Right...so, here is a sample config, I will add emphasis on the parts you need to make sure you have. ; Sample stunnel configuration file by Michal Trojnara 2002-2006 ; Some options used here may not be adequate for your particular configuration ; Please make sure you understand them (especially the effect of chroot jail) ; Certificate/key is needed in server mode and optional in client mode cert = /newcert.pem key = /newkey.pem ; Protocol version (all, SSLv2, SSLv3, TLSv1) sslVersion = SSLv3, TLSv1 ; Some security enhancements for UNIX systems - comment them out on Win32 chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 ; PID is created inside chroot jail pid = /stunnel4.pid ; Some performance tunings ;socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ;compression = rle ; Workaround for Eudora bug ;options = DONT_INSERT_EMPTY_FRAGMENTS ; Authentication stuff ;verify = 2 ; Don't forget to c_rehash CApath ; CApath is located inside chroot jail ;CApath = /certs ; It's often easier to use CAfile ;CAfile = /etc/stunnel/certs.pem ; Don't forget to c_rehash CRLpath ; CRLpath is located inside chroot jail ;CRLpath = /crls ; Alternatively you can use CRLfile ;CRLfile = /etc/stunnel/crls.pem ; Some debugging stuff useful for troubleshooting debug = 7 output = /var/log/stunnel4/stunnel.log ; Use it for client mode client = yes ; Service-level configuration ;[pop3s] ;accept = 995 ;connect = 110 ;[imaps] ;accept = 993 ;connect = 143 ;[ssmtp] ;accept = 465 ;connect = 25 [https] accept = 10.x.x.x:443 <http://10.32.75.46:443> connect = 11.x.x.x:443 <http://10.32.75.46:443> ; here you need to have an IP address for each accept and connect, as well as a port. If you are connecting to localhost, put 127.0.0.1. ;TIMEOUTclose = 0 ; vim:ft=dosini On Wed, Dec 21, 2011 at 12:26 PM, yassine ayachi <[email protected]> wrote:
Hi Scott,
I am not quite sure to understand your answer. Let me add some more info to make it clear onto how I get the segfault.:
A java applet (from web browser) is invoking the stunnel machine on the port 1957 stunnel then redirects the traffic into the remote_machine, so I only have the server stunnel portion installed (in the stunnel machine ).
when I run a telnet on any machine connected to the internet this way: telnet stunnel_machine 1957 the stunnel on the stunnel machine dies...with the error posted previously.
Greetings, -- Yassine
2011/12/21 Scott Damron <[email protected]>
You need to have an IP address for the local connection and you need the client portion enabled as well.
Scott
On Wed, Dec 21, 2011 at 10:51 AM, yassine ayachi <[email protected]> wrote:
Hi all,
I'am trying to encrypt a connection between two hosts using stunnel. ----- here is my config file ---- cert = /usr/local/etc/stunnel/stunnel.pem chroot = /usr/local/var/lib/stunnel/ setuid = nobody setgid = nogroup pid = /stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
debug = debug output = stunnel.log --- [rdps] accept = 1957 connect = remote_machine:3389
Avery think was working fine until I tried to telnet to the port 1957
on
the machine running stunnel, the process stunnel was killed alone leaving this in /var/log/messages :
Dec 20 16:58:01 alpha kernel: [4930384.164316] stunnel[14540]: segfault at 8 ip b7629b61 sp b758d16c error 6 in libc-2.7.so[b75bd000+138000]
Does anybody have an idea about this problem,
thanks in advance,
Yassine
_______________________________________________ stunnel-users mailing list [email protected] http://stunnel.mirt.net/mailman/listinfo/stunnel-users