Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 23 Next »

Since FIX Antenna C++/.NET version 2.13.0 and FIXEdge version 5.9.0 SSL built-in support has been introduced. Refer to How to configure built-in SSL support for FIX session in FIXEdge for details. However, you can continue use stunnel with accordance to the current article if you wish.


Stunnel installation

Download latest version of installer from https://www.stunnel.org/downloads.html

Run installer and answer questions to generate certificate.

Configuration example #1. FIXEdge's initiator connects to SSL acceptor over Stunnel

Configure stunnel

Initiator FIX session

  1. Run stunnel GUI Start from Start menu Run  
  2. Edit stunnel.conf from stunnel system tray icon context menu
    1. Add option 


      stunnel.conf
      protocol = proxy
    2. Comment example SSL services
    3. Add SSL service

      stunnel.conf
      [fix_initiator_session1_tunnel]
      client = yes
      accept  = 127.0.0.1:443
      connect = <counterparty_ip>:443

      <counterparty_ip> - ip address of counterparty

  3. Reload stunnel.conf from stunnel system tray icon context menu

Configure fix session in FIXEdge

  1. Open FIXEdge.properties to specify Initiator FIX session parameters:

    Initiator FIX session

    FIXEdge.properties
    FixLayer.FixEngine.Session.SSLInitiator.Role = Initiator
    FixLayer.FixEngine.Session.SSLInitiator.Host = 127.0.0.1
    FixLayer.FixEngine.Session.SSLInitiator.Port = 443
  2. Connect to VPN (if necessary; if not, just skip this step);

  3. Start FIXEdge.

Configuration example #2. FIXEdge is a proxy between 2 counterparties.

The current configuration describes the following scenario.

FIXEdge establishes SSL connection to Exchange. The client connects to FIXEdge over SSL. All messages from Exchange are routed to the Client and vice versa.

Stunnel is configured for Incoming and outgoing connections on FIXEdge's side and on the Client side.


The next configuration parameters are used in the configuration examples:

<exchange_ip> - Exchange's IP

<FIXEdge_ip> - FIXEdge IP

TCP port for SSL Connections on FIXEdge site: 443

TCP port for SSL Connections on Exchange site: 443

Configuration on FIXEdge side

FIXEdge.properties

Configured 2 sessions EXCHANGE and CLIENT

FIXEdge.properties
FixLayer.FixEngine.Sessions = EXCHANGE, CLIENT
# -----------------[ FIXEdge connects to EXCHANGE as Initiator ] ------------------
FixLayer.FixEngine.Session.EXCHANGE.Role = Initiator
FixLayer.FixEngine.Session.EXCHANGE.HBI = 30
FixLayer.FixEngine.Session.EXCHANGE.Host = 127.0.0.1
FixLayer.FixEngine.Session.EXCHANGE.Port = 444
FixLayer.FixEngine.Session.EXCHANGE.Version = FIX44
FixLayer.FixEngine.Session.EXCHANGE.SenderCompID = FIXEDGE
FixLayer.FixEngine.Session.EXCHANGE.TargetCompID = EXCHANGE
# ... the rest parameters for EXCHANGE

# ----------------- [ FIXEdge awaits connection from the CLIENT] ----------FixLayer.FixEngine.Session.EXCHANGE.Role = Initiator
FixLayer.FixEngine.Session.CLIENT.Role = Acceptor
FixLayer.FixEngine.Session.CLIENT.Version = FIX44
FixLayer.FixEngine.Session.CLIENT.SenderCompID = FIXEDGE
FixLayer.FixEngine.Session.CLIENT.TargetCompID = CLIENT
# ... the rest parameters for CLIENT

BL_Config.xml

Simple routing configuration

<Rule>
	<Source Name="CLIENT"/>
    <Action>
    	<Send Name="EXCHANGE" />
	</Action>
</Rule>

<Rule>
	<Source Name="EXCHANGE"/>
    <Action>
    	<Send Name="CLIENT" />
    </Action>
</Rule>

stunnel.conf

[Tunnel_for_EXCHANGE]
protocol = proxy
client = yes
accept  = 127.0.0.1:444
connect = <exchange_ip>:443
 
[Tunnel_for_CLIENT]
protocol = proxy
accept  = <FIXEdge_ip>:443
connect = 127.0.0.1:8901

Configuration on the Client side

stunnel.conf

[Tunnel_for_FIXEdge]
protocol = proxy
client = yes
accept  = 127.0.0.1:444
connect = <FIXEdge_ip>:443

Client's properties

SenderCompID = Client
TargetCompID = FIXEDGE
Remote host = 127.0.0.1
Remote port = 444



  • No labels