[stunnel-users] Connection problems and TCP frame checksum errors

Tommi Nieminen ttn at mbnet.fi
Sat Oct 21 11:11:39 CEST 2006

Hi Peter,

thanks for all your suggestions. They were really helpful
in bringing me to the solution of the problem.

> 1. "netstat -an" - to make sure stunnel is listening on the correct
> interface and port

This was OK.

> 2. does "lastcomm stunnel' show anything useful?  If you don't use threads
>     a new stunnel process starts with each connection.

This showed nothing useful.

> 3. just a guess but  remove the socket entries in the config file - maybe
>     they are causing a problem.  I don't use them but maybe there is a
> good reason to use them.

The socket entries were there because they were in the original
config file which I edited for my purposes. They seemed ok to me
so I left them in my config when I began experimenting with stunnel.
Commenting them out didn't make any difference for this problem.

> 4. try connecting directly to the stunnel box (no router). does that
> always work

Maybe not always, but remarkably better!!!

> 5.  maybe the NIC card is flaky

The card had worked just fine until then, so I didn't really
believe in this. I thought I'd save this for the last.

> 6. run "stunnel -version" to verify all is configured as you think.

Seems all right.

So what the heck could the problem be. It took me a long time to
figure out the answer. The fact that almost all connection attempts
succeeded when the router was left out of the picture would suggest
there was a problem with the router configurations. But no, the
router was correctly configured. Instead, the routing tables of the
linux work station were not right! That's a problem I've hardly ever
had to deal with (and therefore a subject I don't understand enough of)
so it took some experimenting to get the routing tables right. Now it
looks good. I still can't explain why the original routing tables
sometimes worked and sometimes didn't, but I'll study the subject :-)


