Connection reset: (maybe the wrong forum) - stunnel-users

15 Jan 2020


      Hello!
I have tried to stream to an icecast server through stunnel usung
liquidsoap.
Somewhere the stream gets stuck. I want to where.
Maybe I should have posted this on the Tor mailing list first, since the
traffic is
forwarded through Tor. But before the stream went to Tor, it went through
stunnel.
The liquidsoap snippet which tries to stream (password,mount name,
stream description and stream name modified:
output.external(id="Tor", fallible=true, reopen_delay=3.0,
%vorbis(quality=0.4 , samplerate=48000, channels=2),
"/usr/bin/oggfwd -n streamname -d 'stream description' localhost 9887
password /mount",
mksafe(buffer(full)))
I had a script which was supposed to pick up this stream and forward it
on a cloud server (passwords etc. modified):
#!/bin/bash
/usr/bin/curl -V http://localhost:9887/mount | \
/usr/bin/torsocks /usr/bin/oggfwd -n streamname -d 'stream description'
superdupersecret.onion 8000 password /mount
#/usr/bin/curl -T - -s --socks5 localhost:9050
http://superdupersecret.onion/mount
exec "/home/per/bin/test.sh"
stunnel.conf on cloud:
setuid = stunnel4
setgid = stunnel4
; PID file is created inside the chroot jail (if enabled)
pid = /var/run/stunnel4/stunnel.pid
; Debugging stuff (may be useful for troubleshooting)
;foreground = yes
debug = info
output = /var/log/stunnel4/stunnel.log
[liquidsoap-client]
client = yes
accept = localhost:8081
connect = mustafejen.se:9998
PSKsecrets = /etc/stunnel/secrets.txt
[hequidtor-client]
connect = localhost:9050
accept = 95.216.184.255:9888
PSKsecrets = /etc/stunnel/secrets.txt
[Deep Web Radio In]
client = yes
accept = 95.216.184.255:9887
connect = localhost:9050
PSKsecrets = /etc/stunnel/secrets.txt
stunnel.conf in my living room:
setuid = stunnel4
setgid = stunnel4
; PID file is created inside the chroot jail (if enabled)
pid = /var/run/stunnel4/stunnel.pid
; Debugging stuff (may be useful for troubleshooting)
;foreground = yes
debug = info
output = /var/log/stunnel4/stunnel.log
[liquidsoap-server]
;client = yes
connect = mustafejen.se:8081
accept = mustafejen.se:9998
PSKsecrets = /etc/stunnel/secrets.txt
[hequidtor-server]
client = yes
accept = localhost:9888
connect = 95.216.184.255:9888
PSKsecrets = /etc/stunnel/secrets.txt
[Deep Web Radio Out]
accept = localhost:9887
connect = 95.216.184.255:9887
PSKsecrets = /etc/stunnel/secrets.txt
Log file from cloud:
2020.01.15 06:25:01 LOG5[main]: Log file reopened
2020.01.15 10:29:22 LOG5[main]: Terminated
2020.01.15 10:29:22 LOG5[ui]: stunnel 5.44 on x86_64-pc-linux-gnu platform
2020.01.15 10:29:22 LOG5[ui]: Compiled with OpenSSL 1.1.0g  2 Nov 2017
2020.01.15 10:29:22 LOG5[ui]: Running  with OpenSSL 1.1.1  11 Sep 2018
2020.01.15 10:29:22 LOG5[ui]: Update OpenSSL shared libraries or rebuild
stunnel
2020.01.15 10:29:22 LOG5[ui]: Threading:PTHREAD
Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP
2020.01.15 10:29:22 LOG5[ui]: Reading configuration from file
/etc/stunnel/stunnel.conf
2020.01.15 10:29:22 LOG5[ui]: UTF-8 byte order mark detected
2020.01.15 10:29:22 LOG5[ui]: FIPS mode disabled
2020.01.15 10:29:22 LOG6[ui]: Initializing service [liquidsoap-client]
2020.01.15 10:29:23 LOG6[ui]: PSK identities: 1 retrieved
2020.01.15 10:29:23 LOG6[ui]: Initializing service [hequidtor-client]
2020.01.15 10:29:23 LOG6[ui]: PSK identities: 1 retrieved
2020.01.15 10:29:23 LOG6[ui]: Using dynamic DH parameters
2020.01.15 10:29:23 LOG6[ui]: Initializing service [Deep Web Radio In]
