Yes. Use inetd (or equivalent). Making an independent server work is difficult due to the problems like you are having. Inetd is in many O/S included and essential, others available. It always works. Always. Yes, there is a tiny amount of overhead for making connections. On an ancient AIX IBM I manage 2-4 million XML documents exchanged per day with no problems, all with inetd. Try it – save yourself some misery. Or maybe it won’t help at all except to add information :)
E
From: stunnel-users [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of Martin Got Sent: Monday, May 13, 2019 9:08 AM To: stunnel-users@stunnel.org Subject: [stunnel-users] Stunnel 5.44 server side 'exec = pppd' runs second child 'pppd' process after reconnection. Bug?
I'm trying to make stunnel wrapped ppp connection to achieve bidirectional data transfer over stunnel like shown below.
Stunnel client --connect--> Stunnel server
pppd client --connect--> pppd server
10.0.1.2 <--data--> 10.0.1.1
OpenBSD 6.4amd64 with Stunnel 5.44 server works till stunnel retries 'exec = pppd' section once stunnel client is reconnected. Also 'exec = pppd' section retries after a short network related communication lag also. Previous 'pppd' child instance haven't killed by stunnel 5.44 before new instance started.
So second 'pppd' process started and runs simultaneously with the first 'pppd' and link down. Restarting Stunnel server can clear child 'pppd' processes. So newly reestablished 'pppd' link between 10.0.1.1 <--> 10.0.1.2 endpoints works till next interconnection.
Does stunnel server have an option to start only one instance in 'exec' section or what should be done to fix this?
Any suggestions highly appreciated.
# ps -axu | grep pppd
user 43231 0.0 0.0 476 0:00.01 persist lock passive 10.0.1.1:10.0.1.2 local noauth (pppd)
user 39187 0.0 0.0 468 0:00.01 persist lock passive 10.0.1.1:10.0.1.2 local noauth (pppd)
# tail -n 10 /var/log/daemon
pppd[39187] pppd 2.3.5 started by user, uid 0
pppd[43231] Using interface ppp1
pppd[43231] Connect: ppp0 <--> /dev/ttyp2
pppd[43231] Local IP address 10.0.1.1
pppd[43231] Remote IP address 10.0.1.2
pppd[39187] pppd 2.3.5 started by user, uid 0
pppd[39187] Using interface ppp0
pppd[39187] Connect: ppp0 <--> /dev/ttyp5
pppd[39187] Couldn't set interface address: Address 10.0.1.1 or destination 10.0.1.2 already exists
Stunnel configurations for server and client:
1. Server's configuration
...
foreground = yes
debug = 7
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;socket = l:SO_LINGER=1:60
; Session cache
sessionCacheSize = 100
sessionCacheTimeout = 600
stack = 65536
TIMEOUTbusy = 600
TIMEOUTconnect = 10
TIMEOUTidle = 43200
TIMEOUTclose = 5
[ppp]
accept = LOCAL-IP:PORT
exec = /usr/sbin/pppd
execargs = lock 10.0.1.1:10.0.1.2 local debug noauth
;execargs = lock passive 10.0.1.1:10.0.1.2 local debug noauth
pty = yes
CAfile = ca.crt
cert = server.crt
key = server.key
verifyChain = yes
2. Stunnel client's configuration
...
foreground = yes
debug = 7
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Session cache
sessionCacheSize = 1
sessionCacheTimeout = 600
failover = rr
[ppp]
client = yes
retry = yes
connect = REMOTE-IP:PORT
exec = /usr/sbin/pppd
execargs = defaultroute persist lock passive 10.0.1.2:10.0.1.1 local debug noauth name ppp-client
pty = yes
CAfile = ca.crt
cert = client.crt
key = client.key
verifyChain = yes
checkHost = REMOTE-HOSTNAME
;checkIP = 1.2.3.4