[stunnel-users] stunnel OK without "transparent = source", with = timeout problem

Elodie BOSSIER elodieuse at gmail.com
Fri Jul 29 03:25:37 CEST 2011


Back ...

I don't find the problem,

This is the log without transparent when it's working : 
http://pastebin.com/mjReyE8a
with transparent and not working : http://pastebin.com/ZGqRVXzF

Thanks so much ...

Le 28/07/2011 12:25, Elodie BOSSIER a écrit :
> Greetings again,
>
> Thanks so much to have updated the manual about SNI, my stunel works 
> correctly.
>
> But i have a tiny problem, when i visit my webserver, the 
> SERVER['REMOTE_ADDR'] with PHP isn't the ip adress of the visitor but 
> the IP of the stunnel.
> I have read the manual about this transparent proxy and i don't sucess 
> with the configuration.
>
> This is my config file :
>
> pid = /stunnel.pid
> options = NO_SSLv2
> transparent = source
> [virtual]
> accept = 443
> cert = /usr/local/openssl/etc/CERTIFICATES/www.franceserv.fr_cert.cert
> key = /usr/local/openssl/etc/PRIVATE_KEYS/www.franceserv.fr_key.pem
> connect = www.franceserv.fr:80
> [sni1]
> sni = virtual:elodie.franceserv.com
> cert = /etc/ssl-fsh/cert-elodie.franceserv.com.pem
> key = /etc/ssl-fsh/key-franceserv.key
> connect = elodie.franceserv.com:80
> [sni2]
> sni = virtual:befun.franceserv.com
> cert = /etc/ssl-fsh/cert-befun.franceserv.com.pem
> key = /etc/ssl-fsh/key-franceserv.key
> connect = befun.franceserv.com:80
>
> It's don't work, i have a timeout with my browser.
>
> With iptables, i have set this :
>
>   iptables -t mangle -N DIVERT
>   iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
>   iptables -t mangle -A DIVERT -j MARK --set-mark 1
>   iptables -t mangle -A DIVERT -j ACCEPT
>   ip rule add fwmark 1 lookup 100
>   ip route add local 0.0.0.0/0 dev lo table 100
>   echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
>   echo 1 > /proc/sys/net/ipv4/ip_forward
>
> My stunnel is on the server 192.168.0.20 and the webserver on 192.168.0.2
>
> I try to follow the help of 
> http://www.stunnel.org/static/stunnel.html#service_level_options
> with : transparent = none | source | destination | both (Unix only)
>
> Could you tell me what i make wrong please ?



More information about the stunnel-users mailing list