[stunnel-users] stunnel with netcat.

Graeme Stewart gstewart at gmail.com
Fri Oct 15 22:59:33 CEST 2004


On Fri, 15 Oct 2004 04:29:53 +0200 (CEST), Jan Meijer
<jan.meijer at surfnet.nl> wrote:
> On Thu, 14 Oct 2004, Graeme Stewart wrote:
> 
> > I receive a connection refused error from netcat. Could someone point
> > me in the right direction?
> 
> Too early awake me thinks:
> -can you telnet localhost 8080 and what does that say?
> -what does the logging on your local stunnel say?
> -what does the logging on the remote site say?
> -what is your total stunnel config?
> -why are you using transparent?
> 

Jan,

    My apologies, I wasn't exactly sure what information would be
helpful to resolve this issue.

It may be my limited knowledge is attributing the issue to stunnel,
when infact the problem is more of an SSL encryption, or TCP/IP
routing issue. If this is the case I apologize for posting to this
mailing list in error.

Here's the additional info:

- Results of Telnet and a printout of the routing table:

# stunnel /usr/local/etc/stunnel/stunnel.conf
# telnet localhost 8080
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
# telnet 172.30.128.100 8080
Trying 172.30.128.100...
telnet: connect to address 172.30.128.100: No route to host
# route -v
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.30.128.0    *               255.255.248.0   U     0      0        0 eth0
169.254.0.0     *               255.255.0.0     U     0      0        0 eth0
default         172.30.128.1    0.0.0.0         UG    0      0        0 eth0

- stunnel has logging? - Told you I hadn't used it much.
- Don't know what the remote site is saying as I don't have access to
those logfiles. I'm pretty sure it's running Windows IIS 5.0
- Here's the complete config file:

setuid = nobody
setgid = nogroup

# Workaround for Eudora bug
#options = DONT_INSERT_EMPTY_FRAGMENTS

# Authentication stuff
verify=0
# don't forget about c_rehash CApath
# it is located inside chroot jail:
#CApath = /certs
# or simply use CAfile instead:
#CAfile = /usr/local/etc/stunnel/certs.pem
# CRL path or file (inside chroot jail):
#CRLpath = /crls
# or simply use CAfile instead:
#CRLfile = /usr/local/etc/stunnel/crls.pem

# Some debugging stuff
#debug = 7
#output = stunnel.log

# Use it for client mode
client=yes

# Service-level configuration

#[pop3s]
#accept  = 995
#connect = 110

#[imaps]
#accept  = 993
#connect = 143

#[ssmtp]
#accept  = 465
#connect = 25

#[s1]
#accept  = 5000
#connect = mail.osw.pl:110
# delay = yes

#[s2]
#accept  = 5001
#connect = mail.osw.pl:25

[https]
accept=localhost:8080
connect=targetsite.com:443
TIMEOUTclose=0
transparent=yes

- shouldn't the link be transparent to the application utilizing it?



More information about the stunnel-users mailing list