I'm setting up load-balanced service requiring stunnel with SSL on its front end. There are two hosts behind load balancer running stunnel . Service behind stunnel does not speak SSL. Every few minutes load balancer checks if those stunnels are still alive by opening tcp connection to stunnel listening port.
Now problem is that stunnel closes those test connections with RST and load balancer takes it as that host is dead. This is without "client = yes" option because service does not speak SSL<br><br>load-balancer -> stunnel-host TCP D=1234 S=33007 Syn
<br>stunnel-host -> load-balancer TCP D=33007 S=1234 Syn Ack<br>load-balancer -> stunnel-host TCP D=1234 S=33007 Ack<br>load-balancer -> stunnel-host TCP D=1234 S=33007 Fin Ack<br>stunnel-host -> load-balancer TCP D=33007 S=1234 Ack
<br>stunnel-host -> load-balancer TCP D=33007 S=1234 Rst<br><br><br>
On the other hand with client=yes everything works fine<br><br>load-balancer -> stunnel-host TCP D=123 S=33010 Syn <br>stunnel-host -> load-balancer TCP D=33010 S=123 Syn Ack<br>load-balancer -> stunnel-host TCP D=123 S=33010 Ack
<br>load-balancer -> stunnel-host TCP D=123 S=33010 Fin Ack<br>stunnel-host -> load-balancer TCP D=33010 S=123 Fin Ack<br>load-balancer -> stunnel-host TCP D=123 S=33010 Ack<br><br><br>Is there any way to make stunnel without "client = yes" close connection "normal way" with FIN instead of RST ?
<br><br>stunnel is last version, load balancer is some older F5 BigIP<br><br>thanks<br>sergei<br>