Hi guys,
I am struggling with a problem for some time. I searched about this problem in the stunnel mails archives and also on Google but couldn't find a solution and I ran out of ideas so I was thinking to write you about it. I am using Eclipse to access and manipulate the data from a linux server. I want to use stunnel when I connect to the server via Eclipse, so I installed and configured everything as it follows:
The server I am using is SuSE Linux and the stunnel version which I installed is this one: *stunnel 4.27 on x86_64-suse-linux-gnu with OpenSSL 0.9.8j-fips 07 Jan 2009*
The stunnel version on Windows 7 is: *stunnel version 5.10*
In the conf file from linux (server) I have the following configuration for stunnel.conf:
*client = no*
*chroot = /var/lib/stunnel/* *setuid = root* *setgid = root*
*pid = /var/run/stunnel.pid*
*debug = 7* *output = /var/log/stunnel/stunnel.log*
*cert = /etc/ssl/certs/stunnel.pem*
*sslVersion = SSLv3*
*[test]* *accept = 2404* *connect = 2406*
In the conf file from windows (client) I have the following configuration in stunnel.conf:
*debug = 7* *output = C:\Program Files (x86)\stunnel\stunnel.log*
*cert = C:\Program Files (x86)\stunnel\stunnel.pem*
*sslVersion = SSLv3*
*[test]* *client = yes* *accept = 127.0.0.1:2404 http://127.0.0.1:2404* *connect = xx.xxx.xxx.xxx:2406*
In the log I have this:
2015.04.09 13:48:04 LOG5[11060]: Configuration successful 2015.04.09 13:48:04 LOG7[11060]: Listening file descriptor created (FD=452) 2015.04.09 13:48:04 LOG7[11060]: Service [test] (FD=452) bound to 127.0.0.1:2404 2015.04.09 13:48:07 LOG7[11060]: Service [test] accepted (FD=496) from 127.0.0.1:56675 2015.04.09 13:48:07 LOG7[11060]: Creating a new thread 2015.04.09 13:48:07 LOG7[11060]: New thread created 2015.04.09 13:48:07 LOG7[2088]: Service [test] started 2015.04.09 13:48:07 LOG5[2088]: Service [test] accepted connection from 127.0.0.1:56675 2015.04.09 13:48:07 LOG6[2088]: s_connect: connecting xx.xxx.xxx.xxx:2406 2015.04.09 13:48:07 LOG7[2088]: s_connect: s_poll_wait xx.xxx.xxx.xxx:2406: waiting 10 seconds 2015.04.09 13:48:07 LOG5[2088]: s_connect: connected xx.xxx.xxx.xxx:2406 2015.04.09 13:48:07 LOG5[2088]: Service [test] connected remote server from 127.0.0.1:56676 2015.04.09 13:48:07 LOG7[2088]: Remote socket (FD=516) initialized 2015.04.09 13:48:07 LOG6[2088]: SNI: sending servername: *my_server_name* 2015.04.09 13:48:07 LOG7[2088]: SSL state (connect): before/connect initialization 2015.04.09 13:48:07 LOG7[2088]: SSL state (connect): SSLv3 write client hello A 2015.04.09 13:48:08 LOG3[2088]: SSL_connect: Peer suddenly disconnected 2015.04.09 13:48:08 LOG5[2088]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 2015.04.09 13:48:08 LOG7[2088]: Remote socket (FD=516) closed 2015.04.09 13:48:08 LOG7[2088]: Local socket (FD=496) closed 2015.04.09 13:48:08 LOG7[2088]: Service [test] finished (0 left)
Although in the stunnel log it's showing *s_connect: connected* I cannot connect at all. When I try to connect via port 2406, the stunnel icon shows that the server is idle and I have nothing in the log about it. When I try to connect via port 2404, the stunnel icon shows that the there are 2 active sessions but I cannot connect to the server. I tried switching the ports (2404 with 2406 and 2406 with 2404 in the stunnel.conf file) but stunnel doesn't even open in that case.
Do you have any idea what might could be the problem and how could I solve it?
Thanks in advance!
Best Regards, Daninho --
The accept port on the server Config must be the same as the connect port on the client config. The connect port on the server must be the port used by the application/service you try to secure, usually bound to the loopback interfase, as you probably don't want to allow unsecure connections. On the client the accept port is the port your client application will connect to.
