[stunnel-users] newbie config not running

Craig Retief stunnel at rsw.co.za
Mon Nov 12 11:05:58 CET 2007


Try playing around with the debug level and see what the difference is. You
can read the included manual on what the different levels do.

>From the manual:

debug = [facility.]level
    debugging level 

    Level is a one of the syslog level names or numbers emerg (0), alert
(1), crit (2), err (3), warning (4), notice (5), info (6), or debug (7). All
logs for the specified level and all levels numerically less than it will be
shown. Use debug = debug or debug = 7 for greatest debugging output. The
default is notice (5).

    The syslog facility 'daemon' will be used unless a facility name is
supplied. (Facilities are not supported on Win32.)

    Case is ignored for both facilities and levels.

If you are still having problems you can always post your config file here
and the list can take a look at what you have done and make recommendations
on it.


Cheers

Craig

> -----Original Message-----
> From: jilin zhang [mailto:jz at ellingtongeologic.com]
> Sent: 08 November 2007 04:59 PM
> To: fuzzy_4711 at gmx.de; Craig Retief
> Cc: stunnel-users at mirt.net
> Subject: Re: [stunnel-users] newbie config not running
> 
> Ladies and Gentlemen
> 
> I used vnc with stunnel and it seems working.  but the stunnel log on
> the server side records the server's IP address instead of the
> client address.  Any suggestion to fix this?
> 
> Thanks
> 
> J Z
> 
> ----- Original Message -----
> From: "Craig Retief" <stunnel at rsw.co.za>
> To: <fuzzy_4711 at gmx.de>
> Cc: <stunnel-users at mirt.net>
> Sent: Wednesday, November 07, 2007 1:32 AM
> Subject: Re: [stunnel-users] newbie config not running
> 
> 
> > You Are most Welcome Stefan :-)
> >
> > Thank you for the compliment. It is always nice to have someone
> respond and
> > thank the list when the solution worked.
> >
> > My offer still stands if you need help at any time.
> >
> > Have a good one!
> >
> > Cheers
> >
> > Craig
> >
> >> -----Original Message-----
> >> From: fuzzy_4711 [mailto:fuzzy_4711 at gmx.de]
> >> Sent: 02 November 2007 03:49 PM
> >> To: Craig Retief
> >> Cc: stunnel-users at mirt.net
> >> Subject: Re: [stunnel-users] newbie config not running
> >>
> >> Craig Retief schrieb:
> >> >> Hello list.
> >> >>
> >> >>
> >> >
> >> > Hello's :-)
> >> >
> >> >
> >> >> I am new to stunnel and do have some problems to get it running.
> >> >>
> >> >>
> >> >
> >> > Welcome to the list :-)
> >> >
> >> >
> >> >> The server is a WinXPSP2 behind a router. The router has port
> >> >> forwarding
> >> >> enabled for port 9999 to the stunnel server (4.21). On the same
> box
> >> a
> >> >> vnc server is running on port 5900 which I like to tunnel.
> Firewall
> >> is
> >> >> opened. The netstat -a -n shows the server listening on the
> desired
> >> >> port
> >> >> (9999).
> >> >>
> >> >> My server config looks like that:
> >> >>
> >> >> cert = stunnel.pem
> >> >> ;key = stunnel.pem
> >> >>
> >> >> ; Some performance tunings
> >> >> socket = l:TCP_NODELAY=1
> >> >> socket = r:TCP_NODELAY=1
> >> >>
> >> >> ; Workaround for Eudora bug
> >> >> ;options = DONT_INSERT_EMPTY_FRAGMENTS
> >> >>
> >> >> ; Authentication stuff
> >> >> ;verify = 2
> >> >> ; Don't forget to c_rehash CApath
> >> >> ;CApath = certs
> >> >> ; It's often easier to use CAfile
> >> >> ;CAfile = certs.pem
> >> >> ; Don't forget to c_rehash CRLpath
> >> >> ;CRLpath = crls
> >> >> ; Alternatively you can use CRLfile
> >> >> ;CRLfile = crls.pem
> >> >>
