[stunnel-users] Stunnel Connectivity Issue

Carter Browne cbcs at comcast.net
Tue Jun 13 19:10:41 CEST 2017


Dheeraj,

stunnel will keep the connection open for as long as your applications 
keeps it open.  When you exit telnet, it closes the connection.  I use 
stunnel mostly for RDP, VNC and telnet and as long the application is 
active, the port is open.  You need to have your application open the 
local port you want to route via stunnel (in your example 
127.0.0.1:9233).  As long as your application keeps the connection open 
(ignoring such issues as communications failures), stunnel will maintain 
the application. Telnet is a great tool for determining connectivity, 
but your application is going to have to handle the connection going 
forward.

Carter Browne


On 6/13/2017 12:01 PM, Dheeraj Gautam wrote:
>
> Hi Liz,
>
> Thanks for your reply.
>
> Actually we need to run a service which will work only once stunnel 
> connection establish and the service will work till the time 
> connection connected.
>
> But at the moment I don’t have idea like how the stunnel will remain 
> connected.
>
> Could you please suggest me to fix this so that stunnel connection 
> remain connected and I can run the application.
>
> Waiting for your valuable response.
>
> Regards,
>
> Dheeraj Gautam
>
> *From:*Liz Turi [mailto:lturi at maehc.org]
> *Sent:* Tuesday, June 13, 2017 9:19 PM
> *To:* Dheeraj Gautam <dheeraj.gautam at arborfs.com>; Małgorzata Olszówka 
> <Malgorzata.Olszowka at stunnel.org>
> *Cc:* stunnel-users at stunnel.org
> *Subject:* RE: [stunnel-users] Stunnel Connectivity Issue
>
> Hi, Dheeraj,
>
> Are you testing the connection with Telnet? Or are you testing with 
> the application. What I noticed in testing the connection is that once 
> the command is completed, the connection is closed.
>
> However, when I test from my application, its only closed once all 
> transactions in that session are completed, and will show how much 
> data was passed on (following from my logs at the end of a non-telnet 
> test session.
>
> *2017.06.13 10:16:08 LOG6[1]: Negotiated TLSv1.2 ciphersuite 
> AES256-GCM-SHA384 (256-bit encryption)*
>
> *2017.06.13 10:16:18 LOG6[1]: Read socket closed (readsocket)*
>
> *2017.06.13 10:16:18 LOG6[1]: SSL_shutdown successfully sent 
> close_notify alert*
>
> *2017.06.13 10:16:18 LOG6[1]: TLS closed (SSL_read)*
>
> *2017.06.13 10:16:18 LOG5[1]: Connection closed: 2791 byte(s) sent to 
> TLS, 1641 byte(s) sent to socket*
>
> *Liz Turi*
>
> Sr. Consultant
>
> Massachusetts eHealth Collaborative
>
> 860 Winter Street, Waltham, MA 02451
>
> (m) 339-222-6614 (o) 781-907-7204 (f) 781-207-8589
>
> www.maehc.org<http://www.maehc.org>
>
> fb_icon<https://www.facebook.com/massachusettsehealthcollab?fref=nf>li_icon<https://www.linkedin.com/company/massachusetts-ehealth-collaborative?trk=tyah&trkInfo=clickedVertical%3Acompany%2Cidx%3A1-1-1%2CtarId%3A1432746657126%2Ctas%3AMassachusetts+eHEalth>tw_icon<https://twitter.com/MAeHC_org>
>
> *From:*stunnel-users [mailto:stunnel-users-bounces at stunnel.org] *On 
> Behalf Of *Dheeraj Gautam
> *Sent:* Tuesday, June 13, 2017 11:41 AM
> *To:* Małgorzata Olszówka <Malgorzata.Olszowka at stunnel.org 
> <mailto:Malgorzata.Olszowka at stunnel.org>>
> *Cc:* stunnel-users at stunnel.org <mailto:stunnel-users at stunnel.org>
> *Subject:* Re: [stunnel-users] Stunnel Connectivity Issue
>
> HI Guys,
>
> below is the config which i have configured with TLSv1.2, but still 
> connection establishing only for while when i telnet telnet 127.0.0.1 
> 9233. and just after connection closed.
>
> [TCP]
>
> client=yes
>
> cert = BBG_cert.pem
>
> key = BBG_key.pem
>
> verifyChain = yes
>
> CAfile = BBG_CACerts.pem
>
> connect = 69.191.198.34:8228 <http://69.191.198.34:8228>
>
> accept  = 127.0.0.1:9233 <http://127.0.0.1:9233>
>
> sslVersion = TLSv1.2
>
> below the logs:
>
> 2017.06.13 11:57:49 LOG5[main]: Reading configuration from file 
> stunnel.conf
>
> 2017.06.13 11:57:49 LOG5[main]: UTF-8 byte order mark detected
>
> 2017.06.13 11:57:49 LOG5[main]: FIPS mode disabled
>
> 2017.06.13 11:57:49 LOG3[main]: Service [TCP]: Each service must 
> define two endpoints
>
> 2017.06.13 11:57:49 LOG3[main]: Failed to reload the configuration file
>
> 2017.06.13 16:37:16 LOG5[main]: Reading configuration from file 
> stunnel.conf
>
> 2017.06.13 16:37:16 LOG5[main]: UTF-8 byte order mark detected
>
> 2017.06.13 16:37:16 LOG5[main]: FIPS mode disabled
>
> 2017.06.13 16:37:16 LOG4[main]: Service [TCP] uses "verifyChain" 
> without subject checks
>
> 2017.06.13 16:37:16 LOG4[main]: Use "checkHost" or "checkIP" to 
> restrict trusted certificates
>
> 2017.06.13 16:37:16 LOG5[main]: Configuration successful
>
> 2017.06.13 16:38:38 LOG5[11]: Service [TCP] accepted connection from 
> 127.0.0.1:62736 <http://127.0.0.1:62736>
