blob: 4022e2dc609af8842e3aaea29f1eadcf940b445f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
SIP2 authentication howto
=========================
stunnel configuration
---------------------
SIP2 has no encryption built-in. To encrypt traffic, we install stunnel both on
the server (the one with the koha instance) and the client (the vpnweb node):
sudo apt-get install stunnel4
Set value to ENABLED in the config file:
/etc/default/stunnel4
Configure the server, see `docs/examples/stunnel.conf-server-sample`:
[sip2]
accept = 6443
connect = 6001
cert = /etc/stunnel/ssl/sip2-cert.pem
key = /etc/stunnel/ssl/sip2-key.pem
You will need to generate a certificate pair for this service. For a throwaway test deployment,
you can look in the `test/simple-ca` folder.
Now configure the client side (the box where the vpnweb instance is running). Create /etc/stunnel/sip.conf:
[sip2]
accept = localhost:6001
connect = koha.example.org:6443
client = yes
Now you can start the service:
sudo /etc/init.d/stunnel4 start
And configure vpnweb to connect to the local port:
export VPNWEB_SIP_HOST=localhost
export VPNWEB_SIP_PORT=6001
|