Stunnel with pfSense Openvpn setup


The question is I want to wrap the Openvpn in pfsense with SSL. Pfsense has package called Stunnel in the packages section.

How do i intergrate the pfsense openvpn with stunnel?

Yes I do know you can host diffrent openvpn server and install stunnel together but I want to have Stunnel inside of pfsense runing with pfsense openvpn.


I have never used stunnel, what are you trying to achieve by using it?

The problem is when you use Openvpn in public wifi or corporate wifi the openvpn connection is blcoked by the firewall - deep packet inspection and changing the openvpn config to tcp 443 does work in some public wifi that is not blocking tcp 443, but some wifi have deep packet inspection that detects the openvpn connection and blocks the connection. Thats why I want to wrap the Openvpn connection with SSL (Stunnel) so the firewall see the trafic as https trafic thru port 443 and not openvpn trafic on port 1194.

That is not likely to work as many of the modern DPI systems are aware of protocols such as stunnel and looker deeper at the connection to still block it. So it really depends on how good the system you are trying to bypass is.

Not really. There are many SSL services that use SNI with no website attached, such as snapchat. Enterprises doing SNI checking like that to block non-conforming SSL traffic will break 25% of the internet. Thus, stunnel should work in most cases.