[stunnel-users] Problem using stunnel on Windows 7

• Previous message (by thread): [stunnel-users] Problem using stunnel on Windows 7
• Next message (by thread): [stunnel-users] Max Cookie Size
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,
port 7999 is really meaningless in your problem :
your client app should connect to 8000, so the local stunel on CLIENT 
SIDE should wait for incoming connection on port 8000, not 7999.

More over your client should connect to "machine" 127.0.0.1, to its 
local stunnel.

then client stunnel connect to server stunnel on ANOTHER machine, on 
port, say 8001...

and then remote stunnel server should connect to ITS LOCAL SERVER APP, 
on port...8000.

that's all.

in TCP of course...

Pierre


Le 17/11/2012 11:13, Hal Hovland a écrit :
>
> Hi Brian, thanks for taking a look. The client .conf uses 7999 and 
> 8001. On the accept side I've tried 7999 and 192.168.1.158:7999 and 
> 0.0.0.0:7999.
>
> I should also say I tried all this with Ncat (same result) and that 
> the machines have the latest .NET Framework installed, viz., 4.5 -- 
> could that be the problem?
>
> Regards, Hal
>
> *From:*Brian Wilkins [mailto:bwilkins at gmail.com]
> *Sent:* 16 November 2012 23:25
> *To:* Hal Hovland
> *Cc:* stunnel-users at stunnel.org
> *Subject:* Re: [stunnel-users] Problem using stunnel on Windows 7
>
> I didn't see a port setting in the clients stunnel.conf
>
> On Nov 16, 2012 6:18 PM, "Hal Hovland" <hhovland at btconnect.com 
> <mailto:hhovland at btconnect.com>> wrote:
>
> I've spent days googling this and read everything relevant in the 
> archives.
>
> I'm developing a Windows 7 program that connects to a financial 
> trading exchange that expects all communication to be SSL'd. 
> Everything I read said that stunnel is the answer because of ease of 
> installation and use. After a day of abortive attempts to link to the 
> exchange, I decided to create a much simpler test environment 
> involving two Windows 7 computers next to each other here.
>
> One, let's call it Riven-II (192.168.1.9), is set up with a simple 
> Listener program that listens on port 8000. From stunnel's viewpoint 
> this will be a server. The second machine, Lightning (192.168.1.158), 
> has a simple Sender program that sends a text message via port 7999 to 
> Riven-II (192.168.1.9:8000 <http://192.168.1.9:8000>) -- this will be 
> the Client. In the absence of stunnel, all messages sent from 
> Lightning/Sender appears on the window of Listener. So far so good.
>
> I've downloaded and installed the very latest version (4.54) of 
> stunnel on both machines. On installation I entered the same responses 
> to the certificate generating process.
>
> On the Server machine, hard wired to a Broadband Router, I configured 
> stunnel.conf as (removing comments for simplicity)
>
> /debug = 7/
>
> /output = stunnel.log/
>
> //
>
> /socket = l:TCP_NODELAY=1/
>
> /socket = r:TCP_NODELAY=1/
>
> //
>
> /cert = stunnel.pem/
>
> /key = stunnel.pem/
>
> //
>
> /options = NO_SSLv2/
>
> //
>
> /taskbar=yes/
>
> //
>
> /[Listener]/
>
> /connect=8000/
>
> /accept=8001/
>
> On the Client machine, connected to the router via wi-fi, we have in 
> stunnel.conf
>
> /debug = 7/
>
> /output = stunnel.log/
>
> //
>
> /cert = stunnel.pem/
>
> //
>
> /socket = l:TCP_NODELAY=1/
>
> /socket = r:TCP_NODELAY=1/
>
> //
>
> /fips=no/
>
> //
>
> /options = NO_SSLv2/
>
> //
>
> /delay=yes/
>
> /taskbar=yes/
>
> //
>
> /client=yes/
>
> //
>
> /[sender]/
>
> /accept = 0.0.0.0:7999 <http://0.0.0.0:7999> (I've tried just 7999 and 
> 192.168.1.158:7999 <http://192.168.1.158:7999>, here. Makes no 
> difference)/
>
> /connect = 192.168.1.9:8001 <http://192.168.1.9:8001>/
>
> I've tried many variations with the same result, but the above is 
> where they have ended up.
>
> My understanding of this is that stunnel both ends will be 
> intercepting port 8000 on the Server and port 7999 on the Client and 
> presenting/receiving SSL encoded messages across the wire on port 8001.
>
> Starting stunnel in the Server  (not as a Windows service, although I 
> did try that as well) the following log appears:
>
> /2012.11.16 22 <tel:2012.11.16%2022>:34:08 LOG7[3484:6184]: No limit 
> detected for the number of clients/
>
> /2012.11.16 22 <tel:2012.11.16%2022>:34:08 LOG5[3484:6184]: stunnel 
> 4.54 on x86-pc-msvc-1500 platform/
>
> /2012.11.16 22 <tel:2012.11.16%2022>:34:08 LOG5[3484:6184]: 
> Compiled/running with OpenSSL 1.0.1c-fips 10 May 2012/
>
> /2012.11.16 22 <tel:2012.11.16%2022>:34:08 LOG5[3484:6184]: 
