On Fri, 15 Oct 2004 04:29:53 +0200 (CEST), Jan Meijer jan.meijer@surfnet.nl wrote:
On Thu, 14 Oct 2004, Graeme Stewart wrote:
I receive a connection refused error from netcat. Could someone point me in the right direction?
Too early awake me thinks: -can you telnet localhost 8080 and what does that say? -what does the logging on your local stunnel say? -what does the logging on the remote site say? -what is your total stunnel config? -why are you using transparent?
Jan,
My apologies, I wasn't exactly sure what information would be helpful to resolve this issue.
It may be my limited knowledge is attributing the issue to stunnel, when infact the problem is more of an SSL encryption, or TCP/IP routing issue. If this is the case I apologize for posting to this mailing list in error.
Here's the additional info:
- Results of Telnet and a printout of the routing table:
# stunnel /usr/local/etc/stunnel/stunnel.conf # telnet localhost 8080 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused # telnet 172.30.128.100 8080 Trying 172.30.128.100... telnet: connect to address 172.30.128.100: No route to host # route -v Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 172.30.128.0 * 255.255.248.0 U 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth0 default 172.30.128.1 0.0.0.0 UG 0 0 0 eth0
- stunnel has logging? - Told you I hadn't used it much. - Don't know what the remote site is saying as I don't have access to those logfiles. I'm pretty sure it's running Windows IIS 5.0 - Here's the complete config file:
setuid = nobody setgid = nogroup
# Workaround for Eudora bug #options = DONT_INSERT_EMPTY_FRAGMENTS
# Authentication stuff verify=0 # don't forget about c_rehash CApath # it is located inside chroot jail: #CApath = /certs # or simply use CAfile instead: #CAfile = /usr/local/etc/stunnel/certs.pem # CRL path or file (inside chroot jail): #CRLpath = /crls # or simply use CAfile instead: #CRLfile = /usr/local/etc/stunnel/crls.pem
# Some debugging stuff #debug = 7 #output = stunnel.log
# Use it for client mode client=yes
# Service-level configuration
#[pop3s] #accept = 995 #connect = 110
#[imaps] #accept = 993 #connect = 143
#[ssmtp] #accept = 465 #connect = 25
#[s1] #accept = 5000 #connect = mail.osw.pl:110 # delay = yes
#[s2] #accept = 5001 #connect = mail.osw.pl:25
[https] accept=localhost:8080 connect=targetsite.com:443 TIMEOUTclose=0 transparent=yes
- shouldn't the link be transparent to the application utilizing it?