Stunnel
Stunnel allows an application that does not provide encrypted traffic by default to tunnel its traffic through, and broadcast the traffic encrypted. Its main application is to provide an encrypted data exchange between sides when at least one of them does not support encrypted connections.
Stunnel can play both server or client roles. The client initiates encrypted connections, and the server expects and accepts them.
TNA devices start stunnel in the client mode and listen to the predefined port on all networking interfaces or the serial port depending on the configuration. If the configuration with a predefined local port is selected, any service in the network (Eth0 or Eth1 of the TNA) can connect to this port and forward data through a secure connection to evalink talos.
Stunnel encrypts the data between the alarm receiving equipment and evalink talos using TLS.
Stunnel over Ethernet

Stunnel over Serial

In case of the configuration with the serial port, the device connected to the TNA through this port can use a secure connection provided by stunnel to send and receive data.
On evalink talos, stunnel is started in server mode and any data received from stunnel clients is forwarded to the receiver expecting this data and vice versa.
In case of the configuration with the serial port, the TNA starts the stunnel client using the default local port 2771 and uses socat to forward data from the serial port to this port and vice versa. This requires the 2771 port to be available for use, with a secure server connection always being active.
In case of the configuration with RS-232, the TNA allocates the serial port for stunnel and any other TNA feature configured to use the serial port cannot be started. Stunnel configuration with the serial port is also impossible if any other TNA feature is already configured to use the serial port.
Enable Stunnel on the TNA Web Server
Access level 4 is required to enable or disable Stunnel integration.
To enable Stunnel integration, do the following:
-
On the TNA Web Server, navigate to
Settings > Integrations from the top right corner of the page -
From the list of integrations, search for Stunnel and toggle it

Once Stunnel integration is enabled, you can find it under
Integrations on the top navigation menu.The status is also reflected on the Integrations section of the Home page.

Configure Stunnel
Access level 3 or above is required to configure Stunnel integration.
To configure Stunnel parameters, do the following:
-
On the TNA Web Server, click on
Integrations from the top navigation menu and chooseStunnel
-
Under Dashboard, click on
and configure the following parameters under the new created tab:
You can set up a maximum of 20 stunnel connections simultaneously.

Configuration Name | The name of the stunnel connection. Maximum: 24 characters |
Interface | The interface to use for the connection: Ethernet or Serial Port Note: Only one connection can be configured using Serial Port. |
Local Port (Ethernet Interface) | The local port for the Stunnel connection through Eth0 or Eth1. Port range: 1024 - 65535 |
Baudrate (Serial Interface) | The Baudrate is the speed at which data bits are sent. The values range from 300 up to 3000000 Default value: 9600 |
Data Bits (Serial Interface) | The Data Bits is the number of bits of data in each frame. Possible values are 7 and 8 Default value: 8 |
Parity (Serial Interface) | The Parity bit can provide a simple form of error detection. Possible values are: None: no parity bit is added to the data. Even: the parity bit is set to space 0 if the total number of data bits in the mark 1 state is even. Odd: the parity bit is set to space 0 if the total number of data bits in the mark 1 state is odd. |
Stop Bits (Serial Interface) | The Stop Bits is the number of bits used to mark the end of a frame. Possible values are 1 and 2 Default value: 1 |
PSK Identity | The pre-shared key identity for the encrypted connection. Note: If the same PKS identity is used for more than one connection, the following warning message will be prompted: ![]() |
PSK | The pre-shared key to be used for establishing the encrypted connection |
-
Click on Save
-
(Optional) Click on Undo changes to reset the parameters to their previous values
-
Under the Configuration tab, configure the following parameters for stunnel connections:

Primary IP | The IP address of the primary connection to stunnel server on evalink talos side |
Primary Port | The port number of the primary connection to stunnel server on evalink talos side. Port range: 1024 - 65535 |
Fallback IP | The IP address of the backup connection to stunnel server on evalink talos side |
Fallback Port | The port number of the backup connection to stunnel server on evalink talos side. Port range: 1024 - 65535 |
Mobile Failover | Toggle to enable or disable the usage of the mobile interface as a backup for connections between the stunnel clients and the server. Note: Eth0 is used by default. |
Simultaneous connections to both primary and fallback hosts are not allowed.
-
Click on Save
-
(Optional) Click on Undo changes to reset the parameters to their previous values
-
To test both Ethernet and Mobile connections to the Primary and Fallback IPs, click on the Test button next to their sections.
The Test button will be clickable only after saving the destination parameters.
If you change the IP and Port values without saving them, the test will be done using the previously saved values.
After saving all configuration parameters, you can see an overview of your connections under Dashboard:

The state of each connection is monitored and displayed under Status. The different states are as follows:
Not established | The stunnel connection is not started |
Unavailable | The stunnel connection cannot be started due to Ethernet interfaces (Eth0 and Eth1) unavailability |
Available | The stunnel connection is started and waiting for a receiver to connect |
Connected | The receiver is connected |
-
Click on Start to start stunnel connections on the TNA
-
(Optional) Click on Stop to stop all stunnel connections
-
(Optional) Click on Remove all to remove all stunnel connections
Connection States
The state of the stunnel connections both on the TNA and evalink talos sides is displayed at the top of the Dashboard tab.
It consists of 3 parts as described bellow:
-
The state of the stunnel client on the TNA side which indicates whether the stunnel client is
Started - or Not Started - and which interface is used to connect (Ethernet or Mobile) -
The state of the stunnel connection between the TNA and evalink talos which indicates if the primary IP/Port or the fallback IP/Port are Available -
or Not Available - -
The state of the stunnel server on evalink talos side which indicates if the connection between a receiver and evalink talos is Established -
or Not Established -