[stunnel-users] Enhance description of transparent mode in FAQ
descent89 at gmail.com
Thu Nov 25 01:03:55 CET 2010
I would suggest to improve 'transparent = yes | no (Unix only)'
section of http://www.stunnel.org/faq/stunnel.html#service_level_options
and how this option work on OS X.
I think that this part
remote mode (I<connect> option) on Linux >=2.6.28
remote mode (I<connect> option) 2.2.x
local mode (I<exec> option)
is not clear. Remote mode is a "I<connect> option"? What the heck? And
local mode is a "I<exec> option"? Does this "I" thingie stand for
unnamed pipe or capital "i" or small cap "L"??
I ran to this problem when I tried to set up stunnel on Mac OS X and
carelessly used some example config on web.
Setting "transparent = yes" in Mac OS X will result in very funny
behavior. Consider this conf
will result in unbelievable error - "local_bind (original port):
Address family not supported by protocol family (47)"
Using 127.0.0.1 instead of localhost will do better - "Service https
bound to 127.0.0.1:8080" - BUT when you try to access 127.0.0.1:8080
nothing reasonable happens and log will show another strange error
"connect_blocking: connect <ip_address>: Network is unreachable (51)"
The next spectacular thing is that when you use only localhost connect
and accept parameter, than transparent=yes works OK.
I would suggest rewriting that part to reflect these kind of
situations in more clear way - they are very hard to debug, and
honestly I couldn't figure it out even though I read FAQ several
Final question - is it possible on OS X (which doesn't have iptables
interface, but has ipfw) to set up transparent proxy tunnel with
More information about the stunnel-users