To integrate serial connected devices into custom applications, the easiest option is often to use a Raw TCP connection between the application, and the Opengear connected to the serial device. In some scenarios, it is required that the data be encrypted.
The easiest solution for this is to use an SSL socket to provide transparent encryption and decryption. This faq shows how to use the stunnel on the Opengear appliance to allow encrypted Raw TCP connections to serial ports. Opengear uses stunnel for HTTPS connections on the console server/router appliance, and we use it for securing VNC on our KCS appliance.
Assuming you've already have raw tcp mode set up and working, you first edit the /etc/config/https.conf file and append a section as follows:
accept = :::9001
TIMEOUTclose = 0
connect = ::1:4001
Then restart stunnel (killall stunnel)
The above example uses 9001, but that is an arbitrary port that is not used on the box.
You will then need to go to the firewall page:
- remove access to raw tcp ports (i.e. uncheck it in the network interface column), and then
- go to Firewall Rules and add a rule to allow ingress TCP connections to port 9001
The socat utility can be used test the SSL wrapped raw tcp connection. This utility is available on both Linux and Windows. The following information shows a sample command to connect to an Opengear appliance on IP 192.168.254.80. The Opengear appliance has a loopback connector on the serial port, which will echo back any characters sent.
# socat stdin openssl:192.168.254.80:9001,verify=0
Once the command is running, type some characters, and press return. The characters should be echoed back.
Please note that this example setup uses the same certificate as the webserver. This by default is an unsigned certificate, which is why the verify=0 option was used in the above example.
Article is closed for comments.