I have problems with stunnel on OS Windows. After a successful connection with stunnel, the connection drops after approximately 9 minutes of inactivity. On Linux, this problem was solved by changing this parametrs: net.ipv4.tcp_keepalive_time = 60 net.ipv4.tcp_keepalive_intvl = 30 net.ipv4.tcp_keepalive_probes = 20 I don't have access to the server side router, so I can't change anything. Stunnel log: 2023.01.25 17:18:10 LOG7[1]: Service [test] started 2023.01.25 17:18:10 LOG7[1]: Setting local socket options (FD=964) 2023.01.25 17:18:10 LOG7[1]: Option TCP_NODELAY set on local socket 2023.01.25 17:18:10 LOG5[1]: Service [test] accepted connection from 127.0.0.1:50145 2023.01.25 17:18:10 LOG6[1]: s_connect: connecting 225.179.85.93:18572 2023.01.25 17:18:10 LOG7[1]: s_connect: s_poll_wait 225.179.85.93:18572: waiting 10 seconds 2023.01.25 17:18:10 LOG7[1]: FD=716 ifds=rwx ofds=--- 2023.01.25 17:18:10 LOG5[1]: s_connect: connected 225.179.85.93:18572 2023.01.25 17:18:10 LOG5[1]: Service [onegomed] connected remote server from 192.168.1.84:50146 2023.01.25 17:18:10 LOG7[1]: Setting remote socket options (FD=716) 2023.01.25 17:18:10 LOG7[1]: Option TCP_NODELAY set on remote socket 2023.01.25 17:18:10 LOG7[1]: Remote descriptor (FD=716) initialized 2023.01.25 17:18:10 LOG6[1]: SNI: sending servername: 225.179.85.93 2023.01.25 17:18:10 LOG6[1]: Peer certificate not required 2023.01.25 17:18:10 LOG7[1]: TLS state (connect): before SSL initialization 2023.01.25 17:18:10 LOG7[1]: TLS state (connect): SSLv3/TLS write client hello 2023.01.25 17:18:10 LOG7[1]: TLS state (connect): SSLv3/TLS write client hello 2023.01.25 17:18:10 LOG7[1]: Initializing application specific data for session authenticated 2023.01.25 17:18:10 LOG7[1]: TLS state (connect): SSLv3/TLS read server hello 2023.01.25 17:18:10 LOG7[1]: TLS state (connect): TLSv1.3 read encrypted extensions 2023.01.25 17:18:10 LOG6[1]: Certificate verification disabled 2023.01.25 17:18:10 LOG6[1]: Certificate verification disabled 2023.01.25 17:18:10 LOG6[1]: Certificate verification disabled 2023.01.25 17:18:10 LOG7[1]: TLS state (connect): SSLv3/TLS read server certificate 2023.01.25 17:18:10 LOG7[1]: TLS state (connect): TLSv1.3 read server certificate verify 2023.01.25 17:18:10 LOG7[1]: TLS state (connect): SSLv3/TLS read finished 2023.01.25 17:18:10 LOG7[1]: TLS state (connect): SSLv3/TLS write change cipher spec 2023.01.25 17:18:10 LOG7[1]: TLS state (connect): SSLv3/TLS write finished 2023.01.25 17:18:10 LOG7[1]: 2 client connect(s) requested 2023.01.25 17:18:10 LOG7[1]: 2 client connect(s) succeeded 2023.01.25 17:18:10 LOG7[1]: 0 client renegotiation(s) requested 2023.01.25 17:18:10 LOG7[1]: 0 session reuse(s) 2023.01.25 17:18:10 LOG6[1]: TLS connected: new session negotiated 2023.01.25 17:18:10 LOG6[1]: TLSv1.3 ciphersuite: TLS_AES_256_GCM_SHA384 (256-bit encryption) 2023.01.25 17:18:10 LOG6[1]: Peer temporary key: X25519, 253 bits 2023.01.25 17:18:10 LOG7[1]: Compression: null, expansion: null 2023.01.25 17:18:10 LOG7[1]: TLS state (connect): SSL negotiation finished successfully 2023.01.25 17:18:10 LOG7[1]: TLS state (connect): SSL negotiation finished successfully 2023.01.25 17:18:10 LOG7[1]: Initializing application specific data for session authenticated 2023.01.25 17:18:10 LOG7[1]: Deallocating application specific data for session connect address 2023.01.25 17:18:10 LOG7[1]: New session callback 2023.01.25 17:18:10 LOG7[1]: Deallocating application specific data for session connect address 2023.01.25 17:18:10 LOG6[1]: Session id: 8E91DBE369D9E16221CCA288A7C1F652AB045BAE96C19B4240B1B7F710069CCE 2023.01.25 17:18:10 LOG7[1]: TLS state (connect): SSLv3/TLS read server session ticket 2023.01.25 17:18:10 LOG7[1]: TLS state (connect): SSL negotiation finished successfully 2023.01.25 17:18:10 LOG7[1]: TLS state (connect): SSL negotiation finished successfully 2023.01.25 17:18:10 LOG7[1]: Initializing application specific data for session authenticated 2023.01.25 17:18:10 LOG7[1]: New session callback 2023.01.25 17:18:10 LOG7[1]: Deallocating application specific data for session connect address 2023.01.25 17:18:10 LOG6[1]: Session id: 6UIA254BF9D027B3D4BE5F966BDE9DE2058CF167C4EF0CD5A460958B698DF322 2023.01.25 17:18:10 LOG7[1]: TLS state (connect): SSLv3/TLS read server session ticket 2023.01.25 17:33:25 LOG3[1]: SSL_read: Connection reset by peer (WSAECONNRESET) (10054) 2023.01.25 17:33:25 LOG5[1]: Connection reset: 5184 byte(s) sent to TLS, 10344 byte(s) sent to socket 2023.01.25 17:33:25 LOG7[1]: Remote descriptor (FD=716) closed 2023.01.25 17:33:25 LOG7[1]: Local descriptor (FD=964) closed 2023.01.25 17:33:25 LOG7[1]: Service [test] finished (0 left)` I tried: * changing the windows registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveInterval HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TdxPrematureConnectIndDisabled HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\InternetSetting\KeepAliveTimeout HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\InternetSetting\ServerInfoTimeout * changing stunnel config on client side: socket = l:SO_KEEPALIVE=1 socket = r:SO_KEEPALIVE=1 * changing parametrs on linux server side: net.ipv4.tcp_keepalive_time = 60 net.ipv4.tcp_keepalive_intvl = 30 net.ipv4.tcp_keepalive_probes = 20 * add server cert on stunnel client config; * downgrade and update stunnel. -- Gordon Stevenson Отправлено из Почты Mail.ru