Hi,
I use stunnel 4.16 on Windows 2000 and XP with this simple config:
cert = stunnel.pem CAfile = cacerts.pem socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 client = yes verify = 3
[VNC2] accept = localhost:5900 connect = someotherpc:5600
When I start stunnel (as Win service), sometimes it forwards to someotherpc:5600 (it is correct) but sometimes it doesn't.
Here is the debug 7 info:
2006.12.01 14:52:32 LOG7[3676:4060]: RAND_status claims sufficient entropy for the PRNG 2006.12.01 14:52:32 LOG7[3676:4060]: PRNG seeded successfully 2006.12.01 14:52:32 LOG7[3676:4060]: Certificate: stunnel.pem 2006.12.01 14:52:32 LOG7[3676:4060]: Certificate loaded 2006.12.01 14:52:32 LOG7[3676:4060]: Key file: stunnel.pem 2006.12.01 14:52:32 LOG7[3676:4060]: Private key loaded 2006.12.01 14:52:32 LOG7[3676:4060]: Loaded verify certificates from cacerts.pem 2006.12.01 14:52:32 LOG7[3676:4060]: SSL context initialized for service VNC2 2006.12.01 14:52:32 LOG5[3676:4060]: stunnel 4.16 on x86-pc-mingw32-gnu with OpenSSL 0.9.7i 14 Oct 2005 2006.12.01 14:52:32 LOG5[3676:4060]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6 2006.12.01 14:52:32 LOG5[3676:3108]: No limit detected for the number of clients 2006.12.01 14:52:32 LOG7[3676:3108]: FD 180 in non-blocking mode 2006.12.01 14:52:32 LOG7[3676:3108]: SO_REUSEADDR option set on accept socket 2006.12.01 14:52:32 LOG7[3676:3108]: VNC2 bound to 127.0.0.1:5900
When it doesn't work correcly, it stops here, otherwise continues:
2006.12.01 14:52:34 LOG7[3676:3108]: VNC2 accepted FD=188 from 127.0.0.1:1364 2006.12.01 14:52:34 LOG7[3676:3108]: Creating a new thread 2006.12.01 14:52:34 LOG7[3676:3108]: New thread created 2006.12.01 14:52:34 LOG7[3676:4008]: VNC2 started 2006.12.01 14:52:34 LOG7[3676:4008]: FD 188 in non-blocking mode 2006.12.01 14:52:34 LOG7[3676:4008]: TCP_NODELAY option set on local socket 2006.12.01 14:52:34 LOG5[3676:4008]: VNC2 connected from 127.0.0.1:1364 2006.12.01 14:52:34 LOG7[3676:4008]: FD 212 in non-blocking mode 2006.12.01 14:52:34 LOG7[3676:4008]: VNC2 connecting 192.168.1.172:5600 2006.12.01 14:52:34 LOG7[3676:4008]: connect_wait: waiting 10 seconds 2006.12.01 14:52:34 LOG7[3676:4008]: connect_wait: connected 2006.12.01 14:52:34 LOG7[3676:4008]: Remote FD=212 initialized 2006.12.01 14:52:34 LOG7[3676:4008]: TCP_NODELAY option set on remote socket 2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): before/connect initialization 2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 write client hello A 2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 read server hello A 2006.12.01 14:52:34 LOG6[3676:4008]: *** starting OCSP verification *** 2006.12.01 14:52:34 LOG5[3676:4008]: VERIFY OK: depth=0, some info .... 2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 read server certificate A 2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 read server certificate request A 2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 read server done A 2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 write client certificate A 2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 write client key exchange A 2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 write certificate verify A 2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 write change cipher spec A 2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 write finished A 2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 flush data 2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 read finished A 2006.12.01 14:52:34 LOG7[3676:4008]: 1 items in the session cache 2006.12.01 14:52:34 LOG7[3676:4008]: 1 client connects (SSL_connect()) 2006.12.01 14:52:34 LOG7[3676:4008]: 1 client connects that finished 2006.12.01 14:52:34 LOG7[3676:4008]: 0 client renegotiations requested 2006.12.01 14:52:34 LOG7[3676:4008]: 0 server connects (SSL_accept()) 2006.12.01 14:52:34 LOG7[3676:4008]: 0 server connects that finished 2006.12.01 14:52:34 LOG7[3676:4008]: 0 server renegotiations requested 2006.12.01 14:52:34 LOG7[3676:4008]: 0 session cache hits 2006.12.01 14:52:34 LOG7[3676:4008]: 0 session cache misses 2006.12.01 14:52:34 LOG7[3676:4008]: 0 session cache timeouts 2006.12.01 14:52:34 LOG6[3676:4008]: SSL connected: new session negotiated 2006.12.01 14:52:34 LOG6[3676:4008]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
someotherpc config is here:
service = stunnel cert = stunnel.pem CAfile = cacerts.pem socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 verify = 3 taskbar = yes
[VNC] accept = 5600 connect = localhost:5900
It runs as win service too.
Please help.
Hi
My comments inline ....
Miroslav Geisselreiter mg@intar.cz 12/01/06 8:04 PM >>>
<SNIP>
someotherpc config is here:
service = stunnel cert = stunnel.pem CAfile = cacerts.pem socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 verify = 3 taskbar = yes
[VNC] accept = 5600 connect = localhost:5900
I doubt how the "connect" option can be configured like this? should n't it be "connect = <yourfirstPC>:5900" and the accpet option should be "somotherpc:5600"
<SNIP>
Hope this helps!
Regards Prem
-
J Premkumar -
Miroslav Geisselreiter