I have a problem using stunnel v 4.05 under Linux with kernel 2.4.27. My target is using two PC connected via serial port with trafic crypted. I have achieved this schema:
+-------+ +-------+ | | | | | PC1 |------------rs232---------| PC2 | | |10.0.0.1 10.0.0.2| | | | | | +-------+ +-------+
I have started pppd in raw mode in PC1 and PC2 and i have verified (with ping)that the link is OK for trafic without criptyng.
Below i have tried to "mount" a tunnel cripted between PC1 and PC2 but stunnel server side return an error in openpty function.
The stunnel.conf server side (PC1) is: --------------------------------------
cert = /usr/local/etc/stunnel/stunnel.pem chroot = /var/run/stunnel/ pid = setuid = nobody setgid = nobody
# Some debugging stuff debug = 7 output = /var/log/stunnel.log
foreground=no
# Service-level configuration [ppp] accept = 2020 exec = /usr/sbin/pppd execargs = pppd local pty = yes
The stunnel.conf client side (PC2) is: --------------------------------------
cert = /usr/local/etc/stunnel/stunnel.pem chroot = /var/run/stunnel/ pid = setuid = nobody setgid = nobody
# Some debugging stuff debug = 7 output = /var/log/stunnel.log
# Use it for client mode client = yes
connect = 10.0.0.1:2020 exec = /usr/sbin/pppd execargs = pppd local
The log file server side (PC1) is: ---------------------------------- 2004.10.27 07:25:19 LOG5[5246:16384]: stunnel 4.05 on i686-pc-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.7a Feb 19 2003 2004.10.27 07:25:19 LOG7[5246:16384]: RAND_status claims sufficient entropy for the PRNG 2004.10.27 07:25:19 LOG6[5246:16384]: PRNG seeded successfully 2004.10.27 07:25:19 LOG7[5246:16384]: Certificate: /usr/local/etc/stunnel/stunnel.pem 2004.10.27 07:25:19 LOG7[5246:16384]: Key file: /usr/local/etc/stunnel/stunnel.pem 2004.10.27 07:25:19 LOG5[5246:16384]: FD_SETSIZE=1024, file ulimit=1024 -> 500 clients allowed 2004.10.27 07:25:19 LOG7[5246:16384]: FD 4 in non-blocking mode 2004.10.27 07:25:19 LOG7[5246:16384]: SO_REUSEADDR option set on accept socket 2004.10.27 07:25:19 LOG7[5246:16384]: ppp bound to 0.0.0.0:2020 2004.10.27 07:25:19 LOG7[5246:16384]: FD 5 in non-blocking mode 2004.10.27 07:25:19 LOG7[5246:16384]: FD 6 in non-blocking mode 2004.10.27 07:25:19 LOG7[5247:16384]: No pid file being created 2004.10.27 07:25:59 LOG7[5247:16384]: ppp accepted FD=7 from 10.0.0.2:39791 2004.10.27 07:25:59 LOG7[5247:16384]: FD 7 in non-blocking mode 2004.10.27 07:25:59 LOG7[5251:16386]: ppp started 2004.10.27 07:25:59 LOG5[5251:16386]: ppp connected from 10.0.0.2:39791 2004.10.27 07:25:59 LOG7[5251:16386]: SSL state (accept): before/accept initialization 2004.10.27 07:25:59 LOG7[5251:16386]: waitforsocket: FD=7, DIR=read 2004.10.27 07:25:59 LOG7[5251:16386]: waitforsocket: ok 2004.10.27 07:25:59 LOG7[5251:16386]: SSL state (accept): SSLv3 read client hello A 2004.10.27 07:25:59 LOG7[5251:16386]: SSL state (accept): SSLv3 write server hello A 2004.10.27 07:25:59 LOG7[5251:16386]: SSL state (accept): SSLv3 write certificate A 2004.10.27 07:25:59 LOG7[5251:16386]: SSL state (accept): SSLv3 write