stunnel HOWTO

Contributed by Bradley Bell.

To set up FreeTDS over stunnel between a Linux webserver and a W2k SQL server:

  1. Get unencrypted FreeTDS working

  2. Install openssl and stunnel on the Linux box:

  3. Download the stunnel binary and openssl dll's for Windows.

  4. Generate stunnel.pem (complete with Diffie-Hellman parameters) for placement on the W2k box. See instructions in the stunnel FAQ.

  5. Start stunnel on the W2k box:

    	$ stunnel.exe -d 61666 -r localhost:1433

    61666 is just an arbitrary port number.

  6. Start stunnel on the Linux box:

    	$ stunnel -c -d 1433 -r win2kserver:61666

    where win2kserver is the hostname or IP address of the W2k box.

  7. Set up FreeTDS to use the tunnel. If this is your unencrypted entry in freetds.conf:

    Example 5-9. Unencrypted entry in freetds.conf

    	host = win2kserver
    	port = 1433

    the encrypted equivalent uses:

    Example 5-10. Encrypted entry in freetds.conf

    	host = localhost
    	port = 1433