[stunnel-users] openvms and stunnel

Coviello, Paul pcoviello at ccsusa.com
Wed Apr 8 18:41:52 CEST 2015


Ok thanks!

Now onto the server side...

$  @STUNNEL_STARTUP_SERVER.COM
Is the private key (in the PEM file) encrypted? [Y/N]: y
Enter the password to decrypt the key (please use paired double quotes with it): ""XXXXXXX""
Starting up a Stunnel
%RUN-S-PROC_ID, identification of created process is 209F0B0D
Stunnel server failed to start up-- check the configuration, etc.

And no logfile is created... 
$ dir stunnel.log
%DIRECT-W-NOFILES, no files found
$

here are the settings in the conf file...

$ ty  STUNNEL_server.CONF
; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular configuration

; Certificate/key is needed in server mode and optional in client mode
; The default certificate is provided only for testing and should not
; be used in a production environment
cert = stunnel.pem
;key = stunnel.pem

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
;CApath = certs
; It's often easier to use CAfile
;CAfile = certs.pem
; Don't forget to c_rehash CRLpath
;CRLpath = crls
; Alternatively you can use CRLfile
;CRLfile = crls.pem

; Some debugging stuff useful for troubleshooting
debug = 7
output = stunnel.log

; Use it for client mode
client = yes

; Service-level configuration

[pop3s]
accept  = 995
connect = 110

[imaps]
accept  = 993
connect = 143

[telnet]
accept  = 993
connect = 23

[ssmtp]
accept  = 465
connect = 25

;[https]
;accept  = 443
;connect = 80
;TIMEOUTclose = 0

; vim:ft=dosini



-----Original Message-----
From: Carter Browne [mailto:cbcs at comcast.net] 
Sent: Wednesday, April 08, 2015 12:16 PM
To: Coviello, Paul; stunnel-users at stunnel.org
Subject: Re: [stunnel-users] openvms and stunnel

The configuration:

[telnet]
accept = 999
connect = x.x.x.x:993
client = no

will provide that.

If you want a single input port to access multiple destinations:

[telnet]
accept = 999
connect = x.x.x.x:993
connect = x.x.x.y:993
connect = x.x.x.z:993
client = no
And the destinations will be assigned on a round robin basis.

If each destination is a distinct connection then

[telnet1]
accept = 999
connect = x.x.x.x:993
client = no

[telnet2]
accept = 1999
connect = x.x.x.y:993
client = no

[telnet3]
accept = 2999
connect = x.x.x.z:993
client = no

Carter

On 4/8/2015 12:02 PM, Coviello, Paul wrote:
> Setup an incoming encrypted link from a windows telnet session to openvms.
>
> -----Original Message-----
> From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of Carter Browne
> Sent: Wednesday, April 08, 2015 12:00 PM
> To: stunnel-users at stunnel.org
> Subject: Re: [stunnel-users] openvms and stunnel
>
> Paul,
>
> What are you trying to do:
>
> Set up an incoming encrypted link to an outgoing unencrypted link?
> Set up an incoming unencrypted link to an outgoing encrypted link?
> Something else?
>
> Carter
>
>
>
> On 4/8/2015 11:49 AM, Coviello, Paul wrote:
>> Let me see so I need to do the following.
>>> connect = 192.168.0.1:993
>>> connect = 192.168.20.140:993
>>> connect = 192.168.xx.xxx:993
>>> connect = 192.168.xx.xxy:993
>> Thanks
>> Paul
>>
>>
>> -----Original Message-----
>> From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On Behalf Of Ludolf Holzheid
>> Sent: Wednesday, April 08, 2015 11:35 AM
>> To: stunnel-users at stunnel.org
>> Subject: Re: [stunnel-users] openvms and stunnel
>>
>> On Wed, 2015-04-08 11:18:43 -0400, Coviello, Paul wrote:
>>> Hello
>>>
>>> I'm trying to setup stunnel 4.20 yes it is an old version but the only one on HP's website for VMS.
>>>
>>> I need a little help in the conf files.
>>>
>>> Since I will be using telnet, do I need to put in each machines ip address that will be connecting? So in the example below do I create a listing of connects?
>>>
>>> [telnet]
>>> accept  = 999
>>> connect = 192.168.0.1:993
>> Paul,
>>
>> the configuration above makes stunnel listen on local port 999, accepting connections from all IP addresses and forwards the traffic to port 993 of the box with IP address 192.168.0.1.
>>
>> Depending on the 'client = ...' statement, stunnel expects the traffic at port 999 to be encrypted (server mode, client = no, default), or at port 993 (client mode, client = yes).
>>
>> Any access control may be implemented via libwrap and (in server mode) via restriction of the accepted certificates.
>>
>> HTH,
>>
>> Ludolf
>>

-- 
Carter Browne
cbrowne at cbcs-usa.com



More information about the stunnel-users mailing list