On Tue, 2013-07-23 13:30:08 -0400, David H. Durgee wrote:
I am attempting to use stunnel to provide secure telnet access to a server on my system. As it is possible that a user may be idle for long period I have attempted to enable keepalive with stunnel. My stunnel conf files contain:
socket = l:SO_KEEPALIVE=1 socket = r:SO_KEEPALIVE=1
on both the server and client side. But wireshark shows no keepalive packets being exchanged. I am using socat to provide a service on the LAN and connections using socat do show keepalive packets. But to get this working with socat I had to use the following:
socat -d -d -L/var/lock/Port$PORT - TCP:127.0.0.1:$PORT,keepalive,keepcnt=10,keepidle=3,keepintvl=1
I had originally tried it with only the keepalive option, but it took adding the other three options for it to work. Perhaps this is particular to my linux mint 13 maya x64 system and keepalive works by itself on windows? Are the other three options supported in stunnel?
`stunnel -sockets´ should show the available socket options and their default values.
For the box I'm writing this mail from, the default for TCP_KEEPIDLE is 7200 and for TCP_KEEPINTVL 75 (both in seconds). You'll have to be quite patient if you want to watch keepalive packets in wireshark without tweaking the defaults ...
HTH,
Ludolf