[stunnel-users] SSL VPN configuration confusion

TJ stunnel at iam.tj
Thu Mar 28 06:03:01 CET 2013

On 28/03/13 04:47, TJ wrote:
> I'm using stunnel v4.56 on Linux (Ubuntu) and trying to configure a routed tunnel in conjunction with pppd. I could do with some help to figure it out - my biggest problem is not knowing what a good
> connection configuration or log looks like.

A quick follow-up on some progress. I realised on reading my own message that both ends of the PPP connection had the "silent" a.k.a 'passive' option set. I removed it from the client end and there is
now LCP negotiation but the interface fails to come up.

On the server:

stunnel: LOG6[26011:3074280256]: SSL accepted: new session negotiated
stunnel: LOG6[26011:3074280256]: Negotiated TLSv1/SSLv3 ciphersuite: ECDHE-RSA-RC4-SHA (128-bit encryption)
stunnel: LOG6[26011:3074280256]: Compression: null, expansion: null
stunnel: LOG7[26011:3074280256]: TTY=/dev/pts/5 allocated
stunnel: LOG6[26011:3074280256]: Local mode child started (PID=27203)
stunnel: LOG7[26011:3074280256]: Remote socket (FD=14) initialized
stunnel: LOG3[26011:3074280256]: TCP_NODELAY: Socket operation on non-socket (88)
stunnel: LOG4[26011:3074280256]: Failed to set remote socket options
pppd[27203]: pppd options in effect:
pppd[27203]: debug^I^I# (from /etc/ppp/peers/pella-vpn)
pppd[27203]: pppd 2.4.5 started by root, uid 0
pppd[27203]: using channel 22
udevd[2122]: device 0xb7b02610 has devpath '/devices/virtual/net/ppp3'
udevd[2122]: created empty file '/run/udev/data/n30' for '/devices/virtual/net/ppp3'
pppd[27203]: Using interface ppp3
pppd[27203]: Connect: ppp3 <--> /dev/pts/6
stunnel: LOG5[26011:3074280256]: SSL socket error: Connection reset by peer (104)
stunnel: LOG5[26011:3074280256]: Connection reset: 693 byte(s) sent to SSL, 693 byte(s) sent to socket
stunnel: LOG7[26011:3074280256]: linger (remote): Socket operation on non-socket (88)
stunnel: LOG7[26011:3074280256]: Remote socket (FD=14) closed
stunnel: LOG7[26011:3074280256]: Local socket (FD=3) closed
stunnel: LOG7[26011:3074280256]: Service [vpn] finished (0 left)
pppd[27203]: Modem hangup
pppd[27203]: Connection terminated.
pppd[27203]: Script pppd (charshunt) finished (pid 27204), status = 0x0
pppd[27203]: Exit.

And on the client:

