Hi,
Do you know if you can integrate this app to make it work as a tunnel for OpenVPN (https://github.com/schwabe/ics-openvpn)?
To make them work as one app with one click.
Currently I am using them together to connect OpenVPN server as I have some networks where OpenVPN is blocked by deep packet inspection and the only tool works is Stunnel.

This OpenVPN client has the the ability to exclude apps from it's routing system so when you connect the VPN, the Stunnel stays with direct connection that doesn't go through the VPN.

Are you able to combine SSLSocks(Stunnel) and the OpenVPN functionality in that client together in one App so when you press one button it will automatically activate Stunnel, then OpenVPN connects through it?

Regards.

It would be great to import a cert by scanning a QR code

Hi @comp500
I am trying to configure in Android Nougat, but I found this error! Can you please explain why I am getting this error?

LOG5[ui]: stunnel 5.49 on arm-unknown-linux-androideabi platform
LOG5[ui]: Compiled/running with OpenSSL 1.1.0i 14 Aug 2018
LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
LOG5[ui]: Reading configuration from file /data/data/link.infra.sslsocks/files/config.conf
LOG5[ui]: UTF-8 byte order mark not detected
LOG5[ui]: FIPS mode disabled
LOG4[ui]: Service [squid] needs authentication to prevent MITM attacks
LOG5[ui]: Configuration successful
LOG5[ui]: Binding service [squid] to 127.0.0.1:8080: Address already in use (98)

HI.
I'd like to add to apk prepared configuration and client cert PEM.
Tried to copy config.conf or stunnel.conf to assets using aapt - didn't work.
Please explain how this can be done.

P.S. I have no problems with apk signing and installation.

binding service to addres 127.0.0.1:* already in use
i have this with every single port on my phone please help

Hello,

I am using a Cert from Let's Encrypt on my stunnel Server.
On my Clients (here my Android devices), I want to use the Parameter CApath.
Is it possible the CA-Certs of android for SSLSocks?
Because Let's Encrypt is a official CA-Authority (certified itself by DST Root CA X3), all Certs from Let's Encrypt should be verified automatically.
What is the correct path for these Certs so that I get a complete CA-Hierachie?

Thanks.

The are security bugfixes in the new release.

https://www.stunnel.org/NEWS.html

Thank you so much for this great app.

First lines of Log shows:
__bionic_open_tzdata_path: ANDROID_DATA not set!
__bionic_open_tzdata_path: ANDROID_ROOT not set!

But Configuration successful

Any idea how to fix it?
Im using SSH.

I got this error.
Binding service [ssh] to 0.0.0.0:10000: Address already in use (98)
I tried 127.0.0.1: 10000, try with squid, try to Force Close App and start again. Restart device.
But always shows this error.

Hi,

I love this app, it is by far better than what i was using before in Android and love the ability to edit stunnel.conf from the UI.

However you can't open passphrase protected pfx or pem files. It is much safer to store them encrypted than in plain text on the phone.

Thanks.

java.io.IOException: Cannot run program

java.io.IOException: error=13, Permission denied

fix please android 10

Hi there,

I'm wondering if you have any plans to release SSLSocks on the Play Store. If funding is an issue, I'd be happy to let you use my Google Play License to put it on the Play Store.

Thanks for the awesome app!

hi
would you please release new version with latest stunnel 5.55?
thanks for your time.

Hi,

I am getting below error on device Android 11 (OnePlus 8)

E/StunnelProcessManager: failure
    java.io.IOException: Cannot run program "/data/user/0/link.infra.sslsocks/files/stunnel" (in directory "/data/user/0/link.infra.sslsocks/files"): error=13, Permission denied
        at java.lang.ProcessBuilder.start(ProcessBuilder.java:1050)
        at java.lang.Runtime.exec(Runtime.java:699)
        at java.lang.Runtime.exec(Runtime.java:529)
        at link.infra.sslsocks.service.StunnelProcessManager.start(StunnelProcessManager.java:106)
        at link.infra.sslsocks.service.StunnelIntentService.handleStart(StunnelIntentService.java:81)
        at link.infra.sslsocks.service.StunnelIntentService.onHandleIntent(StunnelIntentService.java:69)
        at android.app.IntentService$ServiceHandler.handleMessage(IntentService.java:77)
        at android.os.Handler.dispatchMessage(Handler.java:106)
        at android.os.Looper.loop(Looper.java:245)
        at android.os.HandlerThread.run(HandlerThread.java:67)
     Caused by: java.io.IOException: error=13, Permission denied
        at java.lang.UNIXProcess.forkAndExec(Native Method)
        at java.lang.UNIXProcess.<init>(UNIXProcess.java:133)
        at java.lang.ProcessImpl.start(ProcessImpl.java:141)
        at java.lang.ProcessBuilder.start(ProcessBuilder.java:1029)

Hello,

i installed SSLSocks App from Google Playstore.
Now I get an error after loading the p12-File.
The Log is saying: d2i_PKCS12_BIO: crypto/asn1/asn1_lib.c:101:error:0D07207B:asn1 encoding routines:ASN1_get_object: header too long

Is there anything i can do?

My config:

foreground = yes
pid = /data/user/0/link.infra.sslsocks/files/pid
sslVersionMin = TLSv1.2
checkHost = xxxxx.myftp.org
verifyChain = yes
CAfile= fullchain1.pem

cert = android1.p12
key = android1.pem

sslVersionMin = TLSv1.2

[openvpn]
client = yes
accept = 0.0.0.0:55554
connect = xxxxx.myftp.org:443

Hi! I've realised I don't really have the time or energy to maintain this project, nor do I have much use for it myself anymore. As the license permits, others are welcome to fork and continue the project. The app as is on the Play Store will not receive new updates, and in its current state is becoming unusable with newer Android versions due to restrictions on native code execution.

For alternatives, I'd recommend WireGuard, Tailscale, or I believe you can use Termux to run the stunnel CLI directly.

.

Working Config on PC:

[test1]
accept = 127.0.0.1:x
connect = x:443
ciphers = x
sslVersionMin = x
curve = x
verifyChain = yes
CApath = ??? (no idea where is it on Android)
checkHost = x
OCSPaia = yes

Hello buddy,
Could you list some example config ?

Where should certificates be placed in the filesystem?

Hi and thanks for this app.is there any chance to get the updated version with stunnel 5.56?

I see some logs in the application and worry about them.
for example :
connected remote server from 21.67.126.159
what does this line of log say?

I read this manual (https://hamy.io/post/0011/how-to-run-stunnel-on-your-android-device/), added my certificate, added part of the config, pressed start, but nothing happens. I don't see anything in the logs on my stunnel server. I also have a stunnel-cli for android with the same config and certificate, which I run from the terminal, it works. Well, the most incomprehensible thing is how the browser on android should use this proxy? When I use stunnel-cli from the terminal, I create a new access point (APN) in the network settings (not wifi) and specify the proxy server 127.0.0.1:8443 there.
My config (to be added to what is already suggested):

cert = /data/local/tmp/etc/stunnel/stunnel.pem
CAfile = /data/local/tmp/etc/stunnel/stunnel.pem
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

[server]
accept = 127.0.0.1:8443
connect = XX.XX.XX.XX:8443
verify = 2

Hi,I have been using this tunnel app for few years with no issues.but for the first time using android 10 I can not connect.I am using it as a wrapper for openvpn traffic.same config is running on other 3 phone devices smoothly.
here is the error;
"error resolving 127.0.0.1 : neither nodename nor servname known(EAI_NONAME)