[stunnel-users] openvms and stunnel

Carter Browne cbcs at comcast.net
Wed Apr 8 20:50:33 CEST 2015


I think you need a "client = no" added to the telnet section.
I am not familiar with your environment to help with the details.  I 
have had issues with the location of the log file.  If the default 
location of where stunnel is not write enabled for the program that 
could be a problem.
In the file below, a number of lines are not on the left hand margin;  e.g,;
cert =
;key =
debug =
output =

I don't know if that is an artifact of the copying or present in your 
configuration file, but they all should be at the left margin.

Carter

On 4/8/2015 2:04 PM, Coviello, Paul wrote:
> Nope didn’t make a difference, then removed all except for telnet... still fails :-(
>
>
>
> -----Original Message-----
> From: Carter Browne [mailto:cbcs at comcast.net]
> Sent: Wednesday, April 08, 2015 1:59 PM
> To: Coviello, Paul; stunnel-users at stunnel.org
> Subject: Re: [stunnel-users] openvms and stunnel
>
> You have two listeners on port 993, to the best of my knowledge, they need to be on two different ports.  It probably did not get to the point of opening the log file.
>
>
>
> On 4/8/2015 12:41 PM, Coviello, Paul wrote:
>> Ok thanks!
>>
>> Now onto the server side...
>>
>> $  @STUNNEL_STARTUP_SERVER.COM
>> Is the private key (in the PEM file) encrypted? [Y/N]: y Enter the
>> password to decrypt the key (please use paired double quotes with it): ""XXXXXXX""
>> Starting up a Stunnel
>> %RUN-S-PROC_ID, identification of created process is 209F0B0D Stunnel
>> server failed to start up-- check the configuration, etc.
>>
>> And no logfile is created...
>> $ dir stunnel.log
>> %DIRECT-W-NOFILES, no files found
>> $
>>
>> here are the settings in the conf file...
>>
>> $ ty  STUNNEL_server.CONF
>> ; Sample stunnel configuration file by Michal Trojnara 2002-2006 ;
>> Some options used here may not be adequate for your particular
>> configuration
>>
>> ; Certificate/key is needed in server mode and optional in client mode
>> ; The default certificate is provided only for testing and should not
>> ; be used in a production environment cert = stunnel.pem ;key =
>> stunnel.pem
>>
>> ; Some performance tunings
>> socket = l:TCP_NODELAY=1
>> socket = r:TCP_NODELAY=1
>>
>> ; Workaround for Eudora bug
>> ;options = DONT_INSERT_EMPTY_FRAGMENTS
>>
>> ; Authentication stuff
>> ;verify = 2
>> ; Don't forget to c_rehash CApath
>> ;CApath = certs
>> ; It's often easier to use CAfile
>> ;CAfile = certs.pem
>> ; Don't forget to c_rehash CRLpath
>> ;CRLpath = crls
>> ; Alternatively you can use CRLfile
>> ;CRLfile = crls.pem
>>
>> ; Some debugging stuff useful for troubleshooting debug = 7 output =
>> stunnel.log
>>
>> ; Use it for client mode
>> client = yes
>>
>> ; Service-level configuration
>>
>> [pop3s]
>> accept  = 995
>> connect = 110
>>
>> [imaps]
>> accept  = 993
>> connect = 143
>>
>> [telnet]
>> accept  = 993
>> connect = 23
>>
>> [ssmtp]
>> accept  = 465
>> connect = 25
>>
>> ;[https]
>> ;accept  = 443
>> ;connect = 80
>> ;TIMEOUTclose = 0
>>
>> ; vim:ft=dosini
>>
>>
>>
>> -----Original Message-----
>> From: Carter Browne [mailto:cbcs at comcast.net]
>> Sent: Wednesday, April 08, 2015 12:16 PM
>> To: Coviello, Paul; stunnel-users at stunnel.org
>> Subject: Re: [stunnel-users] openvms and stunnel
>>
>> The configuration:
>>
>> [telnet]
>> accept = 999
>> connect = x.x.x.x:993
>> client = no
>>
>> will provide that.
>>
>> If you want a single input port to access multiple destinations:
>>
>> [telnet]
>> accept = 999
>> connect = x.x.x.x:993
>> connect = x.x.x.y:993
>> connect = x.x.x.z:993
>> client = no
>> And the destinations will be assigned on a round robin basis.
>>
>> If each destination is a distinct connection then
>>
>> [telnet1]
>> accept = 999
>> connect = x.x.x.x:993
>> client = no
>>
>> [telnet2]
>> accept = 1999
>> connect = x.x.x.y:993
>> client = no
>>
>> [telnet3]
>> accept = 2999
>> connect = x.x.x.z:993
>> client = no
>>
>> Carter
>>
>> On 4/8/2015 12:02 PM, Coviello, Paul wrote:
>>> Setup an incoming encrypted link from a windows telnet session to openvms.
>>>
>>> -----Original Message-----
>>> From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On
>>> Behalf Of Carter Browne
>>> Sent: Wednesday, April 08, 2015 12:00 PM
>>> To: stunnel-users at stunnel.org
>>> Subject: Re: [stunnel-users] openvms and stunnel
>>>
>>> Paul,
>>>
>>> What are you trying to do:
>>>
>>> Set up an incoming encrypted link to an outgoing unencrypted link?
>>> Set up an incoming unencrypted link to an outgoing encrypted link?
>>> Something else?
>>>
>>> Carter
>>>
>>>
>>>
>>> On 4/8/2015 11:49 AM, Coviello, Paul wrote:
>>>> Let me see so I need to do the following.
>>>>> connect = 192.168.0.1:993
>>>>> connect = 192.168.20.140:993
>>>>> connect = 192.168.xx.xxx:993
>>>>> connect = 192.168.xx.xxy:993
>>>> Thanks
>>>> Paul
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: stunnel-users [mailto:stunnel-users-bounces at stunnel.org] On
>>>> Behalf Of Ludolf Holzheid
>>>> Sent: Wednesday, April 08, 2015 11:35 AM
>>>> To: stunnel-users at stunnel.org
>>>> Subject: Re: [stunnel-users] openvms and stunnel
>>>>
>>>> On Wed, 2015-04-08 11:18:43 -0400, Coviello, Paul wrote:
>>>>> Hello
>>>>>
>>>>> I'm trying to setup stunnel 4.20 yes it is an old version but the only one on HP's website for VMS.
>>>>>
>>>>> I need a little help in the conf files.
>>>>>
>>>>> Since I will be using telnet, do I need to put in each machines ip address that will be connecting? So in the example below do I create a listing of connects?
>>>>>
>>>>> [telnet]
>>>>> accept  = 999
>>>>> connect = 192.168.0.1:993
>>>> Paul,
>>>>
>>>> the configuration above makes stunnel listen on local port 999, accepting connections from all IP addresses and forwards the traffic to port 993 of the box with IP address 192.168.0.1.
>>>>
>>>> Depending on the 'client = ...' statement, stunnel expects the traffic at port 999 to be encrypted (server mode, client = no, default), or at port 993 (client mode, client = yes).
>>>>
>>>> Any access control may be implemented via libwrap and (in server mode) via restriction of the accepted certificates.
>>>>
>>>> HTH,
>>>>
>>>> Ludolf
>>>>
> --
> Carter Browne
> cbrowne at cbcs-usa.com
>

-- 
Carter Browne
cbrowne at cbcs-usa.com



More information about the stunnel-users mailing list