[stunnel-users] Can't start stunnel (dies mysteriously)
Ivan Lezhnjov Jr.
ivan.lezhnjov.jr at gmail.com
Tue Aug 19 15:50:02 CEST 2008
Hello there
I run stunnel version 4.21 and openssl version 0.9.8h.
In my setup I aim to create a tunnel to send log files through to a
centralized loghost.
Host A (loghost) runs Source Mage GNU/Linux (with stunnel 4.21, openssl
0.9.8h) and host B runs Slackware 11 system (with stunnel 4.17, openssl
0.9.8h).
The problem is that stunnel starts on host B but won't start on host A.
Here's the snippet of /var/log/messages that records stunnel start-up event:
root at sega:/home/users/ilj % stunnel && tail /var/log/messages -n 3
Aug 19 16:17:37 sega stunnel: LOG5[29146:3082634944]: stunnel 4.21 on
i686-pc-linux-gnu with OpenSSL 0.9.8h 28 May 2008 Aug 19 16:17:37 sega
stunnel: LOG5[29146:3082634944]: Threading:PTHREAD SSL:ENGINE
Sockets:POLL,IPv6 Auth:LIBWRAP Aug 19 16:17:37 sega stunnel:
LOG5[29146:3082634944]: 500 clients allowed
I've actually been trying to run stunnel for the first time ever so I don't
really know if this output confirms that everything is alright but judging
solely from what is put in log file it seems stunnel has started
successfully.
Unfortunately, this isn't quite true
root at sega:/home/users/ilj % ps ax | grep stun
29618 pts/4 R+ 0:00 grep stun
So, this is the problem I have. It doesn't start on host A.
Host A has the following stunnel configuration:
root at sega:/home/users/ilj % cat /etc/stunnel/stunnel.conf
cert = /etc/stunnel/syslog-ng-server.pem
CAfile = /etc/stunnel/syslog-ng-client.pem
verify = 3
[5101]
accept = 217.117.75.2:5101
connect = 127.0.0.1:1999
Host B sports a little bit different configuration file:
root at xerxes:~ % cat /etc/stunnel/stunnel.conf
client = yes
cert = /etc/stunnel/syslog-ng-client.pem
CAfile = /etc/stunnel/syslog-ng-server.pem
verify = 3
[5101]
accept = 127.0.0.1:1999
connect = 217.117.75.2:5101
On both hosts (A & B) I run stunnel standalone as root.
> 4. Output of "stunnel -f -D 7 <your-parameters>".
Erm.. it doesn't seem to work for me. There's no -D parameter according to man
stunnel.
The following information below is about host A only:
root at sega:/home/users/ilj % stunnel -version
stunnel 4.21 on i686-pc-linux-gnu with OpenSSL 0.9.8h 28 May 2008
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options
debug = 5
pid = /usr/var/run/stunnel/stunnel.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
Service-level options
cert = /etc/stunnel/stunnel.pem
ciphers = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
key = /etc/stunnel/stunnel.pem
session = 300 seconds
sslVersion = SSLv3 for client, all for server
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none
root at sega:/home/users/ilj % uname -a
Linux sega 2.6.24 #5 SMP PREEMPT Wed May 7 18:22:29 EEST 2008 i686 GNU/Linux
root at sega:/home/users/ilj % gaze from /usr/lib/libc.a
glibc-2.7:/usr/lib/libc.a
root at sega:/home/users/ilj % gcc -v
Reading specs from /usr/lib/gcc/i686-pc-linux-gnu/4.2.3/specs
Target: i686-pc-linux-gnu
Configured
with: /usr/src/gcc-4.2.3/configure --host=i686-pc-linux-gnu --prefix=/usr --infodir=/usr/share/info --mandir=/usr/share/man --enable-threads=posix --with-system-zlib
Thread model: posix
gcc version 4.2.3
root at sega:/home/users/ilj % gaze installed | grep openssl
openssl:20080615:installed:0.9.8h
--
Ivan Lezhnjov Jr.
Europe, Ukraine, Simferopol
Running
Source Mage GNU/Linux, kernel version 2.6.24 build #5
+----------------------------------------------------------------------+
Key ID 0x5811D90C
Key Fingerprint 2A52 5C8C 38BE C04F D8DE A169 19E2 E49A 5811 D90C
Use GPG Exercise Your Right To Privacy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20080819/105515d0/attachment.sig>
More information about the stunnel-users
mailing list