Clearer and Detailed version of the mail Stunnel for HTTP encription
Hello. I rewrote some parts of the question, and illustrated it by a small ASCII picture to clearifiy the whole situation. I don't know why I haven't got a single answer, because over 350 people are subscribed to the list, so I hope that I'll get some help now. It would be grateful. I use SocksCap to forward the iexplore cnnections to another port, a port on which stunnel listens. On PC1, the client, stunnel is listening on port 500. So when I start iexplore.exe with SocksCap every connection goes to 127.0.0.1:500. PC1 connects to PC2, with connect = 192.168.0.2:123 On PC2, the server, stunnel listens on port 500. then is connects to the internet with connect = 127.0.0.1:80. Here is the problem, stunnel doesn't connect to the internet over 127.0.0.1:80. I don't know why, but it doesnt. ---Stunnel.conf SERVER--- .. [inet] accept = 127.0.0.1:123 connect = 127.0.0.1:80 ---Stunnel.conf CLIENT--- .. [inet] accept = 127.0.0.1:500 connect = 192.168.0.2:123 LOGs from the SERVER: 2006.07.18 16:56:07 LOG7[2332:2720]: inet accepted FD=208 from 192.168.0.1:2156 2006.07.18 16:56:07 LOG7[2332:2720]: Creating a new thread 2006.07.18 16:56:07 LOG7[2332:2720]: New thread created 2006.07.18 16:56:07 LOG7[2332:1880]: inet started 2006.07.18 16:56:07 LOG7[2332:1880]: FD 208 in non-blocking mode 2006.07.18 16:56:07 LOG5[2332:1880]: inet connected from 192.168.0.1:2156 2006.07.18 16:56:07 LOG7[2332:1880]: SSL state (accept): before/accept initialization 2006.07.18 16:56:07 LOG7[2332:1880]: SSL state (accept): SSLv3 read client hello A 2006.07.18 16:56:07 LOG7[2332:1880]: SSL state (accept): SSLv3 write server hello A 2006.07.18 16:56:07 LOG7[2332:1880]: SSL state (accept): SSLv3 write change cipher spec A 2006.07.18 16:56:07 LOG7[2332:1880]: SSL state (accept): SSLv3 write finished A 2006.07.18 16:56:07 LOG7[2332:1880]: SSL state (accept): SSLv3 flush data 2006.07.18 16:56:07 LOG7[2332:1880]: SSL state (accept): SSLv3 read finished A 2006.07.18 16:56:07 LOG7[2332:1880]: 1 items in the session cache 2006.07.18 16:56:07 LOG7[2332:1880]: 0 client connects (SSL_connect()) 2006.07.18 16:56:07 LOG7[2332:1880]: 0 client connects that finished 2006.07.18 16:56:07 LOG7[2332:1880]: 0 client renegotiations requested 2006.07.18 16:56:07 LOG7[2332:1880]: 7 server connects (SSL_accept()) 2006.07.18 16:56:07 LOG7[2332:1880]: 7 server connects that finished 2006.07.18 16:56:07 LOG7[2332:1880]: 0 server renegotiations requested 2006.07.18 16:56:07 LOG7[2332:1880]: 5 session cache hits 2006.07.18 16:56:07 LOG7[2332:1880]: 1 session cache misses 2006.07.18 16:56:07 LOG7[2332:1880]: 1 session cache timeouts 2006.07.18 16:56:07 LOG6[2332:1880]: SSL accepted: previous session reused 2006.07.18 16:56:07 LOG7[2332:1880]: FD 244 in non-blocking mode 2006.07.18 16:56:07 LOG7[2332:1880]: inet connecting 127.0.0.1:80 2006.07.18 16:56:07 LOG7[2332:1880]: connect_wait: waiting 10 seconds 2006.07.18 16:56:07 LOG7[2332:1880]: connect_wait: connected 2006.07.18 16:56:07 LOG7[2332:1880]: Remote FD=244 initialized After nothing happend for 52 seconds I aborted in the iexplore.exe to open the page. 2006.07.18 16:56:59 LOG7[2332:1880]: SSL alert (read): warning: close notify 2006.07.18 16:56:59 LOG7[2332:1880]: SSL closed on SSL_read 2006.07.18 16:56:59 LOG7[2332:1880]: Socket write shutdown 2006.07.18 16:56:59 LOG7[2332:1880]: SSL write shutdown 2006.07.18 16:56:59 LOG7[2332:1880]: SSL alert (write): warning: close notify 2006.07.18 16:56:59 LOG6[2332:1880]: SSL_shutdown successfully