[stunnel-users] stunnel closing connections with RST ?
sergei
nasdoma at gmail.com
Mon Feb 6 21:19:06 CET 2006
I'm setting up load-balanced service requiring stunnel with SSL on its front
end. There are two hosts behind load balancer running stunnel . Service
behind stunnel does not speak SSL. Every few minutes load balancer checks if
those stunnels are still alive by opening tcp connection to stunnel
listening port. Now problem is that stunnel closes those test connections
with RST and load balancer takes it as that host is dead. This is without
"client = yes" option because service does not speak SSL
load-balancer -> stunnel-host TCP D=1234 S=33007 Syn
stunnel-host -> load-balancer TCP D=33007 S=1234 Syn Ack
load-balancer -> stunnel-host TCP D=1234 S=33007 Ack
load-balancer -> stunnel-host TCP D=1234 S=33007 Fin Ack
stunnel-host -> load-balancer TCP D=33007 S=1234 Ack
stunnel-host -> load-balancer TCP D=33007 S=1234 Rst
On the other hand with client=yes everything works fine
load-balancer -> stunnel-host TCP D=123 S=33010 Syn
stunnel-host -> load-balancer TCP D=33010 S=123 Syn Ack
load-balancer -> stunnel-host TCP D=123 S=33010 Ack
load-balancer -> stunnel-host TCP D=123 S=33010 Fin Ack
stunnel-host -> load-balancer TCP D=33010 S=123 Fin Ack
load-balancer -> stunnel-host TCP D=123 S=33010 Ack
Is there any way to make stunnel without "client = yes" close connection
"normal way" with FIN instead of RST ?
stunnel is last version, load balancer is some older F5 BigIP
thanks
sergei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20060206/98b568f3/attachment.html>
More information about the stunnel-users
mailing list