<div dir="ltr">Network: Ethernet<div>Multiple routers: No<br>Firewall: No</div><div>Delay: Yes, Automitic (Delayed Start) works like a charm.</div><div>Capi engine: Yes tried turning it off<br>32 bit or 64 bit: 32bit running on 64 bit server. I don't see a 64 bit version on the download page?</div><div>dnscache: Haven't tried it yet.</div><div><br><br>- stunnel works fine on the server specifically with the service set to Automatic (Delayed Start). And I even tunnel properly to other machines so it not firewalls or routers or network.<br>- Only when it's NOT (Delayed Start) stunnel doe not seem to start even though the service shows as started.</div><div>- I managed to tunnel from my Desktop to the Server. I have not tried automatic service startup on Desktop because I don't have enough privilidges. But trying to setup the server, since that's the machine that will have stunnel in production.<br><br><br><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 23 September 2014 10:04, Pierre DELAAGE <span dir="ltr"><<a href="mailto:delaage.pierre@free.fr" target="_blank">delaage.pierre@free.fr</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
Have you tried to change the service dependency from "TCPIP" (the
default in the code), to "dnscache" (ok, EVEN if you do not use
hostname resolution),<br>
this is just to be sure that stunnel relies on something that is
using tcpip as well.<br>
<br>
question : what kind of network interface do you have :<br>
<br>
wifi ?<br>
ethernet board ?<br>
<br>
Are you traversing multiple routers ?<br>
<br>
Are you using multiple firewalls ?<br>
<br>
Have you tuned a delay as suggested a few days ago ?<br>
<br>
Can you try without specifying "capi engine" ?<br>
<br>
Are you using stunnel 32 bits or 64 bits : if 64, try the 32 version
as well.<br>
<br>
I am reviewing the code and soon enter some test on w7-32bits.<br>
<br>
Regards<br>
Pierre<br>
<br>
<br>
<br>
<div>Le 23/09/2014 15:30, John Smith a
écrit :<br>
</div><div><div class="h5">
<blockquote type="cite">
<div dir="ltr">I wish you were right but unfortunately it's
running lol</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 22 September 2014 18:24, Pierre
DELAAGE <span dir="ltr"><<a href="mailto:delaage.pierre@free.fr" target="_blank">delaage.pierre@free.fr</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"> When you observe that
log is empty and that "stunnel shows as started",<br>
do a CTRL ALT DEL to check if there is any process called
"stunnel" that is really running...<br>
<br>
I have a doubt that, although scm says stunnel is running,
in fact it is not.<br>
<br>
Regards<br>
Pierre<br>
<br>
<div>Le 22/09/2014 21:43, John Smith a écrit :<br>
</div>
<div>
<div>
<blockquote type="cite">
<div dir="ltr">Hi I used administrator account and
defaults to install. It is installed at Program
Files (x86)
<div><br>
</div>
<div>The service is set to run as local system
account and interact with desktop is checked.</div>
<div><br>
</div>
<div>Once the machine is booted... Login open
service control panel, stunnel shows as started.
Go look at logs nothing there... In service
control panel hit the restart button. And it
comes up properly.</div>
<div><br>
</div>
<div>My config is as follows:</div>
<div><br>
</div>
<div>
<div>; Debugging stuff (may useful for
troubleshooting)</div>
<div>;debug = 7</div>
<div>output = stunnel.log</div>
<div><br>
</div>
<div>; Initialize Microsoft CryptoAPI interface</div>
<div>engine = capi</div>
<div>; Also needs "engineID = capi" in each
section using the CAPI engine</div>
<div><br>
</div>
<div>[es-tcp]</div>
<div>accept = ${SERVER_IP}:9300</div>
<div>connect = <a href="http://127.0.0.1:9300" target="_blank">127.0.0.1:9300</a></div>
<div>cert = ....</div>
<div>CAfile = ....</div>
<div>verify = 2</div>
<div><br>
</div>
<div>[es-http]</div>
<div>accept = ${SERVER_IP}:9200</div>
<div>connect = <a href="http://127.0.0.1:9200" target="_blank">127.0.0.1:9200</a></div>
<div>cert = ....</div>
<div>CAfile = ....</div>
<div>verify = 2</div>
<div><br>
</div>
<div>[es-disc-local]</div>
<div>client = yes</div>
<div>accept = <a href="http://127.0.0.1:9700" target="_blank">127.0.0.1:9700</a></div>
<div>connect = ${SERVER_IP}:9300</div>
<div>cert = ....</div>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 22 September 2014
14:30, Pierre DELAAGE <span dir="ltr"><<a href="mailto:delaage.pierre@free.fr" target="_blank">delaage.pierre@free.fr</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"> Hello,<br>
I can tell my patch was adressing read file
error on conf file, <br>
but, unfortunately, not at all "dependencies
of stunnel service at start up",<br>
which is likely to be the core pb preventing
stunnel to start correctly at boot time for
people on that thread.<br>
<br>
Michal added explicit dependencies at
startup, that is necessary to solve that
bug. I did not check yet its implementation.<br>
<br>
But maybe some services, although started,
are still "not ready" when stunnel starts,
so that this makes stunnel fail.<br>
<br>
I suggest that stunnel checks, not only the
availability, but also the "efficiency" of
the DNS service by trying to resolve a well
known server.<br>
it should retry during, eg, 3 seconds, and
then stops with some reports if failing to
resolve the hostname,<br>
either by lack of network, or by lack of
answer from the name resolver.<br>
But...it seems that when having problems at
startup, it cannot even log
anything....maybe this is due to the