Hope this helps to clarify a bit.
Regards
-----Original Message----- From: daninho dj daninho.dj@gmail.com Sender: "stunnel-users" stunnel-users-bounces@stunnel.org Date: Thu, 9 Apr 2015 14:28:25 To: stunnel-users@stunnel.org Subject: [stunnel-users] Session is active but I cannot connect
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
Hi Jose,
Thanks for mail. The problem is that when I change the accept port on the server, stunnel doesn't start:
*Before:*
*Server:*
[test] accept = 2404 connect = 2406
*Client:*
[jdbc] client = yes accept = 127.0.0.1:2404 connect = *my_server_name*:2406
*After:*
I edited the stunnel.conf on the server:
[test] accept = 2406 connect = 2406
Then trying to start the service:
*/etc/init.d/stunnel start* *Starting stunnel (SSL tunnel) startproc: exit status of parent of /usr/sbin/stunnel: 1* * please see /var/log/rc.stunnel.log for details
failed*
/var/log/rc.stunnel.log is empty but in the log specified in the stunnel.conf I have the following:
tail -10 /var/log/stunnel/stunnel.log 2015.04.09 16:42:36 LOG5[22524:139805264570112]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2015.04.09 16:42:36 LOG6[22524:139805264570112]: file ulimit = 262144 (can be changed with 'ulimit -n') 2015.04.09 16:42:36 LOG6[22524:139805264570112]: poll() used - no FD_SETSIZE limit for file descriptors 2015.04.09 16:42:36 LOG5[22524:139805264570112]: 128000 clients allowed 2015.04.09 16:42:36 LOG7[22524:139805264570112]: FD 10 in non-blocking mode 2015.04.09 16:42:36 LOG7[22524:139805264570112]: FD 11 in non-blocking mode 2015.04.09 16:42:36 LOG7[22524:139805264570112]: FD 12 in non-blocking mode 2015.04.09 16:42:36 LOG7[22524:139805264570112]: SO_REUSEADDR option set on accept socket 2015.04.09 16:42:36 LOG3[22524:139805264570112]: Error binding test to 0.0.0.0:2406 2015.04.09 16:42:36 LOG3[22524:139805264570112]: bind: Address already in use (98)
Same thing happens when I try to change the ports on the client. Any idea how this problem can be solved?
Thanks and regards, Daninho
On Thu, Apr 9, 2015 at 4:12 PM, josealf@rocketmail.com wrote:
The accept port on the server Config must be the same as the connect port on the client config. The connect port on the server must be the port used by the application/service you try to secure, usually bound to the loopback interfase, as you probably don't want to allow unsecure connections. On the client the accept port is the port your client application will connect to.
Hope this helps to clarify a bit.
Regards
-----Original Message----- From: daninho dj daninho.dj@gmail.com Sender: "stunnel-users" stunnel-users-bounces@stunnel.org Date: Thu, 9 Apr 2015 14:28:25 To: stunnel-users@stunnel.org Subject: [stunnel-users] Session is active but I cannot connect
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
In your before setting, your client should have been to connect to your test server:
[jdbc] client = yes accept = 127.0.0.1:2404 connect=my_server_name:2404
In your after setting, the accept and connect ports cannot be the same port.
