[stunnel-users] openvms and stunnel

Carter Browne cbcs at comcast.net
Wed Apr 8 19:59:22 CEST 2015


You have two listeners on port 993, to the best of my knowledge, they 
need to be on two different ports.  It probably did not get to the point 
of opening the log file.



On 4/8/2015 12:41 PM, Coviello, Paul wrote:
> Ok thanks!
>
> Now onto the server side...
>
> $  @STUNNEL_STARTUP_SERVER.COM
> Is the private key (in the PEM file) encrypted? [Y/N]: y
> Enter the password to decrypt the key (please use paired double quotes with it): ""XXXXXXX""
> Starting up a Stunnel
> %RUN-S-PROC_ID, identification of created process is 209F0B0D
> Stunnel server failed to start up-- check the configuration, etc.
>
> And no logfile is created...
> $ dir stunnel.log
> %DIRECT-W-NOFILES, no files found
> $
>
> here are the settings in the conf file...
>
> $ ty  STUNNEL_server.CONF
> ; Sample stunnel configuration file by Michal Trojnara 2002-2006
> ; Some options used here may not be adequate for your particular configuration
>
> ; Certificate/key is needed in server mode and optional in client mode
> ; The default certificate is provided only for testing and should not
> ; be used in a production environment
> cert = stunnel.pem
> ;key = stunnel.pem
>
> ; Some performance tunings
> socket = l:TCP_NODELAY=1
> socket = r:TCP_NODELAY=1
>
> ; Workaround for Eudora bug
> ;options = DONT_INSERT_EMPTY_FRAGMENTS
>
> ; Authentication stuff
> ;verify = 2
> ; Don't forget to c_rehash CApath
> ;CApath = certs
> ; It's often easier to use CAfile
> ;CAfile = certs.pem
> ; Don't forget to c_rehash CRLpath
> ;CRLpath = crls
> ; Alternatively you can use CRLfile
> ;CRLfile = crls.pem
>
> ; Some debugging stuff useful for troubleshooting
> debug = 7
> output = stunnel.log
>
> ; Use it for client mode
> client = yes
>
> ; Service-level configuration
>
> [pop3s]
> accept  = 995
> connect = 110
>
> [imaps]
> accept  = 993
> connect = 143
>
> [telnet]
> accept  = 993
> connect = 23
>
> [ssmtp]
> accept  = 465
> connect = 25
>
> ;[https]
> ;accept  = 443
> ;connect = 80
> ;TIMEOUTclose = 0
>
> ; vim:ft=dosini
>
>
>
> -----Original Message-----
> From: Carter Browne [mailto:cbcs at comcast.net]
> Sent: Wednesday, April 08, 2015 12:16 PM
> To: Coviello, Paul; stunnel-users at stunnel.org
> Subject: Re: [stunnel-users] openvms and stunnel
>
> The configuration:
>
> [telnet]
> accept = 999
> connect = x.x.x.x:993
> client = no
>
> will provide that.
>
> If you want a single input port to access multiple destinations:
>
> [telnet]
> accept = 999
> connect = x.x.x.x:993
> connect = x.x.x.y:993
> connect = x.x.x.z:993
> client = no
> And the destinations will be assigned on a round robin basis.
>
> If each destination is a distinct connection then
>
> [telnet1]
> accept = 999
> connect = x.x.x.x:993
> client = no
>
> [telnet2]
> accept = 1999
> connect = x.x.x.y:993
> client = no
>
> [telnet3]
> accept = 2999
> connect = x.x.x.z:993
> client = no
>
> Carter
>
> On 4/8/2015 12:02 PM, Coviello, Paul wrote:
>> Setup an incoming encrypted link from a windows telnet session to openvms.
>>
>> -----Original Message-----
>> From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of Carter Browne
>> Sent: Wednesday, April 08, 2015 12:00 PM
>> To: stunnel-users at stunnel.org
>> Subject: Re: [stunnel-users] openvms and stunnel
>>
>> Paul,
>>
>> What are you trying to do:
>>
>> Set up an incoming encrypted link to an outgoing unencrypted link?
>> Set up an incoming unencrypted link to an outgoing encrypted link?
>> Something else?
>>
>> Carter
>>
>>
>>
>> On 4/8/2015 11:49 AM, Coviello, Paul wrote:
>>> Let me see so I need to do the following.
>>>> connect = 192.168.0.1:993
>>>> connect = 192.168.20.140:993
>>>> connect = 192.168.xx.xxx:993
>>>> connect = 192.168.xx.xxy:993
>>> Thanks
>>> Paul
>>>
>>>
>>> -----Original Message-----
>>> From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of Ludolf Holzheid
>>> Sent: Wednesday, April 08, 2015 11:35 AM
>>> To: stunnel-users at stunnel.org
>>> Subject: Re: [stunnel-users] openvms and stunnel
>>>
>>> On Wed, 2015-04-08 11:18:43 -0400, Coviello, Paul wrote:
>>>> Hello
>>>>
>>>> I'm trying to setup stunnel 4.20 yes it is an old version but the only one on HP's website for VMS.
>>>>
>>>> I need a little help in the conf files.
>>>>
>>>> Since I will be using telnet, do I need to put in each machines ip address that will be connecting? So in the example below do I create a listing of connects?
>>>>
>>>> [telnet]
>>>> accept  = 999
>>>> connect = 192.168.0.1:993
>>> Paul,
>>>
>>> the configuration above makes stunnel listen on local port 999, accepting connections from all IP addresses and forwards the traffic to port 993 of the box with IP address 192.168.0.1.
>>>
>>> Depending on the 'client = ...' statement, stunnel expects the traffic at port 999 to be encrypted (server mode, client = no, default), or at port 993 (client mode, client = yes).
>>>
>>> Any access control may be implemented via libwrap and (in server mode) via restriction of the accepted certificates.
>>>
>>> HTH,
>>>
>>> Ludolf
>>>

-- 
Carter Browne
cbrowne at cbcs-usa.com




More information about the stunnel-users mailing list