Setting up stunnel
Installing
$ sudo apt-get install stunnel
Enabling stunnel
$ vi /etc/default/stunnel4
Change the line,
ENABLED=0
to
ENABLED=1
Create you certificate with openssl
$ openssl req -new -out mail.pem -keyout mail.pem -nodes -x509 -days 365
Where ever your /etc/stunnel/stunnel.conf file is pointing to mail.pem is where you should put this file. Mine points to /etc/stunnel/mail.pem.
Start your stunnel server
$ sudo /etc/init.d/stunnel4 start
If you get an error like You should check that you have specified the pid= in you configuration file, open up /etc/stunnel/stunnel.conf and comment out these services that may be enabled by default.
;[pop3s] ;accept = 995 ;connect = 110 ;[imaps] ;accept = 993 ;connect = 143 ;[ssmtp] ;accept = 465 ;connect = 25
Example of setting up remote desktop for stunnel
Edit your /etc/stunnel/stunnel.conf.
Add the contents,
[rdp] accept = 1234 connect = 123.123.123.123:22
and uncomment the line that says ;client = yes. This should be done on the client side. Restart stunnel: /etc/init.d/stunnel4 restart.
The accept variable (port) can be anything. I think maybe greater than 1000, but I'm not sure. The connect variable should be the host you are trying to connect to with <colon><port_number> appended to it.
On the server side, you would do something similar. Just add to your stunnel.conf
[rdp] accept = 22 connect = 3389
and start the stunnel server.
Now we need to connect to the remote desktop. On the client, since we set the accept port to 1234 and mapped that to 123.123.123.123:22 the server, we will connect to the remote desktop server from the client itself. Just issue the command,
$ rdesktop localhost:1234
This looks in the stunnel.conf on the client side, finds the service that accepts port 1234, and then actually performs the connect which is to host 123.123.123.123 on port 22. On the server end, stunnel gets a request on port 22 and says to actually connect to port 3389, the one remote desktop is running on.
Note, my router at home has another server using port 22 for ssh, so I used port 23 instead. Works the same.