Language: EN
LuisLlamas Logo
Search
⏲️ ~ 2 minutes Advanced
instalar-stunnel-en-raspberry-pi

How to Install Stunnel on Raspberry Pi

Stunnel is an open-source tool that provides connection security through SSL/TLS for services that do not have native encryption support.

Stunnel acts as an intermediary that encapsulates TCP connections in an encrypted tunnel, providing an additional layer of security for services like IMAP, SMTP, and other protocols that do not have built-in encryption.

This is especially useful for protecting connections on insecure networks. For example, to encrypt traffic between devices on a local network or to secure services running on your Raspberry Pi.

Some of its features include

  • Data Encryption: Protects the confidentiality and integrity of the data.
  • Support for Common Protocols: Compatible with common network protocols that do not implement encryption.
  • Easy Configuration: Configuration through a simple text file.

Installing Stunnel on Raspberry Pi

First, let’s ensure that our Raspberry Pi is up to date before proceeding with the installation. We run the following commands:

sudo apt update
sudo apt upgrade

Then, we install Stunnel on our Raspberry Pi using the following command:

sudo apt install stunnel4

Starting and Stopping Stunnel

You can start Stunnel by running the following command:

sudo service stunnel4 start

To stop Stunnel, use:

sudo service stunnel4 stop

To verify that Stunnel is working correctly, you can use the following command:

sudo systemctl status stunnel4

Configuring Stunnel

Stunnel is configured through a configuration file located at /etc/stunnel/stunnel.conf. First, open the configuration file to edit it:

sudo nano /etc/stunnel/stunnel.conf

Next, add a basic configuration.

# Enable client mode
client = yes

# Local port that Stunnel will connect to
[my-service]
accept = 12345
connect = remote-server.com:443

In this example,

  • Stunnel will act as a client
  • It will redirect traffic from local port 12345
  • The traffic will go to the remote server on port 443 using an SSL/TLS connection.

Creating an SSL Certificate

If you do not have an SSL certificate, you can create a self-signed certificate for testing purposes. Run the following command to generate the certificate and key:

sudo openssl req -new -x509 -days 365 -nodes -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem

During the process, you will be prompted for information such as the organization name and country. You can fill in these fields with fictitious data if necessary.

On this page