sent close_notify 2006.07.18 16:56:59 LOG5[2332:1880]: Connection closed: 0 bytes sent to SSL, 3 bytes sent to socket 2006.07.18 16:56:59 LOG7[2332:1880]: inet finished (0 left) LOGs from the CLIENT: 2006.07.18 17:10:11 LOG7[1756:4756]: inet accepted FD=444 from 127.0.0.1:2284 2006.07.18 17:10:11 LOG7[1756:4756]: Creating a new thread 2006.07.18 17:10:11 LOG7[1756:4756]: New thread created 2006.07.18 17:10:11 LOG7[1756:2840]: inet started 2006.07.18 17:10:11 LOG7[1756:2840]: FD 444 in non-blocking mode 2006.07.18 17:10:11 LOG7[1756:2840]: TCP_NODELAY option set on local socket 2006.07.18 17:10:11 LOG5[1756:2840]: inet connected from 127.0.0.1:2284 2006.07.18 17:10:11 LOG7[1756:2840]: FD 348 in non-blocking mode 2006.07.18 17:10:11 LOG7[1756:2840]: inet connecting 192.168.0.2:123 2006.07.18 17:10:11 LOG7[1756:2840]: connect_wait: waiting 10 seconds 2006.07.18 17:10:11 LOG7[1756:2840]: connect_wait: connected 2006.07.18 17:10:11 LOG7[1756:2840]: Remote FD=348 initialized 2006.07.18 17:10:11 LOG7[1756:2840]: TCP_NODELAY option set on remote socket 2006.07.18 17:10:11 LOG7[1756:2840]: SSL state (connect): before/connect initialization 2006.07.18 17:10:11 LOG7[1756:2840]: SSL state (connect): SSLv3 write client hello A 2006.07.18 17:10:11 LOG7[1756:2840]: SSL state (connect): SSLv3 read server hello A 2006.07.18 17:10:11 LOG7[1756:2840]: SSL state (connect): SSLv3 read finished A 2006.07.18 17:10:11 LOG7[1756:2840]: SSL state (connect): SSLv3 write change cipher spec A 2006.07.18 17:10:11 LOG7[1756:2840]: SSL state (connect): SSLv3 write finished A 2006.07.18 17:10:11 LOG7[1756:2840]: SSL state (connect): SSLv3 flush data 2006.07.18 17:10:11 LOG7[1756:2840]: 17 items in the session cache 2006.07.18 17:10:11 LOG7[1756:2840]: 65 client connects (SSL_connect()) 2006.07.18 17:10:11 LOG7[1756:2840]: 65 client connects that finished 2006.07.18 17:10:11 LOG7[1756:2840]: 0 client renegotiations requested 2006.07.18 17:10:11 LOG7[1756:2840]: 0 server connects (SSL_accept()) 2006.07.18 17:10:11 LOG7[1756:2840]: 0 server connects that finished 2006.07.18 17:10:11 LOG7[1756:2840]: 0 server renegotiations requested 2006.07.18 17:10:11 LOG7[1756:2840]: 48 session cache hits 2006.07.18 17:10:11 LOG7[1756:2840]: 0 session cache misses 2006.07.18 17:10:11 LOG7[1756:2840]: 0 session cache timeouts 2006.07.18 17:10:11 LOG6[1756:2840]: SSL connected: previous session reused Nothing happendend, I aborted iexplore.exe 2006.07.18 17:10:25 LOG7[1756:2840]: Socket closed on read 2006.07.18 17:10:25 LOG7[1756:2840]: SSL write shutdown 2006.07.18 17:10:25 LOG7[1756:2840]: SSL alert (write): warning: close notify 2006.07.18 17:10:25 LOG7[1756:2840]: SSL_shutdown retrying 2006.07.18 17:10:25 LOG7[1756:2840]: SSL doesn't need to read or write 2006.07.18 17:10:25 LOG7[1756:2840]: SSL alert (read): warning: close notify 2006.07.18 17:10:26 LOG7[1756:2840]: SSL closed on SSL_read 2006.07.18 17:10:26 LOG7[1756:2840]: Socket write shutdown 2006.07.18 17:10:26 LOG5[1756:2840]: Connection closed: 3 bytes sent to SSL, 0 bytes sent to socket 2006.07.18 17:10:26 LOG7[1756:2840]: inet finished (0 left) So the problem is that stunnel doesn't connect to the internet on PC2. I think i have to use something different than connect = 127.0.0.1:80 on PC2, but not sure. The version of stunnel is 4.15 I'm using Windows. _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
On 20 Jul 2006 at 13:37, LoopBack Inc wrote:
Hello. I rewrote some parts of the question, and illustrated it by a small ASCII picture to clearifiy the whole situation.
