Stunnel and Other Applications

This section gives you some information on how getting to work with other applications.

Can I forward UDP services over stunnel?

As described thus far, no. Stunnel works with SSL, which runs only on TCP. There are ways to forward UDP packets over TCP, and in principle these should be able to work over stunnel.

There are also other programs that do this natively, and could be used standalone or via stunnel, such as Zebedee. If you have any success tunneling UDP over stunnel, please contact the faq maintainer so we can write up a good HOWTO for folks.

Can I use stunnel to communicate across a firewall?

As long as the tcp traffic is allowed to traverse your firewall, absolutely.

You're most likely to convince your firewall administrator to allow secure traffic from inside to outside. In fact, if your firewall is doing NAT, you can probably stunnel out from your machine to an internet machine without any firewall re-configuration.

Specifically, have your firewall administrator allow outbound connections from your machine to the remote (internet) machine on the specific port you wish to connect to.

Be sure to discuss these issues with your administrator. They don't enjoy people penetrating their firewalls without their consent.

Can I use stunnel to securely connect two subnets across the Internet?

Absolutely. What you'll want to do is run PPP over a regular stunnel connection. See the example in the examples section.

Can I use stunnel to protect [insert random protocol here]?

Stunnel should be able to secure any random protocol as long as the protocol satisfies the following requirements:

The protocol is TCP, not UDP.
The protocol doesn't use multiple connections, like ftp.
The protocol doesn't depend on Out Of Band (OOB) data,
Remote site can't use an application-specific protocol, like ssltelnet, where SSL is a negotiated option, save for those protocols already supported by the -n argument to Stunnel.