2020.01.15 10:29:23 LOG6[ui]: PSK identities: 1 retrieved
2020.01.15 10:29:23 LOG5[ui]: Configuration successful
Log file from my living room:
2020.01.15 10:20:13 LOG5[ui]: stunnel 5.56 on x86_64-pc-linux-gnu platform
2020.01.15 10:20:13 LOG5[ui]: Compiled/running with OpenSSL 1.1.1d  10
Sep 2019
2020.01.15 10:20:13 LOG5[ui]: Threading:PTHREAD
Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP
2020.01.15 10:20:13 LOG5[ui]: Reading configuration from file
/etc/stunnel/stunnel.conf
2020.01.15 10:20:13 LOG5[ui]: UTF-8 byte order mark detected
2020.01.15 10:20:13 LOG5[ui]: FIPS mode disabled
2020.01.15 10:20:13 LOG6[ui]: PSKsecrets line 1: 40-byte ASCII key
configured for identity "per"
2020.01.15 10:20:13 LOG6[ui]: Initializing service [liquidsoap-server]
2020.01.15 10:20:13 LOG6[ui]: PSK identities: 1 retrieved
2020.01.15 10:20:13 LOG6[ui]: DH initialization not needed
2020.01.15 10:20:13 LOG6[ui]: PSKsecrets line 1: 40-byte ASCII key
configured for identity "per"
2020.01.15 10:20:13 LOG6[ui]: Initializing service [hequidtor-server]
2020.01.15 10:20:13 LOG6[ui]: PSK identities: 1 retrieved
2020.01.15 10:20:13 LOG6[ui]: PSKsecrets line 1: 40-byte ASCII key
configured for identity "per"
2020.01.15 10:20:13 LOG6[ui]: Initializing service [Deep Web Radio Out]
2020.01.15 10:20:13 LOG6[ui]: PSK identities: 1 retrieved
2020.01.15 10:20:13 LOG6[ui]: DH initialization not needed
2020.01.15 10:20:13 LOG5[ui]: Configuration successful
2020.01.15 10:20:13 LOG6[ui]: Service [liquidsoap-server] (FD=9) bound
to 10.0.0.6:9998
2020.01.15 10:20:13 LOG6[ui]: Service [hequidtor-server] (FD=10) bound
to ::1:9888
2020.01.15 10:20:13 LOG6[ui]: Service [hequidtor-server] (FD=11) bound
to 127.0.0.1:9888
2020.01.15 10:20:13 LOG6[ui]: Service [Deep Web Radio Out] (FD=12) bound
to ::1:9887
2020.01.15 10:20:13 LOG6[ui]: Service [Deep Web Radio Out] (FD=13) bound
to 127.0.0.1:9887
2020.01.15 10:20:13 LOG6[cron]: Executing cron jobs
2020.01.15 10:20:13 LOG6[cron]: Cron jobs completed in 0 seconds
2020.01.15 10:32:56 LOG5[0]: Service [Deep Web Radio Out] accepted
connection from ::1:44732
2020.01.15 10:32:56 LOG6[0]: Peer certificate not required
2020.01.15 10:32:56 LOG3[0]: SSL_accept:
../ssl/record/ssl3_record.c:331: error:1408F10B:SSL
routines:ssl3_get_record:wrong version number
2020.01.15 10:32:56 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 10:32:56 LOG5[1]: Service [Deep Web Radio Out] accepted
connection from ::1:44734
2020.01.15 10:32:56 LOG6[1]: Peer certificate not required
2020.01.15 10:32:56 LOG3[1]: SSL_accept:
../ssl/record/ssl3_record.c:321: error:1408F09C:SSL
routines:ssl3_get_record:http request
2020.01.15 10:32:56 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 10:32:56 LOG5[2]: Service [Deep Web Radio Out] accepted
connection from ::1:44736
2020.01.15 10:32:56 LOG6[2]: Peer certificate not required
2020.01.15 10:32:56 LOG3[2]: SSL_accept: ../ssl/t1_lib.c:2719:
error:14201076:SSL routines:tls_choose_sigalg:no suitable signature
algorithm
2020.01.15 10:32:56 LOG5[2]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 10:33:44 LOG5[3]: Service [Deep Web Radio Out] accepted
connection from ::1:44760
2020.01.15 10:33:44 LOG6[3]: Peer certificate not required
2020.01.15 10:33:44 LOG3[3]: SSL_accept:
../ssl/record/ssl3_record.c:331: error:1408F10B:SSL
routines:ssl3_get_record:wrong version number
2020.01.15 10:33:44 LOG5[3]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 10:33:44 LOG5[4]: Service [Deep Web Radio Out] accepted
