I have a problem using stunnel v 4.05 under Linux with kernel 2.4.27.
My target is using two PC connected via serial port with trafic crypted.
I have achieved this schema:
+-------+ +-------+
| | | |
| PC1 |------------rs232---------| PC2 |
| |10.0.0.1 10.0.0.2| |
| | | |
+-------+ +-------+
I have started pppd in raw mode in PC1 and PC2 and i have verified
(with ping)that the link is OK for trafic without criptyng.
Below i have tried to "mount" a tunnel cripted between PC1 and PC2 but
stunnel
server side return an error in openpty function.
The stunnel.conf server side (PC1) is:
--------------------------------------
cert = /usr/local/etc/stunnel/stunnel.pem
chroot = /var/run/stunnel/
pid =
setuid = nobody
setgid = nobody
# Some debugging stuff
debug = 7
output = /var/log/stunnel.log
foreground=no
# Service-level configuration
[ppp]
accept = 2020
exec = /usr/sbin/pppd
execargs = pppd local
pty = yes
The stunnel.conf client side (PC2) is:
--------------------------------------
cert = /usr/local/etc/stunnel/stunnel.pem
chroot = /var/run/stunnel/
pid =
setuid = nobody
setgid = nobody
# Some debugging stuff
debug = 7
output = /var/log/stunnel.log
# Use it for client mode
client = yes
connect = 10.0.0.1:2020
exec = /usr/sbin/pppd
execargs = pppd local
The log file server side (PC1) is:
----------------------------------
2004.10.27 07:25:19 LOG5[5246:16384]: stunnel 4.05 on i686-pc-linux-gnu
PTHREAD+LIBWRAP with OpenSSL 0.9.7a Feb 19 2003
2004.10.27 07:25:19 LOG7[5246:16384]: RAND_status claims sufficient entropy
for the PRNG
2004.10.27 07:25:19 LOG6[5246:16384]: PRNG seeded successfully
2004.10.27 07:25:19 LOG7[5246:16384]: Certificate:
/usr/local/etc/stunnel/stunnel.pem
2004.10.27 07:25:19 LOG7[5246:16384]: Key file:
/usr/local/etc/stunnel/stunnel.pem
2004.10.27 07:25:19 LOG5[5246:16384]: FD_SETSIZE=1024, file ulimit=1024 ->
500 clients allowed
2004.10.27 07:25:19 LOG7[5246:16384]: FD 4 in non-blocking mode
2004.10.27 07:25:19 LOG7[5246:16384]: SO_REUSEADDR option set on accept
socket
2004.10.27 07:25:19 LOG7[5246:16384]: ppp bound to 0.0.0.0:2020
2004.10.27 07:25:19 LOG7[5246:16384]: FD 5 in non-blocking mode
2004.10.27 07:25:19 LOG7[5246:16384]: FD 6 in non-blocking mode
2004.10.27 07:25:19 LOG7[5247:16384]: No pid file being created
2004.10.27 07:25:59 LOG7[5247:16384]: ppp accepted FD=7 from 10.0.0.2:39791
2004.10.27 07:25:59 LOG7[5247:16384]: FD 7 in non-blocking mode
2004.10.27 07:25:59 LOG7[5251:16386]: ppp started
2004.10.27 07:25:59 LOG5[5251:16386]: ppp connected from 10.0.0.2:39791
2004.10.27 07:25:59 LOG7[5251:16386]: SSL state (accept): before/accept
initialization
2004.10.27 07:25:59 LOG7[5251:16386]: waitforsocket: FD=7, DIR=read
2004.10.27 07:25:59 LOG7[5251:16386]: waitforsocket: ok
2004.10.27 07:25:59 LOG7[5251:16386]: SSL state (accept): SSLv3 read client
hello A
