[stunnel-users] Stunnel traffic fails to go via proxy set in

• Previous message (by thread): [stunnel-users] stunnel-users Digest, Vol 184, Issue 4
• Next message (by thread): [stunnel-users] Windows 10 stunnel does not accept options
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Jai,

If your proxy supports the HTTP CONNECT method, you can try revising your
settings to this:

[KG_Self-Checkout]
key = client.pem
cert = client.pem
client = yes
accept = 127.0.0.1:5001
connect = wproxy.qut.edu.au:3128
protocolHost = ap01.alma.exlibrisgroup.com:6443
TIMEOUTclose = 0
TIMEOUTconnect = 200
TIMEOUTidle = 86400
sslVersion = TLSv1.2
protocol = connect

Only the connect protocol supports using the protocolHost option. 

If this isn't supported by your proxy, you can try using Privoxy or Polipo
between stunnel and your proxy. Socat is another option as well.

Andrew Krause
Schaumburg Township District Library

-----Original Message-----
At QUT Library we use Stunnel to encrypt SIP2 (ie. book borrowing) traffic
from the self-checkout machines through to the Alma library services
platform (as per
https://developers.exlibrisgroup.com/alma/integrations/stunnel/ )

Our self-checkout machines run Windows 10 and are allowed limited internet
access to two hosts (cloud.fetechgroup.com and ap01.alma.exlibrisgroup.com)
via our institution's Squid proxy and I have our current WinHTTP proxy
settings:

    Proxy Server(s) :  wproxy.qut.edu.au:3128
    Bypass List     :  *.qut.edu.au

The proxy server settings are set for all protocols (HTTP, HTTPS, secure and
FTP) and I've confirmed that web browser and the FE Technologies software is
routing via wproxy.qut.edu.au.  However Stunnel is still trying to connect
to Alma directly.  Our stunnel.conf is as follows (just FYI, the FE Tech
software points to 127.0.0.1:5001 as our library services platform address):

[KG_Self-Checkout]
key = client.pem
cert = client.pem
client = yes
accept = 127.0.0.1:5001
connect = ap01.alma.exlibrisgroup.com:6443
TIMEOUTclose = 0
TIMEOUTconnect = 200
TIMEOUTidle = 86400
sslVersion = TLSv1.2

Is there a way to force Stunnel to either respect the WinHTTP settings or
configure it to route traffic to wproxy.qut.edu.au:3128 before initiating
the connect = hostname:port?

I did try protocolHost as follows, but I'm probably misunderstanding how it
works https://www.stunnel.org/static/stunnel.html#SERVICE-LEVEL-OPTIONS

[KG_Self-Checkout]
key = client.pem
cert = client.pem
client = yes
accept = 127.0.0.1:5001
connect = wproxy.qut.edu.au:3128
protocolHost = ap01.alma.exlibrisgroup.com:6443
TIMEOUTclose = 0
TIMEOUTconnect = 200
TIMEOUTidle = 86400
sslVersion = TLSv1.2

Any advice or assistance gratefully accepted, and apologies if this is a
silly question - I'm just a librarian trying to make this thing work.

Thanks,

Jai Parker | Information Access Librarian

QUT Library | Division of Administrative Services
QUT | Kelvin Grove | D Block, Level 1 | Victoria Park Rd Kelvin Grove QLD
4059
P: 07 3138 3381 | E: lib.infoaccess at qut.edu.au<mailto:lib.infoaccess at
qut.edu.au> | www.qut.edu.au<http://www.qut.edu.au/>
ABN: 83 791 724 622 | CRICOS No. 00213J

• Previous message (by thread): [stunnel-users] stunnel-users Digest, Vol 184, Issue 4
• Next message (by thread): [stunnel-users] Windows 10 stunnel does not accept options
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]