<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Doh.. that solved it. The docs were a bit confusing, I figured I just had to add the proxy info and that stunnel would figure it out. Instead, you explicitly redirect where stunnel is going byu changing its 'connect' address, and then give it a new destination address. I find this very confusing, but it is indeed working now. Thanks!<div><br><div><div>On Apr 8, 2011, at 10:17 AM, Michal Trojnara wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div>Hi Matt,<br>
<br>
You have configured stunnel to connect your final destination and than use CONNECT protocol to access your proxy. 8-)<br>
<br>
You should configure stunnel to connect your proxy first, and than use protocol negotiation to request your proxy to connect your final destination.<br>
<br>
Mike<br>
-- <br>
Wysłane z Androida za pomocą K-9 Mail. Prosze wybaczyć lakoniczność.<br><br><div class="gmail_quote">Matt Wise <<a href="mailto:mwise@netflix.com">mwise@netflix.com</a>> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div style="white-space: pre-wrap; word-wrap:break-word; ">I've got an Apache proxy on port 3128 that will allow our clients to get outbound with a 'CONNECT" to a few services.. I'm trying to make stunnel use this service, and it seems to be ignoring my configuration completely. Tcpdumps show NO packets going outbound on port 3128... any ideas what i'm doing wrong? This config allows an inbound connection to port 1234 to hit port 2345 (a local service), while also handling the setup of an inbound connection to localhost:514 to a remote host on port 1514...
debug = 7 pid = /var/run/stunnel.pid service = stunnel syslog = yes foreground = no socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 fips = no
# Localhost:1234 hits localhost:2345
[cseservices]
client = no accept = 1234 connect = <a href="x-msg://2181/127.0.0.1:2345">127.0.0.1:2345</a>
CAfile = /etc/stunnel/ssl/tunnel-CAs.cert.pem cert = /etc/stunnel/ssl/server.pub key = /etc/stunnel/ssl/server.key verify = 2
## Localhost:514 hits remotehost:1514
[syslog]
client = yes accept = 514 connect = xxx:1514
CAfile = /var/lib/puppet/ssl/certs/ca.pem key = /var/lib/puppet/ssl/private_keys/xxx.pem cert = /var/lib/puppet/ssl/certs/xxx.pem session = 5
TIMEOUTidle = 600
TIMEOUTbusy = 600
TIMEOUTclose = 300
TIMEOUTconnect = 10 verify = 2
protocol=connect
protocolHost=proxy:3128
protocolAuthentication=basic
—Matt<hr>stunnel-users mailing list
<a href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a>
<a href="http://stunnel.mirt.net/mailman/listinfo/stunnel-users">http://stunnel.mirt.net/mailman/listinfo/stunnel-users</a>
</div></blockquote></div></div>_______________________________________________<br>stunnel-users mailing list<br><a href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a><br>http://stunnel.mirt.net/mailman/listinfo/stunnel-users<br></blockquote></div><br></div></body></html>