2004.10.27 07:25:59 LOG7[5251:16386]: SSL state (accept): SSLv3 write server
hello A
2004.10.27 07:25:59 LOG7[5251:16386]: SSL state (accept): SSLv3 write
certificate A
2004.10.27 07:25:59 LOG7[5251:16386]: SSL state (accept): SSLv3 write server
done A
2004.10.27 07:25:59 LOG7[5251:16386]: SSL state (accept): SSLv3 flush data
2004.10.27 07:25:59 LOG7[5251:16386]: waitforsocket: FD=7, DIR=read
2004.10.27 07:26:00 LOG7[5251:16386]: waitforsocket: ok
2004.10.27 07:26:00 LOG7[5251:16386]: SSL state (accept): SSLv3 read client
key exchange A
2004.10.27 07:26:00 LOG7[5251:16386]: SSL state (accept): SSLv3 read
finished A
2004.10.27 07:26:00 LOG7[5251:16386]: SSL state (accept): SSLv3 write change
cipher spec A
2004.10.27 07:26:00 LOG7[5251:16386]: SSL state (accept): SSLv3 write
finished A
2004.10.27 07:26:00 LOG7[5251:16386]: SSL state (accept): SSLv3 flush data
2004.10.27 07:26:00 LOG7[5251:16386]: 1 items in the session cache
2004.10.27 07:26:00 LOG7[5251:16386]: 0 client connects (SSL_connect())
2004.10.27 07:26:00 LOG7[5251:16386]: 0 client connects that finished
2004.10.27 07:26:00 LOG7[5251:16386]: 0 client renegotiatations requested
2004.10.27 07:26:00 LOG7[5251:16386]: 1 server connects (SSL_accept())
2004.10.27 07:26:00 LOG7[5251:16386]: 1 server connects that finished
2004.10.27 07:26:00 LOG7[5251:16386]: 0 server renegotiatiations
requested
2004.10.27 07:26:00 LOG7[5251:16386]: 0 session cache hits
2004.10.27 07:26:00 LOG7[5251:16386]: 0 session cache misses
2004.10.27 07:26:00 LOG7[5251:16386]: 0 session cache timeouts
2004.10.27 07:26:00 LOG6[5251:16386]: Negotiated ciphers: AES256-SHA
SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
2004.10.27 07:26:00 LOG7[5251:16386]: pty_allocate:namebuf=, namebuflen=1024
: Success (0)
2004.10.27 07:26:00 LOG3[5251:16386]: openpty: No such file or directory (2)
2004.10.27 07:26:00 LOG3[5251:16386]: Failed to initialize remote connection
2004.10.27 07:26:00 LOG7[5251:16386]: ppp finished (0 left)
The log file client side (PC2) is:
----------------------------------
2004.10.27 07:20:16 LOG5[4460:16384]: stunnel 4.05 on i686-pc-linux-gnu
PTHREAD+LIBWRAP with OpenSSL 0.9.7a Feb 19 2003
2004.10.27 07:20:16 LOG7[4460:16384]: RAND_status claims sufficient entropy
for the PRNG
2004.10.27 07:20:16 LOG6[4460:16384]: PRNG seeded successfully
2004.10.27 07:20:16 LOG7[4460:16384]: Certificate:
/usr/local/etc/stunnel/stunnel.pem
2004.10.27 07:20:16 LOG7[4460:16384]: Key file:
/usr/local/etc/stunnel/stunnel.pem
2004.10.27 07:20:16 LOG7[4460:16384]: stunnel started
2004.10.27 07:20:16 LOG6[4460:16384]: Local mode child started (PID=4461)
2004.10.27 07:20:16 LOG5[4460:16384]: stunnel connected from 127.0.0.1:39790
2004.10.27 07:20:16 LOG7[4460:16384]: FD 4 in non-blocking mode
2004.10.27 07:20:16 LOG7[4460:16384]: stunnel connecting 10.0.0.1:2020
