Perfect!

 

Thank you very much!

 

That’s the part I was missing the most… I kept trying to telnet to the server…

 

Now to figure out how to keep it running on VMS….

 

BTW: Rob gmail is blocked for me that’s why I keep removing you! J

 

From: Rob Lockhart [mailto:rlockhar@gmail.com]
Sent: Friday, April 24, 2015 12:10 PM
To: Coviello, Paul
Cc: stunnel-users@stunnel.org
Subject: Re: [stunnel-users] startup issues

 

On Fri, Apr 24, 2015 at 10:41 AM, Coviello, Paul <pcoviello@ccsusa.com> wrote:

Hi,

 

Well I got it started on VMS and wanted to put it in debug mode, so I shut it down made my changes to the conf file and now well I can’t start it with the command procedure.

 

I even tried the old conf and same thing…

 

$ @STUNNEL_STARTUP_SERVER

Is the private key (in the PEM file) encrypted? [Y/N]: Y

Enter the password to decrypt the key (please use paired double quotes with it): ""XXXXXXXXX""

Starting up a Stunnel

%RUN-S-PROC_ID, identification of created process is 209FCA70

Stunnel server failed to start up-- check the configuration, etc.

 

Nothing is logged…

 

But if I do the following

 

$ stunnel STUNNEL_SERVER.CONF

 

And the output to the screen…

2015.04.24 10:35:24 LOG7[547326662:2071228096]: Snagged 64 random bytes from sys$common:[sysmgr].rnd

2015.04.24 10:35:24 LOG7[547326662:2071228096]: Wrote 1024 new random bytes to sys$common:[sysmgr].rnd

2015.04.24 10:35:24 LOG7[547326662:2071228096]: RAND_status claims sufficient entropy for the PRNG

2015.04.24 10:35:24 LOG7[547326662:2071228096]: PRNG seeded successfully

2015.04.24 10:35:24 LOG7[547326662:2071228096]: Certificate: stunnel.pem

2015.04.24 10:35:24 LOG7[547326662:2071228096]: Certificate loaded

2015.04.24 10:35:24 LOG7[547326662:2071228096]: Key file: stunnel.pem

Enter PEM pass phrase:

2015.04.24 10:35:31 LOG7[547326662:2071228096]: Private key loaded

2015.04.24 10:35:31 LOG7[547326662:2071228096]: SSL context initialized for service telnet 

 

This is where it sits unless I do a ctrl-c to cancel and get back to the system prompt.

 

And when I do my telnet session I cannot connect. Well I connect but no prompts for me to login

 

But now I have log output! J

 

2015.04.24 10:08:31 LOG5[547326662:2071228096]: stunnel undefined on vax-openvms with OpenSSL 0.9.8h 28 May 2008

2015.04.24 10:08:31 LOG5[547326662:2071228096]: Threading:PTHREAD Sockets:POLL,IPv4

2015.04.24 10:08:31 LOG6[547326662:2071228096]: file ulimit = 512 (can be changed with 'ulimit -n')

2015.04.24 10:08:31 LOG6[547326662:2071228096]: poll() used - no FD_SETSIZE limit for file descriptors

2015.04.24 10:08:31 LOG5[547326662:2071228096]: 250 clients allowed

2015.04.24 10:08:31 LOG7[547326662:2071228096]: FD 5 in non-blocking mode

2015.04.24 10:08:31 LOG7[547326662:2071228096]: FD 4 in non-blocking mode

2015.04.24 10:08:31 LOG7[547326662:2071228096]: FD 6 in non-blocking mode

2015.04.24 10:08:31 LOG7[547326662:2071228096]: SO_REUSEADDR option set on accept socket

2015.04.24 10:08:31 LOG7[547326662:2071228096]: telnet bound to 0.0.0.0:

2015.04.24 10:15:00 LOG3[547326662:2071228096]: Received signal 2; terminating

2015.04.24 10:18:18 LOG5[547326662:2071228096]: stunnel undefined on vax-openvms with OpenSSL 0.9.8h 28 May 2008

2015.04.24 10:18:18 LOG5[547326662:2071228096]: Threading:PTHREAD Sockets:POLL,IPv4

2015.04.24 10:18:18 LOG6[547326662:2071228096]: file ulimit = 512 (can be changed with 'ulimit -n')

2015.04.24 10:18:18 LOG6[547326662:2071228096]: poll() used - no FD_SETSIZE limit for file descriptors

2015.04.24 10:18:18 LOG5[547326662:2071228096]: 250 clients allowed

2015.04.24 10:18:18 LOG7[547326662:2071228096]: FD 5 in non-blocking mode

2015.04.24 10:18:18 LOG7[547326662:2071228096]: FD 4 in non-blocking mode

2015.04.24 10:18:18 LOG7[547326662:2071228096]: FD 6 in non-blocking mode

2015.04.24 10:18:18 LOG7[547326662:2071228096]: SO_REUSEADDR option set on accept socket

