[stunnel-users] Connection failure on IPv4-only box with IPv6-address in RR DNS record

Michael Weiser michael at weiser.dinsnail.net
Fri Nov 18 21:42:04 CET 2016


Hi,

the server I connect to using stunnel has just been upgraded to IPv6.
In the process an AAAA record was added to its DNS entry. The box I run
stunnel on is IPv4-only, meaning, the kernel does not have any IPv6
support at all. The DNS stub resolver is still looking for AAAA records
though. Consequently stunnel connections now fail about half of the time
with error:

2016.11.18 20:10:57 LOG3[ui]: remote socket: Address family not
supported by protocol (97)

>From looking at client.c I can see that stunnel supports trying all
target addresses in turn but will bail if the socket cannot be created:

    for(ind_try=0; ind_try<c->connect_addr.num; ind_try++) {
        c->fd=s_socket(c->connect_addr.addr[ind_cur].sa.sa_family,
            SOCK_STREAM, 0, 1, "remote socket");
        if(c->fd==INVALID_SOCKET)
            longjmp(c->err, 1);
[...]
        if(s_connect(c, &c->connect_addr.addr[ind_cur],
[...]
            continue; /* next IP */
        }
[...]
        return fd; /* success! */

So I guess the problem would go away if I enabled IPv6 in the kernel of
my client box: s_socket() would succeed but connect() would fail with
ENETUNREACH.

But couldn't stunnel just continue with the next IP if s_socket() failed
with EAFNOSUPPORT?
-- 
Thanks,
Michael



More information about the stunnel-users mailing list