Hi,
I have difficulties setting up a tunnel between two linux box I
administrate. Right now its only in test phase, i would like to make an
stunnel connection to the smpt server at 195.56.52.140. My final goal is
to set up syslog through stunnel, thats why the port name/numbers.
Config file for the server:
cert = /usr/local/etc/stunnel/stunnel.pem
pid = /usr/local/etc/stunnel/stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 7
output = /usr/local/etc/stunnel/stunnel.log
[ssyslog]
accept = 195.56.52.140:2514
connect = 10.10.2.1:25
Config file for the client:
cert = /usr/local/etc/stunnel/stunnel.pem
pid = /usr/local/etc/stunnel/stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 7
output = /usr/local/etc/stunnel/stunnel.log
client = yes
[ssyslog]
accept = 2514
connect = 195.56.52.140:2514
I get the following messages in the logs after, executing a "telnet
127.0.0.1 2514" command at the client machine (of course, smtp works on
the other side, and i set iptables to allow incomming connections on
2514 dport)
Server:
2005.12.13 09:09:22 LOG5[11505:1]: stunnel 4.14 on i686-pc-linux-gnu
UCONTEXT+POLL+IPv4 with OpenSSL 0.9.7e 25 Oct 2004
2005.12.13 09:09:22 LOG7[11505:1]: Snagged 64 random bytes from /root/.rnd
2005.12.13 09:09:22 LOG7[11505:1]: Wrote 1024 new random bytes to
/root/.rnd
2005.12.13 09:09:22 LOG7[11505:1]: RAND_status claims sufficient entropy
for the PRNG
2005.12.13 09:09:22 LOG6[11505:1]: PRNG seeded successfully
2005.12.13 09:09:22 LOG7[11505:1]: Certificate:
/usr/local/etc/stunnel/stunnel.pem
2005.12.13 09:09:22 LOG7[11505:1]: Key file:
/usr/local/etc/stunnel/stunnel.pem
2005.12.13 09:09:22 LOG6[11505:1]: file ulimit = 1024 (can be changed
with 'ulimit -n')
2005.12.13 09:09:22 LOG6[11505:1]: poll() used - no FD_SETSIZE limit for
file descriptors
2005.12.13 09:09:22 LOG5[11505:1]: 500 clients allowed
2005.12.13 09:09:22 LOG7[11505:1]: FD 6 in non-blocking mode
2005.12.13 09:09:22 LOG7[11505:1]: FD 8 in non-blocking mode
2005.12.13 09:09:22 LOG7[11505:1]: FD 9 in non-blocking mode
2005.12.13 09:09:22 LOG7[11505:1]: SO_REUSEADDR option set on accept socket
2005.12.13 09:09:22 LOG7[11505:1]: ssyslog bound to 195.56.52.140:2514
2005.12.13 09:09:22 LOG7[11506:1]: Created pid file
/usr/local/etc/stunnel/stunnel.pid
2005.12.13 09:09:22 LOG7[11506:0]: Waiting -1 second(s) for 2 file
descriptor(s)
2005.12.13 09:11:23 LOG7[11506:0]: CONTEXT 1, FD=6, (IN)->()
2005.12.13 09:11:23 LOG7[11506:0]: CONTEXT 1, FD=9, (IN)->(IN)
2005.12.13 09:11:23 LOG7[11506:1]: ssyslog accepted FD=10 from
81.183.222.1:35225
2005.12.13 09:11:23 LOG7[11506:1]: Creating a new context
2005.12.13 09:11:23 LOG7[11506:1]: Context 2 created