connection from ::1:44762
2020.01.15 10:33:44 LOG6[4]: Peer certificate not required
2020.01.15 10:33:44 LOG3[4]: SSL_accept:
../ssl/record/ssl3_record.c:321: error:1408F09C:SSL
routines:ssl3_get_record:http request
2020.01.15 10:33:44 LOG5[4]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 10:33:44 LOG5[5]: Service [Deep Web Radio Out] accepted
connection from ::1:44764
2020.01.15 10:33:44 LOG6[5]: Peer certificate not required
2020.01.15 10:33:44 LOG3[5]: SSL_accept: ../ssl/t1_lib.c:2719:
error:14201076:SSL routines:tls_choose_sigalg:no suitable signature
algorithm
2020.01.15 10:33:44 LOG5[5]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 10:34:50 LOG5[6]: Service [Deep Web Radio Out] accepted
connection from ::1:44788
2020.01.15 10:34:50 LOG6[6]: Peer certificate not required
2020.01.15 10:34:50 LOG3[6]: SSL_accept:
../ssl/record/ssl3_record.c:331: error:1408F10B:SSL
routines:ssl3_get_record:wrong version number
2020.01.15 10:34:50 LOG5[6]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 10:34:50 LOG5[7]: Service [Deep Web Radio Out] accepted
connection from ::1:44790
2020.01.15 10:34:50 LOG6[7]: Peer certificate not required
2020.01.15 10:34:50 LOG3[7]: SSL_accept:
../ssl/record/ssl3_record.c:321: error:1408F09C:SSL
routines:ssl3_get_record:http request
2020.01.15 10:34:50 LOG5[7]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 10:34:50 LOG5[8]: Service [Deep Web Radio Out] accepted
connection from ::1:44792
2020.01.15 10:34:50 LOG6[8]: Peer certificate not required
2020.01.15 10:34:50 LOG3[8]: SSL_accept: ../ssl/t1_lib.c:2719:
error:14201076:SSL routines:tls_choose_sigalg:no suitable signature
algorithm
2020.01.15 10:34:50 LOG5[8]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 10:48:17 LOG5[9]: Service [Deep Web Radio Out] accepted
connection from ::1:44854
2020.01.15 10:48:17 LOG6[9]: Peer certificate not required
2020.01.15 10:48:17 LOG3[9]: SSL_accept:
../ssl/record/ssl3_record.c:325: error:1408F09B:SSL
routines:ssl3_get_record:https proxy request
2020.01.15 10:48:17 LOG5[9]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 10:48:17 LOG5[10]: Service [Deep Web Radio Out] accepted
connection from ::1:44856
2020.01.15 10:48:17 LOG6[10]: Peer certificate not required
2020.01.15 10:48:17 LOG3[10]: SSL_accept:
../ssl/record/ssl3_record.c:325: error:1408F09B:SSL
routines:ssl3_get_record:https proxy request
2020.01.15 10:48:17 LOG5[10]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 10:48:32 LOG5[11]: Service [Deep Web Radio Out] accepted
connection from ::1:44858
2020.01.15 10:48:32 LOG6[11]: Peer certificate not required
2020.01.15 10:48:32 LOG3[11]: SSL_accept:
../ssl/record/ssl3_record.c:325: error:1408F09B:SSL
routines:ssl3_get_record:https proxy request
2020.01.15 10:48:32 LOG5[11]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 10:48:32 LOG5[12]: Service [Deep Web Radio Out] accepted
connection from ::1:44860
2020.01.15 10:48:32 LOG6[12]: Peer certificate not required
2020.01.15 10:48:32 LOG3[12]: SSL_accept:
../ssl/record/ssl3_record.c:325: error:1408F09B:SSL
routines:ssl3_get_record:https proxy request
2020.01.15 10:48:32 LOG5[12]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 10:49:01 LOG5[13]: Service [Deep Web Radio Out] accepted
connection from ::1:44864
2020.01.15 10:49:01 LOG6[13]: Peer certificate not required
2020.01.15 10:49:01 LOG3[13]: SSL_accept:
../ssl/record/ssl3_record.c:325: error:1408F09B:SSL
routines:ssl3_get_record:https proxy request
