This document specifies three sets of new ciphersuites for the Distribution of this memo is unlimited.Ĭopyright (C) The Internet Society (2005). Official Protocol Standards" (STD 1) for the standardization stateĪnd status of this protocol. Please refer to the current edition of the "Internet Internet community, and requests discussion and suggestions for This document specifies an Internet standards track protocol for the Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) Updated by: 8996 Network Working Group P.
SETTING UP STUNNEL WITH PSK INSTALL
Install standard stunnel from: then enable running as Windows service.Ĭonnect = :9100 (Public IP and the "Listen on Port" of pfSense firewall.)Ĭreate psk.txt in the same folder as the config file and past the same ID:Key combination from stunnel_psk.txt and restart the stunnel service.RFC 4279: Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) (Even better, only allow connections from specific public IPs you need to print from.) pfSense even provides a handy editor under Diagnostics once the file is created in the conf directory.Ĭreate WAN firewall rule to pass inbound TCP traffic on 9100. Stunnel_psk.txt contains a list of identities and preshared keys in the format ID:Key. Redirects to IP: (Printer IP attached to the LAN (or better, a DMZ))Ĭustom Options: PSKsecrets = /conf/stunnel_psk.txt Listen On Port: 9100 (Can be whatever you like, as long as it matches the stunnel config file on the distant side.) PfSense Firewall w/ stunnel add-on installed Most printers using standard IP printing use port 9100 and the RAW protocol over TCP. Here is what I've built, tested, and fielded, for folks out there actually looking for a solution: As I received no such support, I spent hours researching solutions on my own. I would also add that a proper VPN deployment is much more than running a wizard and dumping out a config file. This would require a rather complicated split-tunneling VPN solution a user would need to manually start. In most cases, they are built using off the shelf products that typically leverage one or two very common Class C network IP ranges. I don't (nor likely will) have any ability to change the network setup on the distant side of the solution. I've done the research and determined that a VPN is not the best solution.
SETTING UP STUNNEL WITH PSK HOW TO
If I wanted advice on how to best connect a remote printer, I would have asked that in the appropriate section of the forum. stunnel is not like that to first off, I'm dismayed that you are belittling my request for support. Sorry but while openvpn can all be done with a few gui clicks. What are the networks at both locations? Do the networks overlap? What is the OS of the client? Is the client beind a proxy or a firewall/nat?
What printing protocol, what is the printer? Does the printer have a gateway setup. If you actually wanted help - where are the details. And I am telling you vpn is easier of the to 2 to setup, and is all gui based.Īnd would also allow you for you to easy configure source natting and allow you to print to a printer even if the printer didn't have a gateway setup, etc. I have used both for years and years and years. And then creating the service to run for stunnel to connect? Why are you here asking. You honestly think the configuration required to setup stunnel to work for something like this is going to be less work, then have at it. If it takes you all of 1 minute I would be surprised. No setting up is not more than 1 minute - you run through the wizard, and export the config.
0 kommentar(er)
