Hey all,
I'm getting this in the /var/adm/messages log on the server side when attempting to connect from the client:
Mar 8 22:23:33 SERVERNAME stunnel: [ID 821868 daemon.error] LOG3[27429:4]: SSL_connect: Peer suddenly disconnected
I have the server configured as follows: cat /etc/stunnel/stunnel.test.conf client=yes debug=debug cert=/etc/stunnel/stunnel.pem [sunrpc] accept=112 connect=127.0.0.1:111 TIMEOUTclose=10
This is started just by running stunnel with the config file and then starting rpcbind normally.
The client is configured as follows: # cat /etc/stunnel/stunnel.test.conf client=yes debug=debug cert=/etc/stunnel/imnxnsm0.pem [sunrpc] accept=111 connect=SERVERNAME:112
The error shows up when I attempt to run "rpcinfo -p 127.0.0.1".
Snoop is showing the following (adjusted to remove hostnames/ips): CLIENT -> SERVER TCP D=112 S=63986 Syn Seq=867918817 Len=0 Win=24820 Options=<nop,nop,sackOK,mss 1460> SERVER -> CLIENT TCP D=63986 S=112 Syn Ack=867918818 Seq=209756753 Len=0 Win=24820 Options=<nop,nop,sackOK,mss 1460> CLIENT -> SERVER TCP D=112 S=63986 Ack=209756754 Seq=867918818 Len=0 Win=24820 CLIENT -> SERVER TCP D=112 S=63986 Ack=209756754 Seq=867918818 Len=88 Win=24820 SERVER -> CLIENT TCP D=63986 S=112 Ack=867918906 Seq=209756754 Len=0 Win=24820 SERVER -> CLIENT TCP D=63986 S=112 Rst Seq=209756754 Len=0 Win=24820
I'm pretty new to stunnel, and am having a heck of a time getting this to work. This configuration is the closest I've been to success so far. Is there a better way for me to wrap rpcbind perhaps?
Any help with this will be appreciated. Thanks, Civil
David Goodwin wrote:
I'm getting this in the /var/adm/messages log on the server side when attempting to connect from the client:
Mar 8 22:23:33 SERVERNAME stunnel: [ID 821868 daemon.error] LOG3[27429:4]: SSL_connect: Peer suddenly disconnected
I have the server configured as follows: cat /etc/stunnel/stunnel.test.conf client=yes debug=debug cert=/etc/stunnel/stunnel.pem [sunrpc] accept=112 connect=127.0.0.1:111 TIMEOUTclose=10
Simply remove "client=yes" line from server configuration file, unless you really want to negotiate SSL on the connecting socket. 8-)
Best regards, Mike
Mike,
Perfect! Thanks for the help. :)
-Civil
Michal Trojnara wrote:
David Goodwin wrote:
I'm getting this in the /var/adm/messages log on the server side when attempting to connect from the client:
Mar 8 22:23:33 SERVERNAME stunnel: [ID 821868 daemon.error] LOG3[27429:4]: SSL_connect: Peer suddenly disconnected
I have the server configured as follows: cat /etc/stunnel/stunnel.test.conf client=yes debug=debug cert=/etc/stunnel/stunnel.pem [sunrpc] accept=112 connect=127.0.0.1:111 TIMEOUTclose=10
Simply remove "client=yes" line from server configuration file, unless you really want to negotiate SSL on the connecting socket. 8-)
Best regards, Mike
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
-
David Goodwin -
Michal Trojnara