Re: [stunnel-users] More questions on RDP and port forwarding

> -----Original Message-----
> From: stunnel-users-bounces@mirt.net [mailto:stunnel-users-
> bounces@mirt.net] On Behalf Of Richard Woodman
> Sent: 26 November 2007 07:44 AM
> To: stunnel-users@mirt.net
> Subject: [stunnel-users] More questions on RDP and port forwarding
>
> I did read through the archives but I cannot determine how to get
> Stunnel
> working through the firewall. Here is what I wish to do:
>
> 1. Tunnel Windows Remote Desktop through stunnel.
> 2. I wish to connect from home to work; I have access to the firewall
> at
> work.
>
> Here's what I've done:
>
> 1. Installed stunnel on Windows XP at home and at work. I have self-
> signed
> certificates and am using verify = 3 (on both computers). Cacert.pem
> has
> the CA cert, the work cert, and the home cert in a single file. The
> server-cert.pem has the work computer's key and cert while the
> client-1-cert.pem (home computer) has it's own key and cert.
> 2. Stunnel at home has client = yes, stunnel at work has this
> commented
> out. Stunnel at work will become a "server" where multiple clients
> connect
> via stunnel and that single computer makes multiple RDP connections.
>
> Client (home) computer has
>

Try changing the client config to the following:

[rdp1]
client = yes
accept = 4391
connect = <work outside interface IP>:44391



>
> Server (work) computer has
>
> [rdp2]
> accept = 44391
> connect = <work computer name>:3392
>
> If I try this at work from within the corporate network (change the
> client
> connect string to the stunnel server's IP or hostname), then everything
> works fine. However, once I try from outside the work network, nothing
> works. Firewall is a Watchguard SOHO 6tc and I have a inbound rule
> permitting 44391 and directing it to X.X.X.52 (the stunnel server). I
> also
> have other rules allowing RDP (on port 3392 for instance) directly to
> the
> computer I wish to control and those rules work. Essentially, RDP
> directly
> through the firewall works but stunnel through the firewall does not.
> I
> assume there is no traffic destined for .52 on 44391 because the log
> file on
> the server (with debug = 7) only shows the startup sequence and port
> binding
> (netstat -a shows I am listening on 44391). I also tried this at home
> on my
> Juniper 5XT and was unsuccessful. Please help.
>
> Richard
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users@mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users

Cheers,

Craig

_______________________________________________
stunnel-users mailing list
stunnel-users@mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users