IMO the problem has nothing to do with the alias. Of course, this IP hosts the service. Both DNS names point to the same IP address as you can see below:

$ dig l4884-iflmap.hcisbp.eu1.hana.ondemand.com

l4884-iflmap.hcisbp.eu1.hana.ondemand.com. 0 IN    CNAME EU1571393051174.ssl.ondemand.com.
EU1571393051174.ssl.ondemand.com. 3361 IN A    155.56.210.164

You may try to set the sni = SERVER_NAME parameter to see if it helps.

https://www.stunnel.org/static/stunnel.html

Regards,
Flo Rance


On Mon, Mar 19, 2018 at 5:56 AM, Tony <nissan4x4@optusnet.com.au> wrote:

Hi all,

I have a situation where I’m trying to use sTunnel as the client to connect to a service on a secure URL, but the hiccup is that the secure URL is load balanced.

 

If a do an nslookup on the URL, the response comes back as it being an alias.

 

Non-authoritative answer:

Name:    eu1571393051174.ssl.ondemand.com

Address:  155.56.210.164

Aliases:  l4884-iflmap.hcisbp.eu1.hana.ondemand.com

 

Looking at the sTunnel log, it resolves to the IP of the server. But the IP itself does not host the service so I’m getting http:503 errors.

 

2018.03.16 14:44:44 LOG7[18796]: Service [ssl-OSRdev] (FD=564) bound to 0.0.0.0:8085

2018.03.16 14:44:55 LOG7[18796]: Service [ssl-OSRdev] accepted (FD=572) from 192.168.0.22:61093

2018.03.16 14:44:55 LOG7[18796]: Creating a new thread

2018.03.16 14:44:55 LOG7[18796]: New thread created

2018.03.16 14:44:55 LOG7[30864]: Service [ssl-OSRdev] started

2018.03.16 14:44:55 LOG5[30864]: Service [ssl-OSRdev] accepted connection from 192.168.0.22:61093

2018.03.16 14:44:55 LOG6[30864]: s_connect: connecting 155.56.210.164:443

2018.03.16 14:44:55 LOG7[30864]: s_connect: s_poll_wait 155.56.210.164:443: waiting 10 seconds

2018.03.16 14:44:56 LOG5[30864]: s_connect: connected 155.56.210.164:443

2018.03.16 14:44:56 LOG5[30864]: Service [ssl-OSRdev] connected remote server from 192.168.0.32:30269

2018.03.16 14:44:56 LOG7[30864]: Remote socket (FD=588) initialized

2018.03.16 14:44:56 LOG7[30864]: SNI: sending servername: l4884-iflmap.hcisbp.eu1.hana.ondemand.com

2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): before/connect initialization

2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv2/v3 write client hello A

2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv3 read server hello A

2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv3 read server certificate A

2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv3 read server key exchange A

2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv3 read server certificate request A

2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv3 read server done A

2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv3 write client certificate A

2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv3 write client key exchange A

2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv3 write certificate verify A

2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv3 write change cipher spec A

2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv3 write finished A

2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv3 flush data

2018.03.16 14:44:57 LOG7[30864]: SSL state (connect): SSLv3 read finished A

2018.03.16 14:44:57 LOG7[30864]:    1 items in the session cache

2018.03.16 14:44:57 LOG7[30864]:    1 client connects (SSL_connect())

2018.03.16 14:44:57 LOG7[30864]:    1 client connects that finished

2018.03.16 14:44:57 LOG7[30864]:    0 client renegotiations requested

2018.03.16 14:44:57 LOG7[30864]:    0 server connects (SSL_accept())

2018.03.16 14:44:57 LOG7[30864]:    0 server connects that finished

2018.03.16 14:44:57 LOG7[30864]:    0 server renegotiations requested

2018.03.16 14:44:57 LOG7[30864]:    0 session cache hits

2018.03.16 14:44:57 LOG7[30864]:    0 external session cache hits

2018.03.16 14:44:57 LOG7[30864]:    0 session cache misses

2018.03.16 14:44:57 LOG7[30864]:    0 session cache timeouts

2018.03.16 14:44:57 LOG7[30864]: Peer certificate was cached (3826 bytes)

2018.03.16 14:44:57 LOG6[30864]: SSL connected: new session negotiated

2018.03.16 14:44:57 LOG6[30864]: Negotiated TLSv1/SSLv3 ciphersuite: ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption)

2018.03.16 14:44:57 LOG6[30864]: Compression: null, expansion: null

2018.03.16 14:44:58 LOG6[30864]: SSL socket closed (SSL_read)

2018.03.16 14:44:58 LOG7[30864]: Sent socket write shutdown

2018.03.16 14:44:58 LOG5[30864]: Connection closed: 1730 byte(s) sent to SSL, 274 byte(s) sent to socket

2018.03.16 14:44:58 LOG7[30864]: Remote socket (FD=588) closed

2018.03.16 14:44:58 LOG7[30864]: Local socket (FD=572) closed

2018.03.16 14:44:58 LOG7[30864]: Service [ssl-OSRdev] finished (0 left)

2018.03.16 14:44:58 LOG7[30864]: str_stats: 3 block(s), 4294962489 data byte(s), 150 control byte(s)

2018.03.16 14:44:58 LOG7[30864]: str_stats: 20 byte(s) at ..\src\network.c:413

2018.03.16 14:44:58 LOG7[30864]: str_stats: 20 byte(s) at ..\src\network.c:412

2018.03.16 14:44:58 LOG7[30864]: str_stats: 20 byte(s) at ..\src\network.c:411

 

I have tested the service using SoapUI and it works.

 

Is it possible to have sTunnel follow the URL redirection?

 

 

Regards, Tony


_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users