Hello there
I run stunnel version 4.21 and openssl version 0.9.8h. In my setup I aim to create a tunnel to send log files through to a centralized loghost.
Host A (loghost) runs Source Mage GNU/Linux (with stunnel 4.21, openssl 0.9.8h) and host B runs Slackware 11 system (with stunnel 4.17, openssl 0.9.8h).
The problem is that stunnel starts on host B but won't start on host A.
Here's the snippet of /var/log/messages that records stunnel start-up event:
root@sega:/home/users/ilj % stunnel && tail /var/log/messages -n 3 Aug 19 16:17:37 sega stunnel: LOG5[29146:3082634944]: stunnel 4.21 on i686-pc-linux-gnu with OpenSSL 0.9.8h 28 May 2008 Aug 19 16:17:37 sega stunnel: LOG5[29146:3082634944]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP Aug 19 16:17:37 sega stunnel: LOG5[29146:3082634944]: 500 clients allowed
I've actually been trying to run stunnel for the first time ever so I don't really know if this output confirms that everything is alright but judging solely from what is put in log file it seems stunnel has started successfully.
Unfortunately, this isn't quite true
root@sega:/home/users/ilj % ps ax | grep stun 29618 pts/4 R+ 0:00 grep stun
So, this is the problem I have. It doesn't start on host A.
Host A has the following stunnel configuration:
root@sega:/home/users/ilj % cat /etc/stunnel/stunnel.conf cert = /etc/stunnel/syslog-ng-server.pem CAfile = /etc/stunnel/syslog-ng-client.pem verify = 3 [5101] accept = 217.117.75.2:5101 connect = 127.0.0.1:1999
Host B sports a little bit different configuration file:
root@xerxes:~ % cat /etc/stunnel/stunnel.conf client = yes cert = /etc/stunnel/syslog-ng-client.pem CAfile = /etc/stunnel/syslog-ng-server.pem verify = 3 [5101] accept = 127.0.0.1:1999 connect = 217.117.75.2:5101
On both hosts (A & B) I run stunnel standalone as root.
- Output of "stunnel -f -D 7 <your-parameters>".
Erm.. it doesn't seem to work for me. There's no -D parameter according to man stunnel.
The following information below is about host A only:
root@sega:/home/users/ilj % stunnel -version stunnel 4.21 on i686-pc-linux-gnu with OpenSSL 0.9.8h 28 May 2008 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options debug = 5 pid = /usr/var/run/stunnel/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes
Service-level options cert = /etc/stunnel/stunnel.pem ciphers = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH key = /etc/stunnel/stunnel.pem session = 300 seconds sslVersion = SSLv3 for client, all for server TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none
root@sega:/home/users/ilj % uname -a Linux sega 2.6.24 #5 SMP PREEMPT Wed May 7 18:22:29 EEST 2008 i686 GNU/Linux
root@sega:/home/users/ilj % gaze from /usr/lib/libc.a glibc-2.7:/usr/lib/libc.a
root@sega:/home/users/ilj % gcc -v Reading specs from /usr/lib/gcc/i686-pc-linux-gnu/4.2.3/specs Target: i686-pc-linux-gnu Configured with: /usr/src/gcc-4.2.3/configure --host=i686-pc-linux-gnu --prefix=/usr --infodir=/usr/share/info --mandir=/usr/share/man --enable-threads=posix --with-system-zlib Thread model: posix gcc version 4.2.3
root@sega:/home/users/ilj % gaze installed | grep openssl openssl:20080615:installed:0.9.8h
-
Ivan Lezhnjov Jr.