On 4/9/2015 10:51 AM, daninho dj wrote:
Hi Jose,
Thanks for mail. The problem is that when I change the accept port on the server, stunnel doesn't start:
*Before:*
_Server:_
[test] accept = 2404 connect = 2406
_Client:_
[jdbc] client = yes accept = 127.0.0.1:2404 http://127.0.0.1:2404 connect = /my_server_name/:2406
*After:*
I edited the stunnel.conf on the server:
[test] accept = 2406 connect = 2406
Then trying to start the service:
*/etc/init.d/stunnel start* *Starting stunnel (SSL tunnel) startproc: exit status of parent of /usr/sbin/stunnel: 1*
- please see /var/log/rc.stunnel.log for details failed*
/var/log/rc.stunnel.log is empty but in the log specified in the stunnel.conf I have the following:
tail -10 /var/log/stunnel/stunnel.log 2015.04.09 16:42:36 LOG5[22524:139805264570112]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2015.04.09 16:42:36 LOG6[22524:139805264570112]: file ulimit = 262144 (can be changed with 'ulimit -n') 2015.04.09 16:42:36 LOG6[22524:139805264570112]: poll() used - no FD_SETSIZE limit for file descriptors 2015.04.09 16:42:36 LOG5[22524:139805264570112]: 128000 clients allowed 2015.04.09 16:42:36 LOG7[22524:139805264570112]: FD 10 in non-blocking mode 2015.04.09 16:42:36 LOG7[22524:139805264570112]: FD 11 in non-blocking mode 2015.04.09 16:42:36 LOG7[22524:139805264570112]: FD 12 in non-blocking mode 2015.04.09 16:42:36 LOG7[22524:139805264570112]: SO_REUSEADDR option set on accept socket 2015.04.09 16:42:36 LOG3[22524:139805264570112]: Error binding test to 0.0.0.0:2406 http://0.0.0.0:2406 2015.04.09 16:42:36 LOG3[22524:139805264570112]: bind: Address already in use (98)
Same thing happens when I try to change the ports on the client. Any idea how this problem can be solved?
Thanks and regards, Daninho
On Thu, Apr 9, 2015 at 4:12 PM, <josealf@rocketmail.com mailto:josealf@rocketmail.com> wrote:
The accept port on the server Config must be the same as the connect port on the client config. The connect port on the server must be the port used by the application/service you try to secure, usually bound to the loopback interfase, as you probably don't want to allow unsecure connections. On the client the accept port is the port your client application will connect to. Hope this helps to clarify a bit. Regards -----Original Message----- From: daninho dj <daninho.dj@gmail.com <mailto:daninho.dj@gmail.com>> Sender: "stunnel-users" <stunnel-users-bounces@stunnel.org <mailto:stunnel-users-bounces@stunnel.org>> Date: Thu, 9 Apr 2015 14:28:25 To: <stunnel-users@stunnel.org <mailto:stunnel-users@stunnel.org>> Subject: [stunnel-users] Session is active but I cannot connect _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org <mailto:stunnel-users@stunnel.org> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users-- daninho http://daninhodj.com
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
It was typo sorry. The settings on the server are:
[test] accept = 2406 connect = 2404
and on the client:
[jdbc] client = yes accept = 127.0.0.1:2404 connect = my_server_name:2406
I'm trying to start the service on the server and it's not working:
/etc/init.d/stunnel start Starting stunnel (SSL tunnel) startproc: exit status of parent of /usr/sbin/stunnel: 1 please see /var/log/rc.stunnel.log for details
failed
Regards,
On Thu, Apr 9, 2015 at 5:04 PM, Carter Browne cbcs@comcast.net wrote:
In your before setting, your client should have been to connect to your test server:
[jdbc] client = yes accept = 127.0.0.1:2404 connect=my_server_name:2404
In your after setting, the accept and connect ports cannot be the same port.
On 4/9/2015 10:51 AM, daninho dj wrote:
Hi Jose,
Thanks for mail. The problem is that when I change the accept port on the server, stunnel doesn't start:
*Before:*
*Server:*
[test] accept = 2404 connect = 2406
*Client:*
[jdbc] client = yes accept = 127.0.0.1:2404 connect = *my_server_name*:2406
*After:*
I edited the stunnel.conf on the server:
[test] accept = 2406 connect = 2406
Then trying to start the service:
*/etc/init.d/stunnel start* *Starting stunnel (SSL tunnel) startproc: exit status of parent of /usr/sbin/stunnel: 1*
please see /var/log/rc.stunnel.log for details
failed*/var/log/rc.stunnel.log is empty but in the log specified in the stunnel.conf I have the following:
tail -10 /var/log/stunnel/stunnel.log 2015.04.09 16:42:36 LOG5[22524:139805264570112]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2015.04.09 16:42:36 LOG6[22524:139805264570112]: file ulimit = 262144 (can be changed with 'ulimit -n') 2015.04.09 16:42:36 LOG6[22524:139805264570112]: poll() used - no FD_SETSIZE limit for file descriptors 2015.04.09 16:42:36 LOG5[22524:139805264570112]: 128000 clients allowed 2015.04.09 16:42:36 LOG7[22524:139805264570112]: FD 10 in non-blocking mode 2015.04.09 16:42:36 LOG7[22524:139805264570112]: FD 11 in non-blocking mode 2015.04.09 16:42:36 LOG7[22524:139805264570112]: FD 12 in non-blocking mode 2015.04.09 16:42:36 LOG7[22524:139805264570112]: SO_REUSEADDR option set on accept socket 2015.04.09 16:42:36 LOG3[22524:139805264570112]: Error binding test to 0.0.0.0:2406 2015.04.09 16:42:36 LOG3[22524:139805264570112]: bind: Address already in use (98)
Same thing happens when I try to change the ports on the client. Any idea how this problem can be solved?