I don't know why I haven't got a single answer, because over 350 people are subscribed to the list, so I hope that I'll get some help now. It would be grateful.
Hi, The normal etiquette on mailing lists is to not respond if you don't know the answer. Otherwise you would get hundreds and hundreds of useless 'I don't know' emails. Perhaps no-one knows the answer or you aren't really describing the problem in a way we can understand.
I use SocksCap to forward the iexplore cnnections to another port, a port on which stunnel listens.
<snip> I get the impression you want to browse the internet from PC1 but to have all the traffic proxied through PC2 (with the data being encrypted) , is this correct? If not could you provide a brief (non technical) description of what you want and why. There may be better solutions to your problem than fighting with proxies and stunnel. Regards Ian --
I would suggest changing the accept on the server to read accept = 123 As I understand the logic, the server is only listening on the loop back TCP address, not the public one. Carter LoopBack Inc wrote:
Hello. I rewrote some parts of the question, and illustrated it by a small ASCII picture to clearifiy the whole situation. I don't know why I haven't got a single answer, because over 350 people are subscribed to the list, so I hope that I'll get some help now. It would be grateful.
I use SocksCap to forward the iexplore cnnections to another port, a port on which stunnel listens.
On PC1, the client, stunnel is listening on port 500. So when I start iexplore.exe with SocksCap every connection goes to 127.0.0.1:500. PC1 connects to PC2, with connect = 192.168.0.2:123
On PC2, the server, stunnel listens on port 500. then is connects to the internet with connect = 127.0.0.1:80.
Here is the problem, stunnel doesn't connect to the internet over 127.0.0.1:80. I don't know why, but it doesnt.
---Stunnel.conf SERVER--- .. [inet] accept = 127.0.0.1:123 connect = 127.0.0.1:80
---Stunnel.conf CLIENT--- .. [inet] accept = 127.0.0.1:500 connect = 192.168.0.2:123
LOGs from the SERVER:
2006.07.18 16:56:07 LOG7[2332:2720]: inet accepted FD=208 from 192.168.0.1:2156 2006.07.18 16:56:07 LOG7[2332:2720]: Creating a new thread 2006.07.18 16:56:07 LOG7[2332:2720]: New thread created 2006.07.18 16:56:07 LOG7[2332:1880]: inet started 2006.07.18 16:56:07 LOG7[2332:1880]: FD 208 in non-blocking mode 2006.07.18 16:56:07 LOG5[2332:1880]: inet connected from 192.168.0.1:2156 2006.07.18 16:56:07 LOG7[2332:1880]: SSL state (accept): before/accept initialization 2006.07.18 16:56:07 LOG7[2332:1880]: SSL state (accept): SSLv3 read client hello A 2006.07.18 16:56:07 LOG7[2332:1880]: SSL state (accept): SSLv3 write server hello A 2006.07.18 16:56:07 LOG7[2332:1880]: SSL state (accept): SSLv3 write change cipher spec A 2006.07.18 16:56:07 LOG7[2332:1880]: SSL state (accept): SSLv3 write finished A 2006.07.18 16:56:07 LOG7[2332:1880]: SSL state (accept): SSLv3 flush data 2006.07.18 16:56:07 LOG7[2332:1880]: SSL state (accept): SSLv3 read finished A 2006.07.18 16:56:07 LOG7[2332:1880]: 1 items in the session cache 2006.07.18 16:56:07 LOG7[2332:1880]: 0 client connects (SSL_connect()) 2006.07.18 16:56:07 LOG7[2332:1880]: 0 client connects that finished 2006.07.18 16:56:07 LOG7[2332:1880]: 0 client renegotiations requested 2006.07.18 16:56:07 LOG7[2332:1880]: 7 server connects (SSL_accept()) 2006.07.18 16:56:07 LOG7[2332:1880]: 7 server connects that finished 2006.07.18 16:56:07 LOG7[2332:1880]: 0 server renegotiations requested 2006.07.18 16:56:07 LOG7[2332:1880]: 5 session cache hits 2006.07.18 16:56:07 LOG7[2332:1880]: 1 session cache misses 2006.07.18 16:56:07 LOG7[2332:1880]: 1 session cache timeouts 2006.07.18 16:56:07 LOG6[2332:1880]: SSL accepted: previous session reused 2006.07.18 16:56:07 LOG7[2332:1880]: FD 244 in non-blocking mode 2006.07.18 16:56:07 LOG7[2332:1880]: inet connecting 127.0.0.1:80 2006.07.18 16:56:07 LOG7[2332:1880]: connect_wait: waiting 10 seconds 2006.07.18 16:56:07 LOG7[2332:1880]: connect_wait: connected 2006.07.18 16:56:07 LOG7[2332:1880]: Remote FD=244 initialized
After nothing happend for 52 seconds I aborted in the iexplore.exe to open the page.
