[stunnel-users] Can't start stunnel (dies mysteriously)

Ivan Lezhnjov Jr. ivan.lezhnjov.jr at gmail.com
Tue Aug 19 15:50:02 CEST 2008

Hello there

I run stunnel version 4.21 and openssl version 0.9.8h.
In my setup I aim to create a tunnel to send log files through to a 
centralized loghost.

Host A (loghost) runs Source Mage GNU/Linux (with stunnel 4.21, openssl 
0.9.8h) and host B runs Slackware 11 system (with stunnel 4.17, openssl 

The problem is that stunnel starts on host B but won't start on host A.

Here's the snippet of /var/log/messages that records stunnel start-up event:

	root at sega:/home/users/ilj % stunnel && tail /var/log/messages -n 3
	Aug 19 16:17:37 sega stunnel: LOG5[29146:3082634944]: stunnel 4.21 on
	i686-pc-linux-gnu with OpenSSL 0.9.8h 28 May 2008 Aug 19 16:17:37 sega
	stunnel: LOG5[29146:3082634944]: Threading:PTHREAD SSL:ENGINE
	Sockets:POLL,IPv6 Auth:LIBWRAP Aug 19 16:17:37 sega stunnel:
	LOG5[29146:3082634944]: 500 clients allowed

I've actually been trying to run stunnel for the first time ever so I don't 
really know if this output confirms that everything is alright but judging 
solely from what is put in log file it seems stunnel has started 

Unfortunately, this isn't quite true

	root at sega:/home/users/ilj % ps ax | grep stun
	29618 pts/4    R+     0:00 grep stun

So, this is the problem I have. It doesn't start on host A.

Host A has the following stunnel configuration:

	root at sega:/home/users/ilj % cat /etc/stunnel/stunnel.conf
	cert = /etc/stunnel/syslog-ng-server.pem
	CAfile = /etc/stunnel/syslog-ng-client.pem
	verify = 3
	accept =
	connect =

Host B sports a little bit different configuration file:

	root at xerxes:~ % cat /etc/stunnel/stunnel.conf
	client = yes
	cert = /etc/stunnel/syslog-ng-client.pem
	CAfile = /etc/stunnel/syslog-ng-server.pem
	verify = 3
	accept =
	connect =

On both hosts (A & B) I run stunnel standalone as root.

> 4. Output of "stunnel -f -D 7 <your-parameters>". 

Erm.. it doesn't seem to work for me. There's no -D parameter according to man 

The following information below is about host A only:

	root at sega:/home/users/ilj % stunnel -version
	stunnel 4.21 on i686-pc-linux-gnu with OpenSSL 0.9.8h 28 May 2008

	Global options
	debug           = 5
	pid             = /usr/var/run/stunnel/stunnel.pid
	RNDbytes        = 64
	RNDfile         = /dev/urandom
	RNDoverwrite    = yes

	Service-level options
	cert            = /etc/stunnel/stunnel.pem
	ciphers         = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
	key             = /etc/stunnel/stunnel.pem
	session         = 300 seconds
	sslVersion      = SSLv3 for client, all for server
	TIMEOUTbusy     = 300 seconds
	TIMEOUTclose    = 60 seconds
	TIMEOUTconnect  = 10 seconds
	TIMEOUTidle     = 43200 seconds
	verify          = none

	root at sega:/home/users/ilj % uname -a
	Linux sega 2.6.24 #5 SMP PREEMPT Wed May 7 18:22:29 EEST 2008 i686 GNU/Linux

	root at sega:/home/users/ilj % gaze from /usr/lib/libc.a

	root at sega:/home/users/ilj % gcc -v
	Reading specs from /usr/lib/gcc/i686-pc-linux-gnu/4.2.3/specs
	Target: i686-pc-linux-gnu
with: /usr/src/gcc-4.2.3/configure --host=i686-pc-linux-gnu --prefix=/usr --infodir=/usr/share/info --mandir=/usr/share/man --enable-threads=posix --with-system-zlib
	Thread model: posix
	gcc version 4.2.3

	root at sega:/home/users/ilj % gaze installed | grep openssl


  Ivan Lezhnjov Jr.

  Europe, Ukraine, Simferopol

  Source Mage GNU/Linux, kernel version 2.6.24 build #5


           Key ID 0x5811D90C
  Key Fingerprint 2A52 5C8C 38BE C04F D8DE  A169 19E2 E49A 5811 D90C
          Use GPG Exercise Your Right To Privacy 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20080819/105515d0/attachment.sig>

More information about the stunnel-users mailing list