SSL Tunnel File


This file lets you create TCP/IP tunnels and SSL tunnels. Tunnel is a gateway listening on a specified port and forwarding all datagrams to a destination address and port in both directions. You can create special rules so only specified sessions will be processed. SSL tunnels can have certificates for processing and server can request client certificates. Certificates can be verified using the rules section.

Formal Syntax:

tunnelitems = *(tunnelitem CRLF)  
tunnelitem = sourceitem "," desinationitem ["," rules ["," comment]]  
sourceitem = [listenip] ":" port [";" SSLCertificate]  
destinationitem = [destinationip] ":" port [";" SSLCertificate ]  
listenip = ipaddress  
destinationip = ipaddress  
rules = *(rule)  
rule = action ":" value ";"  
action = ("0" / "1" / "2" / "3" / "4" / "5") 0 - Reject IP ":" IPAddress
1 - Allow IP ":" IPAddress
2 - Require peer certificate [":" certfile]
3 - Reserved
4 - Reserved
5 - Disable
 

Example:

:5000,gate.icewarp.com:80 Listens on all interfaces on port 5000 and sends data to gate.icewarp.com port 80
127.0.0.1:5001,194.213.224.2:25,1:192.*.*.*;0:*.*.*.* Listens on IP 127.0.0.1 port 5001 and sends all data to 194.213.224.24 port 25 only for connections from 192.*.*.*
:5001;/certs/cert.pem,gate.icewarp.com:80,2: Listens on port 5001 as an SSL server and forwards all data SSL decoded to gate.icewarp.com. Requires client certificate and the client certificate that has been issued by trusted CA.