The ser2sock utility allows sharing of a serial device over a TCP/IP network. It also supports encryption and authentication via OpenSSL.
NOTE: The OpenSSL dev package is needed in order to compile with SSL support.
- ./configure
- make
- sudo cp ser2sock /usr/local/bin/
- sudo cp -R etc/ser2sock /etc/
- Make changes to /etc/ser2sock/ser2sock.conf as needed.
- sudo cp init/ser2sock /etc/init.d/
- sudo update-rc.d ser2sock defaults
- sudo /etc/init.d/ser2sock start
- ./configure
- make
- sudo mkdir -p /usr/local/bin
- sudo cp ser2sock /usr/local/bin
- Change the 'device' setting in /etc/ser2sock/ser2sock.conf.
- sudo cp init/ser2sock.plist /System/Library/LaunchAgents/
- sudo launchctl load /System/Library/LaunchAgents/ser2sock.plist
- sudo launchctl start ser2sock
Usage: ./ser2sock -p <socket listen port> -s <serial port dev>
-h, -help display this help and exit
-f <config path> override config file path
-p port socket port to listen on
-s <serial device> serial device; ex /dev/ttyUSB0
options
-i IP bind to a specific ip address; default is ALL
-b baudrate set baud rate; defaults to 9600
-d daemonize
-0 raw device mode - no info messages
-t send terminal init string
-g debug level 0-3
-c keep incoming connections when a serial device is disconnected
-w milliseconds delay between attempts to open a serial device (5000)
-e use SSL to encrypt the connection
In addition to supporting cleartext TCP/IP connections, ser2sock also supports SSL authentication and encryption as of v1.4.0.
There are three pieces you need to make this work.
- CA certificate - Certificate Authority that is used to authorize clients against.
- Server-side certificate - The certificate used by ser2sock, signed by the CA.
- Client-side certificate - The certificate used by clients of ser2sock, also signed by the CA.
Create the CA certificate and key:
openssl req -out ca.pem -new -x509
Generate the Server key:
openssl genrsa -out server.key 2048
Generate a signing request for the Server:
openssl req -key server.key -new -out server.req
Sign the server's request:
echo "00" > ca.srl
openssl x509 -req -in server.req -CA ca.pem -CAkey privkey.pem -CAserial ca.srl -out server.pem
Generate the Client key:
openssl genrsa -out client.key 2048
Generate a signing request for the Client:
openssl req -key client.key -new -out client.req
Sign the client's request:
openssl x509 -req -in client.req -CA ca.pem -CAkey privkey.pem -CAserial ca.srl -out client.pem
Now all you have to do is enable encryption in the configuration, update your certificate paths, and restart the service.
After the certificates have been generated and ser2sock restarted you can
verify that the certificates work with OpenSSL:
openssl s_client -connect 127.0.0.1:10000 -cert client.pem -key client.key -CAfile ca.pem
Certificates may be revoked using OpenSSL's CA facility.
Revoke the certificate:
openssl ca -config ca.conf -revoke certs/badclient.pem -keyfile certs/privkey.pem -cert certs/ca.pem
Regenerate the CRL:
openssl ca -config ca.conf -gencrl -keyfile certs/privkey.pem -cert certs/ca.pem -out ser2sock.crl
Restart ser2sock:
killall -HUP ser2sock