2020.01.15 10:49:01 LOG5[13]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 10:49:01 LOG5[14]: Service [Deep Web Radio Out] accepted
connection from ::1:44866
2020.01.15 10:49:01 LOG6[14]: Peer certificate not required
2020.01.15 10:49:01 LOG3[14]: SSL_accept:
../ssl/record/ssl3_record.c:325: error:1408F09B:SSL
routines:ssl3_get_record:https proxy request
2020.01.15 10:49:01 LOG5[14]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 10:57:28 LOG5[15]: Service [Deep Web Radio Out] accepted
connection from ::1:44914
2020.01.15 10:57:28 LOG6[15]: Peer certificate not required
2020.01.15 10:57:28 LOG3[15]: SSL_accept:
../ssl/record/ssl3_record.c:331: error:1408F10B:SSL
routines:ssl3_get_record:wrong version number
2020.01.15 10:57:28 LOG5[15]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 10:57:28 LOG5[16]: Service [Deep Web Radio Out] accepted
connection from ::1:44916
2020.01.15 10:57:28 LOG6[16]: Peer certificate not required
2020.01.15 10:57:28 LOG3[16]: SSL_accept:
../ssl/record/ssl3_record.c:321: error:1408F09C:SSL
routines:ssl3_get_record:http request
2020.01.15 10:57:28 LOG5[16]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 10:57:28 LOG5[17]: Service [Deep Web Radio Out] accepted
connection from ::1:44918
2020.01.15 10:57:28 LOG6[17]: Peer certificate not required
2020.01.15 10:57:28 LOG3[17]: SSL_accept: ../ssl/t1_lib.c:2719:
error:14201076:SSL routines:tls_choose_sigalg:no suitable signature
algorithm
2020.01.15 10:57:28 LOG5[17]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 11:24:24 LOG5[18]: Service [Deep Web Radio Out] accepted
connection from ::1:45012
2020.01.15 11:24:24 LOG6[18]: Peer certificate not required
2020.01.15 11:24:24 LOG3[18]: SSL_accept:
../ssl/record/ssl3_record.c:331: error:1408F10B:SSL
routines:ssl3_get_record:wrong version number
2020.01.15 11:24:24 LOG5[18]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 11:24:24 LOG5[19]: Service [Deep Web Radio Out] accepted
connection from ::1:45014
2020.01.15 11:24:24 LOG6[19]: Peer certificate not required
2020.01.15 11:24:24 LOG3[19]: SSL_accept:
../ssl/record/ssl3_record.c:321: error:1408F09C:SSL
routines:ssl3_get_record:http request
2020.01.15 11:24:24 LOG5[19]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 11:24:24 LOG5[20]: Service [Deep Web Radio Out] accepted
connection from ::1:45016
2020.01.15 11:24:24 LOG6[20]: Peer certificate not required
2020.01.15 11:24:24 LOG3[20]: SSL_accept: ../ssl/t1_lib.c:2719:
error:14201076:SSL routines:tls_choose_sigalg:no suitable signature
algorithm
2020.01.15 11:24:24 LOG5[20]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 11:25:16 LOG5[21]: Service [Deep Web Radio Out] accepted
connection from ::1:45038
2020.01.15 11:25:16 LOG6[21]: Peer certificate not required
2020.01.15 11:25:16 LOG3[21]: SSL_accept:
../ssl/record/ssl3_record.c:331: error:1408F10B:SSL
routines:ssl3_get_record:wrong version number
2020.01.15 11:25:16 LOG5[21]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 11:25:16 LOG5[22]: Service [Deep Web Radio Out] accepted
connection from ::1:45040
2020.01.15 11:25:16 LOG6[22]: Peer certificate not required
2020.01.15 11:25:16 LOG3[22]: SSL_accept:
../ssl/record/ssl3_record.c:321: error:1408F09C:SSL
routines:ssl3_get_record:http request
2020.01.15 11:25:16 LOG5[22]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 11:25:16 LOG5[23]: Service [Deep Web Radio Out] accepted
connection from ::1:45042
2020.01.15 11:25:16 LOG6[23]: Peer certificate not required
