Right...so, here is a sample config, I will add emphasis on the parts you need to make sure you have.<br><br>; Sample stunnel configuration file by Michal Trojnara 2002-2006<br>; Some options used here may not be adequate for your particular configuration<br>
; Please make sure you understand them (especially the effect of chroot jail)<br> <br>; Certificate/key is needed in server mode and optional in client mode<br>cert = /newcert.pem<br>key = /newkey.pem<br> <br>; Protocol version (all, SSLv2, SSLv3, TLSv1)<br>
sslVersion = SSLv3, TLSv1<br> <br>; Some security enhancements for UNIX systems - comment them out on Win32<br>chroot = /var/lib/stunnel4/<br>setuid = stunnel4<br>setgid = stunnel4<br>; PID is created inside chroot jail<br>
pid = /stunnel4.pid<br>
<br>; Some performance tunings<br>;socket = l:TCP_NODELAY=1<br>socket = r:TCP_NODELAY=1<br>;compression = rle<br> <br>; Workaround for Eudora bug<br>;options = DONT_INSERT_EMPTY_FRAGMENTS<br> <br>; Authentication stuff<br>
;verify = 2<br>; Don't forget to c_rehash CApath<br>; CApath is located inside chroot jail<br>;CApath = /certs<br>; It's often easier to use CAfile<br>;CAfile = /etc/stunnel/certs.pem<br>; Don't forget to c_rehash CRLpath<br>
; CRLpath is located inside chroot jail<br>;CRLpath = /crls<br>; Alternatively you can use CRLfile<br>;CRLfile = /etc/stunnel/crls.pem<br> <br>; Some debugging stuff useful for troubleshooting<br>debug = 7<br>output = /var/log/stunnel4/stunnel.log<br>
<br><font color="#6666cc">; Use it for client mode<br>client = yes</font><br> <br>; Service-level configuration<br> <br>;[pop3s]<br>;accept �= 995<br>;connect = 110<br> <br>;[imaps]<br>;accept �= 993<br>;connect = 143<br>
<br>;[ssmtp]<br>;accept �= 465<br>;connect = 25<br> <br>[https]<br><span style="background-color:rgb(51,255,51)">accept �= <a href="http://10.32.75.46:443" target="_blank">10.x.x.x:443</a><br>connect = <a href="http://10.32.75.46:443" target="_blank">11.x.x.x:443</a></span><div>
; here you need to have an IP address for each accept and connect, as well as a port. �If you are connecting to localhost, put 127.0.0.1.<br>;TIMEOUTclose = 0<br>
<br>; vim:ft=dosini<br><br>On Wed, Dec 21, 2011 at 12:26 PM, yassine ayachi <<a href="mailto:ayachi.yassine@gmail.com" target="_blank">ayachi.yassine@gmail.com</a>> wrote:<br>> Hi Scott,<br>><br>> I am not quite sure to understand your answer. Let me add some more info to<br>
> make it clear onto how I get the segfault.:�<br>><br>> A java applet (from web browser) is invoking the stunnel machine on the port<br>> 1957�stunnel then redirects the traffic into the remote_machine, so�I only<br>
> have the server stunnel portion installed (in the stunnel machine ).<br>><br>> when I run a telnet on any machine connected to the internet this way:<br>> telnet stunnel_machine 1957<br>> the stunnel on the stunnel machine dies...with the error posted previously.<br>
><br>> Greetings,<br>> --<br>> Yassine<br>><br>> 2011/12/21 Scott Damron <<a href="mailto:sdamron@gmail.com" target="_blank">sdamron@gmail.com</a>><br>>><br>>> You need to have an IP address for the local connection and you need<br>
>> the client portion enabled as well.<br>>><br>>> Scott<br>>><br>>> On Wed, Dec 21, 2011 at 10:51 AM, yassine ayachi<br>>> <<a href="mailto:ayachi.yassine@gmail.com" target="_blank">ayachi.yassine@gmail.com</a>> wrote:<br>
>> > Hi all,<br>>> ><br>>> > I'am trying to encrypt a connection between two hosts using stunnel.<br>>> > ----- here is my config file ----<br>>> > cert = /usr/local/etc/stunnel/stunnel.pem<br>
>> > chroot = /usr/local/var/lib/stunnel/<br>>> > setuid = nobody<br>>> > setgid = nogroup<br>>> > pid = /stunnel.pid<br>>> > socket = l:TCP_NODELAY=1<br>>> > socket = r:TCP_NODELAY=1<br>
>> ><br>>> > debug = debug<br>>> > output = stunnel.log<br>>> > ---<br>>> > [rdps]<br>>> > accept = 1957<br>>> > connect = remote_machine:3389<br>>> ><br>
>> > Avery think was working fine until I tried to telnet to the port 1957 on<br>>> > the<br>>> > machine running stunnel, the process stunnel was killed alone leaving<br>>> > this<br>
>> > in /var/log/messages :<br>
>> ><br>>> > Dec 20 16:58:01 alpha kernel: [4930384.164316] stunnel[14540]: segfault<br>>> > at 8<br>>> > ip b7629b61 sp b758d16c error 6 in <a href="http://libc-2.7.so" target="_blank">libc-2.7.so</a>[b75bd000+138000]<br>
>> ><br>>> > Does anybody have an idea about this problem,<br>>> ><br>>> > thanks in advance,<br>>> ><br>>> > Yassine<br>>> ><br>>> ><br>>> > _______________________________________________<br>
>> > stunnel-users mailing list<br>>> > <a href="mailto:stunnel-users@stunnel.org" target="_blank">stunnel-users@stunnel.org</a><br>>> > <a href="http://stunnel.mirt.net/mailman/listinfo/stunnel-users" target="_blank">http://stunnel.mirt.net/mailman/listinfo/stunnel-users</a><br>
>> ><br>><br>><br>><br>><br>><br><br>
</div>