{"id":13826285,"url":"https://github.com/xaqron/stunnel","last_synced_at":"2026-03-09T15:31:40.372Z","repository":{"id":31089869,"uuid":"120145520","full_name":"Xaqron/stunnel","owner":"Xaqron","description":"Wrapping openvpn with stunnel","archived":false,"fork":false,"pushed_at":"2023-10-29T10:54:18.000Z","size":55,"stargazers_count":144,"open_issues_count":5,"forks_count":36,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-04-24T03:08:08.663Z","etag":null,"topics":["censorship","dpi","firewall","openvpn","stunnel"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Xaqron.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2018-02-04T01:31:43.000Z","updated_at":"2025-03-03T00:39:06.000Z","dependencies_parsed_at":"2024-01-28T03:44:55.432Z","dependency_job_id":"dc54ec87-9640-4ad6-84d8-0556907184f9","html_url":"https://github.com/Xaqron/stunnel","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Xaqron/stunnel","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Xaqron%2Fstunnel","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Xaqron%2Fstunnel/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Xaqron%2Fstunnel/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Xaqron%2Fstunnel/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Xaqron","download_url":"https://codeload.github.com/Xaqron/stunnel/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Xaqron%2Fstunnel/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30301109,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-09T14:33:48.460Z","status":"ssl_error","status_checked_at":"2026-03-09T14:33:48.027Z","response_time":61,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["censorship","dpi","firewall","openvpn","stunnel"],"created_at":"2024-08-04T09:01:35.069Z","updated_at":"2026-03-09T15:31:40.345Z","avatar_url":"https://github.com/Xaqron.png","language":"Shell","funding_links":[],"categories":["\u003ca id=\"d62a971d37c69db9f3b9187318c3921a\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"8ea8f890cf767c3801b5e7951fca3570\"\u003e\u003c/a\u003e公网访问局域网"],"readme":"# stunnel\nHiding [openvpn](https://en.wikipedia.org/wiki/OpenVPN) traffic with stunnel so [DPI](https://en.wikipedia.org/wiki/Deep_packet_inspection) firewalls are less likely to block your traffic.\n\n# Concept\n\n\u003cimg src=\"./assets/img/diagram.png\"\u003e\n\nAs you see in the above diagram, trafic encapsulates as `SSL/TLS` by `stunnel` regradless of it's internal protocol. Since we need `SSL/TLS` handshake, if `openvpn` in the underlying protocol we need to use `TCP` protocol for `openvpn`.\nYou can find a simple tutorial for installing `openvpn` on a debian machine [here](https://github.com/Xaqron/openvpn).\nSupposing you already have installed `openvpn` over `TCP 1194` on your server, then you need to hide the trafiic via [stunnel](https://www.stunnel.org) and this tutorials will guide you trough the rest of procedures.\nThis has two steps:\n1) Install and configure `stunnel` on server.\n2) Install and configure `stunnel` on client.\n\nIn reality `SSL/TLS` traffic is short and intermittent so still it would be easy for a goverment/ISP to detect `stunnel` since lots of traffic will be passed as `SSL/TLS`. It is recommended to use port `TCP 443` or `TCP 587` to hide the traffic so far.\n\n# Install and configure `stunnel` on Linux server\n\nYou can run the script `stunnel.sh` provided by this tutorial like:\n```bash\nsudo bash stunnel.sh\n```\ndownload `stunnel.pem` from your home directory after installation got completed.\nNow step two is configuring client side.\n\n# Install and configure `stunnel` on Linux client\n\nYou should have a `client.ovpn` config file or something similar for connecting to openvpn server.\nEdit this file and add the following lins at the begining:\n\n```bash\nscript-security 2\nup /etc/openvpn/update-resolv-conf\ndown /etc/openvpn/update-resolv-conf\n\nroute server_ip 255.255.255.255 net_gateway\n```\n\nReplace `server_ip` with your server public IP address.\n\n## Install stunnel\n\n```bash\nsudo apt install stunnel4\n```\n\n## Copy pem file from server installation to the client\n\n```bash\nsudo cp ./stunnel.pem /etc/stunnel\n```\n\n## Configuring stunnel on Linux\n\nCreate `/etc/stunnel/stunnel.conf` file with the following content:\n\n```bash\n[openvpn]\nclient = yes\naccept = 1194\nconnect = server_ip:443\ncert = /etc/stunnel/stunnel.pem\n```\n\nReplace `server_ip` with your server public IP address. Here we used port `443`\n\nTo enable Stunnel service at startup edit `/etc/default/stunnel4` file and change `ENABLED=0` to `ENABLED=1`\n\n## Configuring firewall\n\n```bash\nsudo iptables -A INPUT -p tcp -s localhost --dport 1194 -j ACCEPT\nsudo iptables -A INPUT -p tcp --dport 1194 -j DROP\n```\n\n## Restart stunnel service\n\n```bash\nsudo service stunnel4 restart\n```\n\n## Connecting\n\nNow you just connect to openvpn via its' config file and it will automatically route traffic via stunnel. Your local stunnel will connect to remote stunnel on the server which routes received trsffic to oprnvpn service.\n\nExample:\n\n```bash\nsudo openvpn --config client.ovpn\n```\n\nEverything should work well by now.\n\n# Install and configure `stunnel` on a Windows client\n\nYou should have a `client.ovpn` config file or something similar for connecting to openvpn server.\nEdit this file and add the following lins at the begining:\n\n```bash\nroute server_ip 255.255.255.255 net_gateway\n```\n\nReplace `server_ip` with your server public IP address.\n\n\u003cimg src=\"./assets/img/windows-tray.png\"\u003e\n\n## Install stunnel on Windows\n\n[Download](https://www.stunnel.org/downloads.html) and install latest Windows stunnel client. Currently only 32-bit version is privoded and [this](https://www.stunnel.org/downloads/stunnel-5.44-win32-installer.exe) is the latest release by the time of writing this tutorial.\n\n## Configuring stunnel on Windows\n\nBy default config file is located at `C:\\Program Files (x86)\\stunnel\\config` as `stunnel.conf.txt`. Edit the file and add the following content at the bottom of the file:\n\n```bash\n[openvpn]\nclient = yes\naccept = 127.0.0.1:1194\nconnect = server_ip:443\ncert = stunnel.pem\n```\n\nReplace `server_ip` with your server public IP address. Here we used port `443`. Restart stunnel application to reload the new configurations.\nMake sure stunnel is running and connect your `openvpn`. Everything should work well by now.\n\n[Contact Me](https://twitter.com/xaqron)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxaqron%2Fstunnel","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxaqron%2Fstunnel","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxaqron%2Fstunnel/lists"}