Re: [stunnel-users] How to get stunnel to listen on an IPv6 interface?

My apologies, the site www.stunnel.org. has not been responding so was unable to search on there. I realised it was not responding because the AAAA DNS record is used in preference to the A DNS record and the AAAA record address is not responding:-

john$ nslookup

set type=AAAA www.stunnel.org

Server: 127.0.0.1 Address: 127.0.0.1#53

Non-authoritative answer: www.stunnel.org canonical name = linode.mirt.net. linode.mirt.net has AAAA address 2600:3c03::f03c:91ff:fe96:80c4

Authoritative answers can be found from:

exit

john$ ping6 2600:3c03::f03c:91ff:fe96:80c4 PING6(56=40+8+8 bytes) 2001:470:35:584::2 --> 2600:3c03::f03c:91ff:fe96:80c4 Request timeout for icmp_seq=0 Request timeout for icmp_seq=1 Request timeout for icmp_seq=2 ^C --- 2600:3c03::f03c:91ff:fe96:80c4 ping6 statistics --- 4 packets transmitted, 0 packets received, 100.0% packet loss

Having now got access to the site I found how to configure for IPv6 as such:-

[v6pop3s] accept = :::995 connect = ::1:110

jshardlo wrote:

Hi - my server was recently connected to IPv6 as well as the original IPv4 network.

I have been using stunnel for some time on the IPv4 network but now that I have IPv6 access I can't work out how to get stunnel to listen on that interface as well.

I checked that my stunnel has IPv6 support:-

/usr/sbin/stunnel -version stunnel 4.15 on i686-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP

Global options debug = 5 pid = /var/run/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes

Service-level options cert = /etc/stunnel/stunnel.pem ciphers = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH key = /etc/stunnel/stunnel.pem session = 300 seconds TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none

I have a configuration like this:

[pop3s] accept = 995 connect = 110

But when I do netstat I can see that it is only listening for port 995 on IPv4...

netstat -an | grep 995 tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN

netstat -an -A inet6 | grep 995

And of course when I connect to port 995 over the IPv6 network I get "connection refused".

Any ideas how to get stunnel to listen on the v6 address?

Thanks !