Hi All,
I can ssh to my VM with terminal etc. However my stunnel has something stopping the packet flow? What could be the problem and what should I check / troubleshoot:
client log file: 2023.12.07 07:21:05 LOG7[0]: Service [Sql_Silicon] started 2023.12.07 07:21:05 LOG7[0]: Setting local socket options (FD=636) 2023.12.07 07:21:05 LOG7[0]: Option TCP_NODELAY set on local socket 2023.12.07 07:21:05 LOG5[0]: Service [Sql_Silicon] accepted connection from 127.0.0.1:50474 2023.12.07 07:21:05 LOG6[0]: s_connect: connecting <IP>:<Port> 2023.12.07 07:21:05 LOG7[0]: s_connect: s_poll_wait <IP>:<Port>: waiting 10 seconds 2023.12.07 07:21:05 LOG7[0]: FD=676 ifds=rwx ofds=--- 2023.12.07 07:21:15 LOG3[0]: s_connect: s_poll_wait <IP>:<Port>: TIMEOUTconnect exceeded 2023.12.07 07:21:15 LOG3[0]: No more addresses to connect 2023.12.07 07:21:15 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2023.12.07 07:21:15 LOG7[0]: local_rfd/local_wfd reset (FD=636) 2023.12.07 07:21:15 LOG7[0]: Local descriptor (FD=636) closed 2023.12.07 07:21:15 LOG7[0]: Service [Sql_Silicon] finished (0 left)
My VM is a linux server, on startup of stunnel I get this concerning message which might be the cause? However, I checked and stunnel4:stunnel4 has permissions on the folder and psk file.
2023.12.07 07:40:45 LOG4[ui]: Insecure file permissions on /var/lib/stunnel4/pskSQL_.txt
server log file on start service: 2023.12.07 07:40:45 LOG7[ui]: Clients allowed=500 2023.12.07 07:40:45 LOG5[ui]: stunnel 5.56 on x86_64-pc-linux-gnu platform 2023.12.07 07:40:45 LOG5[ui]: Compiled with OpenSSL 1.1.1k 25 Mar 2021 2023.12.07 07:40:45 LOG5[ui]: Running with OpenSSL 1.1.1w 11 Sep 2023 2023.12.07 07:40:45 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP 2023.12.07 07:40:45 LOG7[ui]: errno: (*__errno_location ()) 2023.12.07 07:40:45 LOG5[ui]: Reading configuration from file /etc/stunnel/stunnel.conf 2023.12.07 07:40:45 LOG5[ui]: UTF-8 byte order mark not detected 2023.12.07 07:40:45 LOG5[ui]: FIPS mode disabled 2023.12.07 07:40:45 LOG7[ui]: Compression disabled 2023.12.07 07:40:45 LOG7[ui]: No PRNG seeding was required 2023.12.07 07:40:45 LOG4[ui]: Insecure file permissions on /var/lib/stunnel4/pskSQL_.txt 2023.12.07 07:40:45 LOG6[ui]: PSKsecrets line 1: 64-byte hexadecimal key configured for identity "siliconServer" 2023.12.07 07:40:45 LOG6[ui]: Initializing service [SQL-<port>] 2023.12.07 07:40:45 LOG6[ui]: PSK identities: 1 retrieved 2023.12.07 07:40:45 LOG7[ui]: Ciphers: PSK 2023.12.07 07:40:45 LOG7[ui]: TLSv1.3 ciphersuites: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 2023.12.07 07:40:45 LOG7[ui]: TLS options: 0x02100004 (+0x00000000, -0x00000000) 2023.12.07 07:40:45 LOG7[ui]: No certificate or private key specified 2023.12.07 07:40:45 LOG6[ui]: DH initialization needed for DHE-PSK-AES256-GCM-SHA384 2023.12.07 07:40:45 LOG7[ui]: DH initialization 2023.12.07 07:40:45 LOG7[ui]: No certificate available to load DH parameters 2023.12.07 07:40:45 LOG6[ui]: Using dynamic DH parameters 2023.12.07 07:40:45 LOG7[ui]: ECDH initialization 2023.12.07 07:40:45 LOG7[ui]: ECDH initialized with curves X25519:P-256:X448:P-521:P-384 2023.12.07 07:40:45 LOG5[ui]: Configuration successful 2023.12.07 07:40:45 LOG7[ui]: Binding service [SQL-<port>] 2023.12.07 07:40:45 LOG7[ui]: Listening file descriptor created (FD=9) 2023.12.07 07:40:45 LOG7[ui]: Setting accept socket options (FD=9) 2023.12.07 07:40:45 LOG7[ui]: Option SO_REUSEADDR set on accept socket 2023.12.07 07:40:45 LOG6[ui]: Service [SQL-<port>] (FD=9) bound to <IP>:<port> 2023.12.07 07:40:45 LOG5[ui]: Switched to chroot directory: /var/lib/stunnel4/ 2023.12.07 07:40:45 LOG7[main]: Created pid file /stunnel.pid 2023.12.07 07:40:45 LOG7[cron]: Cron thread initialized 2023.12.07 07:40:45 LOG6[cron]: Executing cron jobs 2023.12.07 07:40:45 LOG5[cron]: Updating DH parameters