[stunnel-users] Keep initial session-ID when stunnel-client reconnect to a stunnel-server
Martin Got
martingot at protonmail.com
Wed May 1 11:12:58 CEST 2019
Trying to establish link using pppd connection overlapped into stunnel 5.44. Server runs on OpenBSD 6.4, client uses the same stunnel and OS versions.
From the client's side I have to reconnect to stunnel-server in case of Internet link is dropped. And expecting that pppd session is kept by stunnel over reconnections possible.
But stunnel-server runs another pppd instance when stunnel-client reconnects. After reconnection in system processes I see two pppd processes (as shows below), and pppd link has no pings after it.
# ps -aux | grep pppd
user 45359 0.0 0.0 440 1672 ?? I Tue11PM 0:00.01 lock passive 10.0.1.1:10.0.1.2 local debug noauth (pppd)
user 1156 0.0 0.0 321 1210 ?? I Tue12PM 0:00.01 lock passive 10.0.1.1:10.0.1.2 local debug noauth (pppd)
1. The question is how to keep initial session established by stunnel-client and do not run second pppd process by stunnel-server?
2. May I keep session by cache-ID on the client's side only or do I need to do it on both client and server? Can it help not to run another pppd process?
Both server config and client config parts are below:
# cat /etc/stunnel/stunnel-server.conf
...
[ppp]
;SERVER
accept 1.2.3.4:443
exec = /usr/sbin/pppd
execargs = lock passive 10.0.1.1:10.0.1.2 local debug noauth
pty = yes
CAfile = ca.crt
cert = server.crt
key = server.key
verifyChain = yes
TIMEOUTclose = 0
...
# cat /etc/stunnel/stunnel-client.conf
...
[ppp]
;CLIENT
client = yes
retry = yes
connect = 1.2.3.4:443
exec = /usr/sbin/pppd
execargs = persist lock 10.0.1.2:10.0.1.1 local debug noauth name ppp-client
pty = yes
CAfile = ca.crt
cert = client.crt
key = client.key
verifyChain = yes
checkHost = hostname
;checkIP = 1.2.3.4
...
Thank you for answer in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20190501/f6eb4df4/attachment.html>
More information about the stunnel-users
mailing list