[stunnel-users] behaviour when using in the 'connect' field

Peter Pentchev roam at ringlet.net
Tue Mar 10 10:47:03 CET 2020

On Tue, Mar 10, 2020 at 01:25:33PM +0800, Kelly Trinh wrote:
[formatting fixed a bit]
> Hi all - just want to report a problem I solved recently but wanted to
> get some insights on what was causing the problem.
> About me - learnt some unix at university (20 years ago) but nothing too
> serious.  Recently (1 month ago) acquired own domain name and now poking
> around the cloud computing / VPS thing.
> Project - hand-rolling my own VPN setup on a Ubuntu 18.04 VPS.  OpenVPN
> is easy since it is a git-clone thing and then just follow the
> openvpn-install script.  I wanted to add on the Stunnel wrapper because
> intended to use the VPN in China and apparently their firewall does deep
> packet inspection and can recognize (and block) openvpn traffic.
> Problem - when I set up my stunnel using as the connect
> destination; it doesn't seem to work (I can see from openvpn window that
> things seem to pipe through stunnel but then immediately the connection
> is terminated).  If I replace the with IP of the box I am
> using (say for example; everything works!  The FQDN is ok as
> well; as long as I don't use
> Specifically the stunnel.conf:
> [OpenVPN]
> Accept = 443  # clients connect through 443 to further avoid potential blocking
> Connect =   #<- this line won't work; but if I replace with then it will work!
> Question - My problem is fixed but I am curious if there is any insights
> on why this is happening given that and are the same
> machine?


Could you post:
- your full stunnel config, not just this snippet
- the logfile of stunnel when you have it configured to connect to and you attempt a connection
- the output of `lsof -P -n -i tcp:443,1194` as root just after
  the connection fails (you may need to `apt install lsof` beforehand)

Thanks in advance!


Peter Pentchev  roam@{ringlet.net,debian.org,FreeBSD.org} pp at storpool.com
PGP key:        http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20200310/8bed6286/attachment.sig>

More information about the stunnel-users mailing list