2020.01.15 11:25:16 LOG3[23]: SSL_accept: ../ssl/t1_lib.c:2719:
error:14201076:SSL routines:tls_choose_sigalg:no suitable signature
algorithm
2020.01.15 11:25:16 LOG5[23]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 11:28:38 LOG5[24]: Service [Deep Web Radio Out] accepted
connection from ::1:45070
2020.01.15 11:28:38 LOG6[24]: Peer certificate not required
2020.01.15 11:28:38 LOG3[24]: SSL_accept:
../ssl/record/ssl3_record.c:331: error:1408F10B:SSL
routines:ssl3_get_record:wrong version number
2020.01.15 11:28:38 LOG5[24]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 11:28:38 LOG5[25]: Service [Deep Web Radio Out] accepted
connection from ::1:45072
2020.01.15 11:28:38 LOG6[25]: Peer certificate not required
2020.01.15 11:28:38 LOG3[25]: SSL_accept:
../ssl/record/ssl3_record.c:321: error:1408F09C:SSL
routines:ssl3_get_record:http request
2020.01.15 11:28:38 LOG5[25]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 11:28:38 LOG5[26]: Service [Deep Web Radio Out] accepted
connection from ::1:45074
2020.01.15 11:28:38 LOG6[26]: Peer certificate not required
2020.01.15 11:28:38 LOG3[26]: SSL_accept: ../ssl/t1_lib.c:2719:
error:14201076:SSL routines:tls_choose_sigalg:no suitable signature
algorithm
2020.01.15 11:28:38 LOG5[26]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 11:30:06 LOG5[27]: Service [Deep Web Radio Out] accepted
connection from ::1:45096
2020.01.15 11:30:06 LOG6[27]: Peer certificate not required
2020.01.15 11:30:06 LOG3[27]: SSL_accept:
../ssl/record/ssl3_record.c:331: error:1408F10B:SSL
routines:ssl3_get_record:wrong version number
2020.01.15 11:30:06 LOG5[27]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 11:30:06 LOG5[28]: Service [Deep Web Radio Out] accepted
connection from ::1:45098
2020.01.15 11:30:06 LOG6[28]: Peer certificate not required
2020.01.15 11:30:06 LOG3[28]: SSL_accept:
../ssl/record/ssl3_record.c:321: error:1408F09C:SSL
routines:ssl3_get_record:http request
2020.01.15 11:30:06 LOG5[28]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 11:30:06 LOG5[29]: Service [Deep Web Radio Out] accepted
connection from ::1:45100
2020.01.15 11:30:06 LOG6[29]: Peer certificate not required
2020.01.15 11:30:06 LOG3[29]: SSL_accept: ../ssl/t1_lib.c:2719:
error:14201076:SSL routines:tls_choose_sigalg:no suitable signature
algorithm
2020.01.15 11:30:06 LOG5[29]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 11:32:34 LOG5[30]: Service [Deep Web Radio Out] accepted
connection from ::1:45136
2020.01.15 11:32:34 LOG6[30]: Peer certificate not required
2020.01.15 11:32:34 LOG3[30]: SSL_accept:
../ssl/record/ssl3_record.c:331: error:1408F10B:SSL
routines:ssl3_get_record:wrong version number
2020.01.15 11:32:34 LOG5[30]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 11:32:34 LOG5[31]: Service [Deep Web Radio Out] accepted
connection from ::1:45138
2020.01.15 11:32:34 LOG6[31]: Peer certificate not required
2020.01.15 11:32:34 LOG3[31]: SSL_accept:
../ssl/record/ssl3_record.c:321: error:1408F09C:SSL
routines:ssl3_get_record:http request
2020.01.15 11:32:34 LOG5[31]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2020.01.15 11:32:34 LOG5[32]: Service [Deep Web Radio Out] accepted
connection from ::1:45140
2020.01.15 11:32:34 LOG6[32]: Peer certificate not required
2020.01.15 11:32:34 LOG3[32]: SSL_accept: ../ssl/t1_lib.c:2719:
error:14201076:SSL routines:tls_choose_sigalg:no suitable signature
algorithm
2020.01.15 11:32:34 LOG5[32]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket