Technical data

ManualsBrandsSamsung ManualsFlat Panel TVPC680-ZA

191

192

193

194

195

196

197

198

199

200

4. Packages

STUNNEL_x_NAME The name of each tunnel. Must be unique for all conﬁgured tunnels.

Example: STUNNEL_1_NAME='imond'

STUNNEL_x_CLIENT This variable conﬁgures which parts of the communication are en-

crypted via SSL/TLS. There are two options:

• Client mode: The tunnel expects unencrypted data from outside and sends it en-

crypted to the other end of the tunnel. This corresponds to the setting

STUNNEL_x_CLIENT='yes'.

• Server mode: The tunnel expects data encrypted via SSL/TLS from outside and

will send it decrypted to the other end of the tunnel. This is equivalent to setting

STUNNEL_x_CLIENT='no'.

Tunnels in client mode hence are particularly suitable for connections “to the outside”,

i.e. to the (unprotected) Internet because data is encrypted before leaving the local

network. Of course the remote site must oﬀer a server that expects data encrypted via

SSL/TLS. For example an e-mail client in the LAN only supporting unencrypted POP3

can “talk” to a POP3 over SSL service on the Internet

Tunnels in server mode in reverse are for connections that come “from the outside”,

i.e. from the (unprotected) Internet providing encrypted data. If the actual service

on the server side is not capable to understand SSL/TLS the data must be decrypted

previously. For example the access to the ﬂi4l web GUI can be accomplished via HTTP

(HTTPS) encrypted via SSL/TLS by conﬁguring a tunnel on the ﬂi4l receiving HTTP

traﬃc encrypted via SSL/TLS on port 443, then decrypting the data and forwarding it

to the local web server mini_httpd listening on port 80.

Conﬁgurations for these use cases are presented later.

Example: STUNNEL_1_CLIENT='yes'

STUNNEL_x_ACCEPT This determines on which port (and address) the tunnel is “listen-

ing” for incoming connections. In principle two possibilities exist:

• The tunnel should listen on all addresses (on all interfaces). Use the setting “any”

in this case.

• The tunnel should only listen to deﬁned addresses. Set this with a reference cor-

responding to the IP-subnet conﬁgured, for example IP_NET_1_IPADDR (for IPv4) or

IPV6_NET_2_IPADDR (for IPv6).

At the end of the address part the port must be added, separated by a colon (“:”).

Example 1: STUNNEL_1_ACCEPT='any:443'

Example 2: STUNNEL_1_ACCEPT='IP_NET_1_IPADDR:443'

Example 3: STUNNEL_1_ACCEPT='IPV6_NET_2_IPADDR:443'

Please note that using IP_NET_x_IPADDR resp. IPV6_NET_x_IPADDR determines the Layer-

3-Protocol (IPv4 or IPv6), the choice here must match with the settings in the vari-

ables STUNNEL_x_ACCEPT_IPV4 and STUNNEL_x_ACCEPT_IPV6. Hence you may not deacti-

vate IPv6 for the tunnel by using STUNNEL_1_ACCEPT_IPV6='no' and then listen on

see http://en.wikipedia.org/wiki/POP3S

200