Oh, "client = yes" was the problem. I must have copypasted it when I was googling some strange errors... 
stunnel
- Thread starter matsburr
- Start date
I never would have guessed that. Even now that I've looked up the meaning of the "client" parameter, the meaning is ambiguous to me.
awahl101
Young grasshopper
- Sep 21, 2017
- 66
- 15
Just an update to this it now is under TLS not SSL.
Also you need to add this after connect = * cert = stunnel.pem
Is there any reason why this would break the chromecast in the app? It no longer shows up as being available, another connection using http shows this option but says you need to use https.
Would love to get this working
Also you need to add this after connect = * cert = stunnel.pem
Is there any reason why this would break the chromecast in the app? It no longer shows up as being available, another connection using http shows this option but says you need to use https.
Would love to get this working
Weather_Junkie
Getting the hang of it
Thanks to you, I stopped banging my head on the desk. I'm not an IT guy but am tech-savvy and I still couldn't figure it all out. Until now!
Weather_Junkie
Getting the hang of it
I didn't read every single post within this thread as I skipped around to the ones that were relevant to me but just to double check that Stunnel is working, The only port I have open in my router is what I have now configured through Stunnel. The old one I originally had open (and unsecured) is now closed and I can instantly log into BI through the app. Even though the new port shows up as open in canyouseeme.org, is it really secure behind the scenes? Just as a test I shut down stunnel on my PC and tried to access BI using the app and it wouldn't open. Once I started the service again, I could login. Did I answer my own question?
Also BIG TIME THANKS tobradconverse.The step-by-step was such a big help.
[URL='https://ipcamtalk.com/members/smiticans.9393/']smiticans post above just helped me cross the finish line.
[/URL]
Also BIG TIME THANKS tobradconverse.The step-by-step was such a big help.
[URL='https://ipcamtalk.com/members/smiticans.9393/']smiticans post above just helped me cross the finish line.
[/URL]
Last edited:
I have a few questions that I wonder if someone can help with.
I too would like to utilize Stunnel to achieve at least some level of security when viewing my camera feeds remotely on my smartphone. I'd like to install a VPN that would encrypt the video feeds to allow me that security. But, since my router consists of 3 Google Wifi pucks, and due to my difficulty configuring a VPN client with Google Wifi without rooting it and installing a new firmware, I have not been successful in getting a VPN server (i.e., OpenVPN, onboard Windows 7 VPN, ExpressVPN) to work on that router. So, I'm now trying to use Stunnel to add at least some security. I'm viewing and recording the feeds for 4 cameras using BI on a 64-bit PC with Windows 7 Pro. However, even after downloading stunnel-5.49.tar.gz and unzipping the file from stunnel: Downloads, I'm unable to locate an .exe file to install Stunnel. I'm hoping stunnel-5.49.tar.gz is the correct file to download for a 64-bit machine. If not, please let me know. It seems that there should be an .exe file for Stunnel as part of the download. Should I even expect to find an .exe file, and if not, what files would help me to install it?
Thank you in advance.
Lee
I too would like to utilize Stunnel to achieve at least some level of security when viewing my camera feeds remotely on my smartphone. I'd like to install a VPN that would encrypt the video feeds to allow me that security. But, since my router consists of 3 Google Wifi pucks, and due to my difficulty configuring a VPN client with Google Wifi without rooting it and installing a new firmware, I have not been successful in getting a VPN server (i.e., OpenVPN, onboard Windows 7 VPN, ExpressVPN) to work on that router. So, I'm now trying to use Stunnel to add at least some security. I'm viewing and recording the feeds for 4 cameras using BI on a 64-bit PC with Windows 7 Pro. However, even after downloading stunnel-5.49.tar.gz and unzipping the file from stunnel: Downloads, I'm unable to locate an .exe file to install Stunnel. I'm hoping stunnel-5.49.tar.gz is the correct file to download for a 64-bit machine. If not, please let me know. It seems that there should be an .exe file for Stunnel as part of the download. Should I even expect to find an .exe file, and if not, what files would help me to install it?
