Am 18.08.2011 12:58, schrieb Julian D. Seifert:
Am 18.08.2011 10:19, schrieb Michal Trojnara:
On Thu, 18 Aug 2011 02:59:30 +0200, Julian D. Seifert wrote:
If I try it like I get "local_bind (original port): Cannot assign requested address (99) stunnel" and clients get connection abort.
I guess either you're not running one of the supported kernels, or you're not running stunnel as root.
I checked (with ps) that stunnel is running as root(I commented out the setuid setgid options in the config file) I had two setups, one with standard ubuntu lucid lts kernel and one with 2.6.32. (I can also provide the kernelconfigurations or the settings of the options that are necessary)
Linux ubuntu 2.6.32-21-generic #32-Ubuntu SMP Fri Apr 16 08:10:02 UTC 2010 i686 GNU/Linux lsmod | grep -ie tprox xt_TPROXY 1165 0 nf_defrag_ipv4 1073 2 xt_TPROXY,xt_socket nf_tproxy_core 1608 2 xt_TPROXY,xt_socket,[permanent] x_tables 14299 4 xt_TPROXY,xt_MARK,xt_socket,ip_tables
ps: root 2024 0.0 0.0 3876 492 pts/0 S 04:01 0:00 ./stunnel stunnel.conf root 2025 0.0 0.0 3876 492 pts/0 S 04:01 0:00 ./stunnel stunnel.conf
stunnel version: No limit detected for the number of clients signal_pipe: FD=3 allocated (non-blocking mode) signal_pipe: FD=4 allocated (non-blocking mode) stunnel 4.39 on i686-pc-linux-gnu platform Compiled/running with OpenSSL 0.9.8k 25 Mar 2009 Threading:PTHREAD SSL:ENGINE Auth:LIBWRAP Sockets:POLL,IPv6 stunnel 4.39 on i686-pc-linux-gnu platform Compiled/running with OpenSSL 0.9.8k 25 Mar 2009 Threading:PTHREAD SSL:ENGINE Auth:LIBWRAP Sockets:POLL,IPv6
Global option defaults debug = daemon.notice pid = /usr/local/var/run/stunnel/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes
Service-level option defaults cert = /usr/local/etc/stunnel/stunnel.pem ciphers = RC4-MD5:HIGH:!aNULL:!SSLv2 curve = sect163r2 session = 300 seconds sslVersion = TLSv1 for client, all for server stack = 65536 bytes TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none