[stunnel-users] Stunnel traffic fails to go via proxy set in winhttp (Windows 10)

Library Information Access Team lib.infoaccess at qut.edu.au
Wed Nov 6 04:51:17 CET 2019


At QUT Library we use Stunnel to encrypt SIP2 (ie. book borrowing) traffic from the self-checkout machines through to the Alma library services platform (as per https://developers.exlibrisgroup.com/alma/integrations/stunnel/ )

Our self-checkout machines run Windows 10 and are allowed limited internet access to two hosts (cloud.fetechgroup.com and ap01.alma.exlibrisgroup.com) via our institution's Squid proxy and I have our current WinHTTP proxy settings:

    Proxy Server(s) :  wproxy.qut.edu.au:3128
    Bypass List     :  *.qut.edu.au

The proxy server settings are set for all protocols (HTTP, HTTPS, secure and FTP) and I've confirmed that web browser and the FE Technologies software is routing via wproxy.qut.edu.au.  However Stunnel is still trying to connect to Alma directly.  Our stunnel.conf is as follows (just FYI, the FE Tech software points to 127.0.0.1:5001 as our library services platform address):

[KG_Self-Checkout]
key = client.pem
cert = client.pem
client = yes
accept = 127.0.0.1:5001
connect = ap01.alma.exlibrisgroup.com:6443
TIMEOUTclose = 0
TIMEOUTconnect = 200
TIMEOUTidle = 86400
sslVersion = TLSv1.2

Is there a way to force Stunnel to either respect the WinHTTP settings or configure it to route traffic to wproxy.qut.edu.au:3128 before initiating the connect = hostname:port?

I did try protocolHost as follows, but I'm probably misunderstanding how it works https://www.stunnel.org/static/stunnel.html#SERVICE-LEVEL-OPTIONS

[KG_Self-Checkout]
key = client.pem
cert = client.pem
client = yes
accept = 127.0.0.1:5001
connect = wproxy.qut.edu.au:3128
protocolHost = ap01.alma.exlibrisgroup.com:6443
TIMEOUTclose = 0
TIMEOUTconnect = 200
TIMEOUTidle = 86400
sslVersion = TLSv1.2

Any advice or assistance gratefully accepted, and apologies if this is a silly question - I'm just a librarian trying to make this thing work.

Thanks,

Jai Parker | Information Access Librarian

QUT Library | Division of Administrative Services
QUT | Kelvin Grove | D Block, Level 1 | Victoria Park Rd Kelvin Grove QLD 4059
P: 07 3138 3381 | E: lib.infoaccess at qut.edu.au<mailto:lib.infoaccess at qut.edu.au> | www.qut.edu.au<http://www.qut.edu.au/>
ABN: 83 791 724 622 | CRICOS No. 00213J

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20191106/2ad05bdf/attachment-0001.htm>


More information about the stunnel-users mailing list