Yes.  Use inetd (or equivalent).  Making an independent server work is difficult due to the problems like you are having.  Inetd is in many O/S included and essential, others available.  It always works.  Always.  Yes, there is a tiny amount of overhead for making connections.  On an ancient AIX IBM I manage 2-4 million XML documents exchanged per day with no problems, all with inetd.  Try it – save yourself some misery.  Or maybe it won’t help at all except to add information J

 

E

 

From: stunnel-users [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of Martin Got
Sent: Monday, May 13, 2019 9:08 AM
To: stunnel-users@stunnel.org
Subject: [stunnel-users] Stunnel 5.44 server side 'exec = pppd' runs second child 'pppd' process after reconnection. Bug?

 

I'm trying to make stunnel wrapped ppp connection to achieve bidirectional data transfer over stunnel like shown below.

 

Stunnel client   --connect-->    Stunnel server

pppd client       --connect-->    pppd server

10.0.1.2             <--data-->     10.0.1.1

 

OpenBSD 6.4amd64 with Stunnel 5.44 server works till stunnel retries 'exec = pppd' section once stunnel client is reconnected. Also 'exec = pppd' section retries after a short network related communication lag also. Previous 'pppd' child instance haven't killed by stunnel 5.44 before new instance started.

 

So second 'pppd' process started and runs simultaneously with the first 'pppd' and link down. Restarting Stunnel server can clear child 'pppd' processes. So newly reestablished 'pppd' link between 10.0.1.1 <--> 10.0.1.2 endpoints works till next interconnection.

 

Does stunnel server have an option to start only one instance in 'exec' section or what should be done to fix this?

 

Any suggestions highly appreciated.

 

# ps -axu | grep pppd

user 43231 0.0  0.0   476 0:00.01 persist lock passive 10.0.1.1:10.0.1.2 local noauth (pppd)

user 39187 0.0  0.0   468 0:00.01 persist lock passive 10.0.1.1:10.0.1.2 local noauth (pppd)

 

# tail -n 10 /var/log/daemon

pppd[39187] pppd 2.3.5 started by user, uid 0

pppd[43231] Using interface ppp1

pppd[43231] Connect: ppp0 <--> /dev/ttyp2

pppd[43231] Local IP address 10.0.1.1

pppd[43231] Remote IP address 10.0.1.2

pppd[39187] pppd 2.3.5 started by user, uid 0

pppd[39187] Using interface ppp0

pppd[39187] Connect: ppp0 <--> /dev/ttyp5

pppd[39187] Couldn't set interface address: Address 10.0.1.1 or destination 10.0.1.2 already exists

 

Stunnel configurations for server and client:

 

1. Server's configuration

...

foreground = yes

debug = 7

 

socket = l:TCP_NODELAY=1

socket = r:TCP_NODELAY=1

;socket = l:SO_LINGER=1:60

 

; Session cache

sessionCacheSize = 100

sessionCacheTimeout = 600

 

stack = 65536

 

TIMEOUTbusy = 600

TIMEOUTconnect = 10

TIMEOUTidle = 43200

TIMEOUTclose = 5

 

[ppp]

accept = LOCAL-IP:PORT

exec = /usr/sbin/pppd

execargs = lock 10.0.1.1:10.0.1.2 local debug noauth

;execargs = lock passive 10.0.1.1:10.0.1.2 local debug noauth

pty = yes

CAfile = ca.crt

cert = server.crt

key = server.key

verifyChain = yes

 

 

2. Stunnel client's configuration

...

foreground = yes

debug = 7

 

socket = l:TCP_NODELAY=1

socket = r:TCP_NODELAY=1

 

; Session cache

sessionCacheSize = 1

sessionCacheTimeout = 600

 

failover = rr

 

[ppp]

client = yes

retry = yes

connect = REMOTE-IP:PORT

exec = /usr/sbin/pppd

execargs = defaultroute persist lock passive 10.0.1.2:10.0.1.1 local debug noauth name ppp-client

pty = yes

CAfile = ca.crt

cert = client.crt

key = client.key

verifyChain = yes

checkHost = REMOTE-HOSTNAME

;checkIP = 1.2.3.4