# ifup ppp3
pppd options in effect:
debug		# (from /etc/ppp/peers/pella-vpn)
updetach		# (from command line)
logfd 2		# (from /etc/ppp/peers/pella-vpn)
linkname pella		# (from /etc/ppp/peers/pella-vpn)
ktune		# (from /etc/ppp/peers/pella-vpn)
unit 3		# (from command line)
dump		# (from /etc/ppp/peers/pella-vpn)
nomp		# (from /etc/ppp/peers/pella-vpn)
noauth		# (from /etc/ppp/peers/pella-vpn)
user tj		# (from /etc/ppp/peers/pella-vpn)
		# (from /etc/ppp/options)
pty /usr/bin/stunnel4 /etc/stunnel/pella.conf.vpn		# (from /etc/ppp/peers/pella-vpn)
crtscts		# (from /etc/ppp/options)
local		# (from /etc/ppp/peers/pella-vpn)
noaccomp		# (from /etc/ppp/peers/pella-vpn)
asyncmap 0		# (from /etc/ppp/options)
nopcomp		# (from /etc/ppp/peers/pella-vpn)
lcp-echo-failure 4		# (from /etc/ppp/options)
lcp-echo-interval 30		# (from /etc/ppp/options)
hide-password		# (from /etc/ppp/options)
novj		# (from /etc/ppp/peers/pella-vpn)
noipdefault		# (from /etc/ppp/peers/pella-vpn)
noccp		# (from /etc/ppp/peers/pella-vpn)
noipx		# (from /etc/ppp/options)
using channel 45
Using interface ppp3
Connect: ppp3 <--> /dev/pts/5
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x60a28ad7>]
rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x60a28ad7>]
sent [LCP ConfNak id=0x1 <magic 0xe61c63b3>]
rcvd [LCP ConfNak id=0x1 <magic 0xe61c63b3>]
sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x960d9d68>]
rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x960d9d68>]
sent [LCP ConfNak id=0x2 <magic 0xaffae16f>]
rcvd [LCP ConfNak id=0x2 <magic 0xaffae16f>]
sent [LCP ConfReq id=0x3 <asyncmap 0x0> <magic 0xa4f37a9b>]
rcvd [LCP ConfReq id=0x3 <asyncmap 0x0> <magic 0xa4f37a9b>]
sent [LCP ConfNak id=0x3 <magic 0xed9d1251>]
rcvd [LCP ConfNak id=0x3 <magic 0xed9d1251>]
sent [LCP ConfReq id=0x4 <asyncmap 0x0> <magic 0xdd9f2403>]
rcvd [LCP ConfReq id=0x4 <asyncmap 0x0> <magic 0xdd9f2403>]
sent [LCP ConfNak id=0x4 <magic 0x2c91d423>]
rcvd [LCP ConfNak id=0x4 <magic 0x2c91d423>]
sent [LCP ConfReq id=0x5 <asyncmap 0x0> <magic 0x8f92d97e>]
rcvd [LCP ConfReq id=0x5 <asyncmap 0x0> <magic 0x8f92d97e>]
sent [LCP ConfNak id=0x5 <magic 0x513839ee>]
rcvd [LCP ConfNak id=0x5 <magic 0x513839ee>]
sent [LCP ConfReq id=0x6 <asyncmap 0x0> <magic 0x4cd9ff7d>]
rcvd [LCP ConfReq id=0x6 <asyncmap 0x0> <magic 0x4cd9ff7d>]
sent [LCP ConfNak id=0x6 <magic 0x22bd0ba5>]
rcvd [LCP ConfNak id=0x6 <magic 0x22bd0ba5>]
sent [LCP ConfReq id=0x7 <asyncmap 0x0> <magic 0x36bb202e>]
rcvd [LCP ConfReq id=0x7 <asyncmap 0x0> <magic 0x36bb202e>]
sent [LCP ConfNak id=0x7 <magic 0x9fd1112>]
rcvd [LCP ConfNak id=0x7 <magic 0x9fd1112>]
sent [LCP ConfReq id=0x8 <asyncmap 0x0> <magic 0xcf421032>]
rcvd [LCP ConfReq id=0x8 <asyncmap 0x0> <magic 0xcf421032>]
sent [LCP ConfNak id=0x8 <magic 0x180ec775>]
rcvd [LCP ConfNak id=0x8 <magic 0x180ec775>]
sent [LCP ConfReq id=0x9 <asyncmap 0x0> <magic 0x33453d8>]
rcvd [LCP ConfReq id=0x9 <asyncmap 0x0> <magic 0x33453d8>]
sent [LCP ConfNak id=0x9 <magic 0xe58240af>]
rcvd [LCP ConfNak id=0x9 <magic 0xe58240af>]
sent [LCP ConfReq id=0xa <asyncmap 0x0> <magic 0xbf7eaff0>]
rcvd [LCP ConfReq id=0xa <asyncmap 0x0> <magic 0xbf7eaff0>]
sent [LCP ConfNak id=0xa <magic 0x87d73bf2>]
rcvd [LCP ConfNak id=0xa <magic 0x87d73bf2>]
Serial line is looped back.
sent [LCP TermReq id=0xb "Loopback detected"]
rcvd [LCP TermReq id=0xb "Loopback detected"]
sent [LCP TermAck id=0xb]
rcvd [LCP TermAck id=0xb]
Connection terminated.
Waiting for 1 child processes...
  script /usr/bin/stunnel4 /etc/stunnel/pella.conf.vpn, pid 25558
Script /usr/bin/stunnel4 /etc/stunnel/pella.conf.vpn finished (pid 25558), status = 0x0
Failed to bring up ppp3.

