[stunnel-users] First Time Troubles.

me at kilosierracharlie.me me at kilosierracharlie.me
Thu Mar 22 10:50:35 CET 2018


Hello All,

I'm trying to configure STunnel4 on Windows to connect to my VPS 
installed with STunnel, so I can use SSH through a DPI laden network.

The configuration works if I try at home, or on a mobile data hotspot, 
but if I attempt within the DPI network, it does not work, and provides 
this console output:

2018.03.22 09:30:15 LOG5[main]: stunnel 5.44 on x86-pc-msvc-1500 
platform
2018.03.22 09:30:15 LOG5[main]: Compiled/running with OpenSSL 
1.0.2m-fips  2 Nov 2017
2018.03.22 09:30:15 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 
TLS:ENGINE,FIPS,OCSP,PSK,SNI
2018.03.22 09:30:15 LOG5[main]: Reading configuration from file 
stunnel.conf
2018.03.22 09:30:15 LOG5[main]: UTF-8 byte order mark detected
2018.03.22 09:30:15 LOG5[main]: FIPS mode disabled
2018.03.22 09:30:15 LOG5[main]: Configuration successful
2018.03.22 09:30:24 LOG5[0]: Service [ssh] accepted connection from 
127.0.0.1:65086
2018.03.22 09:30:24 LOG5[0]: s_connect: connected 130.185.251.28:443
2018.03.22 09:30:24 LOG5[0]: Service [ssh] connected remote server from 
172.28.1.25:65087
2018.03.22 09:30:25 LOG4[0]: CERT: Certificate not found in local 
repository
2018.03.22 09:30:25 LOG4[0]: Rejected by CERT at depth=0: 
CN=130.185.251.28
2018.03.22 09:30:25 LOG3[0]: SSL_connect: 14090086: error:14090086:SSL 
routines:ssl3_get_server_certificate:certificate verify failed
2018.03.22 09:30:25 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 
byte(s) sent to socket


This is the configuration I'm using:

[ssh]
client = yes
accept = 443
connect = 130.185.251.28:443
CAfile = peer-ssh.pem
verifyPeer = yes


The odd thing, is that if I connect using my mobile data, and then 
switch over to filtered internet and try again, it works fine, and adds 
the following lines to the log:

2018.03.22 09:36:46 LOG5[1]: Service [ssh] accepted connection from 
127.0.0.1:65237
2018.03.22 09:36:46 LOG5[1]: s_connect: connected 130.185.251.28:443
2018.03.22 09:36:46 LOG5[1]: Service [ssh] connected remote server from 
192.168.43.115:65238
2018.03.22 09:36:46 LOG5[1]: Certificate accepted at depth=0: C=GB, 
ST=Lincolnshire, L=Horncastle, O=N/A, OU=N/A, 
CN=personal.kilosierracharlie.me, 
emailAddress=webmaster at kilosierracharlie.me


Has anyone got any ideas regarding this issue? It's not mission 
critical, but it's quite annoyingly repetitive!


Cheers,

Kieran.


More information about the stunnel-users mailing list