Install stunnel4 form the Ubuntu repositories:
sudo apt-get install stunnel4Configure stunnel to start automatically by editing the main configuration file with nano text editir (my favorite) and change the ENABLED=0 line to 1:
sudo nano /etc/default/stunnel4
ENABLED=1Copy the example configuration /usr/share/doc/stunnel4/examples/stunnel.conf-sample to /etc/stunnel/
sudo cp /usr/share/doc/stunnel4/examples/stunnel.conf-sample /etc/stunnel/stunnel.confEdit the newly copied configuration file to make news request secure
Uncomment the line (remove the ;) to enable client secure tunnels
client=yesUncomment the line (remove the ;) to add compression to stunnel traffic
compression = zlibAdd the lines encrypt news (port 119) traffic:
accept = localhost:119 connect = ssl.astraweb.com:563Allow nntp in the /etc/hosts.allow file
sudo nano /etc/hosts.allow
nntp: 127.0.0.1Before you can use and start stunnel, you need a key. Upon installation, stunnel does not come with a key file. So you need to generate your personal key.
This key you need to generate with these commands.
openssl genrsa -out priv.pemand again with this
openssl req -new -x509 -key priv.pem -out stunnel.pem -days 1095You will have two files. One named priv.pem, the other stunnel.pem.
You need to add the content of priv.pem into stunnel.pem to have a complete key. The stunnel man page states the format of the key should look like this:
-----BEGIN RSA PRIVATE KEY----- [encoded key] -----END RSA PRIVATE KEY----- [empty line] -----BEGIN CERTIFICATE----- [encoded certificate] -----END CERTIFICATE----- [empty line]
sudo nano priv.pem sudo nano stunnel.pem sudo mv stunnel.pem /etc/ssl/certs/stunnel.pemAfter you did this, you need to set the right permissions to secure the key file.
chmod 600 /etc/ssl/certs/stunnel.pemStart Stunnel4:
sudo /etc/init.d/stunnel4 startThe next step is configure Pan Newsreader to make it's newsreader request to stunnel4. Then stunnel will make the secure connections with the astraweb news servers:
Start Pan and enter the following settings for your secure newsgroup server (Edit:Edit News Servers:Add):
Set the Location Address to: "localhost" (without the quotes).The last thing I do is change my connection limit for the astraweb News servers to 50 You can't do this in the GUI, so I just do a quick edit of the Pan configuration file:
Set the port to: 119
Enter your Login information if required by your astraweb setup.
sudo nano ~/.pan2/servers.xmland change the connection limit from 4 to 50
<connection-limit>50</connection-limit>Happy secure newsreading. If you want to check the version of stunnel that your running you can:
stunnel4 -versionUPDATED 12/31/2012: Here is my working /etc/stunnel/stunnel.conf:
cert = /etc/ssl/certs/stunnel.pem sslVersion = SSLv3 chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 pid = /stunnel4.pid ; performance tunings and added compression DT 12/31/2012 socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 compression = zlib ; debugging stuff (may useful for troubleshooting) DT 13/31/2012 log doesn't write out look in /var/log/syslog) ;debug = 7 ;output = /var/log/stunnel4/stunnel.log ; service-level configuration [nntp] client = yes accept = localhost:119 connect = ssl-us.astraweb.com:563
Some of my sources of information: