[stunnel-users] startup issues
Rob Lockhart
rlockhar at gmail.com
Fri Apr 24 18:10:20 CEST 2015
On Fri, Apr 24, 2015 at 10:41 AM, Coviello, Paul <pcoviello at ccsusa.com>
wrote:
> Hi,
>
>
>
> Well I got it started on VMS and wanted to put it in debug mode, so I shut
> it down made my changes to the conf file and now well I can't start it with
> the command procedure.
>
>
>
> I even tried the old conf and same thing...
>
>
>
> $ @STUNNEL_STARTUP_SERVER
>
> Is the private key (in the PEM file) encrypted? [Y/N]: Y
>
> Enter the password to decrypt the key (please use paired double quotes
> with it): ""XXXXXXXXX""
>
> Starting up a Stunnel
>
> %RUN-S-PROC_ID, identification of created process is 209FCA70
>
> Stunnel server failed to start up-- check the configuration, etc.
>
>
>
> Nothing is logged...
>
>
>
> But if I do the following
>
>
>
> $ stunnel STUNNEL_SERVER.CONF
>
>
>
> And the output to the screen...
>
> 2015.04.24 10:35:24 LOG7[547326662:2071228096]: Snagged 64 random bytes
> from sys$common:[sysmgr].rnd
>
> 2015.04.24 10:35:24 LOG7[547326662:2071228096]: Wrote 1024 new random
> bytes to sys$common:[sysmgr].rnd
>
> 2015.04.24 10:35:24 LOG7[547326662:2071228096]: RAND_status claims
> sufficient entropy for the PRNG
>
> 2015.04.24 10:35:24 LOG7[547326662:2071228096]: PRNG seeded successfully
>
> 2015.04.24 10:35:24 LOG7[547326662:2071228096]: Certificate: stunnel.pem
>
> 2015.04.24 10:35:24 LOG7[547326662:2071228096]: Certificate loaded
>
> 2015.04.24 10:35:24 LOG7[547326662:2071228096]: Key file: stunnel.pem
>
> Enter PEM pass phrase:
>
> 2015.04.24 10:35:31 LOG7[547326662:2071228096]: Private key loaded
>
> 2015.04.24 10:35:31 LOG7[547326662:2071228096]: SSL context initialized
> for service telnet
>
>
>
> This is where it sits unless I do a ctrl-c to cancel and get back to the
> system prompt.
>
>
>
> And when I do my telnet session I cannot connect. Well I connect but no
> prompts for me to login
>
>
>
> But now I have log output! J
>
>
>
> 2015.04.24 10:08:31 LOG5[547326662:2071228096]: stunnel undefined on
> vax-openvms with OpenSSL 0.9.8h 28 May 2008
>
> 2015.04.24 10:08:31 LOG5[547326662:2071228096]: Threading:PTHREAD
> Sockets:POLL,IPv4
>
> 2015.04.24 10:08:31 LOG6[547326662:2071228096]: file ulimit = 512 (can be
> changed with 'ulimit -n')
>
> 2015.04.24 10:08:31 LOG6[547326662:2071228096]: poll() used - no
> FD_SETSIZE limit for file descriptors
>
> 2015.04.24 10:08:31 LOG5[547326662:2071228096]: 250 clients allowed
>
> 2015.04.24 10:08:31 LOG7[547326662:2071228096]: FD 5 in non-blocking mode
>
> 2015.04.24 10:08:31 LOG7[547326662:2071228096]: FD 4 in non-blocking mode
>
> 2015.04.24 10:08:31 LOG7[547326662:2071228096]: FD 6 in non-blocking mode
>
> 2015.04.24 10:08:31 LOG7[547326662:2071228096]: SO_REUSEADDR option set on
> accept socket
>
> 2015.04.24 10:08:31 LOG7[547326662:2071228096]: telnet bound to 0.0.0.0:
>
> 2015.04.24 10:15:00 LOG3[547326662:2071228096]: Received signal 2;
> terminating
>
> 2015.04.24 10:18:18 LOG5[547326662:2071228096]: stunnel undefined on
> vax-openvms with OpenSSL 0.9.8h 28 May 2008
>
> 2015.04.24 10:18:18 LOG5[547326662:2071228096]: Threading:PTHREAD
> Sockets:POLL,IPv4
>
> 2015.04.24 10:18:18 LOG6[547326662:2071228096]: file ulimit = 512 (can be
> changed with 'ulimit -n')
>
> 2015.04.24 10:18:18 LOG6[547326662:2071228096]: poll() used - no
> FD_SETSIZE limit for file descriptors
>
> 2015.04.24 10:18:18 LOG5[547326662:2071228096]: 250 clients allowed
>
> 2015.04.24 10:18:18 LOG7[547326662:2071228096]: FD 5 in non-blocking mode
>
> 2015.04.24 10:18:18 LOG7[547326662:2071228096]: FD 4 in non-blocking mode
>
> 2015.04.24 10:18:18 LOG7[547326662:2071228096]: FD 6 in non-blocking mode
>
> 2015.04.24 10:18:18 LOG7[547326662:2071228096]: SO_REUSEADDR option set on
> accept socket
>
> 2015.04.24 10:18:19 LOG7[547326662:2071228096]: telnet bound to 0.0.0.0:
>
> 2015.04.24 10:21:08 LOG6[547326662:2071228096]: going to accept mode
>
> 2015.04.24 10:21:08 LOG7[547326662:2071228096]: telnet accepted FD=7 from
