[stunnel-users] Can not estabilish stunnel

Hi,

I have difficulties setting up a tunnel between two linux box I administrate. Right now its only in test phase, i would like to make an stunnel connection to the smpt server at 195.56.52.140. My final goal is to set up syslog through stunnel, thats why the port name/numbers.

Config file for the server:

cert = /usr/local/etc/stunnel/stunnel.pem pid = /usr/local/etc/stunnel/stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7 output = /usr/local/etc/stunnel/stunnel.log [ssyslog]

accept = 195.56.52.140:2514 connect = 10.10.2.1:25

Config file for the client:

cert = /usr/local/etc/stunnel/stunnel.pem pid = /usr/local/etc/stunnel/stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7 output = /usr/local/etc/stunnel/stunnel.log client = yes [ssyslog] accept = 2514 connect = 195.56.52.140:2514

I get the following messages in the logs after, executing a "telnet 127.0.0.1 2514" command at the client machine (of course, smtp works on the other side, and i set iptables to allow incomming connections on 2514 dport)

Server:

2005.12.13 09:09:22 LOG5[11505:1]: stunnel 4.14 on i686-pc-linux-gnu UCONTEXT+POLL+IPv4 with OpenSSL 0.9.7e 25 Oct 2004 2005.12.13 09:09:22 LOG7[11505:1]: Snagged 64 random bytes from /root/.rnd 2005.12.13 09:09:22 LOG7[11505:1]: Wrote 1024 new random bytes to /root/.rnd 2005.12.13 09:09:22 LOG7[11505:1]: RAND_status claims sufficient entropy for the PRNG 2005.12.13 09:09:22 LOG6[11505:1]: PRNG seeded successfully 2005.12.13 09:09:22 LOG7[11505:1]: Certificate: /usr/local/etc/stunnel/stunnel.pem 2005.12.13 09:09:22 LOG7[11505:1]: Key file: /usr/local/etc/stunnel/stunnel.pem 2005.12.13 09:09:22 LOG6[11505:1]: file ulimit = 1024 (can be changed with 'ulimit -n') 2005.12.13 09:09:22 LOG6[11505:1]: poll() used - no FD_SETSIZE limit for file descriptors 2005.12.13 09:09:22 LOG5[11505:1]: 500 clients allowed 2005.12.13 09:09:22 LOG7[11505:1]: FD 6 in non-blocking mode 2005.12.13 09:09:22 LOG7[11505:1]: FD 8 in non-blocking mode 2005.12.13 09:09:22 LOG7[11505:1]: FD 9 in non-blocking mode 2005.12.13 09:09:22 LOG7[11505:1]: SO_REUSEADDR option set on accept socket 2005.12.13 09:09:22 LOG7[11505:1]: ssyslog bound to 195.56.52.140:2514 2005.12.13 09:09:22 LOG7[11506:1]: Created pid file /usr/local/etc/stunnel/stunnel.pid 2005.12.13 09:09:22 LOG7[11506:0]: Waiting -1 second(s) for 2 file descriptor(s) 2005.12.13 09:11:23 LOG7[11506:0]: CONTEXT 1, FD=6, (IN)->() 2005.12.13 09:11:23 LOG7[11506:0]: CONTEXT 1, FD=9, (IN)->(IN) 2005.12.13 09:11:23 LOG7[11506:1]: ssyslog accepted FD=10 from 81.183.222.1:35225 2005.12.13 09:11:23 LOG7[11506:1]: Creating a new context 2005.12.13 09:11:23 LOG7[11506:1]: Context 2 created 2005.12.13 09:11:23 LOG7[11506:2]: Context swap: 1 -> 2 2005.12.13 09:11:23 LOG7[11506:2]: ssyslog started 2005.12.13 09:11:23 LOG7[11506:2]: FD 10 in non-blocking mode 2005.12.13 09:11:23 LOG7[11506:2]: TCP_NODELAY option set on local socket 2005.12.13 09:11:23 LOG5[11506:2]: ssyslog connected from 81.183.222.1:35225 2005.12.13 09:11:23 LOG7[11506:2]: SSL state (accept): before/accept initialization 2005.12.13 09:11:23 LOG7[11506:0]: Waiting 300 second(s) for 3 file descriptor(s) 2005.12.13 09:11:23 LOG7[11506:0]: CONTEXT 1, FD=6, (IN)->() 2005.12.13 09:11:23 LOG7[11506:0]: CONTEXT 1, FD=9, (IN)->() 2005.12.13 09:11:23 LOG7[11506:0]: CONTEXT 2, FD=10, (IN)->(IN) 2005.12.13 09:11:23 LOG7[11506:2]: SSL state (accept): SSLv3 read client hello A 2005.12.13 09:11:23 LOG7[11506:2]: SSL state (accept): SSLv3 write server hello A 2005.12.13 09:11:23 LOG7[11506:2]: SSL state (accept): SSLv3 write certificate A 2005.12.13 09:11:23 LOG7[11506:2]: SSL state (accept): SSLv3 write server done A 2005.12.13 09:11:23 LOG7[11506:2]: SSL state (accept): SSLv3 flush data 2005.12.13 09:11:23 LOG7[11506:0]: Waiting 300 second(s) for 3 file descriptor(s) 2005.12.13 09:11:25 LOG7[11506:0]: CONTEXT 1, FD=6, (IN)->() 2005.12.13 09:11:25 LOG7[11506:0]: CONTEXT 1, FD=9, (IN)->() 2005.12.13 09:11:25 LOG7[11506:0]: CONTEXT 2, FD=10, (IN)->(IN) 2005.12.13 09:11:25 LOG7[11506:2]: SSL state (accept): SSLv3 read client key exchange A 2005.12.13 09:11:25 LOG7[11506:2]: SSL state (accept): SSLv3 read finished A 2005.12.13 09:11:25 LOG7[11506:2]: SSL state (accept): SSLv3 write change cipher spec A 2005.12.13 09:11:25 LOG7[11506:2]: SSL state (accept): SSLv3 write finished A 2005.12.13 09:11:25 LOG7[11506:2]: SSL state (accept): SSLv3 flush data 2005.12.13 09:11:25 LOG7[11506:2]: 1 items in the session cache 2005.12.13 09:11:25 LOG7[11506:2]: 0 client connects (SSL_connect()) 2005.12.13 09:11:25 LOG7[11506:2]: 0 client connects that finished 2005.12.13 09:11:25 LOG7[11506:2]: 0 client renegotiatations requested 2005.12.13 09:11:25 LOG7[11506:2]: 1 server connects (SSL_accept()) 2005.12.13 09:11:25 LOG7[11506:2]: 1 server connects that finished 2005.12.13 09:11:25 LOG7[11506:2]: 0 server renegotiatiations requested 2005.12.13 09:11:25 LOG7[11506:2]: 0 session cache hits 2005.12.13 09:11:25 LOG7[11506:2]: 0 session cache misses 2005.12.13 09:11:25 LOG7[11506:2]: 0 session cache timeouts 2005.12.13 09:11:25 LOG6[11506:2]: SSL accepted: new session negotiated 2005.12.13 09:11:25 LOG6[11506:2]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 2005.12.13 09:11:25 LOG7[11506:2]: FD 11 in non-blocking mode 2005.12.13 09:11:25 LOG7[11506:2]: ssyslog connecting 10.10.2.1:25 2005.12.13 09:11:25 LOG7[11506:2]: connect_wait: waiting 10 seconds 2005.12.13 09:11:25 LOG7[11506:0]: Waiting 10 second(s) for 3 file descriptor(s) 2005.12.13 09:11:35 LOG7[11506:0]: CONTEXT 1, FD=6, (IN)->() 2005.12.13 09:11:35 LOG7[11506:0]: CONTEXT 1, FD=9, (IN)->() 2005.12.13 09:11:35 LOG7[11506:0]: CONTEXT 2, FD=11, (INOUT)->() 2005.12.13 09:11:35 LOG6[11506:2]: connect_wait: s_poll_wait timeout 2005.12.13 09:11:35 LOG3[11506:2]: Failed to initialize remote connection 2005.12.13 09:11:35 LOG7[11506:2]: ssyslog finished (0 left) 2005.12.13 09:11:35 LOG5[11506:2]: stack_info: size=65536, current=4204 (6%), maximum=4204 (6%) 2005.12.13 09:11:35 LOG7[11506:2]: Context 2 closed 2005.12.13 09:11:35 LOG7[11506:0]: Waiting -1 second(s) for 2 file descriptor(s)

