[stunnel-users] Connection closed with a turn server backend

Hi,

I'm trying to tunnel TLS connection to a turn server https://code.google.com/p/rfc5766-turn-server/

The connection is closed with; SSL socket closed on SSL_read

I'm using the ubuntu 12.04 package http://packages.ubuntu.com/precise/stunnel4

Am I missing a configuration option in my stunnel config?

Please see my config and log bellow.

----------------------------------------------- chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 pid = /stunnel4.pid debug = 7 output = /stunnel.log

[ssl] accept = 443 connect = 3478 cert = /etc/stunnel/cert.pem key = /etc/stunnel/key.pem ----------------------------------------------------

2014.04.12 13:40:15 LOG7[14983:140499885700864]: No limit detected for the number of clients 2014.04.12 13:40:15 LOG7[14983:140499885700864]: signal_pipe: FD=3 allocated (non-blocking mode) 2014.04.12 13:40:15 LOG7[14983:140499885700864]: signal_pipe: FD=4 allocated (non-blocking mode) 2014.04.12 13:40:15 LOG5[14983:140499885700864]: stunnel 4.42 on x86_64-pc-linux-gnu platform 2014.04.12 13:40:15 LOG5[14983:140499885700864]: Compiled/running with OpenSSL 1.0.1 14 Mar 2012 2014.04.12 13:40:15 LOG5[14983:140499885700864]: Threading:PTHREAD SSL:ENGINE Auth:LIBWRAP Sockets:POLL,IPv6 2014.04.12 13:40:15 LOG5[14983:140499885700864]: Reading configuration from file /etc/stunnel/stunnel.conf 2014.04.12 13:40:15 LOG7[14983:140499885700864]: PRNG seeded successfully 2014.04.12 13:40:15 LOG6[14983:140499885700864]: Initializing SSL context for service ssl 2014.04.12 13:40:15 LOG4[14983:140499885700864]: Insecure file permissions on /etc/stunnel/key.pem 2014.04.12 13:40:15 LOG7[14983:140499885700864]: Certificate: /etc/stunnel/cert.pem 2014.04.12 13:40:15 LOG7[14983:140499885700864]: Certificate loaded 2014.04.12 13:40:15 LOG7[14983:140499885700864]: Key file: /etc/stunnel/key.pem 2014.04.12 13:40:15 LOG7[14983:140499885700864]: Private key loaded 2014.04.12 13:40:15 LOG7[14983:140499885700864]: Could not load DH parameters from /etc/stunnel/cert.pem 2014.04.12 13:40:15 LOG7[14983:140499885700864]: Using hardcoded DH parameters 2014.04.12 13:40:15 LOG7[14983:140499885700864]: DH initialized with 2048-bit key 2014.04.12 13:40:15 LOG7[14983:140499885700864]: ECDH initialized with curve prime256v1 2014.04.12 13:40:15 LOG7[14983:140499885700864]: SSL options set: 0x00000004 2014.04.12 13:40:15 LOG6[14983:140499885700864]: SSL context initialized 2014.04.12 13:40:15 LOG5[14983:140499885700864]: Configuration successful 2014.04.12 13:40:15 LOG7[14983:140499885700864]: libwrap_init: FD=5 allocated (blocking mode) 2014.04.12 13:40:15 LOG7[14983:140499885700864]: libwrap_init: FD=6 allocated (blocking mode) 2014.04.12 13:40:15 LOG7[14983:140499885700864]: libwrap_init: FD=6 allocated (blocking mode) 2014.04.12 13:40:15 LOG7[14983:140499885700864]: libwrap_init: FD=7 allocated (blocking mode) 2014.04.12 13:40:15 LOG7[14983:140499885700864]: libwrap_init: FD=7 allocated (blocking mode) 2014.04.12 13:40:15 LOG7[14983:140499885700864]: libwrap_init: FD=8 allocated (blocking mode) 2014.04.12 13:40:15 LOG7[14983:140499885700864]: libwrap_init: FD=8 allocated (blocking mode) 2014.04.12 13:40:15 LOG7[14983:140499885700864]: libwrap_init: FD=9 allocated (blocking mode) 2014.04.12 13:40:15 LOG7[14983:140499885700864]: libwrap_init: FD=9 allocated (blocking mode) 2014.04.12 13:40:15 LOG7[14983:140499885700864]: libwrap_init: FD=10 allocated (blocking mode) 2014.04.12 13:40:15 LOG7[14983:140499885700864]: accept socket: FD=11 allocated (non-blocking mode) 2014.04.12 13:40:15 LOG7[14983:140499885700864]: Option SO_REUSEADDR set on accept socket 2014.04.12 13:40:15 LOG7[14983:140499885700864]: Service ssl bound to 0.0.0.0:443 2014.04.12 13:40:15 LOG7[14983:140499885700864]: Service ssl opened FD=11 2014.04.12 13:40:15 LOG7[14989:140499885700864]: Created pid file /stunnel4.pid 2014.04.12 13:40:17 LOG7[14989:140499885700864]: local socket: FD=0 allocated (non-blocking mode) 