[Solved] [Usefull] STunnel log displayed in HFS

[Dragon_Hunter]

should the openssl map be in to stunnel map?

i can't find "openssl.exe" the only one i found is  "install.com"

[SilentPliz]

Everything is explained in the links I have provided earlier.

Take the time to read.  

I could not tell you better than what has already been written.

http://www.rejetto.com/wiki/index.php/HFS:_Secure_your_server

If the approach of OpenSSL seems too difficult:

ALTERNATIVE SOLUTION FOR GENERATE AN SSL CERTIFICATE:

A simpler solution is to generate a certificate SSL with a program like Fillezilla server:
 
http://sourceforge.net/project/showfiles.php?group_id=21558&package_id=21737

Generate it in a file named:

stunnel.pem

[raffdich]

thank you for this great event script 

i have a request

is it now possible to obtain ip address of user when using stunnel?

the log will display
11.05.2009 22:14:29 192.168.xxx.3:4196{Stunnel} 2009.05.11 22:14:27 LOG5[2748:3680]: https accepted connection from xxx.xxx.38.8:50205
2009.05.11 22:14:27 LOG5[2748:3680]: https accepted connection from xxx.xxx.38.8:50205
2009.05.11 22:14:27 LOG5[2748:3680]: https connected remote server from 192.168.xxx.3:4196

is it possible to search / cut in the log file for [2748:3680] (i think this is like an ID or time stamp) to get the local ip:port and wan ip:port and match them to assign the wan ip to the %user% ?

it is an idea... don't pinch me
thanks for reply!

[SilentPliz]

Today I received a mail from rejetto:

"hi boss.
about this http://www.rejetto.com/forum/index.php?topic=6651.0
now we have global variables, we can improve it.

this for the log line
{.cut|{.^#stunnel.last.}||{.load|stunnel.log.}.}{.set|#stunnel.last|{.filesize|stunnel.log.}.}

and this to start from the last point.
[+start]
{.set|#stunnel.last|{.filesize|stunnel.log.}.}

i will soon introduce a way to partially load a file, so to avoid reloading it as whole every time.
maybe in #239. when it's available you can use this version
{.load|stunnel.log|from={.^#stunnel.last.}.}{.set|#stunnel.last|{.filesize|stunnel.log.}.}"

****************************************************************************************************
This solution work perfectly, I shall therefore update the topic.
For those using an older beta, use the "old" code. [link]

[UPDATE] STunnel log displayed in HFS (Tested with v2.3 build #242):

1)

- Paste the following sections in a file hfs.events that you will put in the folder of hfs.exe:


Script edited 01-18-2010

[connected]
{.set|#log|{.load|stunnel.log|from={.^#stunnel.last.}.}.}
{.set|#stunnel.last|{.filesize|stunnel.log.}.}
{.if|{.^#log.}|{:
{.add to log|.
Stunnel log :
{.^#log.}|Clblue.}
:}.}

[+start]
{.set|#stunnel.last|{.filesize|stunnel.log.}.}

2)

- In file stunnel.conf of the folder of stunnel.exe, specify the path of HFS where the file stunnel.log will be created.
(Debug = 6 gives a correct result)

; Some debugging stuff useful for troubleshooting
debug = 6
output = C:\path\of\hfs folder\stunnel.log

3)

- Enjoy HFS and Stunnel !  

----------------------------------------------------------------------------
Independently, you can add to the section [https] of stunnel.conf, the internal IP of your PC:

[https]
accept  = 0.0.0.0:443
connect = 127.0.0.1:44300
local = 192.168.1.6 *
TIMEOUTclose = 0

* IP example

Then you add in HFS:

Menu > Limits > Bans

\127.0.0.1;192.168.1.6

Then in Adress2name:

Name       IP Mask
Local        127.0.0.1
Stunnel   192.168.1.6

This will differentiate in the log of HFS, the local connections (http), and the distant connections from Stunnel (https).

[AvvA]

Well done !
Now, that's perfect !

Also, perhaps you could explain the ban rule, or at least what is representing 192.168.1.3, and the fact that in this case, only localhost and 192.168.1.3 could access the HFS site directly (via http).

[Mark14]

This is an english forum.  Can somebody (silentplz, avva) translate the last 3 posts to english?  Thanks.

[SilentPliz]

   
Sorry dear Guest!

The Operator has censored himself, I deleted the posts in french language.

These were comments about my topic, which were easier to clarify in our common language.

The translation is therefore unnecessary.

[michou]

This is an english forum.  Can somebody (silentplz, avva) translate the last 3 posts to english?  Thanks.

Me, I like it, that allows to familiarize us with the other languages.

In other, it is not a forum specially dedicated to the English language, I believe to remember that rejetto practise Italian marvelously (the Italian women also moreover ).

Mark14? Mmmmmmh! I indeed have the impression to recognize the voice of maverick behind this pseudo, I make a mistake or you are unmasked?

MAveRicK14