAGEMENT: >STATE:1582096007,GET_CONFIG,,,,,,
Wed Feb 19 08:06:47 2020 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Feb 19 08:06:47 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 1.1.1.1,dhcp-option DNS 1.0.0.1,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0'
Wed Feb 19 08:06:47 2020 OPTIONS IMPORT: timers and/or timeouts modified
Wed Feb 19 08:06:47 2020 OPTIONS IMPORT: --ifconfig/up options modified
Wed Feb 19 08:06:47 2020 OPTIONS IMPORT: route options modified
Wed Feb 19 08:06:47 2020 OPTIONS IMPORT: route-related options modified
Wed Feb 19 08:06:47 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Feb 19 08:06:47 2020 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Feb 19 08:06:47 2020 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Feb 19 08:06:47 2020 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Feb 19 08:06:47 2020 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Feb 19 08:06:47 2020 interactive service msg_channel=832
Wed Feb 19 08:06:47 2020 ROUTE_GATEWAY 192.168.178.1/255.255.255.0 I=11 HWADDR=aa:aa:aa:aa:aa:aa
Wed Feb 19 08:06:47 2020 open_tun
Wed Feb 19 08:06:47 2020 TAP-WIN32 device [LAN-Verbindung] opened: \\.\Global\{098B0A52-7890-4ABC-A82C-021BD09E1054}.tap
Wed Feb 19 08:06:47 2020 TAP-Windows Driver Version 9.24 
Wed Feb 19 08:06:47 2020 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.2/255.255.255.0 [SUCCEEDED]
Wed Feb 19 08:06:47 2020 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.0 on interface {098B0A52-7890-4ABC-A82C-021BD09E1054} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
Wed Feb 19 08:06:47 2020 Successful ARP Flush on interface [2] {098B0A52-7890-4ABC-A82C-021BD09E1054}
Wed Feb 19 08:06:47 2020 MANAGEMENT: >STATE:1582096007,ASSIGN_IP,,10.8.0.2,,,,
Wed Feb 19 08:06:47 2020 Blocking outside dns using service succeeded.
Wed Feb 19 08:06:52 2020 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Wed Feb 19 08:06:52 2020 C:\Windows\system32\route.exe ADD 127.0.0.1 MASK 255.255.255.255 192.168.178.1
Wed Feb 19 08:06:52 2020 Route addition via service succeeded
Wed Feb 19 08:06:52 2020 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.1
Wed Feb 19 08:06:52 2020 Route addition via service succeeded
Wed Feb 19 08:06:52 2020 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.1
Wed Feb 19 08:06:52 2020 Route addition via service succeeded
Wed Feb 19 08:06:52 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Feb 19 08:06:52 2020 Initialization Sequence Completed
Wed Feb 19 08:06:52 2020 MANAGEMENT: >STATE:1582096012,CONNECTED,SUCCESS,10.8.0.2,127.0.0.1,1194,127.0.0.1,63356
Thanks for any help
Top
Post Reply

Return to “Off Topic, Related”