LuisLlamas Logo
instalar-stunnel-en-raspberry-pi

How to Install Stunnel on Raspberry Pi

  • 2 min
  • Advanced

Stunnel is an open-source tool that provides connection security via SSL/TLS for services that lack native encryption support.

Stunnel acts as an intermediary that encapsulates TCP connections within an encrypted tunnel, providing an additional layer of security for services like IMAP, SMTP, and other protocols that do not have built-in encryption.

This is especially useful for securing connections on insecure networks. For example, to encrypt traffic between devices on a local network or to secure services running on your Raspberry Pi.

Some of its features are:

  • Data Encryption: Protects the confidentiality and integrity of data.
  • Support for Common Protocols: Compatible with common network protocols that do not implement encryption.
  • Easy Configuration: Configuration via a simple text file.

Installing Stunnel on Raspberry Pi

First, let’s make sure our Raspberry Pi is up to date before proceeding with the installation. Run the following commands:

sudo apt update sudo apt upgrade

Then, install Stunnel on our Raspberry Pi using the following command:

sudo apt install stunnel4

Starting and Stopping Stunnel

You can start Stunnel by running the following command:

sudo service stunnel4 start
Copied!

To stop Stunnel, use:

sudo service stunnel4 stop
Copied!

To verify that Stunnel is running correctly, you can use the following command:

sudo systemctl status stunnel4

Configuring Stunnel

Stunnel is configured via a configuration file located at /etc/stunnel/stunnel.conf. First, open the configuration file to edit it:

sudo nano /etc/stunnel/stunnel.conf

Next, add a basic configuration.

# Enable client mode
client = yes

# Local port that Stunnel will connect to
[my-service]
accept = 12345
connect = remote-server.com:443
Copied!

In this example,

  • Stunnel will act as a client
  • It will redirect traffic from local port 12345
  • The traffic will go to the remote server on port 443 using an SSL/TLS connection.

Creating an SSL Certificate

If you don’t have an SSL certificate, you can create a self-signed certificate for testing purposes. Run the following command to generate the certificate and key:

sudo openssl req -new -x509 -days 365 -nodes -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem

During the process, you will be asked for information such as organization name and country. You can fill in these fields with dummy data if necessary.

On this page