2014.04.12 13:40:17 LOG7[14989:140499885700864]: Service ssl accepted FD=0 from 192.168.56.1:54561 2014.04.12 13:40:17 LOG7[14989:140499885700864]: local socket: FD=1 allocated (non-blocking mode) 2014.04.12 13:40:17 LOG7[14989:140499885700864]: Service ssl accepted FD=1 from 192.168.56.1:54562 2014.04.12 13:40:17 LOG7[14989:140499885692672]: Service ssl started 2014.04.12 13:40:17 LOG7[14989:140499885692672]: Option TCP_NODELAY set on local socket 2014.04.12 13:40:17 LOG7[14989:140499885692672]: Waiting for a libwrap process 2014.04.12 13:40:17 LOG7[14989:140499885692672]: Acquired libwrap process #0 2014.04.12 13:40:17 LOG7[14989:140499885790976]: Service ssl started 2014.04.12 13:40:17 LOG7[14989:140499885790976]: Option TCP_NODELAY set on local socket 2014.04.12 13:40:17 LOG7[14989:140499885790976]: Waiting for a libwrap process 2014.04.12 13:40:17 LOG7[14989:140499885790976]: Acquired libwrap process #1 2014.04.12 13:40:17 LOG7[14989:140499885692672]: Releasing libwrap process #0 2014.04.12 13:40:17 LOG7[14989:140499885692672]: Released libwrap process #0 2014.04.12 13:40:17 LOG7[14989:140499885692672]: Service ssl permitted by libwrap from 192.168.56.1:54562 2014.04.12 13:40:17 LOG5[14989:140499885692672]: Service ssl accepted connection from 192.168.56.1:54562 2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): before/accept initialization 2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3 read client hello A 2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3 write server hello A 2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3 write certificate A 2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3 write key exchange A 2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3 write server done A 2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3 flush data 2014.04.12 13:40:17 LOG7[14989:140499885790976]: Releasing libwrap process #1 2014.04.12 13:40:17 LOG7[14989:140499885790976]: Released libwrap process #1 2014.04.12 13:40:17 LOG7[14989:140499885790976]: Service ssl permitted by libwrap from 192.168.56.1:54561 2014.04.12 13:40:17 LOG5[14989:140499885790976]: Service ssl accepted connection from 192.168.56.1:54561 2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): before/accept initialization 2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3 read client hello A 2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3 write server hello A 2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3 write certificate A 2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3 write key exchange A 2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3 write server done A 2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3 flush data 2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3 read client key exchange A 2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3 read finished A 2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3 write session ticket A 2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3 write change cipher spec A 2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3 write finished A 2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3 flush data 2014.04.12 13:40:17 LOG7[14989:140499885692672]: 0 items in the session cache 2014.04.12 13:40:17 LOG7[14989:140499885692672]: 0 client connects (SSL_connect()) 2014.04.12 13:40:17 LOG7[14989:140499885692672]: 0 client connects that finished 2014.04.12 13:40:17 LOG7[14989:140499885692672]: 0 client renegotiations requested 2014.04.12 13:40:17 LOG7[14989:140499885692672]: 2 server connects (SSL_accept()) 2014.04.12 13:40:17 LOG7[14989:140499885692672]: 1 server connects that finished 2014.04.12 13:40:17 LOG7[14989:140499885692672]: 0 server renegotiations requested 2014.04.12 13:40:17 LOG7[14989:140499885692672]: 0 session cache hits 2014.04.12 13:40:17 LOG7[14989:140499885692672]: 0 external session cache hits 2014.04.12 13:40:17 LOG7[14989:140499885692672]: 0 session cache misses 2014.04.12 13:40:17 LOG7[14989:140499885692672]: 