[stunnel-users] Plz help the n00b (syslog-ng & stunnel) SOLVED
F.M. Taylor
fmtaylor at purdue.edu
Thu May 31 21:00:47 CEST 2007
Solution:
The remote end had connections limited to 1, and it wasn't me. They changed
it to >1 and now it works fine.
On Friday 25 May 2007, F.M. Taylor formed electrons in this pattern:
> I should add a little design information. Multiple machines send standard
> syslog udp/514 to this server, which accepts it via syslog-ng, and then
> forwards it to stunnel localhost:5140/tcp, which is supposed to connect
> to "THE" syslog server on 5140/tcp.
>
> On Friday 25 May 2007, F.M. Taylor formed electrons in this pattern:
> > Greetings all. Seemed simple enough, but I can seem to get it to work.
> > I have obviously missed something simple. Here is the info you will need
> > (and probably some you won't). I have tried every combination of options
> > I can think of, and I have searched the archives and the web. It looks
> > like it is almost working, but the server I am trying to connect to never
> > sees the data (however "they" have it working on "their" systems, so it
> > must be me). "They" say it connects, talks a little, no real data xfer,
> > closes, then more data (followed by the obligatory TCP_RSTs for dead
> > connects).
> >
> > [insert begging]
> >
> > [root at bofh stunnel-4.20]# stunnel /etc/stunnel/stunnel.conf
> > 2007.05.25 10:43:00 LOG7[20728:182894198944]: Snagged 64 random bytes
> > from /root/.rnd 2007.05.25 10:43:00 LOG7[20728:182894198944]: Wrote 1024
> > new random bytes to /root/.rnd 2007.05.25 10:43:00
> > LOG7[20728:182894198944]: RAND_status claims sufficient entropy for the
> > PRNG 2007.05.25 10:43:00 LOG7[20728:182894198944]: PRNG seeded
> > successfully 2007.05.25 10:43:00 LOG7[20728:182894198944]: Configuration
> > SSL options: 0x00000FFF 2007.05.25 10:43:00 LOG7[20728:182894198944]: SSL
> > options set: 0x00000FFF 2007.05.25 10:43:00 LOG7[20728:182894198944]: SSL
> > context initialized for service 5140 [root at bofh stunnel-4.20]# tail -f
> > /var/log/stunnel4/stunnel.log
> > 2007.05.25 10:43:00 LOG5[20728:182894198944]: Threading:PTHREAD
> > SSL:ENGINE Sockets:POLL,IPv4 Auth:LIBWRAP 2007.05.25 10:43:00
> > LOG6[20728:182894198944]: file ulimit = 1024 (can be changed with 'ulimit
> > -n') 2007.05.25 10:43:00 LOG6[20728:182894198944]: poll() used - no
> > FD_SETSIZE limit for file descriptors 2007.05.25 10:43:00
> > LOG5[20728:182894198944]: 500 clients allowed
> > 2007.05.25 10:43:00 LOG7[20728:182894198944]: FD 4 in non-blocking mode
> > 2007.05.25 10:43:00 LOG7[20728:182894198944]: FD 5 in non-blocking mode
> > 2007.05.25 10:43:00 LOG7[20728:182894198944]: FD 6 in non-blocking mode
> > 2007.05.25 10:43:00 LOG7[20728:182894198944]: SO_REUSEADDR option set on
> > accept socket 2007.05.25 10:43:00 LOG7[20728:182894198944]: 5140 bound to
> > 127.0.0.1:5140 2007.05.25 10:43:00 LOG7[20729:182894198944]: Created pid
> > file /var/run/stunnel4/stunnel.pid 2007.05.25 10:43:29
> > LOG7[20729:182894198944]: 5140 accepted FD=7 from 127.0.0.1:64820
> > 2007.05.25 10:43:29 LOG7[20729:1073809760]: 5140 started
> > 2007.05.25 10:43:29 LOG7[20729:1073809760]: FD 7 in non-blocking mode
> > 2007.05.25 10:43:29 LOG7[20729:1073809760]: TCP_NODELAY option set on
> > local socket 2007.05.25 10:43:29 LOG7[20729:1073809760]: FD 8 in
> > non-blocking mode 2007.05.25 10:43:29 LOG7[20729:1073809760]: FD 9 in
> > non-blocking mode 2007.05.25 10:43:29 LOG7[20729:1073809760]: Connection
> > from 127.0.0.1:64820 permitted by libwrap 2007.05.25 10:43:29
> > LOG7[20729:182894198944]: Cleaning up the signal pipe 2007.05.25 10:43:29
> > LOG5[20729:1073809760]: 5140 accepted connection from 127.0.0.1:64820
> > 2007.05.25 10:43:29
> > LOG6[20729:182894198944]: Child process 20748 finished with code 0
> > 2007.05.25 10:43:29 LOG7[20729:1073809760]: FD 8 in non-blocking mode
> > 2007.05.25 10:43:29 LOG7[20729:1073809760]: 5140 connecting
> > xxx.xxx.xxx.xxx:5140 2007.05.25 10:43:29 LOG7[20729:1073809760]:
> > connect_wait: waiting 10 seconds 2007.05.25 10:43:29
> > LOG7[20729:1073809760]: connect_wait: connected 2007.05.25 10:43:29
> > LOG5[20729:1073809760]: 5140 connected remote server from
