Ok thanks here is the 1st version of the file...
All I want to do is create a telnet session from a windows terminal emulator to my VMS server.
also someone thinks that this version may not play well with SSL 1.4 that I have on VMS as mentioned this is 4.20
Can anyone confirm this ?
Thanks Paul
STUNNEL_SERVER.CONF;1 ; Sample stunnel configuration file by Michal Trojnara 2002-2006 ; Some options used here may not be adequate for your particular configuration
; Certificate/key is needed in server mode and optional in client mode ; The default certificate is provided only for testing and should not ; be used in a production environment cert = stunnel.pem ;key = stunnel.pem
; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
; Workaround for Eudora bug ;options = DONT_INSERT_EMPTY_FRAGMENTS
; Authentication stuff ;verify = 2 ; Don't forget to c_rehash CApath ;CApath = certs ; It's often easier to use CAfile ;CAfile = certs.pem ; Don't forget to c_rehash CRLpath ;CRLpath = crls ; Alternatively you can use CRLfile ;CRLfile = crls.pem
; Some debugging stuff useful for troubleshooting ;debug = 7 ;output = stunnel.log
; Use it for client mode ;client = yes
; Service-level configuration
[pop3s] accept = 995 connect = 110
[imaps] accept = 993 connect = 143
[telnet] accept = 993 connect = 23
[ssmtp] accept = 465 connect = 25
;[https] ;accept = 443 ;connect = 80 ;TIMEOUTclose = 0
; vim:ft=dosini
-----Original Message----- From: Carter Browne [mailto:cbcs@comcast.net] Sent: Wednesday, April 08, 2015 3:58 PM To: Coviello, Paul; stunnel-users@stunnel.org Subject: Re: [stunnel-users] openvms and stunnel
At this point, my only suggestion is to post your stunnel.conf file (preferably without any modifications to the lines) so that maybe someone else can see if there are any obvious issues.
On 4/8/2015 3:46 PM, Coviello, Paul wrote:
No luck...
-----Original Message----- From: Carter Browne [mailto:cbcs@comcast.net] Sent: Wednesday, April 08, 2015 3:13 PM To: Coviello, Paul; stunnel-users@stunnel.org Subject: Re: [stunnel-users] openvms and stunnel
I meant add client = no to the telnet section.
I marked the bad sections below if they actually as they appear in your log file.
Carter
On 4/8/2015 3:00 PM, Coviello, Paul wrote:
Thanks I changed client to no, and it didn't make a difference unless you meant to add one in the telnet section?
Also it must be the copy there are no spaces in the file.
-----Original Message----- From: Carter Browne [mailto:cbcs@comcast.net] Sent: Wednesday, April 08, 2015 2:51 PM To: Coviello, Paul; cbrowne@cbcs-usa.com; stunnel-users@stunnel.org Subject: Re: [stunnel-users] openvms and stunnel
I think you need a "client = no" added to the telnet section. I am not familiar with your environment to help with the details. I have had issues with the location of the log file. If the default location of where stunnel is not write enabled for the program that could be a problem. In the file below, a number of lines are not on the left hand margin; e.g,; cert = ;key = debug = output =
I don't know if that is an artifact of the copying or present in your configuration file, but they all should be at the left margin.
Carter
On 4/8/2015 2:04 PM, Coviello, Paul wrote:
Nope didn’t make a difference, then removed all except for telnet... still fails :-(
-----Original Message----- From: Carter Browne [mailto:cbcs@comcast.net] Sent: Wednesday, April 08, 2015 1:59 PM To: Coviello, Paul; stunnel-users@stunnel.org Subject: Re: [stunnel-users] openvms and stunnel
You have two listeners on port 993, to the best of my knowledge, they need to be on two different ports. It probably did not get to the point of opening the log file.
On 4/8/2015 12:41 PM, Coviello, Paul wrote:
Ok thanks!
Now onto the server side...
$ @STUNNEL_STARTUP_SERVER.COM Is the private key (in the PEM file) encrypted? [Y/N]: y Enter the password to decrypt the key (please use paired double quotes with it): ""XXXXXXX"" Starting up a Stunnel %RUN-S-PROC_ID, identification of created process is 209F0B0D Stunnel server failed to start up-- check the configuration, etc.
And no logfile is created... $ dir stunnel.log %DIRECT-W-NOFILES, no files found $
here are the settings in the conf file...
