Perfect!
Thank you very much!
That’s the part I was missing the most… I kept trying to telnet to the server…
Now to figure out how to keep it running on VMS….
BTW: Rob gmail is blocked for me that’s why I keep removing you! J
From: Rob Lockhart [mailto:rlockhar@gmail.com]
Sent: Friday, April 24, 2015 12:10 PM
To: Coviello, Paul
Cc: stunnel-users@stunnel.org
Subject: Re: [stunnel-users] startup issues
On Fri, Apr 24, 2015 at 10:41 AM, Coviello, Paul <pcoviello@ccsusa.com> wrote:
Hi,
Well I got it started on VMS and wanted to put it in debug mode, so I shut it down made my changes to the conf file and now well I can’t start it with the command procedure.
I even tried the old conf and same thing…
$ @STUNNEL_STARTUP_SERVER
Is the private key (in the PEM file) encrypted? [Y/N]: Y
Enter the password to decrypt the key (please use paired double quotes with it): ""XXXXXXXXX""
Starting up a Stunnel
%RUN-S-PROC_ID, identification of created process is 209FCA70
Stunnel server failed to start up-- check the configuration, etc.
Nothing is logged…
But if I do the following
$ stunnel STUNNEL_SERVER.CONF
And the output to the screen…
2015.04.24 10:35:24 LOG7[547326662:2071228096]: Snagged 64 random bytes from sys$common:[sysmgr].rnd
2015.04.24 10:35:24 LOG7[547326662:2071228096]: Wrote 1024 new random bytes to sys$common:[sysmgr].rnd
2015.04.24 10:35:24 LOG7[547326662:2071228096]: RAND_status claims sufficient entropy for the PRNG
2015.04.24 10:35:24 LOG7[547326662:2071228096]: PRNG seeded successfully
2015.04.24 10:35:24 LOG7[547326662:2071228096]: Certificate: stunnel.pem
2015.04.24 10:35:24 LOG7[547326662:2071228096]: Certificate loaded
2015.04.24 10:35:24 LOG7[547326662:2071228096]: Key file: stunnel.pem
Enter PEM pass phrase:
2015.04.24 10:35:31 LOG7[547326662:2071228096]: Private key loaded
2015.04.24 10:35:31 LOG7[547326662:2071228096]: SSL context initialized for service telnet
This is where it sits unless I do a ctrl-c to cancel and get back to the system prompt.
And when I do my telnet session I cannot connect. Well I connect but no prompts for me to login
But now I have log output! J
2015.04.24 10:08:31 LOG5[547326662:2071228096]: stunnel undefined on vax-openvms with OpenSSL 0.9.8h 28 May 2008
2015.04.24 10:08:31 LOG5[547326662:2071228096]: Threading:PTHREAD Sockets:POLL,IPv4
2015.04.24 10:08:31 LOG6[547326662:2071228096]: file ulimit = 512 (can be changed with 'ulimit -n')
2015.04.24 10:08:31 LOG6[547326662:2071228096]: poll() used - no FD_SETSIZE limit for file descriptors
2015.04.24 10:08:31 LOG5[547326662:2071228096]: 250 clients allowed
2015.04.24 10:08:31 LOG7[547326662:2071228096]: FD 5 in non-blocking mode
2015.04.24 10:08:31 LOG7[547326662:2071228096]: FD 4 in non-blocking mode
2015.04.24 10:08:31 LOG7[547326662:2071228096]: FD 6 in non-blocking mode
2015.04.24 10:08:31 LOG7[547326662:2071228096]: SO_REUSEADDR option set on accept socket
2015.04.24 10:08:31 LOG7[547326662:2071228096]: telnet bound to 0.0.0.0:
2015.04.24 10:15:00 LOG3[547326662:2071228096]: Received signal 2; terminating
2015.04.24 10:18:18 LOG5[547326662:2071228096]: stunnel undefined on vax-openvms with OpenSSL 0.9.8h 28 May 2008
2015.04.24 10:18:18 LOG5[547326662:2071228096]: Threading:PTHREAD Sockets:POLL,IPv4
2015.04.24 10:18:18 LOG6[547326662:2071228096]: file ulimit = 512 (can be changed with 'ulimit -n')
2015.04.24 10:18:18 LOG6[547326662:2071228096]: poll() used - no FD_SETSIZE limit for file descriptors
