Brian
As I said you can reproduce this with stunnel "client = no" , telnet to "accept" port and tcpdump. As soon as you hit ^] and type "q" to close connection you will see "RST" coming from stunnel.
I understand that tcp/ip is not part of stunnel. Theres got to be some way to close() socket and have OS send RST.
Its very old BigIP version 3.3.1
===== bigip.conf =====
pool appgen_1.1.1.69.8843 { lb_method least_conn member 2.2.2.140:8843 ratio 1 priority 1 member 2.2.2.150:8843 ratio 1 priority 1 } pool appgen_1.1.1.69.8844 { lb_method least_conn member 2.2.2.140:8844 ratio 1 priority 1 member 2.2.2.150:8844 ratio 1 priority 1 }
vip 1.1.1.69:8843 unit 1 { netmask 255.255.255.0 broadcast 1.1.1.255 use pool appgen_1.1.1.69.8843 } vip 1.1.1.69:8844 unit 1 { netmask 255.255.255.0 broadcast 1.1.1.255 use pool appgen_1.1.1.69.8844 }
=========== stunnel.conf ============
setuid = nobody setgid = nogroup
CApath = /usr/local/etc/stunnel/certs cert = /usr/local/etc/stunnel/cacert.pem key = /usr/local/etc/stunnel/privkey-nopass.pem
debug = 2 output = /var/log/stunnel.log
client = no verify = 1 delay = yes
[something1] accept = 8843 connect = 127.0.0.1:11111 TIMEOUTclose = 0
[something2] accept = 8844 connect = 127.0.0.1:22222 TIMEOUTclose = 0