Hello,
I have been using Stunnel 3.5.44 (latest for Ubuntu 18) to connect to my remote load balancer which serves traffic to several backend nodes.
After recent O/S update, I have noticed one weird issue. I am seeing frequent TIMEOUTconnect and TIMEOUTclosed exceeded errors when stunnel service tries to connect to backend nodes via load balancer in round robin mode.
If I replace load balancer or multiple backends (to rule out DNS issue) entries:
connect = remote-load-balancer:8080 Or connect = remote-backend-node1:8080 connect = remote-backend-node2:8080
With single backend entry like this:
connect = remote-backend-node1:8080 Or, connect = remote-backend-node2:8080
Then those errors go away.
I have tested on multiple servers with different backends and timeout configuration and all are showing same issues so the problem seems like not related to specific server of backend.
Any idea what could cause this issue?
Thanks in advance, Ferdous
Reference: https://launchpad.net/ubuntu/bionic/+package/stunnel4
Stunnel sample config:
pid = /var/run/stunnel4/stunnel.pid output = /var/log/stunnel4/stunnel.log
socket = l:SO_KEEPALIVE=1 socket = r:SO_KEEPALIVE=1 socket = r:TCP_KEEPIDLE=120 socket = r:TCP_KEEPINTVL=30 socket = r:TCP_KEEPCNT=6 socket = l:TCP_KEEPIDLE=120 socket = l:TCP_KEEPINTVL=30 socket = l:TCP_KEEPCNT=6
[remote] client = yes accept = 127.0.0.1:6500 connect = remote-load-balancer:8080 cert = /opt/service/etc/cert.d/remote.crt key = /opt/service/etc/key.d/remote.key sslVersion = TLSv1.2 debug = info verifyChain = no verifyPeer = no