[stunnel-users] RES: Stunnel 5.50 Transparent Both (Source+Destination)
luis.monteiro440 at gmail.com
Fri Feb 1 21:16:27 CET 2019
Just to document the solution that was pretty hard to discovery since I had
to understand what Stunnel was doing together with tproxy/ip_transparent.
When you set both stunnel use all kind of sockets access, local and remote.
With both options enable the local socket instead of connect to lo interface
get the outside ethernet in my case ens192.
The solutions in use socket options in config file as bellow:
Socket = l:SO_BINDTODEVICE=lo
If you believe in witches bind access and remote as well to access interface
ens224 and remote ens192 in my case:
Socket = a:SO_BINDTODEVICE=ens224
Socket = r:SO_BINDTODEVICE=ens192
Now everything will work fine.
The solution is not documented in the manual page.
De: Luis Monteiro <luis.monteiro440 at gmail.com>
Enviada em: quinta-feira, 31 de janeiro de 2019 22:46
Para: stunnel-users at stunnel.org
Assunto: Stunnel 5.50 Transparent Both (Source+Destination)
Sirs. I´m trying to make Stunnel work in both source and destination
transparent proxy and after looking every possibility I started to track the
packet that is locally generated (Stunnel client sending to stunnel server).
The packet goes out from process to raw table output chain. It deliveries to
connect tracking that pass the packet to mangle output but it disappears
before arriving in the nat table output chain.
Stunnel Packet destination 22.214.171.124:80(Original
With transparent destination off it works fine.
Stunnel Packet destination 126.96.36.199:443(Stunnel Server
The problem is probably regarding the tproxy/ip_transparent that stunnel use
to control the connection and get the original src/dst to use.
I tried 3 different distribution of linux with the same behavior.
Does someone already use transparent=both and give me a setup that worked
link linux distribution/version, stunnel version and so on?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the stunnel-users