Getting started with SSL Tunnels



Contents

Overview

SSL Tunnels add TLS support to encrypt an otherwise plaintext connection. A SSL Tunnel acts as a proxy between the client and server. The connection between the client and SSL Tunnel is secured using TLS/SSL. The connection between the SSL Tunnel and the server happens in plaintext.

For example, if a service needs to be exposed to a connecting party but the service is not secured (operates in plaintext), SSL Tunnels can be used to secure the connection by requiring connections to use TLS/SSL. Below is a simple diagram illustrating a typical connection using SSL Tunnels:

A client connects to PowerShell Server with a SSL Tunnel configured over TLS/SSL. The data is then forwarded to the server over a standard TCP connection.

Creating a SSLTunnel

The Tunnels tab allows for the creation of SSL Tunnels through a simple interface:

SSL Tunnel List

The tunnels list provides some information about existing tunnels:

  • Tunnel Name provides a friendly name for the tunnel.
  • Type indicates the type of tunnel. Plaintext, SSL, and SSH Reverse Tunnels are supported.
  • Listening Host indicates where the tunnel is listening.
  • Forwarding host indicates where the tunnel is directing its traffic.
  • SSH Server is applicable only for SSH Reverse Tunnels
  • User is the SSH username and is not applicable to SSL Tunnels.
  • Status indicates whether the tunnel is Enabled or Disabled.

Clicking the Add... or Edit buttons will present a form that can be used to create a new tunnel, or edit an existing one, and clicking Delete will remove the selected tunnel.

To create a new SSL Tunnel, click Add... in the Tunnels tab. This will present the following form:

SSL Tunnel Configuration

  • Enabled indicates whether the tunnel should be active or not.
  • Tunnel Name provides a friendly name for the tunnel.
  • Tunnel Type indicates the type of tunnel. Plaintext, SSL, and SSH Reverse Tunnels are supported. This guide only covers SSH Reverse Tunnels.
  • Listenting Port specifies the port on which the SSL Tunnel will listen.
  • Certificate selects the certificate with private key to use when hosting the SSL Tunnel
  • Forwarding Host is the host where the tunneled traffic will be forwarded.
  • Forwarding Port is the port on which the tunneled traffic will be forwarded.

After configuring the SSL Tunnel save changes and restart the server to begin using the tunnel.

Using a SSL Tunnel

Once the SSL Tunnel has been added to PowerShell Server, click Start in the toolstrip at the top to start the server and establish the SSL Tunnel. Once started, the endpoint can be reached by connecting to Listening Host. In the case of this example, where the endpoint is a web server, the browser can be used to navigate to hostname:7777 in order to view the nsoftware.com webpage.

SSL Tunnel User Experience

Note that the SSL Tunnel simply forwards TCP traffic, so this method could be used to access a variety of protocols. This example demonstrates using the tunnel to access a web page over HTTP, but this method could easily be adapted to access any type of server.