server done A 2004.10.27 07:25:59 LOG7[5251:16386]: SSL state (accept): SSLv3 flush data 2004.10.27 07:25:59 LOG7[5251:16386]: waitforsocket: FD=7, DIR=read 2004.10.27 07:26:00 LOG7[5251:16386]: waitforsocket: ok 2004.10.27 07:26:00 LOG7[5251:16386]: SSL state (accept): SSLv3 read client key exchange A 2004.10.27 07:26:00 LOG7[5251:16386]: SSL state (accept): SSLv3 read finished A 2004.10.27 07:26:00 LOG7[5251:16386]: SSL state (accept): SSLv3 write change cipher spec A 2004.10.27 07:26:00 LOG7[5251:16386]: SSL state (accept): SSLv3 write finished A 2004.10.27 07:26:00 LOG7[5251:16386]: SSL state (accept): SSLv3 flush data 2004.10.27 07:26:00 LOG7[5251:16386]: 1 items in the session cache 2004.10.27 07:26:00 LOG7[5251:16386]: 0 client connects (SSL_connect()) 2004.10.27 07:26:00 LOG7[5251:16386]: 0 client connects that finished 2004.10.27 07:26:00 LOG7[5251:16386]: 0 client renegotiatations requested 2004.10.27 07:26:00 LOG7[5251:16386]: 1 server connects (SSL_accept()) 2004.10.27 07:26:00 LOG7[5251:16386]: 1 server connects that finished 2004.10.27 07:26:00 LOG7[5251:16386]: 0 server renegotiatiations requested 2004.10.27 07:26:00 LOG7[5251:16386]: 0 session cache hits 2004.10.27 07:26:00 LOG7[5251:16386]: 0 session cache misses 2004.10.27 07:26:00 LOG7[5251:16386]: 0 session cache timeouts 2004.10.27 07:26:00 LOG6[5251:16386]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 2004.10.27 07:26:00 LOG7[5251:16386]: pty_allocate:namebuf=, namebuflen=1024 : Success (0) 2004.10.27 07:26:00 LOG3[5251:16386]: openpty: No such file or directory (2) 2004.10.27 07:26:00 LOG3[5251:16386]: Failed to initialize remote connection 2004.10.27 07:26:00 LOG7[5251:16386]: ppp finished (0 left)
The log file client side (PC2) is: ---------------------------------- 2004.10.27 07:20:16 LOG5[4460:16384]: stunnel 4.05 on i686-pc-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.7a Feb 19 2003 2004.10.27 07:20:16 LOG7[4460:16384]: RAND_status claims sufficient entropy for the PRNG 2004.10.27 07:20:16 LOG6[4460:16384]: PRNG seeded successfully 2004.10.27 07:20:16 LOG7[4460:16384]: Certificate: /usr/local/etc/stunnel/stunnel.pem 2004.10.27 07:20:16 LOG7[4460:16384]: Key file: /usr/local/etc/stunnel/stunnel.pem 2004.10.27 07:20:16 LOG7[4460:16384]: stunnel started 2004.10.27 07:20:16 LOG6[4460:16384]: Local mode child started (PID=4461) 2004.10.27 07:20:16 LOG5[4460:16384]: stunnel connected from 127.0.0.1:39790 2004.10.27 07:20:16 LOG7[4460:16384]: FD 4 in non-blocking mode 2004.10.27 07:20:16 LOG7[4460:16384]: stunnel connecting 10.0.0.1:2020 2004.10.27 07:20:16 LOG7[4460:16384]: remote connect #1: EINPROGRESS: retrying 2004.10.27 07:20:16 LOG7[4460:16384]: waitforsocket: FD=4, DIR=write 2004.10.27 07:20:16 LOG3[4461:16384]: /usr/sbin/pppd: No such file or directory (2) 2004.10.27 07:20:16 LOG7[4460:16384]: waitforsocket: ok 2004.10.27 07:20:16 LOG7[4460:16384]: Remote FD=4 initialized 2004.10.27 07:20:16 LOG7[4460:16384]: SSL state (connect): before/connect initialization 2004.10.27 07:20:16 LOG7[4460:16384]: SSL state (connect): SSLv3 write client