<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Thanks Ludolf and Dmitry for replying. <div><br></div><div>@Ludolf, I know what an IP adress is. It's just that it's not allowed by the host to connect on their IP. </div><div><br></div><div>@Dmitry, I tried putting the SNI settings in the config file, but it didn't resolve our problem. </div><div><br></div><div>This is whats in our stunnel log file: </div><div><br></div><div><div>2015.01.21 09:30:00 LOG5[4684]: Service [ SERVICENAME ] accepted connection from 'INTERNAL-IP:PORT'</div><div>2015.01.21 09:30:00 LOG5[4684]: s_connect: connected 'EXTERNAL-IP:PORT'</div><div>2015.01.21 09:30:00 LOG5[4684]: Service [ SERVICENAME ] connected remote server from '<span style="font-size: 12pt;">INTERNAL-IP:PORT'</span></div><div>2015.01.21 09:30:00 LOG5[4684]: Connection closed: 251 byte(s) sent to SSL, 188 byte(s) sent to socket</div><div><br></div><div>The response from the host is: "<span style="font-family: Arial, Helvetica, Geneva, sans-serif; font-size: 12px; background-color: rgb(255, 255, 255);">403 Forbidden</h1> Request forbidden by administrative rules."</span></div><div><br></div>Their support states it's because we are connecting to <span style="font-size: 12pt;">'EXTERNAL-IP:PORT' and not 'SOMETHING.HOST.COM' .</span></div><div><span style="font-size: 12pt;"><br></span></div><div>Thanks again,</div><div><br></div><div>Colin</div><div><br></div><div><br></div><div><br><div>> From: gromovd@gmail.com<br>> Date: Tue, 20 Jan 2015 20:50:37 -0500<br>> CC: stunnel-users@stunnel.org<br>> Subject: Re: [stunnel-users] No DNS lookup?<br>> <br>> Hi<br>> <br>> On Tue, Jan 20, 2015 at 3:45 PM, Ludolf Holzheid<br>> <lholzheid@bihl-wiedemann.de> wrote:<br>> ><br>> > > The support on the host we are<br>> > > trying to reach states to following:<br>> > ><br>> > > It really sounds like the stunnel is not connecting to "something.host.com"<br>> > > but perhaps to the IP address behind it?<br>> ><br>> <br>> This sounds like they need SNI to be passed properly.<br>> Try adding SNI = something.host.com in your client section.<br>> <br>> Dmitry<br>> <br>> -- <br>> //DG LOC(NJ)<br>> //*<br>> _______________________________________________<br>> stunnel-users mailing list<br>> stunnel-users@stunnel.org<br>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users<br></div></div> </div></body>
</html>