[stunnel-users] basic usage question

• Previous message (by thread): [stunnel-users] basic usage question
• Next message (by thread): [stunnel-users] basic usage question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks to help from Nitin, I've made a tiny bit of progress with stunnel. I've
created the certificates per Nitin's instructions at 
https://tunnelix.com/securing-mysql-traffic-with-stunnel-in-a-jail-environment-on-centos/
Certificates have permissions 0600.

I want to use a VNC client on Linux to connect to a VNC Server also on Linux. In
between these two computers I have a Linux router which routes all request to
port 1914 to port 3389 on the VNC Server.

stunnel on the server is run at the command line by root: 'stunnel
/root/stunnel.conf'.  Here is my VNC Server computer's stunnel.conf:

foreground = yes
pid = /var/run/stunnel.pid
debug = 7
; output = /root/stunnel.log
output = /dev/stdout

[x11vnc]
accept = 3389
key = /root/privatekey.pem
cert = /root/certificate.pem
connect = 127.0.0.1:5900

stunnel on the client is run by a normal user, stunnel
$HOME/.stunnel/stunnel.conf. Below is my client stunnel.conf:

foreground = yes
verify = 2
pid = /home/mfoley/.stunnel/stunnel.pid
CAfile = /home/mfoley/.stunnel/certificate.pem
client = yes
[x11vnc]
accept = 5900
connect = mail.ohprs.org:1914

When I run stunnel on the client I get:

2018.03.13 13:21:17 LOG5[ui]: stunnel 5.35 on x86_64-slackware-linux-gnu platform
2018.03.13 13:21:17 LOG5[ui]: Compiled with OpenSSL 1.0.2h  3 May 2016
2018.03.13 13:21:17 LOG5[ui]: Running  with OpenSSL 1.0.2n  7 Dec 2017
2018.03.13 13:21:17 LOG5[ui]: Update OpenSSL shared libraries or rebuild stunnel
2018.03.13 13:21:17 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP
2018.03.13 13:21:17 LOG5[ui]: Reading configuration from file /home/mfoley/.stunnel/stunnel.conf
2018.03.13 13:21:17 LOG5[ui]: UTF-8 byte order mark not detected
2018.03.13 13:21:17 LOG5[ui]: FIPS mode disabled
2018.03.13 13:21:17 LOG4[ui]: Service [x11vnc] uses "verify = 2" without subject checks
2018.03.13 13:21:17 LOG4[ui]: Use "checkHost" or "checkIP" to restrict trusted certificates
2018.03.13 13:21:17 LOG5[ui]: Configuration successful

On the client, I then run tigerVNCViewer connecting to 127.0.0.1::5900.  I get
the following messages on the client:

2018.03.13 13:22:03 LOG5[0]: Service [x11vnc] accepted connection from 127.0.0.1:35034
2018.03.13 13:22:03 LOG5[0]: s_connect: connected 98.102.63.107:1914                                                      
2018.03.13 13:22:03 LOG5[0]: Service [x11vnc] connected remote server from 192.168.0.17:40512                             
2018.03.13 13:22:03 LOG3[0]: SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol   
2018.03.13 13:22:03 LOG5[0]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket  

Just guessing, but is it failing with the SSLVersion?

Help appreciated. Thanks, Mark

• Previous message (by thread): [stunnel-users] basic usage question
• Next message (by thread): [stunnel-users] basic usage question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]