>
> 2017.06.13 16:38:38 LOG5[11]: s_connect: connected 69.191.198.34:8228 
> <http://69.191.198.34:8228>
>
> 2017.06.13 16:38:38 LOG5[11]: Service [TCP] connected remote server 
> from 172.16.1.23:62737 <http://172.16.1.23:62737>
>
> 2017.06.13 16:38:39 LOG5[11]: Certificate accepted at depth=0: C=US, 
> ST=NEW YORK, L=NEW YORK, O=Bloomberg LP, OU=FIXBETA, 
> CN=fixbeta.bloomberg.com <http://fixbeta.bloomberg.com>, 
> emailAddress=caadmin at bloomberg.com <mailto:caadmin at bloomberg.com>
>
> 2017.06.13 16:39:10 LOG5[11]: Connection closed: 0 byte(s) sent to 
> TLS, 0 byte(s) sent to socket
>
> i want connection remained connected every time so that i can run the 
> application.
>
> application can be work only if the connection remain connected.
>
> please help me to sort this out.
>
> Regards,
>
> Dheeraj Gautam
>
> On 25 May 2017 at 12:29, Małgorzata Olszówka 
> <Malgorzata.Olszowka at stunnel.org 
> <mailto:Malgorzata.Olszowka at stunnel.org>> wrote:
>
>         Could you please let us know what parameters we are missing
>         here due to which connection is not establishing with remote
>         server.
>
>         Although, stunnel logs indicating that configuration
>         successful, but in logs no where is mentioned about the
>         connection is it connected or not,
>
>
>
>     Hello Dheeraj,
>
>     You should set the verifyChain option in order to verify the
>     certificate stored in the file specified with CAfile:
>     verifyChain = yes
>
>     Then you can test your connection:
>     telnet 127.0.0.1 9233
>     the stunnel logs will show information about the connection attempt.
>
>     Regards,
>     Małgorzata
>     _______________________________________________
>     stunnel-users mailing list
>     stunnel-users at stunnel.org <mailto:stunnel-users at stunnel.org>
>     https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
> www.arborfs.com <http://www.arborfs.com>
>
> This e-mail and any attachment are confidential and contain 
> proprietary information, some or all of which may be legally privileged.
>
> It is intended solely for the use of the individual or entity to which 
> it is addressed.  If you are not the intended recipient, please notify 
> the author immediately by telephone or by replying to this e-mail, and 
> then delete all copies of the e-mail on your system.  If you are not 
> the intended recipient, you must not use, disclose, distribute, copy, 
> print or rely on this e-mail.
>
> Whilst we have taken reasonable precautions to ensure that this e-mail 
> and any attachment has been checked for viruses, we cannot guarantee 
> that they are virus free and we cannot accept liability for any damage 
> sustained as a result of software viruses.  We would advise that you 
> carry out your own virus checks, especially before opening an attachment.
>
>
> CONFIDENTIALITY NOTICE
> The information contained in this email transmission is legally 
> privileged and confidential information intended only for the use of 
> the addressee named above. If the reader of this message is not the 
> intended recipient you are hereby notified that any dissemination, 
> distribution or copying of this email transmission is strictly 
> prohibited. If you have received this email transmission in error, 
> please notify us immediately. Thank you.
>
>
> www.arborfs.com <http://www.arborfs.com>
>
> This e-mail and any attachment are confidential and contain 
> proprietary information, some or all of which may be legally privileged.
>
> It is intended solely for the use of the individual or entity to which 
> it is addressed.  If you are not the intended recipient, please notify 
> the author immediately by telephone or by replying to this e-mail, and 
> then delete all copies of the e-mail on your system.  If you are not 
> the intended recipient, you must not use, disclose, distribute, copy, 
> print or rely on this e-mail.
>
> Whilst we have taken reasonable precautions to ensure that this e-mail 
> and any attachment has been checked for viruses, we cannot guarantee 
> that they are virus free and we cannot accept liability for any damage 
> sustained as a result of software viruses.  We would advise that you 
> carry out your own virus checks, especially before opening an attachment.
>
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170613/63cf9cf4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 1636 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170613/63cf9cf4/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1605 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170613/63cf9cf4/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 1693 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170613/63cf9cf4/attachment-0002.png>


More information about the stunnel-users mailing list