- stunnel-users - stunnel.org

Stunnel 5.56 Windows 10 Service - Not functioning after Reboot
by Rod Marr 16 Aug '20

16 Aug '20

Hi all, I have installed Stunnel 5.56 win64 on a fully updated Windows 10 machine to work with Blue Iris. Stunnel operates well when I manually start it however I cannot get it to work automatically after a reboot. I have run the run the “stunnel Service Install” and “stunnel Service Start” shortcuts supplied, and in the first instance the service installs and starts. I can then connect through Stunnel to my Blue Iris server. I have found that after I reboot, the Stunnel service appears to start automatically but it is not functional. I cannot connect through it to Blue Iris. Stunnel is visible and Running in the Windows 10 Services list (from services.msc) and the Windows Task Manager shows a Process and Service active. To rectify this I can manually issue the “stunnel Service Stop”, followed by the “stunnel Service Start” shortcuts and the service becomes functional again. I have tried turning on debug info and the stunnel log file in stunnel.conf and see that log entries only begin after I have done the stop/start manual process. Thanks for any insight to what I’m sure I am missing here. Rod Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10

2 2

Sslkeylog
by Brent Kimberley 14 Aug '20

14 Aug '20

No sign of SSL_CTX_set_keylog_callback()... Date: Thu, 13 Aug 2020 16:44:22 +0100 From: tayyib ahmed <tayyib76(a)gmail.com> To: stunnel-users(a)stunnel.org Subject:Hi Guys Is there any option to set sslkeylog to get ssl session id for stunnel session? Br xx

1 0

Timeout issues
by gorf＠hyperfunk.club 05 Aug '20

05 Aug '20

Hi, I'm using stunnel v5.56 on FreeBSD to proxy connections to a web server (running Apache), for a small number of users. Users connecting to the service keep running into issues with timeouts. I see timeout errors in the stunnel log messages: services stunnel[7510]: LOG3[188]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing I tried changing stunnel to use the proxy protocol and enabled it on Apache, too. I don't know if that will help but at least then the web server gets the correct, remote IP address. Can anyone offer ideas/suggestions to fix this problem? Is there anything I can test or check to help diagnose the issue? The configuration is very basic: [apache] accept = 20888 protocol = proxy connect = 192.168.0.10:8000 PSKsecrets = /usr/local/etc/psksecrets.txt

1 0

Getting incoming Exchange online (Office 365) emails to go to port 110 and not 995
by Brent Kimberley 23 Jul '20

23 Jul '20

Office365 IMAP4S + POP3S is dropping legacy authentication in favour of OAUTH2.0 authentication -- effective October 2020. (Some may have longer.) How do you you plan to migrate to authentication? Do you plan to upgrade your client(s) or inject an OAUTH2.0 transparent proxy ? ---------------------------------------------------------------------- Message: 1 Date: Thu, 23 Jul 2020 01:22:06 +0000 From: Mel Gilbert <m.gilbert(a)baymedicalgroup.com.au> To: "stunnel-users(a)stunnel.org" <stunnel-users(a)stunnel.org> Subject: Re: [stunnel-users] Getting incoming Exchange online (Office 365) emails to go to port 110 and not 995 Message-ID: <SY4P282MB074766F32238B92A3D951499C1760(a)SY4P282MB0747.AUSP282.PROD.OUTLOOK.COM> Content-Type: text/plain; charset="us-ascii" Hi Trying to get an application with inbuilt email to receive emails using POP and port 110. However we use Office 365 and I have tried below config but it is not working. I want people to send email to an Exchange Online Account port 995 and it gets forwarded on to the email app on port 110 client = yes output = stunnel-log.txt debug=7 taskbar=yes [POP3 Incoming] accept = 110 connect = Outlook.office365.com:995 cert = stunnel.pem [SMTP Outgoing] protocol = smtp accept = 25 connect = smtp.office365.com:587 cert = stunnel.pem The outgoing email works fine using SMTP relay that I've set up on Office 365 but cant get the incoming emails to work. Any help would be appreciated Thanks Mel

1 0

Re: [stunnel-users] Getting incoming Exchange online (Office 365) emails to go to port 110 and not 995
by Mel Gilbert 23 Jul '20

23 Jul '20

Hi Trying to get an application with inbuilt email to receive emails using POP and port 110. However we use Office 365 and I have tried below config but it is not working. I want people to send email to an Exchange Online Account port 995 and it gets forwarded on to the email app on port 110 client = yes output = stunnel-log.txt debug=7 taskbar=yes [POP3 Incoming] accept = 110 connect = Outlook.office365.com:995 cert = stunnel.pem [SMTP Outgoing] protocol = smtp accept = 25 connect = smtp.office365.com:587 cert = stunnel.pem The outgoing email works fine using SMTP relay that I've set up on Office 365 but cant get the incoming emails to work. Any help would be appreciated Thanks Mel

