Right...so, here is a sample config, I will add emphasis on the parts you need to make sure you have.
; Sample stunnel configuration file by Michal Trojnara 2002-2006 ; Some options used here may not be adequate for your particular configuration ; Please make sure you understand them (especially the effect of chroot jail)
; Certificate/key is needed in server mode and optional in client mode cert = /newcert.pem key = /newkey.pem
; Protocol version (all, SSLv2, SSLv3, TLSv1) sslVersion = SSLv3, TLSv1
; Some security enhancements for UNIX systems - comment them out on Win32 chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 ; PID is created inside chroot jail pid = /stunnel4.pid
; Some performance tunings ;socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ;compression = rle
; Workaround for Eudora bug ;options = DONT_INSERT_EMPTY_FRAGMENTS
; Authentication stuff ;verify = 2 ; Don't forget to c_rehash CApath ; CApath is located inside chroot jail ;CApath = /certs ; It's often easier to use CAfile ;CAfile = /etc/stunnel/certs.pem ; Don't forget to c_rehash CRLpath ; CRLpath is located inside chroot jail ;CRLpath = /crls ; Alternatively you can use CRLfile ;CRLfile = /etc/stunnel/crls.pem
; Some debugging stuff useful for troubleshooting debug = 7 output = /var/log/stunnel4/stunnel.log
; Use it for client mode client = yes
; Service-level configuration
;[pop3s] ;accept = 995 ;connect = 110
;[imaps] ;accept = 993 ;connect = 143
;[ssmtp] ;accept = 465 ;connect = 25
[https] accept = 10.x.x.x:443 http://10.32.75.46:443 connect = 11.x.x.x:443 http://10.32.75.46:443 ; here you need to have an IP address for each accept and connect, as well as a port. If you are connecting to localhost, put 127.0.0.1. ;TIMEOUTclose = 0
; vim:ft=dosini
On Wed, Dec 21, 2011 at 12:26 PM, yassine ayachi ayachi.yassine@gmail.com wrote:
Hi Scott,
I am not quite sure to understand your answer. Let me add some more info
to
make it clear onto how I get the segfault.:
A java applet (from web browser) is invoking the stunnel machine on the
port
1957 stunnel then redirects the traffic into the remote_machine, so I only have the server stunnel portion installed (in the stunnel machine ).
when I run a telnet on any machine connected to the internet this way: telnet stunnel_machine 1957 the stunnel on the stunnel machine dies...with the error posted
previously.
Greetings,
Yassine
2011/12/21 Scott Damron sdamron@gmail.com
You need to have an IP address for the local connection and you need the client portion enabled as well.
Scott
On Wed, Dec 21, 2011 at 10:51 AM, yassine ayachi ayachi.yassine@gmail.com wrote:
Hi all,
I'am trying to encrypt a connection between two hosts using stunnel. ----- here is my config file ---- cert = /usr/local/etc/stunnel/stunnel.pem chroot = /usr/local/var/lib/stunnel/ setuid = nobody setgid = nogroup pid = /stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
debug = debug output = stunnel.log
[rdps] accept = 1957 connect = remote_machine:3389
Avery think was working fine until I tried to telnet to the port 1957
on
the machine running stunnel, the process stunnel was killed alone leaving this in /var/log/messages :
Dec 20 16:58:01 alpha kernel: [4930384.164316] stunnel[14540]: segfault at 8 ip b7629b61 sp b758d16c error 6 in libc-2.7.so[b75bd000+138000]
Does anybody have an idea about this problem,
thanks in advance,
Yassine
stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users