Versions Compared

Old Version 22

changes.mady.by.user Former user

Saved on

compared with

New Version 23

changes.mady.by.user AntonA (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Warning

Since FIX Antenna C++/.NET version 2.13.0 and FIXEdge version 5.9.0 SSL built-in support has been introduced. Refer to How to configure built-in SSL support for FIX session in FIXEdge for details. However, you can continue use stunnel with accordance to the current article if you wish.

Table of Contents

Simple configuration FIXEdge -> Stunnel -> (VPN) -> SSL acceptor

...

Stunnel installation

Download latest version of installer from from https://www.stunnel.org/downloads.html

Run installer and answer questions to generate certificate.

Configuration example #1. FIXEdge's initiator connects to SSL acceptor over Stunnel

Configure stunnel

Initiator FIX session

  1. Run stunnel GUI Start from Start menuRun menu Run  
  2. Editstunnel.conf from stunnel system tray icon context menu
    1. Add option 


      Code Block
      titlestunnel.conf
      protocol = proxy
    2. Comment example SSL services

    3. Add SSL service

      Code Block
      titlestunnel.conf
      [fix_initiator_session1_tunnel]

      
client = yes

      
accept  = 127.0.0.1:443

      
connect
      = x.x.x.x
       = <counterparty_ip>:443
    Run

    1. <counterparty_ip> - ip address of counterparty

  3. Reload stunnel.conf from stunnel system tray icon context menu

Configure fix session in FIXEdge

  1. Open FIXEdge.properties to specify Initiator FIX session parameters:

    Initiator FIX session

    Code Block
    title FIXEdge.properties
    FixLayer.FixEngine.Session.SSLInitiator.Role = Initiator
FixLayer.FixEngine.Session.SSLInitiator.Host = 127.0.0.1
FixLayer.FixEngine.Session.SSLInitiator.Port = 443

  2. Connect to VPN (if necessary; if not, just skip this step);

  3. Start FIXEdge.

Configuration example #2. FIXEdge is a proxy between 2 counterparties.

Complex configuration: Broker/Stock -> Broker's/Stock's Stunnel -> FIXEdge's Stunnel -> FIXEdge -> FIXEdge's Stunnel -> Broker's/Stock's Stunnel -> Broker/Stock

Server F (FIXEDGE):  y.y.y.y where FIXEdge is installed

Server B (BROKER):  x.x.x.x where SimpleClient #1 and SimpleClient #2 are installed. SimpleClient #1 will simulate Broker and SimpleClient #2 will simulate StockExchange.

Server F (FIXEDGE) Configuration

FIXEdge.properties

...

The current configuration describes the following scenario.

FIXEdge establishes SSL connection to Exchange. The client connects to FIXEdge over SSL. All messages from Exchange are routed to the Client and vice versa.

Stunnel is configured for Incoming and outgoing connections on FIXEdge's side and on the Client side.

Image Added


Info

The next configuration parameters are used in the configuration examples:

<exchange_ip> - Exchange's IP

<FIXEdge_ip> - FIXEdge IP

TCP port for SSL Connections on FIXEdge site: 443

TCP port for SSL Connections on Exchange site: 443

Configuration on FIXEdge side

FIXEdge.properties

Configured 2 sessions EXCHANGE and CLIENT

Code Block
languageperl
titleFIXEdge.properties
FixLayer.FixEngine.Sessions = EXCHANGE, CLIENT
# -----------------[ SC1FIXEdge ASconnects ACCEPTORto SENDEXCHANGE MESSAGEas TO SC2Initiator ] ------------------
FixLayer.FixEngine.Session.FIXEDGE-SC1EXCHANGE.VersionRole = FIX44Initiator
FixLayer.FixEngine.Session.FIXEDGE-SC1EXCHANGE.EncryptMethodHBI = 030
FixLayer.FixEngine.Session.FIXEDGE-SC1EXCHANGE.ForceSeqNumResetHost = 0
FixLayer.FixEngine.Session.FIXEDGE-SC1.IgnoreSeqNumTooLowAtLogon = false
FixLayer.FixEngine.Session.FIXEDGE-SC1.IntradayLogoutTolerance = false
FixLayer.FixEngine.Session.FIXEDGE-SC1.MaxMessagesAmountInBunch = 0
FixLayer.FixEngine.Session.FIXEDGE-SC1.RecreateOnLogout = false
127.0.0.1
FixLayer.FixEngine.Session.FIXEDGE-SC1EXCHANGE.TerminateOnLogoutPort = true444
FixLayer.FixEngine.Session.FIXEDGE-SC1EXCHANGE.RejectMessageWhileNoConnectionVersion = falseFIX44
FixLayer.FixEngine.Session.FIXEDGE-SC1.Role = Acceptor
FixLayer.FixEngine.Session.FIXEDGE-SC1EXCHANGE.SenderCompID = FIXEDGE
FixLayer.FixEngine.Session.FIXEDGE-SC1EXCHANGE.SenderLocationIDTargetCompID = FixLayer.FixEngine.Session.FIXEDGE-SC1.SenderSubID =
FixLayer.FixEngine.Session.FIXEDGE-SC1.SocketPriority = EVEN
FixLayer.FixEngine.Session.FIXEDGE-SC1.SecurityGroups =
FixLayer.FixEngine.Session.FIXEDGE-SC1.StorageType = persistentmm
FixLayer.FixEngine.Session.FIXEDGE-SC1.TargetCompID = SC1
FixLayer.FixEngine.Session.FIXEDGE-SC1.TargetLocationID =
FixLayer.FixEngine.Session.FIXEDGE-SC1.TargetSubID =
FixLayer.FixEngine.Session.FIXEDGE-SC1.TcpBufferDisabled = false