2005.12.13 09:11:23 LOG7[11506:2]: Context swap: 1 -> 2
2005.12.13 09:11:23 LOG7[11506:2]: ssyslog started
2005.12.13 09:11:23 LOG7[11506:2]: FD 10 in non-blocking mode
2005.12.13 09:11:23 LOG7[11506:2]: TCP_NODELAY option set on local socket
2005.12.13 09:11:23 LOG5[11506:2]: ssyslog connected from
81.183.222.1:35225
2005.12.13 09:11:23 LOG7[11506:2]: SSL state (accept): before/accept
initialization
2005.12.13 09:11:23 LOG7[11506:0]: Waiting 300 second(s) for 3 file
descriptor(s)
2005.12.13 09:11:23 LOG7[11506:0]: CONTEXT 1, FD=6, (IN)->()
2005.12.13 09:11:23 LOG7[11506:0]: CONTEXT 1, FD=9, (IN)->()
2005.12.13 09:11:23 LOG7[11506:0]: CONTEXT 2, FD=10, (IN)->(IN)
2005.12.13 09:11:23 LOG7[11506:2]: SSL state (accept): SSLv3 read client
hello A
2005.12.13 09:11:23 LOG7[11506:2]: SSL state (accept): SSLv3 write
server hello A
2005.12.13 09:11:23 LOG7[11506:2]: SSL state (accept): SSLv3 write
certificate A
2005.12.13 09:11:23 LOG7[11506:2]: SSL state (accept): SSLv3 write
server done A
2005.12.13 09:11:23 LOG7[11506:2]: SSL state (accept): SSLv3 flush data
2005.12.13 09:11:23 LOG7[11506:0]: Waiting 300 second(s) for 3 file
descriptor(s)
2005.12.13 09:11:25 LOG7[11506:0]: CONTEXT 1, FD=6, (IN)->()
2005.12.13 09:11:25 LOG7[11506:0]: CONTEXT 1, FD=9, (IN)->()
2005.12.13 09:11:25 LOG7[11506:0]: CONTEXT 2, FD=10, (IN)->(IN)
2005.12.13 09:11:25 LOG7[11506:2]: SSL state (accept): SSLv3 read client
key exchange A
2005.12.13 09:11:25 LOG7[11506:2]: SSL state (accept): SSLv3 read
finished A
2005.12.13 09:11:25 LOG7[11506:2]: SSL state (accept): SSLv3 write
change cipher spec A
2005.12.13 09:11:25 LOG7[11506:2]: SSL state (accept): SSLv3 write
finished A
2005.12.13 09:11:25 LOG7[11506:2]: SSL state (accept): SSLv3 flush data
2005.12.13 09:11:25 LOG7[11506:2]: 1 items in the session cache
2005.12.13 09:11:25 LOG7[11506:2]: 0 client connects (SSL_connect())
2005.12.13 09:11:25 LOG7[11506:2]: 0 client connects that finished
2005.12.13 09:11:25 LOG7[11506:2]: 0 client renegotiatations requested
2005.12.13 09:11:25 LOG7[11506:2]: 1 server connects (SSL_accept())
2005.12.13 09:11:25 LOG7[11506:2]: 1 server connects that finished
2005.12.13 09:11:25 LOG7[11506:2]: 0 server renegotiatiations requested
2005.12.13 09:11:25 LOG7[11506:2]: 0 session cache hits
2005.12.13 09:11:25 LOG7[11506:2]: 0 session cache misses
2005.12.13 09:11:25 LOG7[11506:2]: 0 session cache timeouts
2005.12.13 09:11:25 LOG6[11506:2]: SSL accepted: new session negotiated
2005.12.13 09:11:25 LOG6[11506:2]: Negotiated ciphers:
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
2005.12.13 09:11:25 LOG7[11506:2]: FD 11 in non-blocking mode