0 session cache timeouts 2014.04.12 13:40:17 LOG6[14989:140499885692672]: SSL accepted: new session negotiated 2014.04.12 13:40:17 LOG6[14989:140499885692672]: Negotiated ciphers: ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD 2014.04.12 13:40:17 LOG7[14989:140499885692672]: remote socket: FD=2 allocated (non-blocking mode) 2014.04.12 13:40:17 LOG6[14989:140499885692672]: connect_blocking: connecting 192.169.56.300:3478 2014.04.12 13:40:17 LOG7[14989:140499885692672]: connect_blocking: s_poll_wait 192.169.56.300:3478: waiting 10 seconds 2014.04.12 13:40:17 LOG5[14989:140499885692672]: connect_blocking: connected 192.169.56.300:3478 2014.04.12 13:40:17 LOG5[14989:140499885692672]: Service ssl connected remote server from 192.169.56.300:59744 2014.04.12 13:40:17 LOG7[14989:140499885692672]: Remote FD=2 initialized 2014.04.12 13:40:17 LOG7[14989:140499885692672]: Option TCP_NODELAY set on remote socket 2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3 read client key exchange A 2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3 read finished A 2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3 write session ticket A 2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3 write change cipher spec A 2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3 write finished A 2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3 flush data 2014.04.12 13:40:17 LOG7[14989:140499885790976]: 0 items in the session cache 2014.04.12 13:40:17 LOG7[14989:140499885790976]: 0 client connects (SSL_connect()) 2014.04.12 13:40:17 LOG7[14989:140499885790976]: 0 client connects that finished 2014.04.12 13:40:17 LOG7[14989:140499885790976]: 0 client renegotiations requested 2014.04.12 13:40:17 LOG7[14989:140499885790976]: 2 server connects (SSL_accept()) 2014.04.12 13:40:17 LOG7[14989:140499885790976]: 2 server connects that finished 2014.04.12 13:40:17 LOG7[14989:140499885790976]: 0 server renegotiations requested 2014.04.12 13:40:17 LOG7[14989:140499885790976]: 0 session cache hits 2014.04.12 13:40:17 LOG7[14989:140499885790976]: 0 external session cache hits 2014.04.12 13:40:17 LOG7[14989:140499885790976]: 0 session cache misses 2014.04.12 13:40:17 LOG7[14989:140499885790976]: 0 session cache timeouts 2014.04.12 13:40:17 LOG6[14989:140499885790976]: SSL accepted: new session negotiated 2014.04.12 13:40:17 LOG6[14989:140499885790976]: Negotiated ciphers: ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD 2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL socket closed on SSL_read 2014.04.12 13:40:17 LOG7[14989:140499885692672]: Sending socket write shutdown 2014.04.12 13:40:17 LOG5[14989:140499885692672]: Connection closed: 0 bytes sent to SSL, 0 bytes sent to socket 2014.04.12 13:40:17 LOG7[14989:140499885692672]: Service ssl finished (1 left) 2014.04.12 13:40:17 LOG7[14989:140499885692672]: str_stats: 0 block(s), 0 byte(s) 2014.04.12 13:40:17 LOG7[14989:140499885790976]: remote socket: FD=1 allocated (non-blocking mode) 2014.04.12 13:40:17 LOG6[14989:140499885790976]: connect_blocking: connecting 192.169.56.300:3478 2014.04.12 13:40:17 LOG7[14989:140499885790976]: connect_blocking: s_poll_wait 192.169.56.300:3478: waiting 10 seconds 2014.04.12 13:40:17 LOG5[14989:140499885790976]: connect_blocking: connected 192.169.56.300:3478 2014.04.12 13:40:17 LOG5[14989:140499885790976]: Service ssl connected remote server from 192.169.56.300:59745 2014.04.12 13:40:17 LOG7[14989:140499885790976]: Remote FD=1 initialized 2014.04.12 13:40:17 LOG7[14989:140499885790976]: Option TCP_NODELAY set on remote socket 2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL socket closed on SSL_read 2014.04.12 13:40:17 LOG7[14989:140499885790976]: Sending socket write shutdown 2014.04.12 13:40:17 LOG5[14989:140499885790976]: Connection closed: 0 bytes sent to SSL, 0 bytes sent to socket 2014.04.12 13:40:17 LOG7[14989:140499885790976]: Service ssl finished (0 left) 2014.04.12 13:40:17 LOG7[14989:140499885790976]: str_stats: 0 block(s), 0 byte(s)