[stunnel-users] stunnel-users Digest, Vol 188, Issue 4
Brent Kimberley
brent_kimberley at rogers.com
Wed Mar 11 14:41:14 CET 2020
Hi Kelly.
>>Connect = 127.0.0.1:1194? ?#<- this line won't work; but if I replace with 1.2.3.4:1194 then it will work!
Generic:
The following layers maybe helpful: Cost / People / Process / Infrastructure / Application / Data / Interface ...
Specific:
Data layer (metadata &/| configuration):
Can you please verify that 127.0.01:1194 is present?
e.g. netstat -ano | egrep -e Proto -e Active -e 1194
Message: 1
Date: Tue, 10 Mar 2020 13:25:33 +0800
From: Kelly Trinh <kelly at trinhonline.com>
To: "stunnel-users" <stunnel-users at stunnel.org>
Subject: [stunnel-users] behaviour when using 127.0.0.1 in the
'connect' field
Message-ID:
<170c2e7c29d.e9c53ed9127299.5279211261811289922 at trinhonline.com>
Content-Type: text/plain; charset="utf-8"
Hi all - just want to report a problem I solved recently but wanted to get some insights on what was causing the problem.
About me - learnt some unix at university (20 years ago) but nothing too serious.? Recently (1 month ago) acquired own domain name and now poking around the cloud computing / VPS thing.
Project - hand-rolling my own VPN setup on a Ubuntu 18.04 VPS.? OpenVPN is easy since it is a git-clone thing and then just follow the openvpn-install script.? I wanted to add on the Stunnel wrapper because intended to use the VPN in China and apparently their firewall does deep packet inspection and can recognize (and block) openvpn traffic.
Problem - when I set up my stunnel using 127.0.0.1 as the connect destination; it doesn't seem to work (I can see from openvpn window that things seem to pipe through stunnel but then immediately the connection is terminated).? If I replace the 127.0.0.1 with IP of the box I am using (say for example 1.2.3.4); everything works!? The FQDN is ok as well; as long as I don't use 127.0.0.1
Specifically the stunnel.conf:
[OpenVPN]
Accept = 443? # clients connect through 443 to further avoid potential blocking
Connect = 127.0.0.1:1194? ?#<- this line won't work; but if I replace with 1.2.3.4:1194 then it will work!
Question - My problem is fixed but I am curious if there is any insights on why this is happening given that 1.2.3.4 and 127.0.0.1 are the same machine?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20200310/4e84140e/attachment-0001.htm>
------------------------------
Message: 2
Date: Tue, 10 Mar 2020 11:47:03 +0200
From: Peter Pentchev <roam at ringlet.net>
To: Kelly Trinh <kelly at trinhonline.com>
Cc: stunnel-users <stunnel-users at stunnel.org>
Subject: Re: [stunnel-users] behaviour when using 127.0.0.1 in the
'connect' field
Message-ID: <20200310094703.GB11993 at straylight.m.ringlet.net>
Content-Type: text/plain; charset="utf-8"
On Tue, Mar 10, 2020 at 01:25:33PM +0800, Kelly Trinh wrote:
[formatting fixed a bit]
> Hi all - just want to report a problem I solved recently but wanted to
> get some insights on what was causing the problem.
>
> About me - learnt some unix at university (20 years ago) but nothing too
> serious.? Recently (1 month ago) acquired own domain name and now poking
> around the cloud computing / VPS thing.
>
> Project - hand-rolling my own VPN setup on a Ubuntu 18.04 VPS.? OpenVPN
> is easy since it is a git-clone thing and then just follow the
> openvpn-install script.? I wanted to add on the Stunnel wrapper because
> intended to use the VPN in China and apparently their firewall does deep
> packet inspection and can recognize (and block) openvpn traffic.
>
> Problem - when I set up my stunnel using 127.0.0.1 as the connect
> destination; it doesn't seem to work (I can see from openvpn window that
> things seem to pipe through stunnel but then immediately the connection
> is terminated).? If I replace the 127.0.0.1 with IP of the box I am
> using (say for example 1.2.3.4); everything works!? The FQDN is ok as
> well; as long as I don't use 127.0.0.1
>
> Specifically the stunnel.conf:
>
> [OpenVPN]
> Accept = 443? # clients connect through 443 to further avoid potential blocking
> Connect = 127.0.0.1:1194? ?#<- this line won't work; but if I replace with 1.2.3.4:1194 then it will work!
>
> Question - My problem is fixed but I am curious if there is any insights
> on why this is happening given that 1.2.3.4 and 127.0.0.1 are the same
> machine?
Hi,
Could you post:
- your full stunnel config, not just this snippet
- the logfile of stunnel when you have it configured to connect to
127.0.0.1 and you attempt a connection
- the output of `lsof -P -n -i tcp:443,1194` as root just after
the connection fails (you may need to `apt install lsof` beforehand)
Thanks in advance!
G'luck,
Peter
--
Peter Pentchev roam@{ringlet.net,debian.org,FreeBSD.org} pp at storpool.com
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20200310/8bed6286/attachment-0001.sig>
------------------------------
Subject: Digest Footer
_______________________________________________
stunnel-users mailing list
stunnel-users at stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
------------------------------
End of stunnel-users Digest, Vol 188, Issue 4
*********************************************
More information about the stunnel-users
mailing list