I have exactly this same error : http://comments.gmane.org/gmane.network.stunnel.user/5019 but with Apache
Le 31/07/2011 21:01, Elodie BOSSIER a écrit :
Again me ...
I don't find my problem and i start to despair alone ...
My stunnel works correctly with this config file :
pid = /stunnel.pid debug = 7 output = /var/log/stunnel.log options = NO_SSLv2
#transparent = source
[virtual] accept = 443 cert = /usr/local/openssl/etc/CERTIFICATES/www.franceserv.fr_cert.cert key = /usr/local/openssl/etc/PRIVATE_KEYS/www.franceserv.fr_key.pem connect = www.franceserv.fr:80 [sni1] sni = virtual:elodie.franceserv.com cert = /etc/ssl-fsh/cert-elodie.franceserv.com.pem key = /etc/ssl-fsh/key-franceserv.key connect = elodie.franceserv.com:80 [sni2] sni = virtual:befun.franceserv.com cert = /etc/ssl-fsh/cert-befun.franceserv.com.pem key = /etc/ssl-fsh/key-franceserv.key connect = befun.franceserv.com:80
But the IP transmited to my serveur is the stunnel IP and not the visitor behind her navigator and it's don't work anymore when i take off the # to enable the transparent mode.
and this is my iptables tules :
iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter echo 1 > /proc/sys/net/ipv4/ip_forward
as it's said in the manual but nothing more ...
A friend have tested in her side and he have the same problem.
Someone could tell me my error please ?
Le 29/07/2011 03:25, Elodie BOSSIER a écrit :
Back ...
I don't find the problem,
This is the log without transparent when it's working : http://pastebin.com/mjReyE8a with transparent and not working : http://pastebin.com/ZGqRVXzF
Thanks so much ...
Le 28/07/2011 12:25, Elodie BOSSIER a écrit :
Greetings again,
Thanks so much to have updated the manual about SNI, my stunel works correctly.
But i have a tiny problem, when i visit my webserver, the SERVER['REMOTE_ADDR'] with PHP isn't the ip adress of the visitor but the IP of the stunnel. I have read the manual about this transparent proxy and i don't sucess with the configuration.
This is my config file :
pid = /stunnel.pid options = NO_SSLv2 transparent = source [virtual] accept = 443 cert = /usr/local/openssl/etc/CERTIFICATES/www.franceserv.fr_cert.cert key = /usr/local/openssl/etc/PRIVATE_KEYS/www.franceserv.fr_key.pem connect = www.franceserv.fr:80 [sni1] sni = virtual:elodie.franceserv.com cert = /etc/ssl-fsh/cert-elodie.franceserv.com.pem key = /etc/ssl-fsh/key-franceserv.key connect = elodie.franceserv.com:80 [sni2] sni = virtual:befun.franceserv.com cert = /etc/ssl-fsh/cert-befun.franceserv.com.pem key = /etc/ssl-fsh/key-franceserv.key connect = befun.franceserv.com:80
It's don't work, i have a timeout with my browser.
With iptables, i have set this :
iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter echo 1 > /proc/sys/net/ipv4/ip_forward
My stunnel is on the server 192.168.0.20 and the webserver on 192.168.0.2
I try to follow the help of http://www.stunnel.org/static/stunnel.html#service_level_options with : transparent = none | source | destination | both (Unix only)
Could you tell me what i make wrong please ?