[stunnel-users] Connection problems and TCP frame checksum errors
Peter
pslists at warren-selbert.com
Wed Oct 11 21:59:31 CEST 2006
The SYN packets look ok to me.
A few things to do if you have not done so:
1. "netstat -an" - to make sure stunnel is listening on the correct interface
and port
2. does "lastcomm stunnel' show anything useful? If you don't use threads
a new stunnel process starts with each connection.
3. just a guess but remove the socket entries in the config file - maybe
they are causing a problem. I don't use them but maybe there is a good
reason to
use them.
4. try connecting directly to the stunnel box (no router). does that always work
5. maybe the NIC card is flaky
6. run "stunnel -version" to verify all is configured as you think.
That's all I can think of at the moment.
pete
5.
----- Original Message -----
From: "Tommi Nieminen" <ttn at mbnet.fi>
To: "Peter" <pslists at warren-selbert.com>
Cc: <stunnel-users at mirt.net>
Sent: Wednesday, October 11, 2006 5:55 AM
Subject: Re: [stunnel-users] Connection problems and TCP frame checksum errors
>> What does the tcpdump indicate? Are the failed connections getting
>> dropped or
>> reset on the computer that's forwarding or are they actually arriving at
>> the
>> stunnel server? If they make it to the stunnel server what does tcpdump
>> indicate at that connection point.
>
> The connections are actually forwarded by a router, not a computer.
>
> The connections arrive at the stunnel server. The following is the
> tcpdump from the stunnel server. All the traffic of a failed connection
> is there. After about 20 seconds Seamonkey gives up saying "Network Error".
>
> I've added empty lines to make the text a bit more legible.
>
> ----------------------------------------------------------------
> 14:57:07.990693 IP (tos 0x20, ttl 116, id 62395, offset 0, flags [DF],
> proto: TCP (6), length: 48) 131.177.254.92.3792 > 192.168.20.18.https: S,
> cksum 0x5509 (correct), 1333491727:1333491727(0) win 65535 <mss
> 1260,nop,nop,sackOK>
>
> 14:57:10.906554 IP (tos 0x20, ttl 116, id 62429, offset 0, flags [DF],
> proto: TCP (6), length: 48) 131.177.254.92.3792 > 192.168.20.18.https: S,
> cksum 0x5509 (correct), 1333491727:1333491727(0) win 65535 <mss
> 1260,nop,nop,sackOK>
>
> 14:57:16.916385 IP (tos 0x20, ttl 116, id 62499, offset 0, flags [DF],
> proto: TCP (6), length: 48) 131.177.254.92.3792 > 192.168.20.18.https: S,
> cksum 0x5509 (correct), 1333491727:1333491727(0) win 65535 <mss
> 1260,nop,nop,sackOK>
> ----------------------------------------------------------------
>
> As you can see, there is nothing coming back from the server. And
> since tcpdump saw the incoming call, stunnel should see it too. They
> are on the same machine.
>
> It's so strange: at one time I connect the server, and it
> forwards the traffic just the way it should. Then quite inexplicably,
> it just won't do it...and then it forwards it again. I have no clue what
> makes it to not work and then to work again. I don't need to restart
> the server, I'm not changing anything. It's like there would be some
> kind of an internal timer, but that doesn't make any sense. And there
> has been only one connection attempt at a time, so it can't be the
> excess of traffic either.
>
> Tommi
>
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.408 / Virus Database: 268.13.1/470 - Release Date: 10/10/2006
>
>
More information about the stunnel-users
mailing list