> >> >> ; Some debugging stuff useful for troubleshooting
> >> >> ;debug = 7
> >> >> ;output = stunnel.log
> >> >>
> >> >> ; Use it for client mode
> >> >> ;client = yes
> >> >>
> >> >> [pop3s]
> >> >> accept  = 995
> >> >> connect = 110
> >> >>
> >> >> [imaps]
> >> >> accept  = 993
> >> >> connect = 143
> >> >>
> >> >> [ssmtp]
> >> >> accept  = 465
> >> >> connect = 25
> >> >>
> >> >>
> >> >
> >> >
> >> >
> >> > Change on server
> >> >
> >> > [VNC Server]
> >> > accept = 9999
> >> > connect = 5900
> >> >
> >> > to
> >> >
> >> > [VNC Server]
> >> > accept = 9999
> >> > connect = 127.0.0.1:5900
> >> >
> >> > On the server you need to specify the place where the service
> needs
> >> to
> >> > connect to. Thus you should specify the localhost ip so that when
> the
> >> server
> >> > receives a connect on port 9999 it directs it to the server
> itself.
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >> The client side is a linux box with config setting:
> >> >> client = yes
> >> >>
> >> >>
> >> >
> >> >
> >> >
> >> > Change on client
> >> >
> >> > [VNC Server]
> >> > accept = 5900
> >> > connect = 9999
> >> >
> >> > to
> >> >
> >> > [VNC Server]
> >> > accept = 5900
> >> > connect = your_router_ip:9999
> >> >
> >> > When connecting to the service, you need to specify the servers IP
> >> address
> >> > where the connection needs to go, if you don't then stunnel won't
> >> know where
> >> > to direct the traffic to.
> >> >
> >> > What should happen is that you specify your connection in VNC as
> >> > 127.0.0.1:5900 and then VNC will connect to stunnel that will
> direct
> >> the
> >> > traffic to the server which will in return direct it to the VNC
> >> service on
> >> > itself
> >> >
> >> > Let me know if you get stuck and I will generate a config file for
> >> you. Also
> >> > it is recommended that you don't use the default stunnel.pem file.
> >> Please
> >> > create a new certificate on the server and client and use verify =
> 3
> >> to
> >> > completely secure the connection. This will prevent someone else
> that
> >> also
> >> > has the stunnel.pem file from connecting to your server.
> >> >
> >> > Let me know if you need help with the creation of the
> certificates.
> >> It's
> >> > pretty straight forward ;-)
> >> >
> >> > Cheers,
> >> >
> >> > Craig
> >> >
> >> >
> >> Hello Craig.
> >>
> >> Thanks a lot - this was exactly the information needed.
> >>
> >> Communities are living because of people like you are!
> >> The perfect answer: Friendly, with some explainations where needed
> and
> >> the offer to help even further.
> >>
> >>
> >> Thanks again.
> >> Stefan
> >>
> >> P.S.: I think I can do the pem-file by myself - I ll try tomorrow.
> >>
> >>
> >> >> I turned on debugging and stunnel.log seems to be okay - no error
> >> >> messages.
> >> >>
> >> >> But I am not able to get an connection.
> >> >>
> >> >> What am I doing wrong?
> >> >>
> >> >> Stefan
> >> >> _______________________________________________
> >> >> stunnel-users mailing list
> >> >> stunnel-users at mirt.net
> >> >> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
> >> >>
> >> >
> >> > _______________________________________________
> >> > stunnel-users mailing list
> >> > stunnel-users at mirt.net
> >> > http://stunnel.mirt.net/mailman/listinfo/stunnel-users
> >> >
> >> >
> >
> > _______________________________________________
> > stunnel-users mailing list
> > stunnel-users at mirt.net
> > http://stunnel.mirt.net/mailman/listinfo/stunnel-users
> >




More information about the stunnel-users mailing list