2004.10.27 07:20:16 LOG7[4460:16384]: remote connect #1: EINPROGRESS:
retrying
2004.10.27 07:20:16 LOG7[4460:16384]: waitforsocket: FD=4, DIR=write
2004.10.27 07:20:16 LOG3[4461:16384]: /usr/sbin/pppd: No such file or
directory (2)
2004.10.27 07:20:16 LOG7[4460:16384]: waitforsocket: ok
2004.10.27 07:20:16 LOG7[4460:16384]: Remote FD=4 initialized
2004.10.27 07:20:16 LOG7[4460:16384]: SSL state (connect): before/connect
initialization
2004.10.27 07:20:16 LOG7[4460:16384]: SSL state (connect): SSLv3 write
client hello A
2004.10.27 07:20:16 LOG7[4460:16384]: waitforsocket: FD=4, DIR=read
2004.10.27 07:20:17 LOG7[4460:16384]: waitforsocket: ok
2004.10.27 07:20:17 LOG7[4460:16384]: SSL state (connect): SSLv3 read server
hello A
2004.10.27 07:20:17 LOG7[4460:16384]: SSL state (connect): SSLv3 read server
certificate A
2004.10.27 07:20:17 LOG7[4460:16384]: SSL state (connect): SSLv3 read server
done A
2004.10.27 07:20:17 LOG7[4460:16384]: SSL state (connect): SSLv3 write
client key exchange A
2004.10.27 07:20:17 LOG7[4460:16384]: SSL state (connect): SSLv3 write
change cipher spec A
2004.10.27 07:20:17 LOG7[4460:16384]: SSL state (connect): SSLv3 write
finished A
2004.10.27 07:20:17 LOG7[4460:16384]: SSL state (connect): SSLv3 flush data
2004.10.27 07:20:17 LOG7[4460:16384]: waitforsocket: FD=4, DIR=read
2004.10.27 07:20:17 LOG7[4460:16384]: waitforsocket: ok
2004.10.27 07:20:17 LOG7[4460:16384]: SSL state (connect): SSLv3 read
finished A
2004.10.27 07:20:17 LOG7[4460:16384]: 1 items in the session cache
2004.10.27 07:20:17 LOG7[4460:16384]: 1 client connects (SSL_connect())
2004.10.27 07:20:17 LOG7[4460:16384]: 1 client connects that finished
2004.10.27 07:20:17 LOG7[4460:16384]: 0 client renegotiatations requested
2004.10.27 07:20:17 LOG7[4460:16384]: 0 server connects (SSL_accept())
2004.10.27 07:20:17 LOG7[4460:16384]: 0 server connects that finished
2004.10.27 07:20:17 LOG7[4460:16384]: 0 server renegotiatiations
requested
2004.10.27 07:20:17 LOG7[4460:16384]: 0 session cache hits
2004.10.27 07:20:17 LOG7[4460:16384]: 0 session cache misses
2004.10.27 07:20:17 LOG7[4460:16384]: 0 session cache timeouts
2004.10.27 07:20:17 LOG6[4460:16384]: Negotiated ciphers: AES256-SHA
SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
2004.10.27 07:20:17 LOG7[4460:16384]: Socket closed on read
2004.10.27 07:20:17 LOG7[4460:16384]: SSL write shutdown (output buffer
empty)
2004.10.27 07:20:17 LOG7[4460:16384]: SSL alert (write): warning: close
notify
2004.10.27 07:20:17 LOG7[4460:16384]: SSL_shutdown retrying
2004.10.27 07:20:17 LOG3[4460:16384]: SSL_read (ERROR_SYSCALL): Connection
reset by peer (104)
2004.10.27 07:20:17 LOG5[4460:16384]: Connection reset: 0 bytes sent to SSL,
0 bytes sent to socket
2004.10.27 07:20:17 LOG7[4460:16384]: stunnel finished (0 left)
Any suggestion ?
Thanks in advance..
Angelo Raspanti