I've used stunnel a few years ago, mainly for VNC security, but also for RDC on Windows. I'm trying to re-implement this for Windows, but am having problems this time. I did this once upon a time, but apparently didn't take very good notes.

stunnel version 5.70. I have the following in stunnel.conf on the Windows 10 computer:
The 'accept' line is, I presume, the port on the Windows machine to listen on. I don't know what the 'connect' line is for in this case and presume it's not needed for a client connection (yes, I've RTFM).

With the above config, I get the following error:
I run stunnel by clicking on the stunnel desktop icon/shortcut. When the error dialog appears the title bar says, "stunnel 5.70 on Win64 (invalid configuration file)". The 4 lines shown above are the only uncommented lines in the stunnel.conf.

Why am I getting this Permission denied error?

The idea of stunnel is to catch an encrypted connection and suffle it off unencrypted to its destination that wouldn't normally be encrypted. Windows runs RDP on 3389, so you can't rebind the port.
https://learn.microsoft.com/en-us/wi...-error-codes-2

I'm not sure why you'd try to wrap remote desktop anyway as it already uses TLS (at least on Linux; correct me if I'm wrong).

This is what I used to use for POP3S with a non-SSL server under Xinetd on the same host.

First to define my terms. I will call the PC from which I am connecting, e.g. from my home computer REMOTE, and the one at the office to which I want to RDC I'll call OFFICE. What I'm wanting to do is require the REMOTE user to enter credentials when trying to connect to OFFICE. I recall that stunnel used to work that way when I first used it (5 years ago!).

Why? Because the cyber insurance company doesn't want to see RDC ports accessible from the Internet. I figure with stunnel as a layer, probing the RDC ports will return a stunnel handshake and not the RDC fingerprint.

Although I had stunnel running 5 years ago, my notes are incomplete and there is no good tutorial on setting it up. The stunnel "documentation" consists of manpage-like descriptions of the various conf parameters, so one basically already needs to know how to set up stunnel and can use the docs as a refresher reference.

The first task I'm attempting is to set up OFFICE, which I've already done incorrectly since it is the server, not the client. I've changed the config to:
But I still get the permission denied error. You wrote: "Windows runs RDP on 3389, so you can't rebind the port." Maybe I'm going about this wrong and stunnel should not be running on OFFICE at all.

Here's my setup: There's another computer in the mix, located at the office I'll call ROUTER, which is Linux. Windows computer REMOTE is at e.g. a home office somewhere on planet Earth. It attempts an RDC connection to ROUTER using secret port 1234 (not 3389). ROUTER re-directs port 1234 to host OFFICE:3389. It does this for several office workstations. For example port 4567 redirected to JANE:3389, etc. This all works now.

Perhaps I should have stunnel running as a server on ROUTER, not on the target Windows workstation?

Any chance of simply using VPN? And/Or piggybacking on what is probably already in place at the company?

1 members found this post helpful.

There is nothing at place at the company, hence this project. I thought stunnel would be quick and easy and would be a stop-gap while we research the most appropriate VPN to use, but I guess stunnel isn't as quick and easy as I thought. Maybe I should move on.

I've decided to not worry about stunnel and install a VPN. Thanks for the feedback.