[stunnel-users] Connection Refused locally, SSL Proxy.

Avner Peled avnerus at gmail.com
Fri Feb 1 22:11:25 CET 2008


An update on that..


The problem seems to go away when I bind the stunnel-client to another  
local address which isn't localhost.
like the ethernet adapter's address (in this case 192.168.0.6) like so:

server:
-------------
[lobby]
accept = 20001
connect = 192.168.0.6:9001

[lobby]
accept = 192.168.0.6:9001
connect = LOBBY-SERVER:20001

Is this an expected behavior?

Thanks,
Avner.



On Feb 1, 2008, at 10:21 PM, Avner Peled wrote:

> Hello!
>
> I have a game client connecting to a server using TCP over SSL.
> I'm trying to setup an SSL proxy using 2 stunnels on the same server  
> like so:
>
> Client --> Stunnel-Server:20001 (decrypt)--> Stunnel-Client:901   
> (encrypt)---> Server:20001
>
> Using latest stunnel-4.21-r1 on Gentoo kernel 2.6.22-gentoo-r9
>
> I have a weird problem.
> The first connection after starting both stunnels works fine.
> Afterwards every time the client tries to connect, it gets refused  
> once. Then it tries again and gets connected.
> Then the next time it will once again get refused once and then  
> connect.
>
> I have looked at the logs and it seems the Stunnel server (the  
> first) gets Connection Refused from localhost:901.
> Then it tries again and gets connected.
> The Stunnel client (the second) doesn't even mention the first  
> failing local connection in the log.
>
> I have provided the config files of both stunnels and a log with  
> debug = 7 (server ip's are censored)
>
> I have also tried the following config tweaks with no luck
>
> socket = l:TCP_NODELAY=1
> socket = r:TCP_NODELAY=1
> TIMEOUTclose = 0
> retry = yes
>
> Any help would be appreciated.
> Thanks!!
>
>
> -- 
> Avner Peled.
> avnerus at gmail.com
>
> <client.conf><client.log><server.conf><server.log>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20080201/fb5670f2/attachment.html>


More information about the stunnel-users mailing list