Thank you in advance.
Lee
Vettester
Getting comfortable
- Feb 5, 2017
- 806
- 814
Hello from Germany.
My english is maybe not the best. But i got BI&Stunnel running fine. Only the following Info by testing (The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) isn´t fixed. But i think it is combined with the own-certificate stunnel.pem which is not signed as trusted.
[blue iris]
accept = 8151
connect = 8141
cert = stunnel.pem.
[blue iris], here you can also take [https]
accept = 443 (https)
connect = 99 (htp)
cert = stunnel.pem
I have a windows10x64 system with an fritzbox7490 router with portforward and also a dns-site, connected from the router. Everything works fine and the wan refreshs automatically. Only the warning because of the certificate if i connect via browser isn´t fixed. But i have no dns with textchanges and no homepage. So i think, it is the best solution until now.
With an friend we tried to connect to the site without typing "https://xxxxxxx.xxdns.xx" and only type the url without https but i didn´t work.
Shoud we fix that, we call it luxusproblems, i would fresh you up. It would be great if the software could be in german. I would offer myself to translate it
There are so many and awesome posibilietes to use this software differently, that it seems, that no one without me got such ideas in this area. But as you know, germans are stupid :-D
If i can help anyone, i would do. Sometimes it is useful to work with Teamviewer to connect to each other to fix probs without travelling arround the world.
Mobile browser with firefox on android works, if you switch to desktop-site.
Best regards.
ME
I was able to set up Stunnel, and I too am having the same problem as the poster above, i.e., getting the error message when I click the "Test Again" button towards the end of the "Remote Access Test" procedure: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. I am able to use the Blue Iris app to view my cameras' streams remotely on my smart phone, but I'm concerned the streams will not be encrypted when I get the above error message.
My Stunnel.conf file shows the following under ; ***************************************** Example TLS client mode services
[BlueIris]
;due to a bug accept must be as follows
; normally would be as follows
;accept = xxxx
accept = 0.0.0.0:xxxx
connect = 192.168.1.200:8081
cert = stunnel.pem
Please see attached screenshot of page with error.
Can someone please offer guidance on how I can resolve this? Please forgive my ignorance, but I couldn't quite follow the discussion about how to resolve this.
Thanks in advance.
Lee
Attachments
Last edited:
Hi,
I set up stunnel according to posts in this thread, but not sure if it's correct and as secure as it can be using stunnel by itself as I am doing. I am able to connect remotely and view my home camera feeds using blue iris on my android smart phone using the blue iris app, and I am able to view the video feeds of the camera in a browser on my smart phone using the WAN https:// address I set up and is specified under "Client app login" when using the "remote access wizard" under the "Web server" tab. However, in the address bar when I enter this WAN https address on my smart phone without wifi, the "https//" part of the address has a red line through it and I get a message saying "Your connection to this site is not secure. You should not enter any sensitive information on this site (for example, passwords or credit cards) because it can be stolen by hackers". The identify of this website has not been verified. Server's certificate does not match the URL. Server's certificate is not trusted."
Can anyone share if this is a concern, and if so, how I can resolve it? Do I need to modify the certificate somehow, and if so, how?
Also, as stated in my post above, I get the page in the attached screenshot that shows an error when I run the remote access wizard.
Any help would be much appreciated.
Thanks,
Lee
I set up stunnel according to posts in this thread, but not sure if it's correct and as secure as it can be using stunnel by itself as I am doing. I am able to connect remotely and view my home camera feeds using blue iris on my android smart phone using the blue iris app, and I am able to view the video feeds of the camera in a browser on my smart phone using the WAN https:// address I set up and is specified under "Client app login" when using the "remote access wizard" under the "Web server" tab. However, in the address bar when I enter this WAN https address on my smart phone without wifi, the "https//" part of the address has a red line through it and I get a message saying "Your connection to this site is not secure. You should not enter any sensitive information on this site (for example, passwords or credit cards) because it can be stolen by hackers". The identify of this website has not been verified. Server's certificate does not match the URL. Server's certificate is not trusted."