2005.12.13 09:11:25 LOG7[11506:2]: ssyslog connecting 10.10.2.1:25
2005.12.13 09:11:25 LOG7[11506:2]: connect_wait: waiting 10 seconds
2005.12.13 09:11:25 LOG7[11506:0]: Waiting 10 second(s) for 3 file
descriptor(s)
2005.12.13 09:11:35 LOG7[11506:0]: CONTEXT 1, FD=6, (IN)->()
2005.12.13 09:11:35 LOG7[11506:0]: CONTEXT 1, FD=9, (IN)->()
2005.12.13 09:11:35 LOG7[11506:0]: CONTEXT 2, FD=11, (INOUT)->()
2005.12.13 09:11:35 LOG6[11506:2]: connect_wait: s_poll_wait timeout
2005.12.13 09:11:35 LOG3[11506:2]: Failed to initialize remote connection
2005.12.13 09:11:35 LOG7[11506:2]: ssyslog finished (0 left)
2005.12.13 09:11:35 LOG5[11506:2]: stack_info: size=65536, current=4204
(6%), maximum=4204 (6%)
2005.12.13 09:11:35 LOG7[11506:2]: Context 2 closed
2005.12.13 09:11:35 LOG7[11506:0]: Waiting -1 second(s) for 2 file
descriptor(s)
Client:
2005.12.13 09:05:26 LOG5[17901:1]: stunnel 4.14 on i686-pc-linux-gnu
UCONTEXT+POLL+IPv4 with OpenSSL 0.9.7 31 Dec 2002
2005.12.13 09:05:26 LOG7[17901:1]: Snagged 64 random bytes from /root/.rnd
2005.12.13 09:05:26 LOG7[17901:1]: Wrote 1024 new random bytes to
/root/.rnd
2005.12.13 09:05:26 LOG7[17901:1]: RAND_status claims sufficient entropy
for the PRNG
2005.12.13 09:05:26 LOG6[17901:1]: PRNG seeded successfully
2005.12.13 09:05:26 LOG7[17901:1]: Certificate:
/usr/local/etc/stunnel/stunnel.pem
2005.12.13 09:05:26 LOG7[17901:1]: Key file:
/usr/local/etc/stunnel/stunnel.pem
2005.12.13 09:05:26 LOG6[17901:1]: file ulimit = 1024 (can be changed
with 'ulimit -n')
2005.12.13 09:05:26 LOG6[17901:1]: poll() used - no FD_SETSIZE limit for
file descriptors
2005.12.13 09:05:26 LOG5[17901:1]: 500 clients allowed
2005.12.13 09:05:26 LOG7[17901:1]: FD 5 in non-blocking mode
2005.12.13 09:05:26 LOG7[17901:1]: FD 7 in non-blocking mode
2005.12.13 09:05:26 LOG7[17901:1]: FD 8 in non-blocking mode
2005.12.13 09:05:26 LOG7[17901:1]: SO_REUSEADDR option set on accept socket
2005.12.13 09:05:26 LOG7[17901:1]: ssyslog bound to 0.0.0.0:2514
2005.12.13 09:05:26 LOG7[17902:1]: Created pid file
/usr/local/etc/stunnel/stunnel.pid
2005.12.13 09:05:26 LOG7[17902:0]: Waiting -1 second(s) for 2 file
descriptor(s)
2005.12.13 09:07:03 LOG7[17902:0]: CONTEXT 1, FD=5, (IN)->()
2005.12.13 09:07:03 LOG7[17902:0]: CONTEXT 1, FD=8, (IN)->(IN)
2005.12.13 09:07:03 LOG7[17902:1]: ssyslog accepted FD=9 from
127.0.0.1:40024
2005.12.13 09:07:03 LOG7[17902:1]: Creating a new context
2005.12.13 09:07:03 LOG7[17902:1]: Context 2 created
2005.12.13 09:07:03 LOG7[17902:2]: Context swap: 1 -> 2
2005.12.13 09:07:03 LOG7[17902:2]: ssyslog started
2005.12.13 09:07:03 LOG7[17902:2]: FD 9 in non-blocking mode