2015.04.24 10:18:19 LOG7[547326662:2071228096]: telnet bound to 0.0.0.0:

2015.04.24 10:21:08 LOG6[547326662:2071228096]: going to accept mode

2015.04.24 10:21:08 LOG7[547326662:2071228096]: telnet accepted FD=7 from 192.168.20.140:59281

2015.04.24 10:21:08 LOG6[547326662:2071228096]: accepted connection

2015.04.24 10:21:08 LOG7[547326662:8966656]: telnet started

2015.04.24 10:21:08 LOG7[547326662:8966656]: FD 7 in non-blocking mode

2015.04.24 10:21:08 LOG7[547326662:8966656]: TCP_NODELAY option set on local socket

2015.04.24 10:21:08 LOG5[547326662:8966656]: telnet accepted connection from 0.0.0.0:

2015.04.24 10:21:08 LOG7[547326662:8966656]: SSL state (accept): before/accept initialization

2015.04.24 10:21:30 LOG3[547326662:8966656]: SSL_accept: Peer suddenly disconnected

2015.04.24 10:21:30 LOG5[547326662:8966656]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket

2015.04.24 10:21:30 LOG7[547326662:8966656]: telnet finished (0 left)

2015.04.24 10:21:31 LOG6[547326662:2071228096]: going to accept mode

2015.04.24 10:21:31 LOG7[547326662:2071228096]: telnet accepted FD=7 from 192.168.20.140:59283

2015.04.24 10:21:31 LOG6[547326662:2071228096]: accepted connection

2015.04.24 10:21:31 LOG7[547326662:8966656]: telnet started

2015.04.24 10:21:31 LOG7[547326662:8966656]: FD 7 in non-blocking mode

2015.04.24 10:21:31 LOG7[547326662:8966656]: TCP_NODELAY option set on local socket

2015.04.24 10:21:31 LOG5[547326662:8966656]: telnet accepted connection from 0.0.0.0:

2015.04.24 10:21:31 LOG7[547326662:8966656]: SSL state (accept): before/accept initialization

2015.04.24 10:21:32 LOG3[547326662:8966656]: SSL_accept: Peer suddenly disconnected

2015.04.24 10:21:32 LOG5[547326662:8966656]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket

2015.04.24 10:21:32 LOG7[547326662:8966656]: telnet finished (0 left)

2015.04.24 10:21:33 LOG6[547326662:2071228096]: going to accept mode

2015.04.24 10:21:33 LOG7[547326662:2071228096]: telnet accepted FD=7 from 192.168.20.140:59284

2015.04.24 10:21:33 LOG6[547326662:2071228096]: accepted connection

2015.04.24 10:21:33 LOG7[547326662:8966656]: telnet started

2015.04.24 10:21:33 LOG7[547326662:8966656]: FD 7 in non-blocking mode

2015.04.24 10:21:33 LOG7[547326662:8966656]: TCP_NODELAY option set on local socket

2015.04.24 10:21:33 LOG5[547326662:8966656]: telnet accepted connection from 0.0.0.0:

2015.04.24 10:21:33 LOG7[547326662:8966656]: SSL state (accept): before/accept initialization

2015.04.24 10:21:34 LOG3[547326662:8966656]: SSL_accept: Peer suddenly disconnected

2015.04.24 10:21:34 LOG5[547326662:8966656]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket

2015.04.24 10:21:34 LOG7[547326662:8966656]: telnet finished (0 left)

 

 

 

 

Without knowing your current configuration files (server and client), it's difficult to debug. I would set up something as simple as this (assuming telnet is port 21 on your system, if not change as appropriate). You will have to stick with TLSv1 as the highest level of encryption based on your OpenSSL library version.

 

  1. Create a stunnel.conf file for the client with the following contents (change SERVERIP to be the actual server's public IP address or the LAN IP address if you're behind a firewall on both computers):
    sslVersion=TLSv1
    FIPS = no
    socket = l:TCP_NODELAY=1
    socket = r:TCP_NODELAY=1
    client = yes
    [stunnel_telnet]
    accept = 127.0.0.1:2021
    connect = SERVERIP:2121
    delay = no
  2. Create a stunnel.conf file for the server with the following contents (modify as appropriate for the stunnel.pem file location):
    sslVersion=TLSv1
    cert=stunnel.pem
    socket = l:TCP_NODELAY=1
    socket = r:TCP_NODELAY=1
    client = no
    [stunnel_telnet]
    accept = 2121
    connect = 127.0.0.1:21
    delay = no
  3. Now, start the service first, then the client
  4. On your windows box, telnet to port 2021 of localhost. This should work.