[stunnel-users] Problems with stunnel 5.04 for Windows

Michal Trojnara Michal.Trojnara at mirt.net
Sat Oct 11 09:27:17 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark Hannig wrote:
> I am running stunnel 5.04 for Windows on a Windows 2012 R2
> instance. I have it working with SES, but after a while it just
> keeps timing out. I have to manually reload the configuration file
> to get it to start working again. What am I doing wrong?

Before reloading the configuration file it tries to connect
54.68.86.38, 54.68.197.46, and 54.213.178.250:

> 2014.10.09 07:43:57 LOG5964: Service smtp-tls-wrapper accepted
> connection from 127.0.0.1:62779 2014.10.09 07:44:07 LOG3964:
> s_connect: s_poll_wait 54.68.86.38:465: TIMEOUTconnect exceeded 
> 2014.10.09 07:44:17 LOG3964: s_connect: s_poll_wait
> 54.68.197.46:465: TIMEOUTconnect exceeded 2014.10.09 07:44:27
> LOG3964: s_connect: s_poll_wait 54.213.178.250:465: TIMEOUTconnect
> exceeded

After reloading the configuration file it tries to connect 54.244.8.28:

> 2014.10.09 12:41:29 LOG53700: Service smtp-tls-wrapper accepted
> connection from 127.0.0.1:63100 2014.10.09 12:41:29 LOG53700:
> s_connect: connected 54.244.8.28:465 2014.10.09 12:41:29 LOG53700:
> Service smtp-tls-wrapper connected remote server from
> 172.31.3.85:63101

As you see the DNS entry has been changed (your target service uses
dynamic IP addresses).

The solution is quite simple.  All you need is to disallow caching the
resolved IP addresses with "delay = yes".

Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlQ429QACgkQ/NU+nXTHMtEsyACfb1aUuZkeXCuGobRAhpbj67R6
chMAn2elk7MtdRQLv6i2FYbSeF5R6uW6
=duJK
-----END PGP SIGNATURE-----


More information about the stunnel-users mailing list