stunnel + squid over the wall

Preparing to cross the wall:

A foreign Linux server


Software introduction: squid high-performance proxy server stunnel TSL encryption tool, because our http is transmitted in clear text, so we must use tools to encrypt the content in order to avoid sniffing.


The process of crossing the wall:

yum -y install squid  stunnel 


generate pem  


openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel.pem
openssl gendh 512 >> stunnel.pem

 Modify the default location of stunnel.conf /etc/stunnel/

Just modify the cert location to the location where stunnel.pem was just generated

For example: cert = /etc/stunnel/stunnel.pem

Log out useless stuff about mail plus

accept = 7070
connect = 3228

 accept is the port that stunnel listens on, and 3228 is the port of squid, which can be modified according to your own configuration.

start up


 Generally no output, just start  

Even if the configuration is completed on the server side

The client side is local:

Download the windows installation from, copy the stunnel.pem on the server to the installation directory /config, and modify the configuration file to add at the bottom

client = yes
accept =
connect = xx.xx.xx.xx:7070
cert = stunnel.pem

 xx.xx.xx.xx is the address of the foreign server

Then set the proxy to the local port 7000 in your own browser, start it, and everything is fine.



Guess you like