2006.07.18 16:56:59 LOG7[2332:1880]: SSL alert (read): warning: close notify 2006.07.18 16:56:59 LOG7[2332:1880]: SSL closed on SSL_read 2006.07.18 16:56:59 LOG7[2332:1880]: Socket write shutdown 2006.07.18 16:56:59 LOG7[2332:1880]: SSL write shutdown 2006.07.18 16:56:59 LOG7[2332:1880]: SSL alert (write): warning: close notify 2006.07.18 16:56:59 LOG6[2332:1880]: SSL_shutdown successfully sent close_notify 2006.07.18 16:56:59 LOG5[2332:1880]: Connection closed: 0 bytes sent to SSL, 3 bytes sent to socket 2006.07.18 16:56:59 LOG7[2332:1880]: inet finished (0 left)
LOGs from the CLIENT:
2006.07.18 17:10:11 LOG7[1756:4756]: inet accepted FD=444 from 127.0.0.1:2284 2006.07.18 17:10:11 LOG7[1756:4756]: Creating a new thread 2006.07.18 17:10:11 LOG7[1756:4756]: New thread created 2006.07.18 17:10:11 LOG7[1756:2840]: inet started 2006.07.18 17:10:11 LOG7[1756:2840]: FD 444 in non-blocking mode 2006.07.18 17:10:11 LOG7[1756:2840]: TCP_NODELAY option set on local socket 2006.07.18 17:10:11 LOG5[1756:2840]: inet connected from 127.0.0.1:2284 2006.07.18 17:10:11 LOG7[1756:2840]: FD 348 in non-blocking mode 2006.07.18 17:10:11 LOG7[1756:2840]: inet connecting 192.168.0.2:123 2006.07.18 17:10:11 LOG7[1756:2840]: connect_wait: waiting 10 seconds 2006.07.18 17:10:11 LOG7[1756:2840]: connect_wait: connected 2006.07.18 17:10:11 LOG7[1756:2840]: Remote FD=348 initialized 2006.07.18 17:10:11 LOG7[1756:2840]: TCP_NODELAY option set on remote socket 2006.07.18 17:10:11 LOG7[1756:2840]: SSL state (connect): before/connect initialization 2006.07.18 17:10:11 LOG7[1756:2840]: SSL state (connect): SSLv3 write client hello A 2006.07.18 17:10:11 LOG7[1756:2840]: SSL state (connect): SSLv3 read server hello A 2006.07.18 17:10:11 LOG7[1756:2840]: SSL state (connect): SSLv3 read finished A 2006.07.18 17:10:11 LOG7[1756:2840]: SSL state (connect): SSLv3 write change cipher spec A 2006.07.18 17:10:11 LOG7[1756:2840]: SSL state (connect): SSLv3 write finished A 2006.07.18 17:10:11 LOG7[1756:2840]: SSL state (connect): SSLv3 flush data 2006.07.18 17:10:11 LOG7[1756:2840]: 17 items in the session cache 2006.07.18 17:10:11 LOG7[1756:2840]: 65 client connects (SSL_connect()) 2006.07.18 17:10:11 LOG7[1756:2840]: 65 client connects that finished 2006.07.18 17:10:11 LOG7[1756:2840]: 0 client renegotiations requested 2006.07.18 17:10:11 LOG7[1756:2840]: 0 server connects (SSL_accept()) 2006.07.18 17:10:11 LOG7[1756:2840]: 0 server connects that finished 2006.07.18 17:10:11 LOG7[1756:2840]: 0 server renegotiations requested 2006.07.18 17:10:11 LOG7[1756:2840]: 48 session cache hits 2006.07.18 17:10:11 LOG7[1756:2840]: 0 session cache misses 2006.07.18 17:10:11 LOG7[1756:2840]: 0 session cache timeouts 2006.07.18 17:10:11 LOG6[1756:2840]: SSL connected: previous session reused
Nothing happendend, I aborted iexplore.exe
2006.07.18 17:10:25 LOG7[1756:2840]: Socket closed on read 2006.07.18 17:10:25 LOG7[1756:2840]: SSL write shutdown 2006.07.18 17:10:25 LOG7[1756:2840]: SSL alert (write): warning: close notify 2006.07.18 17:10:25 LOG7[1756:2840]: SSL_shutdown retrying 2006.07.18 17:10:25 LOG7[1756:2840]: SSL doesn't need to read or write 2006.07.18 17:10:25 LOG7[1756:2840]: SSL alert (read): warning: close notify 2006.07.18 17:10:26 LOG7[1756:2840]: SSL closed on SSL_read 2006.07.18 17:10:26 LOG7[1756:2840]: Socket write shutdown 2006.07.18 17:10:26 LOG5[1756:2840]: Connection closed: 3 bytes sent to SSL, 0 bytes sent to socket 2006.07.18 17:10:26 LOG7[1756:2840]: inet finished (0 left)
