I am becoming increasingly paranoid about transmitting my passwords unencrypted over the internet, especially when I’m away from home and I have to access my PC, so I thought of making an SSH (Secure Shell) tunnel from my laptop to my PC, and it turns out it’s actually quite easy. In case you don’t know what tunneling is, it goes like this: Say you want to connect with your browser (running on your laptop) to your home web server, but you want to do it securely. Instead of connecting to your server with your browser directly, you have the browser connect to the tunneling client (also running on your laptop). The tunneling client securely connects to the tunneling server on your home PC (the tunneling client and server are actually the same program, Stunnel), and the tunneling server connects to your webserver, and noone inbetween can read what’s going on. So, here we go.
Step 1 - Get the necessary files.
Go to http://www.stunnel.org/download/stunnel/win32/ and get the latest Stunnel.exe and OpenSSL.zip files. Extract them in a directory.
Step 2 - Generating the certificate.
Download the stunnel.cnf file attached to this page and save it in the
Stunnel directory. Now, run the following command (OpenSSL.exe and
stunnel.cnf should be in the directory if you did everything
openssl req -new -x509 -days 365 -nodes -config stunnel.cnf -out
stunnel.pem -keyout stunnel.pem\
OpenSSL will ask you for various details (you’re free to not answer
them), and you will have your stunnel.pem file. Now, off to generate the
Step 3 - Making the configuration files.
First, you have to decide which port you want stunnel to listen to. Choose something that’s not likely to be used, like 43537. Next, write the client configuration file and save it as client.conf (the RDC section can be named whatever you like, for example “Web”).
Sample client.conf file:
client = yes
connect = myhomeserver:5555
accept = 3389
The accept port is the port you will be connecting to on your laptop. In my case it is 3389 because I want to use Remote Desktop Connection. If you want to connect to a web server it’ll probably be 80. Next, the server.conf file.
Sample server.conf file:
cert = stunnel.pem
accept = 5555
connect = 3389
Step 4 - Running Stunnel and connecting.
This is the final step. On the home computer, run
and on the laptop run
stunnel client.conf and connect to
with your browser (or Remote Desktop client, or whatever). If everything
went well, you are now securely connected to the server.