The lines in this section do not line up properly, the ";' should be the first character
$ ty STUNNEL_server.CONF ; Sample stunnel configuration file by Michal Trojnara 2002-2006 ; Some options used here may not be adequate for your particular configuration
The line in this section do not line up properly, ";' or "cert" should start the line.
; Certificate/key is needed in server mode and optional in client mode ; The default certificate is provided only for testing and should not ; be used in a production environment cert = stunnel.pem ;key = stunnel.pem
; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
; Workaround for Eudora bug ;options = DONT_INSERT_EMPTY_FRAGMENTS
; Authentication stuff ;verify = 2 ; Don't forget to c_rehash CApath ;CApath = certs ; It's often easier to use CAfile ;CAfile = certs.pem ; Don't forget to c_rehash CRLpath ;CRLpath = crls ; Alternatively you can use CRLfile ;CRLfile = crls.pem
The lines is this section do not line up properly. The lines should start with ";", "debug" and "output".
; Some debugging stuff useful for troubleshooting debug = 7 output = stunnel.log
; Use it for client mode client = yes
; Service-level configuration
[pop3s] accept = 995 connect = 110
[imaps] accept = 993 connect = 143
[telnet] accept = 993 connect = 23
[ssmtp] accept = 465 connect = 25
;[https] ;accept = 443 ;connect = 80 ;TIMEOUTclose = 0
; vim:ft=dosini
-----Original Message----- From: Carter Browne [mailto:cbcs@comcast.net] Sent: Wednesday, April 08, 2015 12:16 PM To: Coviello, Paul; stunnel-users@stunnel.org Subject: Re: [stunnel-users] openvms and stunnel
The configuration:
[telnet] accept = 999 connect = x.x.x.x:993 client = no
will provide that.
If you want a single input port to access multiple destinations:
[telnet] accept = 999 connect = x.x.x.x:993 connect = x.x.x.y:993 connect = x.x.x.z:993 client = no And the destinations will be assigned on a round robin basis.
If each destination is a distinct connection then
[telnet1] accept = 999 connect = x.x.x.x:993 client = no
[telnet2] accept = 1999 connect = x.x.x.y:993 client = no
[telnet3] accept = 2999 connect = x.x.x.z:993 client = no
Carter
On 4/8/2015 12:02 PM, Coviello, Paul wrote:
Setup an incoming encrypted link from a windows telnet session to openvms.
-----Original Message----- From: stunnel-users [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of Carter Browne Sent: Wednesday, April 08, 2015 12:00 PM To: stunnel-users@stunnel.org Subject: Re: [stunnel-users] openvms and stunnel
Paul,
What are you trying to do:
Set up an incoming encrypted link to an outgoing unencrypted link? Set up an incoming unencrypted link to an outgoing encrypted link? Something else?
Carter
On 4/8/2015 11:49 AM, Coviello, Paul wrote:
Let me see so I need to do the following. > connect = 192.168.0.1:993 > connect = 192.168.20.140:993 > connect = 192.168.xx.xxx:993 > connect = 192.168.xx.xxy:993 Thanks Paul
-----Original Message----- From: stunnel-users [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of Ludolf Holzheid Sent: Wednesday, April 08, 2015 11:35 AM To: stunnel-users@stunnel.org Subject: Re: [stunnel-users] openvms and stunnel
On Wed, 2015-04-08 11:18:43 -0400, Coviello, Paul wrote: > Hello > > I'm trying to setup stunnel 4.20 yes it is an old version but the only one on HP's website for VMS. > > I need a little help in the conf files. > > Since I will be using telnet, do I need to put in each machines ip address that will be connecting? So in the example below do I create a listing of connects? > > [telnet] > accept = 999 > connect = 192.168.0.1:993 Paul,
the configuration above makes stunnel listen on local port 999, accepting connections from all IP addresses and forwards the traffic to port 993 of the box with IP address 192.168.0.1.
Depending on the 'client = ...' statement, stunnel expects the traffic at port 999 to be encrypted (server mode, client = no, default), or at port 993 (client mode, client = yes).
Any access control may be implemented via libwrap and (in server mode) via restriction of the accepted certificates.
HTH,
Ludolf
-- Carter Browne cbrowne@cbcs-usa.com
-- Carter Browne cbrowne@cbcs-usa.com
-- Carter Browne cbrowne@cbcs-usa.com
-- Carter Browne cbrowne@cbcs-usa.com