So the problem is that stunnel doesn't connect to the internet on PC2. I think i have to use something different than connect = 127.0.0.1:80 on PC2, but not sure.
The version of stunnel is 4.15 I'm using Windows.
_________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ------------------------------------------------------------------------------------------------------------------------
PC1 PC2 192.168.0.1 192.168.0.2 Stunnel Client Stunnel Server
-------------------------
------------------------------------- - Sockscap opens Iexplore.exe - - I enter the address of a webpage - - Iexplrore.exe --> 127.0.0.1:500 - -------------------------------------
: ****************************************************** : * Sockscap is only to redirect the connections * : * of the Webbroswer to Stunnel, normally the * : * webbrowser would direclty connect to the Internet * : * on port 80 and then going to the destination site. * : * In this case the webrowser connects to stunnel on * : * port 500 where stunnel is listening. * : ******************************************************* : : : : : :
--------------------------------------------------------------------------------------------------------------------
- Stunnel Client Stunnel Server - -------------- -------------- - - Listening on port 500 Encripted Listening on port 123 - - The Browser sends to port 500 ---------->> Gets Browser data, encripted - - Encription Decription - - Connecting to 192.168.0.2:123 Encripted Connects to 127.0.0.1:80 - - . - - . - - . - - . - - +.+++++++++++++++++++++++++++++++++ - - +..---> Should connect to Internet+ - - +++++++++++++++++++++++++++++++++++ - - - - - ---------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------
_______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Dear Unknown user (or LoopBack, whichever you prefer), Contrary to your assertion that the server's stunnel connection is listening on port 500, the small piece of the stunnel.conf you have provided says otherwise. ---Stunnel.conf SERVER--- .. [inet] accept = 127.0.0.1:123 <--------- this means stunnel is listening on port # 123......not 500 connect = 127.0.0.1:80 Also, as you have specified the server's localhost IP address (127.0.0.1) on the accept, __no__ other computer can get to the stunnel server, as it is only expecting stunnel traffic from it's own virtual address, not any other computer. If you setup the server as follows, it will accept stunnel connections from any computer on port 123 (or change this to whatever port number you want....at both ends) and send the traffic to its own port 80. I assume that anything hitting port 80 on this box is then "socksified" and forwarded elsewhere. ---Stunnel.conf SERVER--- .. [inet] accept = 123 < connect = 127.0.0.1:80 The client configuration looks fine to me. I second Ian's comments. Regards, John Boxall
participants (4)
-
Boxall, John -
Carter Browne -
Ian -
LoopBack Inc