Thanks and regards, Daninho
On Thu, Apr 9, 2015 at 4:12 PM, josealf@rocketmail.com wrote:
The accept port on the server Config must be the same as the connect port on the client config. The connect port on the server must be the port used by the application/service you try to secure, usually bound to the loopback interfase, as you probably don't want to allow unsecure connections. On the client the accept port is the port your client application will connect to.
Hope this helps to clarify a bit.
Regards
-----Original Message----- From: daninho dj daninho.dj@gmail.com Sender: "stunnel-users" stunnel-users-bounces@stunnel.org Date: Thu, 9 Apr 2015 14:28:25 To: stunnel-users@stunnel.org Subject: [stunnel-users] Session is active but I cannot connect
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-- daninho http://daninhodj.com
stunnel-users mailing liststunnel-users@stunnel.orghttps://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-- Carter Brownecbrowne@cbcs-usa.com
The key error message is bind: Address already in use (98) You can' set both accept and connect to the same port.
See if you can configure your jdbc app on the server to listen on loopback interfase, line 127.0.0.1:2404, then set accept=yourserveraddress:2406 and connect=127.0.0.1:2404
-----Original Message----- From: daninho dj daninho.dj@gmail.com Date: Thu, 9 Apr 2015 17:30:55 To: cbrowne@cbcs-usa.com Cc: josealf@rocketmail.com; stunnel-users@stunnel.org Subject: Re: [stunnel-users] Session is active but I cannot connect
It was typo sorry. The settings on the server are:
[test] accept = 2406 connect = 2404
and on the client:
[jdbc] client = yes accept = 127.0.0.1:2404 connect = my_server_name:2406
I'm trying to start the service on the server and it's not working:
/etc/init.d/stunnel start Starting stunnel (SSL tunnel) startproc: exit status of parent of /usr/sbin/stunnel: 1 please see /var/log/rc.stunnel.log for details
failed
Regards,
On Thu, Apr 9, 2015 at 5:04 PM, Carter Browne cbcs@comcast.net wrote:
In your before setting, your client should have been to connect to your test server:
[jdbc] client = yes accept = 127.0.0.1:2404 connect=my_server_name:2404
In your after setting, the accept and connect ports cannot be the same port.
On 4/9/2015 10:51 AM, daninho dj wrote:
Hi Jose,
Thanks for mail. The problem is that when I change the accept port on the server, stunnel doesn't start:
*Before:*
*Server:*
[test] accept = 2404 connect = 2406
*Client:*
[jdbc] client = yes accept = 127.0.0.1:2404 connect = *my_server_name*:2406
*After:*
I edited the stunnel.conf on the server:
[test] accept = 2406 connect = 2406
Then trying to start the service:
*/etc/init.d/stunnel start* *Starting stunnel (SSL tunnel) startproc: exit status of parent of /usr/sbin/stunnel: 1*
please see /var/log/rc.stunnel.log for details
failed*/var/log/rc.stunnel.log is empty but in the log specified in the stunnel.conf I have the following:
tail -10 /var/log/stunnel/stunnel.log 2015.04.09 16:42:36 LOG5[22524:139805264570112]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2015.04.09 16:42:36 LOG6[22524:139805264570112]: file ulimit = 262144 (can be changed with 'ulimit -n') 2015.04.09 16:42:36 LOG6[22524:139805264570112]: poll() used - no FD_SETSIZE limit for file descriptors 2015.04.09 16:42:36 LOG5[22524:139805264570112]: 128000 clients allowed 2015.04.09 16:42:36 LOG7[22524:139805264570112]: FD 10 in non-blocking mode 2015.04.09 16:42:36 LOG7[22524:139805264570112]: FD 11 in non-blocking mode 2015.04.09 16:42:36 LOG7[22524:139805264570112]: FD 12 in non-blocking mode 2015.04.09 16:42:36 LOG7[22524:139805264570112]: SO_REUSEADDR option set on accept socket 2015.04.09 16:42:36 LOG3[22524:139805264570112]: Error binding test to 0.0.0.0:2406 2015.04.09 16:42:36 LOG3[22524:139805264570112]: bind: Address already in use (98)
Same thing happens when I try to change the ports on the client. Any idea how this problem can be solved?