Client:

2005.12.13 09:05:26 LOG5[17901:1]: stunnel 4.14 on i686-pc-linux-gnu UCONTEXT+POLL+IPv4 with OpenSSL 0.9.7 31 Dec 2002 2005.12.13 09:05:26 LOG7[17901:1]: Snagged 64 random bytes from /root/.rnd 2005.12.13 09:05:26 LOG7[17901:1]: Wrote 1024 new random bytes to /root/.rnd 2005.12.13 09:05:26 LOG7[17901:1]: RAND_status claims sufficient entropy for the PRNG 2005.12.13 09:05:26 LOG6[17901:1]: PRNG seeded successfully 2005.12.13 09:05:26 LOG7[17901:1]: Certificate: /usr/local/etc/stunnel/stunnel.pem 2005.12.13 09:05:26 LOG7[17901:1]: Key file: /usr/local/etc/stunnel/stunnel.pem 2005.12.13 09:05:26 LOG6[17901:1]: file ulimit = 1024 (can be changed with 'ulimit -n') 2005.12.13 09:05:26 LOG6[17901:1]: poll() used - no FD_SETSIZE limit for file descriptors 2005.12.13 09:05:26 LOG5[17901:1]: 500 clients allowed 2005.12.13 09:05:26 LOG7[17901:1]: FD 5 in non-blocking mode 2005.12.13 09:05:26 LOG7[17901:1]: FD 7 in non-blocking mode 2005.12.13 09:05:26 LOG7[17901:1]: FD 8 in non-blocking mode 2005.12.13 09:05:26 LOG7[17901:1]: SO_REUSEADDR option set on accept socket 2005.12.13 09:05:26 LOG7[17901:1]: ssyslog bound to 0.0.0.0:2514 2005.12.13 09:05:26 LOG7[17902:1]: Created pid file /usr/local/etc/stunnel/stunnel.pid 2005.12.13 09:05:26 LOG7[17902:0]: Waiting -1 second(s) for 2 file descriptor(s) 2005.12.13 09:07:03 LOG7[17902:0]: CONTEXT 1, FD=5, (IN)->() 2005.12.13 09:07:03 LOG7[17902:0]: CONTEXT 1, FD=8, (IN)->(IN) 2005.12.13 09:07:03 LOG7[17902:1]: ssyslog accepted FD=9 from 127.0.0.1:40024 2005.12.13 09:07:03 LOG7[17902:1]: Creating a new context 2005.12.13 09:07:03 LOG7[17902:1]: Context 2 created 2005.12.13 09:07:03 LOG7[17902:2]: Context swap: 1 -> 2 2005.12.13 09:07:03 LOG7[17902:2]: ssyslog started 2005.12.13 09:07:03 LOG7[17902:2]: FD 9 in non-blocking mode 2005.12.13 09:07:03 LOG7[17902:2]: TCP_NODELAY option set on local socket 2005.12.13 09:07:03 LOG5[17902:2]: ssyslog connected from 127.0.0.1:40024 2005.12.13 09:07:03 LOG7[17902:2]: FD 10 in non-blocking mode 2005.12.13 09:07:03 LOG7[17902:2]: ssyslog connecting 195.56.52.140:2514 2005.12.13 09:07:03 LOG7[17902:2]: connect_wait: waiting 10 seconds 2005.12.13 09:07:03 LOG7[17902:0]: Waiting 10 second(s) for 3 file descriptor(s) 2005.12.13 09:07:03 LOG7[17902:0]: CONTEXT 1, FD=5, (IN)->() 2005.12.13 09:07:03 LOG7[17902:0]: CONTEXT 1, FD=8, (IN)->() 2005.12.13 