stunnel-users January 2007

stunnel-users@stunnel.org

19 participants
27 discussions

URL changes in browser to http from https
by Casey Rayman 08 Jan '07

08 Jan '07

I am just starting to experiment with stunnel on Debian Linux, using the standard debian packages. I've got it working so far accepting requests on the local port 443 and connecting on 80, but when the page loads the URL changes back to a non-secure address. To illustrate: https://192.168.1.10 loads a simple static web page and you get the normal warning for the certificate, but after the page loads the URL changes to http://192/168.1.10 . I thought this might just be IE or something but Firefox does it too. Could I be missing a setting in stunnel? Any ideas? Thank you, Casey

1 0

Problem with certificates using smtp /pop
by Klaas 08 Jan '07

08 Jan '07

Is there no one who can tell me exactly which part of the certificate I have to place where and how I must configure stunnel.conf for the certificate

1 0

patch: round robin load balancing
by Luke Deller 08 Jan '07

08 Jan '07

Hi, I noticed that stunnel already does round-robin load balancing of connections when the DNS name specified by the "connect" option resolves to multiple IP addresses. Here is a simple patch which allows the "connect" option to accept a comma separated list of names instead of just a single name. This can be used to load balance tunnelled connections across several servers. For example, to load balance HTTPS connections across 3 HTTP servers (localhost:80, anotherhost:8080 and anotherhost:8081), we could specify: [https] accept = 443 connect = 80,anotherhost:8080,anotherhost:8081 Regards, Luke. ********************************************************************************************** Important Note This email (including any attachments) contains information which is confidential and may be subject to legal privilege. If you are not the intended recipient you must not use, distribute or copy this email. If you have received this email in error please notify the sender immediately and delete this email. Any views expressed in this email are not necessarily the views of XPlan Technology. It is the duty of the recipient to virus scan and otherwise test the information provided before loading onto any computer system. Xplan Technology does not warrant that the information is free of a virus or any other defect or error. **********************************************************************************************

1 0

re: I am clearly doing something wrong
by David Chase 06 Jan '07

06 Jan '07

Foolishly, I trusted it to create /usr/local/var/lib/stunnel/ with the correct permissions. The directory that appeared had these permissions: ls -ld /usr/local/var/lib/stunnel/ drwxrwx--T 2 root wheel 68 Jan 5 16:55 /usr/local/var/lib/stunnel/ When I replaced it with this directory ls -ld /usr/local/var/lib/stunnel/ drwxrwxrwx 3 root wheel 102 Jan 5 20:43 /usr/local/var/lib/stunnel/ Suddenly, when I ran stunnel, it continued to run. I'd call this a bug. Still not doing quite what I want, (not connecting to elsewhere.com like I expect) but I'm closer. David Chase

