6/11/2023 0 Comments Stunnel openvpnEasy to install on your own (virtual) server(s).Simple, but powerful permission management.Serve as a VPN gateway to allow users to access the organization network from a remote location, e.g.pubic WiFi in a coffee shop or train station Provide a secure VPN service to users accessing the Internet from potentially insecure locations, e.g.Integrates with common IdMs in use at many organizations, e.g.Why eduVPN?īefore diving into details regarding the various VPN protocols, we’ll first describe the features of the eduVPN software itself: In this post we’ll dive into this and explain the unique aspects of OpenVPN and eduVPN and why we have built eduVPN this way. Occasionally we get the question which features eduVPN offers over “competitors” and why we chose OpenVPN instead of any of the other available open source VPN software protocols and implementations. OpenVPN is one of the most widely used open source VPN solutions. The eduVPN server uses the community edition of OpenVPN. Android, iOS, macOS, Windows and Linux, as that would make it easy as possible to use eduVPN. We created native VPN applications for the most common devices, i.e. The eduVPN service is a collaboration of various NRENs, governed by GÉANT.Īs no solution, neither open source, nor proprietary existed which offered the functionality required, we decided to build our own service as a free and open source project.ĮduVPN integrates smoothly with existing identity management systems (IdMs) currently in use at many (larger) organizations. This can be done, either by self hosting the eduVPN software on-premises, or as a hosted solution offering provided by the NREN. In addition, the eduVPN software is capable of replacing existing VPN solutions allowing access to the institute network. We aim to have endpoints in as many locations as we have collaborating National Research and Education Networks (NRENs). We were inspired by eduroam to offer a secure and privacy enhancing VPN solution to as many researchers and students as possible. The stunnel process could be running on the same or a different server from the unsecured mail application however, both machines would typically be behind a firewall on a secure internal network (so that an intruder could not make its own unsecured connection directly to port 25).The eduVPN service is positioned as the VPN service for the international research and education community. The mail server sees a non-SSL mail client. Network traffic from the client initially passes over SSL to the stunnel application, which transparently encrypts and decrypts traffic and forwards unsecured traffic to port 25 locally. A mail client connects via SSL to port 465. Assuming the SMTP server expects TCP connections on port 25, one would configure stunnel to map the SSL port 465 to non-SSL port 25. Stunnel is maintained by Michał Trojnara and released under the terms of the GNU General Public License (GPL) with OpenSSL exception.įor example, one could use stunnel to provide a secure SSL connection to an existing non-SSL-aware SMTP mail server. If linked against libwrap, it can be configured to act as a proxy– firewall service as well. Stunnel uses public-key cryptography with X.509 digital certificates to secure the SSL connection, and clients can optionally be authenticated via a certificate. Stunnel relies on the OpenSSL library to implement the underlying TLS or SSL protocol. It runs on a variety of operating systems, including most Unix-like operating systems and Windows. Stunnel can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively. Stunnel is an open-source multi-platform application used to provide a universal TLS/SSL tunneling service.
0 Comments
Leave a Reply. |