09:07:03 LOG7[17902:0]: CONTEXT 2, FD=10, (INOUT)->(OUT) 2005.12.13 09:07:03 LOG7[17902:2]: connect_wait: connected 2005.12.13 09:07:03 LOG7[17902:2]: Remote FD=10 initialized 2005.12.13 09:07:03 LOG7[17902:2]: TCP_NODELAY option set on remote socket 2005.12.13 09:07:03 LOG7[17902:2]: SSL state (connect): before/connect initialization 2005.12.13 09:07:03 LOG7[17902:2]: SSL state (connect): SSLv3 write client hello A 2005.12.13 09:07:03 LOG7[17902:0]: Waiting 300 second(s) for 3 file descriptor(s) 2005.12.13 09:07:06 LOG7[17902:0]: CONTEXT 1, FD=5, (IN)->() 2005.12.13 09:07:06 LOG7[17902:0]: CONTEXT 1, FD=8, (IN)->() 2005.12.13 09:07:06 LOG7[17902:0]: CONTEXT 2, FD=10, (IN)->(IN) 2005.12.13 09:07:06 LOG7[17902:2]: SSL state (connect): SSLv3 read server hello A 2005.12.13 09:07:06 LOG7[17902:2]: SSL state (connect): SSLv3 read server certificate A 2005.12.13 09:07:06 LOG7[17902:2]: SSL state (connect): SSLv3 read server done A 2005.12.13 09:07:06 LOG7[17902:2]: SSL state (connect): SSLv3 write client key exchange A 2005.12.13 09:07:06 LOG7[17902:2]: SSL state (connect): SSLv3 write change cipher spec A 2005.12.13 09:07:06 LOG7[17902:2]: SSL state (connect): SSLv3 write finished A 2005.12.13 09:07:06 LOG7[17902:2]: SSL state (connect): SSLv3 flush data 2005.12.13 09:07:06 LOG7[17902:0]: Waiting 300 second(s) for 3 file descriptor(s) 2005.12.13 09:07:08 LOG7[17902:0]: CONTEXT 1, FD=5, (IN)->() 2005.12.13 09:07:08 LOG7[17902:0]: CONTEXT 1, FD=8, (IN)->() 2005.12.13 09:07:08 LOG7[17902:0]: CONTEXT 2, FD=10, (IN)->(IN) 2005.12.13 09:07:08 LOG7[17902:2]: SSL state (connect): SSLv3 read finished A 2005.12.13 09:07:08 LOG7[17902:2]: 1 items in the session cache 2005.12.13 09:07:08 LOG7[17902:2]: 1 client connects (SSL_connect()) 2005.12.13 09:07:08 LOG7[17902:2]: 1 client connects that finished 2005.12.13 09:07:08 LOG7[17902:2]: 0 client renegotiatations requested 2005.12.13 09:07:08 LOG7[17902:2]: 0 server connects (SSL_accept()) 2005.12.13 09:07:08 LOG7[17902:2]: 0 server connects that finished 2005.12.13 09:07:08 LOG7[17902:2]: 0 server renegotiatiations requested 2005.12.13 09:07:08 LOG7[17902:2]: 0 session cache hits 2005.12.13 09:07:08 LOG7[17902:2]: 0 session cache misses 2005.12.13 09:07:08 LOG7[17902:2]: 0 session cache timeouts 2005.12.13 09:07:08 LOG6[17902:2]: SSL connected: new session negotiated 2005.12.13 