1 0

I am clearly doing something wrong
by David Chase 05 Jan '07

05 Jan '07

But I think the documentation has some serious gaps in it, too. I compiled stunnel, installed it, created certificates, and even turned on debugging in the configuration file. Now, all I want to do is forward port 443 locally to port 80 elsewhere. Says my config file: cert = /usr/local/etc/stunnel/mail.pem ;key = /usr/local/etc/stunnel/mail.pem ; Protocol version (all, SSLv2, SSLv3, TLSv1) sslVersion = SSLv3 ; Some security enhancements for UNIX systems - comment them out on Win32 chroot = /usr/local/var/lib/stunnel/ setuid = nobody setgid = nogroup ; PID is created inside chroot jail pid = /stunnel.pid ; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ; Some debugging stuff useful for troubleshooting debug = 7 output = stunnel.log ; Use it for client mode ; client = yes ; Service-level configuration [pop3s] accept = 995 connect = 110 [imaps] accept = 993 connect = 143 [ssmtp] accept = 465 connect = 25 [https] accept = 443 connect = elsewhere.com:80 TIMEOUTclose = 0 and when I run it, it says: sudo /usr/local/sbin/stunnel Password: 2007.01.05 18:51:01 LOG7[13470:2684415368]: Snagged 64 random bytes from /Users/chase/.rnd 2007.01.05 18:51:01 LOG7[13470:2684415368]: Wrote 1024 new random bytes to /Users/chase/.rnd 2007.01.05 18:51:01 LOG7[13470:2684415368]: RAND_status claims sufficient entropy for the PRNG 2007.01.05 18:51:01 LOG7[13470:2684415368]: PRNG seeded successfully 2007.01.05 18:51:01 LOG7[13470:2684415368]: Certificate: /usr/local/ etc/stunnel/mail.pem 2007.01.05 18:51:01 LOG7[13470:2684415368]: Certificate loaded 2007.01.05 18:51:01 LOG7[13470:2684415368]: Key file: /usr/local/etc/ stunnel/mail.pem 2007.01.05 18:51:01 LOG7[13470:2684415368]: Private key loaded 2007.01.05 18:51:01 LOG7[13470:2684415368]: SSL context initialized for service pop3s 2007.01.05 18:51:01 LOG7[13470:2684415368]: Certificate: /usr/local/ etc/stunnel/mail.pem 2007.01.05 18:51:01 LOG7[13470:2684415368]: Certificate loaded 2007.01.05 18:51:01 LOG7[13470:2684415368]: Key file: /usr/local/etc/ stunnel/mail.pem 2007.01.05 18:51:01 LOG7[13470:2684415368]: Private key loaded 2007.01.05 18:51:01 LOG7[13470:2684415368]: SSL context initialized for service imaps 2007.01.05 18:51:01 LOG7[13470:2684415368]: Certificate: /usr/local/ etc/stunnel/mail.pem 2007.01.05 18:51:01 LOG7[13470:2684415368]: Certificate loaded 2007.01.05 18:51:01 LOG7[13470:2684415368]: Key file: /usr/local/etc/ stunnel/mail.pem 2007.01.05 18:51:01 LOG7[13470:2684415368]: Private key loaded 2007.01.05 18:51:01 LOG7[13470:2684415368]: SSL context initialized for service ssmtp 2007.01.05 18:51:01 LOG7[13470:2684415368]: Certificate: /usr/local/ etc/stunnel/mail.pem 2007.01.05 18:51:01 LOG7[13470:2684415368]: Certificate loaded 2007.01.05 18:51:01 LOG7[13470:2684415368]: Key file: /usr/local/etc/ stunnel/mail.pem 2007.01.05 18:51:01 LOG7[13470:2684415368]: Private key loaded 2007.01.05 18:51:01 LOG7[13470:2684415368]: SSL context initialized for service https I see nothing that looks like a complaint, but when I go looking for a stunnel process, there is not one, nor is anyone listening on port 443 at localhost. I cannot be the first person who wanted to do this, but I found both the FAQ and the documentation to be uninformative. How do I keep stunnel running and listening for connections on 443? I tried client=yes, that didn't seem to help. I am running Stunnel 4.20 on MacOS 10.4.8 David Chase

1 0

STunnel transparent + Solaris
by Corey Johnston 05 Jan '07

05 Jan '07

The documentation mentions that Solaris should support transparent mode for stunnel, yet I receive bind errors when I try to do this. "bind transparent: Cannot assign requested adddress (126)" Seems to suggest that either its actually not possible, or I've got to include something beyond "transparent = yes" in the conf file, or during compilation. Does anybody know if there's anything else special to make this work? Thanks in advance, Corey

2 1

Red Hat 7.0, Stunnel 4.20, and my Transparent Proxy Woes
by Richard Anderson 03 Jan '07

03 Jan '07

All, I'm attempting to setup Stunnel 4.20 on a RH7.0 box in transparent mode to essentially act as an SSL accelerator. I've gotten the SSL accelerator part to work (which means RH and Stunnel are working fine). But it's when I enable the transparent feature of stunnel I start having problems. The error it returns is : bind transparent: Cannot assign requested address (99) What I know is this: For transparent option to work with stunnel you must be using linux kernel 2.2. (check...red hat 7.0) Transparent proxy option must be enabled in kernel. (check, enabled, recompiled, and booted off that image) IP_FORWARD must be enabled. (check, set this in the sysctl.conf to do it on bootup) But it still won't work. Does anybody have any other ideas as to what I'm missing? thanks, rich _________________________________________________________________ Get FREE Web site and company branded e-mail from Microsoft Office Live http://clk.atdmt.com/MRT/go/mcrssaub0050001411mrt/direct/01/

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

stunnel-users January 2007