EXCHANGE
# ... the rest parameters for EXCHANGE

# ----------------- [SC2 AS FIXEdge INITIATORawaits RECEIVEDconnection MESSAGESfrom SENTthe FROM  SC1CLIENT] ----------
FixLayer.FixEngine.Session.FIXEDGE-SC2.Version = FIX44
FixLayer.FixEngine.Session.FIXEDGE-SC2.EncryptMethod = 0
FixLayer.FixEngine.Session.FIXEDGE-SC2.ForceReconnect = false
FixLayer.FixEngine.Session.FIXEDGE-SC2.ForceSeqNumReset = 0
FixLayer.FixEngine.Session.FIXEDGE-SC2.HBI = 30
FixLayer.FixEngine.Session.FIXEDGE-SC2.Host = 127.0.0.1
FixLayer.FixEngine.Session.FIXEDGE-SC2.IgnoreSeqNumTooLowAtLogon = false
FixLayer.FixEngine.Session.FIXEDGE-SC2.IntradayLogoutTolerance = false
FixLayer.FixEngine.Session.FIXEDGE-SC2.MaxMessagesAmountInBunch = 0
FixLayer.FixEngine.Session.FIXEDGE-SC2.Port = 444
FixLayer.FixEngine.Session.FIXEDGE-SC2.RecreateOnLogout = false
FixLayer.FixEngine.Session.FIXEDGE-SC2.TerminateOnLogout = true
FixLayer.FixEngine.Session.FIXEDGE-SC2.RejectMessageWhileNoConnection = false
FixLayer.FixEngine.Session.FIXEDGE-SC2.EXCHANGE.Role = Initiator
FixLayer.FixEngine.Session.FIXEDGE-SC2CLIENT.SenderCompIDRole = FIXEDGEAcceptor
FixLayer.FixEngine.Session.FIXEDGE-SC2CLIENT.SenderLocationIDVersion = FixLayer.FixEngine.Session.FIXEDGE-SC2.SenderSubID =
FIX44
FixLayer.FixEngine.Session.FIXEDGE-SC2CLIENT.SocketPrioritySenderCompID = EVEN
FixLayer.FixEngine.Session.FIXEDGE-SC2.SecurityGroups =
FixLayer.FixEngine.Session.FIXEDGE-SC2CLIENT.StorageTypeTargetCompID = persistentmm
FixLayer.FixEngine.Session.FIXEDGE-SC2.TargetCompID = SC2
FixLayer.FixEngine.Session.FIXEDGE-SC2.TargetLocationID =
FixLayer.FixEngine.Session.FIXEDGE-SC2.TargetSubID =
FixLayer.FixEngine.Session.FIXEDGE-SC2.TcpBufferDisabled = falseCLIENT
# ... the rest parameters for CLIENT

BL_Config.xml

Simple routing configuration

Code Block
languagexml
<Rule>
	<Source Name="FIXEDGE-SC1CLIENT"/>
    <Action>
    	<Send Name="FIXEDGE-SC2EXCHANGE" />
	</Action>
</Rule>

<Rule>
	<Source Name="FIXEDGE-SC2EXCHANGE"/>
    <Action>
    	<Send Name="FIXEDGE-SC1CLIENT" />
    </Action>
</Rule>

stunnel.conf

Code Block
[ToStockExchangeTunnel_for_EXCHANGE]
protocol = proxy
client = yes
accept  = 127.0.0.1:444
connect = x.x.x.x<exchange_ip>:443
 
[FromBrokerTunnel_for_CLIENT]
protocol = proxy
accept  = y.y.y.y<FIXEdge_ip>:443
connect = 127.0.0.1:8901

...

Configuration on the Client side

stunnel.conf

Code Block
[FromBrokerToFIXEdgeTunnel_for_FIXEdge]
protocol = proxy
client = yes
accept  = 127.0.0.1:444
connect = y.y.y.y:443

[FromFIXEdgeToStockExchange]
protocol = proxy
accept  = x.x.x.x:443
connect = 127.0.0.1:9106

...

<FIXEdge_ip>:443

Client's properties

Code Block
SenderCompID = SC1Client
TargetCompID = FIXEDGE
Remote host = 127.0.0.1
Remote port = 444

Set ListenPort in engine.properties to 9107 (ListenPort = 9107)

SimpleClient #2 conf

Set ListenPort in engine.properties to 9106 (ListenPort = 9106)

How to use

  1. Start SimpleClient #2
  2. Start FIXEdge - session between FIXEdge and SimpleClient #2 (SC2) should be established
  3. Start SimpleClient #1 (SC1) and establish session with FIXEdge using parameters from point 3
  4. Send application level messages from SimpleClient #1 - message will be routed to SimpleClient #2
  5. Send application level messages from SimpleClient #2 - message will be routed to SimpleClient #1

...