1 0

Transparent Proxy help.
by Steven Relf 21 Jul '20

21 Jul '20

Hello List, I am working on a small project where I need to encrypt nfs traffic, and Stunnel looks to be ideal, the only issue I'm having is getting the transparent part to work I have a client machine, running stunnel config below #GLOBAL####################################################### sslVersion = TLSv1.2 TIMEOUTidle = 600 renegotiation = no FIPS = no options = NO_SSLv2 options = NO_SSLv3 options = SINGLE_DH_USE options = SINGLE_ECDH_USE options = CIPHER_SERVER_PREFERENCE syslog = yes debug = 7 ;chroot = /var/empty/stunnel libwrap = yes service = 3d-nfsd curve = secp521r1 #CREDENTIALS################################################## verify = 4 CAfile = /etc/stunnel/nfs-tls.pem cert = /etc/stunnel/nfs-tls.pem #ROLE######################################################### client = yes connect = fqdn:2363 and the client which is running ontop of the nfs-ganesha server config below #GLOBAL####################################################### TIMEOUTidle = 600 renegotiation = no FIPS = no options = NO_SSLv2 options = NO_SSLv3 options = SINGLE_DH_USE options = SINGLE_ECDH_USE options = CIPHER_SERVER_PREFERENCE syslog = yes debug = 7 setuid = nobody setgid = nobody chroot = /var/empty/stunnel libwrap = yes service = MC-nfsd ; cd /var/empty; mkdir -p stunnel/etc; cd stunnel/etc; ; echo 'MC-nfsd: ALL EXCEPT 5.6.7.8' >> hosts.deny; ; chcon -t stunnel_etc_t hosts.deny curve = secp521r1 #CREDENTIALS################################################## verify = 4 CAfile = /etc/stunnel/nfs-tls.pem cert = /etc/stunnel/nfs-tls.pem #ROLE######################################################### connect = 127.0.0.1:2049 I have had a look through the documentation and I believe I need to set transparent = source on the client side, and then set some ip tables firewall rules. Does anyone have a guide, or some advice on how to get this to work. Generally what happens if I set the firewall rules, on the client, and set the transparent to source I just get connection closed by remote host. I never actually see the traffic leave the client host. To confirm, when not using transparent everything works correctly, accept the server side sees the connection coming from 127.0.0.1 Thanks Rgds Steve. The future has already arrived. It's just not evenly distributed yet - William Gibson Steven Relf - Technical Authority: Cloud Native Infrastructure srelf(a)ukcloud.com +44 1252 936019 / +44 7500 085 864 www.ukcloud.com A8, Cody Technology Park, Ively Road, Farnborough, GU14 0LX Notice: This message contains information that may be privileged or confidential and is the property of UKCloud Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorised to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. UKCloud reserves the right to monitor all e-mail communications through its networks. UKCloud Ltd is registered in England and Wales: Company No: 07619797. Registered office: Hartham Park, Hartham, Corsham, Wiltshire SN13 0RP.

1 0

Used Multi Service
by Ramin Malekgahsemi 09 Jul '20

09 Jul '20

Hi Dear Friends I used Stunnel 5.49 32 bit For server This Config cert = C:\Program Files\stunnel\config\stunnel.pem fips = no [socks] accept = 443 connect = 1010 If define New Service For example cert = C:\Program Files\stunnel\config\stunnel.pem fips = no [s1] accept = 443 connect = 1010 [s2] accept = 445 connect = 1020 Service Not work How Solve This Problem THX

1 0

Re: [stunnel-users] winsock permissions issue (i.e. WSAEACCES 10013 / 0x271D)
by flash＠vicsmba.com 29 Jun '20

29 Jun '20

It will never be entirely random. Some range more than likely. You may be able to restrict the range. You could certainly set stunnel up for each “random” port. E VICS, LLC Eric S Eberhard 2933 W Middle Verde Rd Camp Verde, AZ 86322 928-567-3727 (land line) 928-301-7537 (cell phone) http://www.vicsmba.com <http://www.vicsmba.com/> https://www.facebook.com/groups/286143052248115 From: stunnel-users <stunnel-users-bounces(a)stunnel.org> On Behalf Of Brent Kimberley Sent: Friday, June 26, 2020 4:11 PM To: Thomas Ward <teward(a)thomas-ward.net>; stunnel-users(a)stunnel.org; Coviello, Paul <pcoviello(a)ccsusa.com> Subject: Re: [stunnel-users] winsock permissions issue (i.e. WSAEACCES 10013 / 0x271D) What are you trying to accomplish? I.e. Is TLS the best wrapper for the job? (i.e. TCP over TCP.) On Thursday, June 25, 2020, 11:44:38 a.m. EDT, Coviello, Paul <pcoviello(a)ccsusa.com <mailto:pcoviello@ccsusa.com> > wrote: Maybe, I also just found out that the port it goes out is not what I thought it was. It’s a random port. Not sure if it’s doable now. Thanks for your help

1 0

winsock permissions issue (i.e. WSAEACCES 10013 / 0x271D)
by Brent Kimberley 26 Jun '20

26 Jun '20

Hi Paul. With respect to your winsock permissions issue (i.e. WSAEACCES 10013 / 0x271D), did you open the port in your firewall and authorize communication via anti-virus? > Hi I have a windows 10 machine that I?ve got this running on, and the > screen shot below is what I keep getting and I am unable to find the issue, > > Can someone please shed some light as to what is wrong? And what else you may need.

3 4

server is down message
by Coviello, Paul 24 Jun '20

24 Jun '20

Hi I have a windows 10 machine that I've got this running on, and the screen shot below is what I keep getting and I am unable to find the issue, Can someone please shed some light as to what is wrong? And what else you may need. Thanks Paul [cid:image001.png@01D6495F.3B2D17A0]

3 4