2005.12.13 09:07:03 LOG7[17902:2]: TCP_NODELAY option set on local socket
2005.12.13 09:07:03 LOG5[17902:2]: ssyslog connected from 127.0.0.1:40024
2005.12.13 09:07:03 LOG7[17902:2]: FD 10 in non-blocking mode
2005.12.13 09:07:03 LOG7[17902:2]: ssyslog connecting 195.56.52.140:2514
2005.12.13 09:07:03 LOG7[17902:2]: connect_wait: waiting 10 seconds
2005.12.13 09:07:03 LOG7[17902:0]: Waiting 10 second(s) for 3 file
descriptor(s)
2005.12.13 09:07:03 LOG7[17902:0]: CONTEXT 1, FD=5, (IN)->()
2005.12.13 09:07:03 LOG7[17902:0]: CONTEXT 1, FD=8, (IN)->()
2005.12.13 09:07:03 LOG7[17902:0]: CONTEXT 2, FD=10, (INOUT)->(OUT)
2005.12.13 09:07:03 LOG7[17902:2]: connect_wait: connected
2005.12.13 09:07:03 LOG7[17902:2]: Remote FD=10 initialized
2005.12.13 09:07:03 LOG7[17902:2]: TCP_NODELAY option set on remote socket
2005.12.13 09:07:03 LOG7[17902:2]: SSL state (connect): before/connect
initialization
2005.12.13 09:07:03 LOG7[17902:2]: SSL state (connect): SSLv3 write
client hello A
2005.12.13 09:07:03 LOG7[17902:0]: Waiting 300 second(s) for 3 file
descriptor(s)
2005.12.13 09:07:06 LOG7[17902:0]: CONTEXT 1, FD=5, (IN)->()
2005.12.13 09:07:06 LOG7[17902:0]: CONTEXT 1, FD=8, (IN)->()
2005.12.13 09:07:06 LOG7[17902:0]: CONTEXT 2, FD=10, (IN)->(IN)
2005.12.13 09:07:06 LOG7[17902:2]: SSL state (connect): SSLv3 read
server hello A
2005.12.13 09:07:06 LOG7[17902:2]: SSL state (connect): SSLv3 read
server certificate A
2005.12.13 09:07:06 LOG7[17902:2]: SSL state (connect): SSLv3 read
server done A
2005.12.13 09:07:06 LOG7[17902:2]: SSL state (connect): SSLv3 write
client key exchange A
2005.12.13 09:07:06 LOG7[17902:2]: SSL state (connect): SSLv3 write
change cipher spec A
2005.12.13 09:07:06 LOG7[17902:2]: SSL state (connect): SSLv3 write
finished A
2005.12.13 09:07:06 LOG7[17902:2]: SSL state (connect): SSLv3 flush data
2005.12.13 09:07:06 LOG7[17902:0]: Waiting 300 second(s) for 3 file
descriptor(s)
2005.12.13 09:07:08 LOG7[17902:0]: CONTEXT 1, FD=5, (IN)->()
2005.12.13 09:07:08 LOG7[17902:0]: CONTEXT 1, FD=8, (IN)->()
2005.12.13 09:07:08 LOG7[17902:0]: CONTEXT 2, FD=10, (IN)->(IN)
2005.12.13 09:07:08 LOG7[17902:2]: SSL state (connect): SSLv3 read
finished A
2005.12.13 09:07:08 LOG7[17902:2]: 1 items in the session cache
2005.12.13 09:07:08 LOG7[17902:2]: 1 client connects (SSL_connect())
2005.12.13 09:07:08 LOG7[17902:2]: 1 client connects that finished
2005.12.13 09:07:08 LOG7[17902:2]: 0 client renegotiatations requested
2005.12.13 09:07:08 LOG7[17902:2]: 0 server connects (SSL_accept())
2005.12.13 09:07:08 LOG7[17902:2]: 0 server connects that finished
2005.12.13 09:07:08 LOG7[17902:2]: 0 server renegotiatiations requested
