[stunnel-users] Stunnel over a separate proxy?

Alex Gottschalk agottschalk at pacificbiosciences.com
Fri Feb 8 00:32:11 CET 2013

I've successfully deployed stunnel4 to wrap rsync for transferring data between remote sites and a central repository.  The issue I'm running into, is that some of these sites mandate use of a proxy (HTTP or SOCKS5 usually) for outbound network connections.  It seems like there is some proxy support in stunnel with the protocol{Host,Authentication,etc} configuration options, but I have had zero luck getting them to work.  For example, I've tried making a simple SOCKS5 proxy using ssh, that I'm successfully able to send HTTP traffic over:

ssh -g -D1080 proxy-host # create the proxy, open port 1080 on a public interface

then in the client stunnel.conf:

    protocol = connect
    protocolHost = proxy-host:1080
    accept =
    connect = rsync-destination:443

Keep in mind this is an already-working stunnel - the only difference is the addition of the protocol and protocolHost lines above.  When I run stunnel in the foreground with that configuration change, I get the following error trying to run rsync:

$ rsync -v dev.inst.kvpdata rsync://localhost/putdata/
rsync: read error: Connection reset by peer (104)
rsync error: error in rsync protocol data stream (code 12) at io.c(605) [sender=2.6.9]

And no log messages appear in stunnel's stderr whatsoever.

What am I doing wrong?  I get identical results using an HTTP proxy with squid, instead of the socks5 proxy.

Thanks, please let me know if there's any more information I should include to help with figuring this out.

Alex Gottschalk

More information about the stunnel-users mailing list