09:07:08 LOG6[17902:2]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 2005.12.13 09:07:08 LOG7[17902:0]: Waiting 43200 second(s) for 4 file descriptor(s) 2005.12.13 09:07:10 LOG7[17902:0]: CONTEXT 1, FD=5, (IN)->() 2005.12.13 09:07:10 LOG7[17902:0]: CONTEXT 1, FD=8, (IN)->() 2005.12.13 09:07:10 LOG7[17902:0]: CONTEXT 2, FD=9, (IN)->(IN) 2005.12.13 09:07:10 LOG7[17902:0]: CONTEXT 2, FD=10, (IN)->() 2005.12.13 09:07:10 LOG7[17902:0]: Waiting 43200 second(s) for 4 file descriptor(s) 2005.12.13 09:07:10 LOG7[17902:0]: CONTEXT 1, FD=5, (IN)->() 2005.12.13 09:07:10 LOG7[17902:0]: CONTEXT 1, FD=8, (IN)->() 2005.12.13 09:07:10 LOG7[17902:0]: CONTEXT 2, FD=9, (IN)->() 2005.12.13 09:07:10 LOG7[17902:0]: CONTEXT 2, FD=10, (INOUT)->(OUT) 2005.12.13 09:07:10 LOG7[17902:0]: Waiting 43200 second(s) for 4 file descriptor(s) 2005.12.13 09:07:11 LOG7[17902:0]: CONTEXT 1, FD=5, (IN)->() 2005.12.13 09:07:11 LOG7[17902:0]: CONTEXT 1, FD=8, (IN)->() 2005.12.13 09:07:11 LOG7[17902:0]: CONTEXT 2, FD=9, (IN)->(IN) 2005.12.13 09:07:11 LOG7[17902:0]: CONTEXT 2, FD=10, (IN)->() 2005.12.13 09:07:11 LOG7[17902:0]: Waiting 43200 second(s) for 4 file descriptor(s) 2005.12.13 09:07:11 LOG7[17902:0]: CONTEXT 1, FD=5, (IN)->() 2005.12.13 09:07:11 LOG7[17902:0]: CONTEXT 1, FD=8, (IN)->() 2005.12.13 09:07:11 LOG7[17902:0]: CONTEXT 2, FD=9, (IN)->() 2005.12.13 09:07:11 LOG7[17902:0]: CONTEXT 2, FD=10, (INOUT)->(OUT) 2005.12.13 09:07:11 LOG7[17902:0]: Waiting 43200 second(s) for 4 file descriptor(s) 2005.12.13 09:07:16 LOG7[17902:0]: CONTEXT 1, FD=5, (IN)->() 2005.12.13 09:07:16 LOG7[17902:0]: CONTEXT 1, FD=8, (IN)->() 2005.12.13 09:07:16 LOG7[17902:0]: CONTEXT 2, FD=9, (IN)->() 2005.12.13 09:07:16 LOG7[17902:0]: CONTEXT 2, FD=10, (IN)->(INERRHUP) 2005.12.13 09:07:16 LOG3[17902:2]: SSL_read: Connection reset by peer (104) 2005.12.13 09:07:16 LOG5[17902:2]: Connection reset: 4 bytes sent to SSL, 0 bytes sent to socket 2005.12.13 09:07:16 LOG7[17902:2]: ssyslog finished (0 left) 2005.12.13 09:07:16 LOG5[17902:2]: stack_info: size=65536, current=4180 (6%), maximum=4180 (6%) 2005.12.13 09:07:16 LOG7[17902:2]: Context 2 closed 2005.12.13 09:07:16 LOG7[17902:0]: Waiting -1 second(s) for 2 file descriptor(s)

Strange thing, i did set up a windows box for testing, and i get the exact same error mesages when trying to connect to the server.

Any ideas?