Hello,
I've installed a stunnel between my laptop and my server (both in Debian SID) [v5.06-2].
Here is my client stunnel.conf : pid = /var/run/stunnel.pid client = yes sslVersion = TLSv1.2 debug = 7 [ssh] accept = 5000 protocol = connect protocolHost = myserver:443 connect = myproxy:8080
The server one : cert = mycert key = mykey chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 pid = /stunnel4.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 sslVersion = TLSv1.2 ; https ou ssh encapsulé dans du ssl [sslh] accept = 443 connect = myserver:444
And my .ssh/config : Host myserver HostName localhost Port 5000 IdentityFile ~/.ssh/mykey ProtocolKeepAlives 6
At home (I use tinyproxy to test), everything is OK. At work, with a "true" proxy, sometimes I can connect (but I'm quickly disconnected), sometimes I can't... I've watch the logs but find nothing.
Do you have any idea ? Something to look in the logs ?
Here is an example of a short connection : ~ $ ssh myserver root@myserver:~# cat /var/log/syslog | grep stunnel [...] root@myserver~# Timeout, server localhost not responding.
More often I have : ~ $ ssh myserver ssh_exchange_identification: Connection closed by remote host
In my local logs : Mar 12 13:24:41 mylaptop stunnel: LOG7[3984]: Service [ssh] accepted (FD=3) from 127.0.0.1:44794 Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: Service [ssh] started Mar 12 13:24:41 mylaptop stunnel: LOG5[3223]: Service [ssh] accepted connection from 127.0.0.1:44794 Mar 12 13:24:41 mylaptop stunnel: LOG6[3223]: s_connect: connecting myproxy:8080 Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: s_connect: s_poll_wait myproxy:8080: waiting 10 seconds Mar 12 13:24:41 mylaptop stunnel: LOG5[3223]: s_connect: connected myproxy:8080 Mar 12 13:24:41 mylaptop stunnel: LOG5[3223]: Service [ssh] connected remote server from myIP:58282 Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: Remote socket (FD=8) initialized Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: -> CONNECT myserver:443 HTTP/1.1 Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: -> Host: myserver:443 Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: -> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: <- HTTP/1.1 200 Connection established Mar 12 13:24:41 mylaptop stunnel: LOG6[3223]: CONNECT request accepted Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: <- Mar 12 13:24:41 mylaptop stunnel: LOG6[3223]: SNI: sending servername: myserver Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): before/connect initialization Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): unknown state Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): unknown state Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): unknown state Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): unknown state Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): unknown state Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): unknown state Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 54 items in the session cache Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 109 client connects (SSL_connect()) Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 110 client connects that finished Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 client renegotiations requested Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 server connects (SSL_accept()) Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 server connects that finished Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 server renegotiations requested Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 56 session cache hits Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 external session cache hits Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 session cache misses Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: SSL alert (read): warning: close notify Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: SSL closed (SSL_read) Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Sent socket write shutdown Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: Read socket closed (readsocket) Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: Read socket closed (hangup) Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: Write socket closed (hangup) Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Sending close_notify alert Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: SSL alert (write): warning: close notify Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: SSL_shutdown successfully sent close_notify alert Mar 12 13:24:43 mylaptop stunnel: LOG5[3223]: Connection closed: 32 byte(s) sent to SSL, 0 byte(s) sent to socket Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Remote socket (FD=8) closed Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Local socket (FD=3) closed Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Service [ssh] finished (0 left)
Thank you.
David.