> > 192.168.2.23:64821 2007.05.25 10:43:29 LOG7[20729:1073809760]: Remote
> > FD=8 initialized 2007.05.25 10:43:29 LOG7[20729:1073809760]: TCP_NODELAY
> > option set on remote socket 2007.05.25 10:43:29 LOG7[20729:1073809760]:
> > SSL state (connect): before/connect initialization 2007.05.25 10:43:29
> > LOG7[20729:1073809760]: SSL state (connect): SSLv3 write client hello A
> > 2007.05.25 10:43:29 LOG7[20729:1073809760]: SSL state (connect): SSLv3
> > read server hello A 2007.05.25 10:43:29 LOG7[20729:1073809760]: SSL state
> > (connect): SSLv3 read server certificate A 2007.05.25 10:43:29
> > LOG7[20729:1073809760]: SSL state (connect): SSLv3 read server done A
> > 2007.05.25 10:43:29 LOG7[20729:1073809760]: SSL state (connect): SSLv3
> > write client key exchange A 2007.05.25 10:43:29 LOG7[20729:1073809760]:
> > SSL state (connect): SSLv3 write change cipher spec A 2007.05.25 10:43:29
> > LOG7[20729:1073809760]: SSL state (connect): SSLv3 write finished A
> > 2007.05.25 10:43:29 LOG7[20729:1073809760]: SSL state (connect): SSLv3
> > flush data 2007.05.25 10:43:29 LOG7[20729:1073809760]: SSL state
> > (connect): SSLv3 read finished A 2007.05.25 10:43:29
> > LOG7[20729:1073809760]: 1 items in the session cache 2007.05.25
> > 10:43:29 LOG7[20729:1073809760]: 1 client connects (SSL_connect())
> > 2007.05.25 10:43:29 LOG7[20729:1073809760]: 1 client connects that
> > finished 2007.05.25 10:43:29
> > LOG7[20729:1073809760]: 0 client renegotiations requested 2007.05.25
> > 10:43:29 LOG7[20729:1073809760]: 0 server connects (SSL_accept())
> > 2007.05.25 10:43:29 LOG7[20729:1073809760]: 0 server connects that
> > finished 2007.05.25 10:43:29 LOG7[20729:1073809760]: 0 server
> > renegotiations requested 2007.05.25 10:43:29 LOG7[20729:1073809760]: 0
> > session cache hits 2007.05.25 10:43:29 LOG7[20729:1073809760]: 0
> > session cache misses 2007.05.25 10:43:29 LOG7[20729:1073809760]: 0
> > session cache timeouts 2007.05.25 10:43:29 LOG6[20729:1073809760]: SSL
> > connected: new session negotiated 2007.05.25 10:43:29
> > LOG6[20729:1073809760]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA
> > Au=RSA Enc=AES(256) Mac=SHA1 2007.05.25 10:43:29 LOG7[20729:1073809760]:
> > SSL alert (read): warning: close notify 2007.05.25 10:43:29
> > LOG7[20729:1073809760]: SSL closed on SSL_read 2007.05.25 10:43:29
> > LOG7[20729:1073809760]: Socket write shutdown 2007.05.25 10:43:29
> > LOG7[20729:1073809760]: SSL write shutdown
> > 2007.05.25 10:43:29 LOG7[20729:1073809760]: SSL alert (write): warning:
> > close notify 2007.05.25 10:43:29 LOG6[20729:1073809760]: SSL_shutdown
> > successfully sent close_notify 2007.05.25 10:43:29
> > LOG5[20729:1073809760]: Connection closed: 303 bytes sent to SSL, 0 bytes
> > sent to socket 2007.05.25 10:43:29 LOG7[20729:1073809760]: 5140 finished
> > (0 left)
> >
> >
> > /etc/stunnel/stunnel.conf
> >
> > setuid = stunnel4
> > setgid = stunnel4
> > pid = /var/run/stunnel4/stunnel.pid
> > socket = l:TCP_NODELAY=1
> > socket = r:TCP_NODELAY=1
> > debug = 7
> > output = /var/log/stunnel4/stunnel.log
> > [5140]
> > client = yes
> > options = ALL
> > accept = 127.0.0.1:5140
> > connect = xxx.xxx.xxx.xxx:5140
> >
> >
> > [root at bofh stunnel-4.20]# tail /var/log/syslog
> > May 25 10:57:35 bofh syslog-ng[1926]: EOF occurred while idle; fd='11'
> > May 25 10:57:35 bofh syslog-ng[1926]: Connection broken; time_reopen='60'
> > May 25 10:58:37 bofh syslog-ng[1926]: EOF occurred while idle; fd='11'
> > May 25 10:58:37 bofh syslog-ng[1926]: Connection broken; time_reopen='60'
> > May 25 10:59:38 bofh syslog-ng[1926]: EOF occurred while idle; fd='11'
> > May 25 10:59:38 bofh syslog-ng[1926]: Connection broken; time_reopen='60'
--
......\\|//........^^^^^........)))((........%%%%%........,,,,,......
......(- -)........(o o)........(- o)........(0-0)........(* *)......
+--ooO-(_)-Ooo--oo0-(_)-0oo--ooO-(_)-Ooo--oo0-(_)-0oo--ooO-(_)-Ooo--+
| F.M. (Mike) Taylor........'Recedite, plebes! Gero rem imperialem!'|
| 'Ecce potestas casei'..............GIAC GSEC & GCFW Certified.....|
| Desk: 4-1872...........................C: 812-841-1876............|
+-------------------------------------------------------------------+
More information about the stunnel-users
mailing list