identity of "system user" of stunnel at that
particular moment: user that may have no
right to write on the HD.<br>
<br>
People should check also the installation
location of stunnel : it is supposed (and
have predefined shortcuts for that) to be
installed PREFERABLY in "c:\program
files\stunnel".<br>
I recommend to use that location.<br>
<br>
They also should try to resolve by hand the
hostnames they put in their stunnel conf
file, just to be sure.<br>
<br>
On some network or machines, maybe there is
a problem with the firewall and SOME
services tunneled by stunnel on forbidden
ports.<br>
<br>
On another hand, it sounds strange that just
restarting stunnel (in user mode or service
mode ?) is solving the problem :<br>
this sounds like unavailability of DNS at
startup.<br>
<br>
I did not investigate that particular
problem, but I will perform some tests soon
with the last 504 (or 505).<br>
<br>
Yours sincerely<br>
Pierre<br>
<br>
<br>
<br>
<div>Le 22/09/2014 19:20, <a href="mailto:541401@gmail.com" target="_blank">541401@gmail.com</a> a
écrit :<br>
</div>
<div>
<div>
<blockquote type="cite"> Using Stunnel
on several Windows Server 2008 R2 SP1
machines (all such machines are X64 as
the OS is only released as X64).<br>
<br>
During August of 2014 I reported in
this forum the current version of
Stunnel would not function as a
service under the above OS, even if
using a delayed start, it might run
but it would not work. I reverted to
using version 4.35, which did work
properly.<br>
<br>
Pierre DeLagge was kind enough to
provide me with a copy of his patched
Stunnel 5.02, which I am still using
and which is working flawlessly on my
production servers. No delayed start
required.<br>
<br>
I am wondering if Pierre's 5.02 patch
has been incorporated into the most
recently released Stunnel, 5.04? Has
anyone been successful in getting the
most current version to actually work
under the above environment without
delaying the start of the service?<br>
<br>
Just to add a little color and
background to the story, I am using
the native WS2008R2SP1 SMTP server on
each machine, in conjunction with
Stunnel, so as to forward OS event
notifications through a gmail account.<br>
<br>
<br>
<br>
<div>On 09.22.2014 06:54, John Smith
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I tried 5.04. on
Windows Server 2008 R2 Enterprise
Service Pack 1 x64
<div><br>
</div>
<div><br>
</div>
<div>Same issue. Service shows as
started, but no log. If I go
manual restart it works.<br>
<br>
Have to put delayed startup.</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 18
September 2014 16:15, John Smith
<span dir="ltr"><<a href="mailto:java.dev.mtl@gmail.com" target="_blank">java.dev.mtl@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">For now i'm
happy with 5.03 Already in
production so I will have to
wait next time! :)</div>
<div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On
17 September 2014
17:10, Michal Trojnara
<span dir="ltr"><<a href="mailto:Michal.Trojnara@mirt.net" target="_blank">Michal.Trojnara@mirt.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">-----BEGIN
PGP SIGNED
MESSAGE-----<br>
Hash: SHA1<br>
<span><br>
Jose Alf. wrote:<br>
> Regarding
stunnel service
dependencies, If
you read the 5.04
beta<br>
> announcement,
the dependency is
created
automatically now
when you<br>
> install
stunnel as a
service. Please
give it a try.
Looks like it<br>
> works for me.<br>
><br>
> Thanks to
Mike for
implementing that.<br>
<br>
</span>Thank you for
testing it.<br>
<br>
Best regards,<br>
Mike<br>
-----BEGIN PGP
SIGNATURE-----<br>
Version: GnuPG v1<br>
<br>
iEYEARECAAYFAlQZ+NsACgkQ/NU+nXTHMtGdAgCdFUQ6YWXDdE0g4ZNoys3DSR0Q<br>
yLoAnRgo4jKIzb93fzEZcV79eoAQLXMR<br>
=+xFQ<br>
-----END PGP
SIGNATURE-----<br>
<div>
<div>_______________________________________________<br>
stunnel-users
mailing list<br>
<a href="mailto:stunnel-users@stunnel.org" target="_blank">stunnel-users@stunnel.org</a><br>
<a href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" target="_blank">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
stunnel-users mailing list
<a href="mailto:stunnel-users@stunnel.org" target="_blank">stunnel-users@stunnel.org</a>
<a href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" target="_blank">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a>
</pre>
</blockquote>
<br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
stunnel-users mailing list
<a href="mailto:stunnel-users@stunnel.org" target="_blank">stunnel-users@stunnel.org</a>
<a href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" target="_blank">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
stunnel-users mailing list<br>
<a href="mailto:stunnel-users@stunnel.org" target="_blank">stunnel-users@stunnel.org</a><br>
<a href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" target="_blank">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
stunnel-users mailing list<br>
<a href="mailto:stunnel-users@stunnel.org" target="_blank">stunnel-users@stunnel.org</a><br>
<a href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" target="_blank">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div></div></div>
<br>_______________________________________________<br>
stunnel-users mailing list<br>
<a href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a><br>
<a href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" target="_blank">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><br>
<br></blockquote></div><br></div>