2015.04.24 10:18:18 LOG5[547326662:2071228096]: 250 clients allowed
2015.04.24 10:18:18 LOG7[547326662:2071228096]: FD 5 in non-blocking mode
2015.04.24 10:18:18 LOG7[547326662:2071228096]: FD 4 in non-blocking mode
2015.04.24 10:18:18 LOG7[547326662:2071228096]: FD 6 in non-blocking mode
2015.04.24 10:18:18 LOG7[547326662:2071228096]: SO_REUSEADDR option set on accept socket
2015.04.24 10:18:19 LOG7[547326662:2071228096]: telnet bound to 0.0.0.0:
2015.04.24 10:21:08 LOG6[547326662:2071228096]: going to accept mode
2015.04.24 10:21:08 LOG7[547326662:2071228096]: telnet accepted FD=7 from 192.168.20.140:59281
2015.04.24 10:21:08 LOG6[547326662:2071228096]: accepted connection
2015.04.24 10:21:08 LOG7[547326662:8966656]: telnet started
2015.04.24 10:21:08 LOG7[547326662:8966656]: FD 7 in non-blocking mode
2015.04.24 10:21:08 LOG7[547326662:8966656]: TCP_NODELAY option set on local socket
2015.04.24 10:21:08 LOG5[547326662:8966656]: telnet accepted connection from 0.0.0.0:
2015.04.24 10:21:08 LOG7[547326662:8966656]: SSL state (accept): before/accept initialization
2015.04.24 10:21:30 LOG3[547326662:8966656]: SSL_accept: Peer suddenly disconnected
2015.04.24 10:21:30 LOG5[547326662:8966656]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2015.04.24 10:21:30 LOG7[547326662:8966656]: telnet finished (0 left)
2015.04.24 10:21:31 LOG6[547326662:2071228096]: going to accept mode
2015.04.24 10:21:31 LOG7[547326662:2071228096]: telnet accepted FD=7 from 192.168.20.140:59283
2015.04.24 10:21:31 LOG6[547326662:2071228096]: accepted connection
2015.04.24 10:21:31 LOG7[547326662:8966656]: telnet started
2015.04.24 10:21:31 LOG7[547326662:8966656]: FD 7 in non-blocking mode
2015.04.24 10:21:31 LOG7[547326662:8966656]: TCP_NODELAY option set on local socket
2015.04.24 10:21:31 LOG5[547326662:8966656]: telnet accepted connection from 0.0.0.0:
2015.04.24 10:21:31 LOG7[547326662:8966656]: SSL state (accept): before/accept initialization
2015.04.24 10:21:32 LOG3[547326662:8966656]: SSL_accept: Peer suddenly disconnected
2015.04.24 10:21:32 LOG5[547326662:8966656]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2015.04.24 10:21:32 LOG7[547326662:8966656]: telnet finished (0 left)
2015.04.24 10:21:33 LOG6[547326662:2071228096]: going to accept mode
2015.04.24 10:21:33 LOG7[547326662:2071228096]: telnet accepted FD=7 from 192.168.20.140:59284
2015.04.24 10:21:33 LOG6[547326662:2071228096]: accepted connection
2015.04.24 10:21:33 LOG7[547326662:8966656]: telnet started
2015.04.24 10:21:33 LOG7[547326662:8966656]: FD 7 in non-blocking mode
2015.04.24 10:21:33 LOG7[547326662:8966656]: TCP_NODELAY option set on local socket
2015.04.24 10:21:33 LOG5[547326662:8966656]: telnet accepted connection from 0.0.0.0:
2015.04.24 10:21:33 LOG7[547326662:8966656]: SSL state (accept): before/accept initialization
2015.04.24 10:21:34 LOG3[547326662:8966656]: SSL_accept: Peer suddenly disconnected
2015.04.24 10:21:34 LOG5[547326662:8966656]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2015.04.24 10:21:34 LOG7[547326662:8966656]: telnet finished (0 left)
| | |
Without knowing your current configuration files (server and client), it's difficult to debug. I would set up something as simple as this (assuming telnet is port 21 on your system, if not change as appropriate). You will have to stick with TLSv1 as the highest level of encryption based on your OpenSSL library version.