Thanks for your reply Jose.
As for your first question, I receive the plaintext packets in port 6666 on the server side. I print it out by tcpdump -A.
About the second question, I think adding client=yes to sender's config file and client=no to receiver's config file is not helpful. I tried this before and nothing changes.
JAD: Of course, it has effect. To create a TLS tunnel you need a TLS client and a TLS server.
Also, I am kind of confused how to run stunnel between server and client. Currently what I am doing is run command "sudo stunnel stunnel.config" in my server side, and run another "sudo stunnel stunnel.config" with slight difference in the configuration file. Is that correct?
JAD: You may have running instances of stunnel. Your configuration changes or command line invocations may not be executing. You need to take a look at the location you define for your logs, to see what's happening. Check your active processes and the active TCP binds. Examples:
ps -ef | egrep [s]tunnel
netstat -an | grep :6666
If you get nothing from this commands, you're good to go. Otherwise, you have to kill the running process first.
Also check your logs:
less /home/ubuntu/client_server/stunnel.log
Also, check the file permissions of your keys and certificate files. Unsecure permissions for a private key will not work. Also, if you don't find your logs or there's no information in them, the user you are running may not have permissions to write. You can can do a trace running stunnel under strace, like this.
strace /usr/bin/stunnel /etc/stunnel.conf
Ýou'll get a lot of outpt in your screen, but if you know how to read it will show what's wrong,
And finally, How are you pushing the clear text into the tunnel?
I think I gave you all information to put you on track of solving your problems.
regards,
Jose