2005.12.13 09:07:08 LOG7[17902:2]: 0 session cache hits
2005.12.13 09:07:08 LOG7[17902:2]: 0 session cache misses
2005.12.13 09:07:08 LOG7[17902:2]: 0 session cache timeouts
2005.12.13 09:07:08 LOG6[17902:2]: SSL connected: new session negotiated
2005.12.13 09:07:08 LOG6[17902:2]: Negotiated ciphers:
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
2005.12.13 09:07:08 LOG7[17902:0]: Waiting 43200 second(s) for 4 file
descriptor(s)
2005.12.13 09:07:10 LOG7[17902:0]: CONTEXT 1, FD=5, (IN)->()
2005.12.13 09:07:10 LOG7[17902:0]: CONTEXT 1, FD=8, (IN)->()
2005.12.13 09:07:10 LOG7[17902:0]: CONTEXT 2, FD=9, (IN)->(IN)
2005.12.13 09:07:10 LOG7[17902:0]: CONTEXT 2, FD=10, (IN)->()
2005.12.13 09:07:10 LOG7[17902:0]: Waiting 43200 second(s) for 4 file
descriptor(s)
2005.12.13 09:07:10 LOG7[17902:0]: CONTEXT 1, FD=5, (IN)->()
2005.12.13 09:07:10 LOG7[17902:0]: CONTEXT 1, FD=8, (IN)->()
2005.12.13 09:07:10 LOG7[17902:0]: CONTEXT 2, FD=9, (IN)->()
2005.12.13 09:07:10 LOG7[17902:0]: CONTEXT 2, FD=10, (INOUT)->(OUT)
2005.12.13 09:07:10 LOG7[17902:0]: Waiting 43200 second(s) for 4 file
descriptor(s)
2005.12.13 09:07:11 LOG7[17902:0]: CONTEXT 1, FD=5, (IN)->()
2005.12.13 09:07:11 LOG7[17902:0]: CONTEXT 1, FD=8, (IN)->()
2005.12.13 09:07:11 LOG7[17902:0]: CONTEXT 2, FD=9, (IN)->(IN)
2005.12.13 09:07:11 LOG7[17902:0]: CONTEXT 2, FD=10, (IN)->()
2005.12.13 09:07:11 LOG7[17902:0]: Waiting 43200 second(s) for 4 file
descriptor(s)
2005.12.13 09:07:11 LOG7[17902:0]: CONTEXT 1, FD=5, (IN)->()
2005.12.13 09:07:11 LOG7[17902:0]: CONTEXT 1, FD=8, (IN)->()
2005.12.13 09:07:11 LOG7[17902:0]: CONTEXT 2, FD=9, (IN)->()
2005.12.13 09:07:11 LOG7[17902:0]: CONTEXT 2, FD=10, (INOUT)->(OUT)
2005.12.13 09:07:11 LOG7[17902:0]: Waiting 43200 second(s) for 4 file
descriptor(s)
2005.12.13 09:07:16 LOG7[17902:0]: CONTEXT 1, FD=5, (IN)->()
2005.12.13 09:07:16 LOG7[17902:0]: CONTEXT 1, FD=8, (IN)->()
2005.12.13 09:07:16 LOG7[17902:0]: CONTEXT 2, FD=9, (IN)->()
2005.12.13 09:07:16 LOG7[17902:0]: CONTEXT 2, FD=10, (IN)->(INERRHUP)
2005.12.13 09:07:16 LOG3[17902:2]: SSL_read: Connection reset by peer (104)
2005.12.13 09:07:16 LOG5[17902:2]: Connection reset: 4 bytes sent to
SSL, 0 bytes sent to socket
2005.12.13 09:07:16 LOG7[17902:2]: ssyslog finished (0 left)
2005.12.13 09:07:16 LOG5[17902:2]: stack_info: size=65536, current=4180
(6%), maximum=4180 (6%)
2005.12.13 09:07:16 LOG7[17902:2]: Context 2 closed
2005.12.13 09:07:16 LOG7[17902:0]: Waiting -1 second(s) for 2 file
descriptor(s)
Strange thing, i did set up a windows box for testing, and i get the
exact same error mesages when trying to connect to the server.
Any ideas?