[stunnel-users] openvms and stunnel

Thu Apr 9 00:37:45 CEST 2015

On Wed, Apr 8, 2015 at 4:47 PM, Coviello, Paul <pcoviello at ccsusa.com> wrote:

> here is the hp webpage...
>
> http://h71000.www7.hp.com/opensource/opensource.html#stunnel
>

Ok so it appears the HP webpage shows a different version of stunnel than
the page you linked before
<http://h71000.www7.hp.com/opensource/stunnel_readme_axp_i64.txt> (stunnel
3). Nevertheless, if you keep having problems, I suggest starting simple
and add to it one at a time, specifically try to get a stunnel
client/server session on your local machine. If you can't get that working,
it's going to be very difficult to debug. Speaking of debug, have you
enabled the debugging options and tried running the stunnel server? You may
also want to use ports above 1023 per this link
<http://www.w3.org/Daemon/User/Installation/PrivilegedPorts.html>. Try
killing the server and restarting again with logging enabled and set to 7,
and have the log file point to a path for which you have write-access.The
latest server log you had commented out the debug and output as well as
client, but you should keep that uncommented as follows below:

debug = 7
output = stunnel.log
client = no

If you can use high ports for testing (>1023) using iperf (IPERF.EXE) and
that works, then you know it's something perhaps in your VAX firewall that
prohibits connecting on port 23 (telnet) from another application.

Do this as follows:
1) Create a s4client.conf file with the following contents:
sslVersion=TLSv1
FIPS = no
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
client = yes
[iperf]
accept = 127.0.0.1:5000
connect = 127.0.0.1:6000
delay = no

2) Create a s4server.conf file with the following contents (modify as
appropriate for the stunnel.pem file location):
sslVersion=TLSv1
cert=C:\TEST\stunnel.pem
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
client = no
[iperf]
accept = 127.0.0.1:6000
connect = 127.0.0.1:7000
delay = no

3) Open up four command prompts in VMS (if you can), one for each of the
four corners (quadrants) of the screen. The data flow will be from Q2
(upper-left) to Q1 (upper-right), then to Q4 (lower-right), then finally to
Q3 (lower-left).

4) . In Q1 run: s4client.exe s4client.conf
. In Q4 run: s4server.exe s4server.conf
. In Q3 run: iperfs -p 7000 -s
. In Q2 run: iperfc -c localhost -p 5000 -t 1
. If it worked, you should see something like the message below:
------------------------------------------------------------
Client connecting to localhost, TCP port 5000
TCP window size: 63.0 KByte (default)
------------------------------------------------------------
[  3] local 127.0.0.1 port 50097 connected with 127.0.0.1 port 5000
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 1.0 sec  38.9 MBytes   321 Mbits/sec

5) If that works, change the ports around and use something like 999 for
connect (client) and accept (server). Restart the client and server and see
if iperf still works.
6) If that works, now try to change connect (server) to port 23, restart
client and server, and then telnet to port 5000.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20150408/d4c7757a/attachment.html>