Can anyone share if this is a concern, and if so, how I can resolve it? Do I need to modify the certificate somehow, and if so, how?
Also, as stated in my post above, I get the page in the attached screenshot that shows an error when I run the remote access wizard.
Any help would be much appreciated.
Thanks,
Lee
Attachments
Last edited:
I've been messing around with this for a couple of hours now.. tried certificates from multiple providers (ZeroSSL and others), etc.. I can access BI via HTTPS but my browser prompts that "Your connection is not secure" and I have to add an exception to continue.. when coming from my LAN (works fine when using my WAN/external IP). I assume I've done something wrong as I believe I should not be getting this warning if Stunnel and my certificate is setup properly.. When I attempt to connect from a browser, I get this in the Stunnel log:
2018.11.18 14:35:59 LOG5[0]: Service [Blue-Iris] accepted connection from 192.168.2.121:50291
2018.11.18 14:35:59 LOG3[0]: SSL_accept: 14094412: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate
2018.11.18 14:35:59 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
Any ideas?
2018.11.18 14:35:59 LOG5[0]: Service [Blue-Iris] accepted connection from 192.168.2.121:50291
2018.11.18 14:35:59 LOG3[0]: SSL_accept: 14094412: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate
2018.11.18 14:35:59 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
Any ideas?
Last edited:
Don't modern browsers always issue such warnings for free self-signed certificates?
Hello everyone!
I am in the process of creating a "How To" video on properly configuring stunnel on your machines. I should have the video ready within the week
I am also going to make a video on "How To" on setting up a VPN and how to connect Blue Iris to it. Both videos will be very generic as some configuration is required on your router and not all are the same
I am in the process of creating a "How To" video on properly configuring stunnel on your machines. I should have the video ready within the week
I am also going to make a video on "How To" on setting up a VPN and how to connect Blue Iris to it. Both videos will be very generic as some configuration is required on your router and not all are the same
Also, I am not an expert in network security, merely someone that enjoys helping others and learning how to do this stuff myself. As of a week ago I knew nothing about stunnel but I have successfully configured it on my system and am ready to show how I did it However:
if anyone here is familiar with network security I do have some technical data flow questions to ask if they could please send me a message. Thanks
if anyone here is familiar with network security I do have some technical data flow questions to ask if they could please send me a message. Thanks
I tried it again today. I did it exactly as video, down to using same ports... I am still getting WSAECONNREFUSED (10061)
I cannot figure out what that error is to fix it... Very unfortunate.
Anyone have an idea? I installed the latest (5.50 64bit) one...
edited to add -
I changed the config from just ports to the IP of computer... that worked! so pretty much
accept = 192.1.1.5:8080
connect = 192.1.1.5:81
now is there a way we can get stunnel.pem signed by maybe like let's encrypt?
I cannot figure out what that error is to fix it... Very unfortunate.
Anyone have an idea? I installed the latest (5.50 64bit) one...
edited to add -
I changed the config from just ports to the IP of computer... that worked! so pretty much
accept = 192.1.1.5:8080
connect = 192.1.1.5:81
now is there a way we can get stunnel.pem signed by maybe like let's encrypt?
Last edited:
Great video, will likely follow the instructions and install/configure STUNNEL later this week.
One note though... totally disabling security checking for your browser is risky (unwise). Why not simply add the self-signed certificate (ssc) to the browser?
chrome://settings/privacy then Manage Certificates, Import
Yes, that requires the ssc file to be installed on any/all systems that would be used to connect to BI.
In addition to using STUNNEL's ssc, documentation implies that any ssc can be used as long as it is a PEM or P12 format.
From what I have been told by a couple people, disabling TLS 1.3 in chrome just makes the browser revert to using version 1.2. So its not disabling the security check altogether... just version 1.3
Great point, thanks for sharing. But like you state it does require doing it in all browsers. Might be adding unnecessary steps since it doesn't actually add any security
Can you expand a little more on this
