[stunnel-users] Keep initial session-ID when stunnel-client reconnect to a stunnel-server

Martin Got martingot at protonmail.com
Wed May 1 11:12:58 CEST 2019

Trying to establish link using pppd connection overlapped into stunnel 5.44. Server runs on OpenBSD 6.4, client uses the same stunnel and OS versions.

From the client's side I have to reconnect to stunnel-server in case of Internet link is dropped. And expecting that pppd session is kept by stunnel over reconnections possible.

But stunnel-server runs another pppd instance when stunnel-client reconnects. After reconnection in system processes I see two pppd processes (as shows below), and pppd link has no pings after it.

# ps -aux | grep pppd
user     45359  0.0  0.0   440  1672 ??   I      Tue11PM    0:00.01   lock passive local debug noauth (pppd)
user     1156  0.0  0.0   321  1210 ??   I      Tue12PM    0:00.01   lock passive local debug noauth (pppd)

1. The question is how to keep initial session established by stunnel-client and do not run second pppd process by stunnel-server?
2. May I keep session by cache-ID on the client's side only or do I need to do it on both client and server? Can it help not to run another pppd process?

Both server config and client config parts are below:

# cat /etc/stunnel/stunnel-server.conf
exec = /usr/sbin/pppd
execargs = lock passive local debug noauth
pty = yes
CAfile = ca.crt
cert = server.crt
key = server.key
verifyChain = yes
TIMEOUTclose = 0

# cat /etc/stunnel/stunnel-client.conf
client = yes
retry = yes
connect =
exec = /usr/sbin/pppd
execargs = persist lock local debug noauth name ppp-client
pty = yes
CAfile = ca.crt
cert = client.crt
key = client.key
verifyChain = yes
checkHost = hostname
;checkIP =
Thank you for answer in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20190501/f6eb4df4/attachment.html>

More information about the stunnel-users mailing list