hello A 2004.10.27 07:20:16 LOG7[4460:16384]: waitforsocket: FD=4, DIR=read 2004.10.27 07:20:17 LOG7[4460:16384]: waitforsocket: ok 2004.10.27 07:20:17 LOG7[4460:16384]: SSL state (connect): SSLv3 read server hello A 2004.10.27 07:20:17 LOG7[4460:16384]: SSL state (connect): SSLv3 read server certificate A 2004.10.27 07:20:17 LOG7[4460:16384]: SSL state (connect): SSLv3 read server done A 2004.10.27 07:20:17 LOG7[4460:16384]: SSL state (connect): SSLv3 write client key exchange A 2004.10.27 07:20:17 LOG7[4460:16384]: SSL state (connect): SSLv3 write change cipher spec A 2004.10.27 07:20:17 LOG7[4460:16384]: SSL state (connect): SSLv3 write finished A 2004.10.27 07:20:17 LOG7[4460:16384]: SSL state (connect): SSLv3 flush data 2004.10.27 07:20:17 LOG7[4460:16384]: waitforsocket: FD=4, DIR=read 2004.10.27 07:20:17 LOG7[4460:16384]: waitforsocket: ok 2004.10.27 07:20:17 LOG7[4460:16384]: SSL state (connect): SSLv3 read finished A 2004.10.27 07:20:17 LOG7[4460:16384]: 1 items in the session cache 2004.10.27 07:20:17 LOG7[4460:16384]: 1 client connects (SSL_connect()) 2004.10.27 07:20:17 LOG7[4460:16384]: 1 client connects that finished 2004.10.27 07:20:17 LOG7[4460:16384]: 0 client renegotiatations requested 2004.10.27 07:20:17 LOG7[4460:16384]: 0 server connects (SSL_accept()) 2004.10.27 07:20:17 LOG7[4460:16384]: 0 server connects that finished 2004.10.27 07:20:17 LOG7[4460:16384]: 0 server renegotiatiations requested 2004.10.27 07:20:17 LOG7[4460:16384]: 0 session cache hits 2004.10.27 07:20:17 LOG7[4460:16384]: 0 session cache misses 2004.10.27 07:20:17 LOG7[4460:16384]: 0 session cache timeouts 2004.10.27 07:20:17 LOG6[4460:16384]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 2004.10.27 07:20:17 LOG7[4460:16384]: Socket closed on read 2004.10.27 07:20:17 LOG7[4460:16384]: SSL write shutdown (output buffer empty) 2004.10.27 07:20:17 LOG7[4460:16384]: SSL alert (write): warning: close notify 2004.10.27 07:20:17 LOG7[4460:16384]: SSL_shutdown retrying 2004.10.27 07:20:17 LOG3[4460:16384]: SSL_read (ERROR_SYSCALL): Connection reset by peer (104) 2004.10.27 07:20:17 LOG5[4460:16384]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2004.10.27 07:20:17 LOG7[4460:16384]: stunnel finished (0 left)
Any suggestion ?
Thanks in advance..
Angelo Raspanti
angelo.raspanti wrote:
chroot = /var/run/stunnel/
[cut]
setuid = nobody setgid = nobody
[cut]
exec = /usr/sbin/pppd
[cut]
2004.10.27 07:26:00 LOG7[5251:16386]: pty_allocate:namebuf=, namebuflen=1024 : Success (0) 2004.10.27 07:26:00 LOG3[5251:16386]: openpty: No such file or directory (2) 2004.10.27 07:26:00 LOG3[5251:16386]: Failed to initialize remote connection
Do you have pseudoterminal devices in your /var/run/stunnel/dev/ directory?
Do you really have /var/run/stunnel/usr/sbin/pppd (and shared libraries and configuration files and other files/devices needed by pppd)?
Are you sure your pppd will work when started as user nobody?
Using chroot with exec is not trivial. Please make sure you know what your're trying to do. 8-)
Best regards, Mike
-
angelo.raspanti -
Michal Trojnara