Hello! I have a game client connecting to a server using TCP over SSL. I'm trying to setup an SSL proxy using 2 stunnels on the same server like so:
Client --> Stunnel-Server:20001 (decrypt)--> Stunnel-Client:901 (encrypt)---> Server:20001
Using latest stunnel-4.21-r1 on Gentoo kernel 2.6.22-gentoo-r9
I have a weird problem. The first connection after starting both stunnels works fine. Afterwards every time the client tries to connect, it gets refused once. Then it tries again and gets connected. Then the next time it will once again get refused once and then connect.
I have looked at the logs and it seems the Stunnel server (the first) gets Connection Refused from localhost:901. Then it tries again and gets connected. The Stunnel client (the second) doesn't even mention the first failing local connection in the log.
I have provided the config files of both stunnels and a log with debug = 7 (server ip's are censored)
I have also tried the following config tweaks with no luck
socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 TIMEOUTclose = 0 retry = yes
Any help would be appreciated. Thanks!!
An update on that..
The problem seems to go away when I bind the stunnel-client to another local address which isn't localhost. like the ethernet adapter's address (in this case 192.168.0.6) like so:
server: ------------- [lobby] accept = 20001 connect = 192.168.0.6:9001
[lobby] accept = 192.168.0.6:9001 connect = LOBBY-SERVER:20001
Is this an expected behavior?
Thanks, Avner.
On Feb 1, 2008, at 10:21 PM, Avner Peled wrote:
Hello!
I have a game client connecting to a server using TCP over SSL. I'm trying to setup an SSL proxy using 2 stunnels on the same server like so:
Client --> Stunnel-Server:20001 (decrypt)--> Stunnel-Client:901 (encrypt)---> Server:20001
Using latest stunnel-4.21-r1 on Gentoo kernel 2.6.22-gentoo-r9
I have a weird problem. The first connection after starting both stunnels works fine. Afterwards every time the client tries to connect, it gets refused once. Then it tries again and gets connected. Then the next time it will once again get refused once and then connect.
I have looked at the logs and it seems the Stunnel server (the first) gets Connection Refused from localhost:901. Then it tries again and gets connected. The Stunnel client (the second) doesn't even mention the first failing local connection in the log.
I have provided the config files of both stunnels and a log with debug = 7 (server ip's are censored)
I have also tried the following config tweaks with no luck
socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 TIMEOUTclose = 0 retry = yes
Any help would be appreciated. Thanks!!
-- Avner Peled. avnerus@gmail.com
<client.conf><client.log><server.conf><server.log>
-
Avner Peled