SSL/TLS tunnel using stunnel for Android.
Note: Originally intended to be a socks5 VPN through TLS, but I never finished implementing the VPN service.
- Install Android Studio
- Download the stunnel android binary from stunnel.org, and copy it to /app/src/main/assets/stunnel
- Build it using Android Studio
How to use
To edit the configuration, tap the top menu then press Config Editor. Then add your settings according to the stunnel documentation.
Stunnel should start when you press the start button, and will create a notification while it is being run. If the notification is immediately removed after being created, there was an error, so you will need to check the log (second tab).
Please note that currently the log is only updated when stunnel stops, so you will need to press the stop button to view it. Currently there are also some problems with sending the log to the screen, so make sure you have the app open when you stop it.
How to configure stunnel
Some example configurations are available in the stunnel documentation, and more are given below. Many use cases (e.g. tunnelling SSH or SOCKS over HTTPS) require you to run an stunnel server, which you can download from the stunnel website.
The stunnel binary functions as both a server and a client, as long as you put
client = yes at the top of your config file when you want to use it as a client. This is set by default in the app.
SSH over HTTPS
[ssh] accept = 10000 connect = example.com:443
Connect to 127.0.0.1:10000 in your SSH client.
[ssh] accept = 443 connect = 127.0.0.1:22
[rdp] accept = 9050 connect = example.com:443
Connect to 127.0.0.1:9050 in your SOCKS client. Orfox works well for this on android.
[rdp] accept = 443 protocol = socks
[rdp] accept = 3380 connect = example.com:443
Connect to 127.0.0.1:3380 in your RDP client.
[rdp] accept = 443 connect = 127.0.0.1:3389
SNI allows you to have multiple tunnels on one server, as many firewalls only allow port 443.
[default] accept = 8080 connect = example.com:443 [ssh] accept = 10000 connect = example.com:443 sni = ssh.example.com
[default] accept = 443 connect = 127.0.0.1:8080 [ssh] sni = default:ssh.example.com connect = 127.0.0.1:22