> Threading:WIN32 SSL:+ENGINE+OCSP+FIPS Auth:none Sockets:SELECT+IPv6/
>
> /2012.11.16 22 <tel:2012.11.16%2022>:34:08 LOG5[3484:6184]: Reading 
> configuration from file stunnel.conf/
>
> /2012.11.16 22 <tel:2012.11.16%2022>:34:08 LOG5[3484:6184]: FIPS mode 
> is enabled/
>
> /2012.11.16 22 <tel:2012.11.16%2022>:34:08 LOG7[3484:6184]: 
> Compression not enabled/
>
> /2012.11.16 22 <tel:2012.11.16%2022>:34:08 LOG7[3484:6184]: Snagged 64 
> random bytes from C:/.rnd/
>
> /2012.11.16 22 <tel:2012.11.16%2022>:34:08 LOG7[3484:6184]: Wrote 1024 
> new random bytes to C:/.rnd/
>
> /2012.11.16 22 <tel:2012.11.16%2022>:34:08 LOG7[3484:6184]: PRNG 
> seeded successfully/
>
> /2012.11.16 22 <tel:2012.11.16%2022>:34:08 LOG6[3484:6184]: 
> Initializing service [Listener]/
>
> /2012.11.16 22:34:08 LOG7[3484:6184]: Certificate: stunnel.pem/
>
> /2012.11.16 22:34:08 LOG7[3484:6184]: Certificate loaded/
>
> /2012.11.16 22:34:08 LOG7[3484:6184]: Key file: stunnel.pem/
>
> /2012.11.16 22:34:08 LOG7[3484:6184]: Private key loaded/
>
> /2012.11.16 22:34:08 LOG7[3484:6184]: Could not load DH parameters 
> from stunnel.pem/
>
> /2012.11.16 22:34:08 LOG7[3484:6184]: Using hardcoded DH parameters/
>
> /2012.11.16 22:34:08 LOG7[3484:6184]: DH initialized with 2048-bit key/
>
> /2012.11.16 22:34:08 LOG7[3484:6184]: ECDH initialized with curve 
> prime256v1/
>
> /2012.11.16 22:34:08 LOG7[3484:6184]: SSL options set: 0x01000004/
>
> /2012.11.16 22:34:08 LOG5[3484:6184]: Configuration successful/
>
> /2012.11.16 22:34:08 LOG7[3484:6184]: Service [Listener] (FD=272) 
> bound to 0.0.0.0:8001 <http://0.0.0.0:8001>/
>
> On the Client, the log shows:
>
> /2012.11.16 22:25:53 LOG7[4184:4948]: No limit detected for the number 
> of clients/
>
> /2012.11.16 22:25:53 LOG5[4184:4948]: stunnel 4.54 on x86-pc-msvc-1500 
> platform/
>
> /2012.11.16 22:25:53 LOG5[4184:4948]: Compiled/running with OpenSSL 
> 1.0.1c-fips 10 May 2012/
>
> /2012.11.16 22:25:53 LOG5[4184:4948]: Threading:WIN32 
> SSL:+ENGINE+OCSP+FIPS Auth:none Sockets:SELECT+IPv6/
>
> /2012.11.16 22:25:53 LOG5[4184:4948]: Reading configuration from file 
> stunnel.conf/
>
> /2012.11.16 22:25:53 LOG5[4184:4948]: FIPS mode is disabled/
>
> /2012.11.16 22:25:53 LOG7[4184:4948]: Compression not enabled/
>
> /2012.11.16 22:25:53 LOG7[4184:4948]: Snagged 64 random bytes from 
> C:/.rnd/
>
> /2012.11.16 22:25:53 LOG7[4184:4948]: Wrote 1024 new random bytes to 
> C:/.rnd/
>
> /2012.11.16 22:25:53 LOG7[4184:4948]: PRNG seeded successfully/
>
> /2012.11.16 22:25:53 LOG6[4184:4948]: Initializing service [sender]/
>
> /2012.11.16 22:25:53 LOG7[4184:4948]: Certificate: stunnel.pem/
>
> /2012.11.16 22:25:53 LOG7[4184:4948]: Certificate loaded/
>
> /2012.11.16 22:25:53 LOG7[4184:4948]: Key file: stunnel.pem/
>
> /2012.11.16 22:25:53 LOG7[4184:4948]: Private key loaded/
>
> /2012.11.16 22:25:53 LOG7[4184:4948]: SSL options set: 0x01000004/
>
> /2012.11.16 22:25:53 LOG5[4184:4948]: Configuration successful/
>
> /2012.11.16 22:25:53 LOG7[4184:4948]: Service [sender] (FD=224) bound 
> to 0.0.0.0:7999 <http://0.0.0.0:7999> /
>
> Running the Listener on the Server and Sender on the Client adds 
> nothing to the log, and port sniffers on both machines show traffic 
> between 7999 and 8000 (exactly the same as when stunnel is not 
> running). No sign of the use of port 8001.
>
> I'd appreciate any input on this. I'm sure I must be doing something 
> stupid, but I've watched hours of YouTube videos, read many hundreds 
> of web pages, and been through the documentation quite a few times, to 
> no avail.
>
> I have a Java based version, running in a JVM in the same Windows 
> machines, that talks perfectly to the exchange using some inbuilt SSL 
> capabilities of an included library, so that should probably eliminate 
> any hardware/router issues?
>
> Regards, Hal
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org <mailto:stunnel-users at stunnel.org>
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
> ------------------------------------------------------------------------
>
> No virus found in this message.
> Checked by AVG - www.avg.com <http://www.avg.com>
> Version: 2012.0.2221 / Virus Database: 2629/5400 - Release Date: 11/16/12
>
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20121118/3b17f1b0/attachment.html>

• Previous message (by thread): [stunnel-users] Problem using stunnel on Windows 7
• Next message (by thread): [stunnel-users] Max Cookie Size
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]