> 192.168.20.140:59281
>
> 2015.04.24 10:21:08 LOG6[547326662:2071228096]: accepted connection
>
> 2015.04.24 10:21:08 LOG7[547326662:8966656]: telnet started
>
> 2015.04.24 10:21:08 LOG7[547326662:8966656]: FD 7 in non-blocking mode
>
> 2015.04.24 10:21:08 LOG7[547326662:8966656]: TCP_NODELAY option set on
> local socket
>
> 2015.04.24 10:21:08 LOG5[547326662:8966656]: telnet accepted connection
> from 0.0.0.0:
>
> 2015.04.24 10:21:08 LOG7[547326662:8966656]: SSL state (accept):
> before/accept initialization
>
> 2015.04.24 10:21:30 LOG3[547326662:8966656]: SSL_accept: Peer suddenly
> disconnected
>
> 2015.04.24 10:21:30 LOG5[547326662:8966656]: Connection reset: 0 bytes
> sent to SSL, 0 bytes sent to socket
>
> 2015.04.24 10:21:30 LOG7[547326662:8966656]: telnet finished (0 left)
>
> 2015.04.24 10:21:31 LOG6[547326662:2071228096]: going to accept mode
>
> 2015.04.24 10:21:31 LOG7[547326662:2071228096]: telnet accepted FD=7 from
> 192.168.20.140:59283
>
> 2015.04.24 10:21:31 LOG6[547326662:2071228096]: accepted connection
>
> 2015.04.24 10:21:31 LOG7[547326662:8966656]: telnet started
>
> 2015.04.24 10:21:31 LOG7[547326662:8966656]: FD 7 in non-blocking mode
>
> 2015.04.24 10:21:31 LOG7[547326662:8966656]: TCP_NODELAY option set on
> local socket
>
> 2015.04.24 10:21:31 LOG5[547326662:8966656]: telnet accepted connection
> from 0.0.0.0:
>
> 2015.04.24 10:21:31 LOG7[547326662:8966656]: SSL state (accept):
> before/accept initialization
>
> 2015.04.24 10:21:32 LOG3[547326662:8966656]: SSL_accept: Peer suddenly
> disconnected
>
> 2015.04.24 10:21:32 LOG5[547326662:8966656]: Connection reset: 0 bytes
> sent to SSL, 0 bytes sent to socket
>
> 2015.04.24 10:21:32 LOG7[547326662:8966656]: telnet finished (0 left)
>
> 2015.04.24 10:21:33 LOG6[547326662:2071228096]: going to accept mode
>
> 2015.04.24 10:21:33 LOG7[547326662:2071228096]: telnet accepted FD=7 from
> 192.168.20.140:59284
>
> 2015.04.24 10:21:33 LOG6[547326662:2071228096]: accepted connection
>
> 2015.04.24 10:21:33 LOG7[547326662:8966656]: telnet started
>
> 2015.04.24 10:21:33 LOG7[547326662:8966656]: FD 7 in non-blocking mode
>
> 2015.04.24 10:21:33 LOG7[547326662:8966656]: TCP_NODELAY option set on
> local socket
>
> 2015.04.24 10:21:33 LOG5[547326662:8966656]: telnet accepted connection
> from 0.0.0.0:
>
> 2015.04.24 10:21:33 LOG7[547326662:8966656]: SSL state (accept):
> before/accept initialization
>
> 2015.04.24 10:21:34 LOG3[547326662:8966656]: SSL_accept: Peer suddenly
> disconnected
>
> 2015.04.24 10:21:34 LOG5[547326662:8966656]: Connection reset: 0 bytes
> sent to SSL, 0 bytes sent to socket
>
> 2015.04.24 10:21:34 LOG7[547326662:8966656]: telnet finished (0 left)
>
>
>
>
>
>
>
>
>
Without knowing your current configuration files (server and client), it's
difficult to debug. I would set up something as simple as this (assuming
telnet is port 21 on your system, if not change as appropriate). You will
have to stick with TLSv1 as the highest level of encryption based on your
OpenSSL library version.
1. Create a stunnel.conf file for the client with the following contents
(change SERVERIP to be the actual server's public IP address or the LAN IP
address if you're behind a firewall on both computers):
sslVersion=TLSv1
FIPS = no
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
client = yes
[stunnel_telnet]
accept = 127.0.0.1:2021
connect = SERVERIP:2121
delay = no
2. Create a stunnel.conf file for the server with the following contents
(modify as appropriate for the stunnel.pem file location):
sslVersion=TLSv1
cert=stunnel.pem
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
client = no
[stunnel_telnet]
accept = 2121
connect = 127.0.0.1:21
delay = no
3. Now, start the service first, then the client
4. On your windows box, telnet to port 2021 of localhost. This should
work.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20150424/9794d21c/attachment.html>
More information about the stunnel-users
mailing list