Thanks and regards, Daninho
On Thu, Apr 9, 2015 at 4:12 PM, josealf@rocketmail.com wrote:
The accept port on the server Config must be the same as the connect port on the client config. The connect port on the server must be the port used by the application/service you try to secure, usually bound to the loopback interfase, as you probably don't want to allow unsecure connections. On the client the accept port is the port your client application will connect to.
Hope this helps to clarify a bit.
Regards
-----Original Message----- From: daninho dj daninho.dj@gmail.com Sender: "stunnel-users" stunnel-users-bounces@stunnel.org Date: Thu, 9 Apr 2015 14:28:25 To: stunnel-users@stunnel.org Subject: [stunnel-users] Session is active but I cannot connect
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-- daninho http://daninhodj.com
stunnel-users mailing liststunnel-users@stunnel.orghttps://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-- Carter Brownecbrowne@cbcs-usa.com
Did you do a netstat -np to see if there is another program listening on port 2406?
On 4/9/2015 11:30 AM, daninho dj wrote:
It was typo sorry. The settings on the server are:
[test] accept = 2406 connect = 2404
and on the client:
[jdbc] client = yes accept = 127.0.0.1:2404 http://127.0.0.1:2404 connect = my_server_name:2406
I'm trying to start the service on the server and it's not working:
/etc/init.d/stunnel start Starting stunnel (SSL tunnel) startproc: exit status of parent of /usr/sbin/stunnel: 1 please see /var/log/rc.stunnel.log for details failed
Regards,
On Thu, Apr 9, 2015 at 5:04 PM, Carter Browne <cbcs@comcast.net mailto:cbcs@comcast.net> wrote:
In your before setting, your client should have been to connect to your test server: [jdbc] client = yes accept = 127.0.0.1:2404 <http://127.0.0.1:2404> connect=my_server_name:2404 In your after setting, the accept and connect ports cannot be the same port. On 4/9/2015 10:51 AM, daninho dj wrote:Hi Jose, Thanks for mail. The problem is that when I change the accept port on the server, stunnel doesn't start: *Before:* _Server:_ [test] accept = 2404 connect = 2406 _Client:_ [jdbc] client = yes accept = 127.0.0.1:2404 <http://127.0.0.1:2404> connect = /my_server_name/:2406 *After:* I edited the stunnel.conf on the server: [test] accept = 2406 connect = 2406 Then trying to start the service: */etc/init.d/stunnel start* *Starting stunnel (SSL tunnel) startproc: exit status of parent of /usr/sbin/stunnel: 1* * please see /var/log/rc.stunnel.log for details failed* /var/log/rc.stunnel.log is empty but in the log specified in the stunnel.conf I have the following: tail -10 /var/log/stunnel/stunnel.log 2015.04.09 16:42:36 LOG5[22524:139805264570112]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2015.04.09 16:42:36 LOG6[22524:139805264570112]: file ulimit = 262144 (can be changed with 'ulimit -n') 2015.04.09 16:42:36 LOG6[22524:139805264570112]: poll() used - no FD_SETSIZE limit for file descriptors 2015.04.09 16:42:36 LOG5[22524:139805264570112]: 128000 clients allowed 2015.04.09 16:42:36 LOG7[22524:139805264570112]: FD 10 in non-blocking mode 2015.04.09 16:42:36 LOG7[22524:139805264570112]: FD 11 in non-blocking mode 2015.04.09 16:42:36 LOG7[22524:139805264570112]: FD 12 in non-blocking mode 2015.04.09 16:42:36 LOG7[22524:139805264570112]: SO_REUSEADDR option set on accept socket 2015.04.09 16:42:36 LOG3[22524:139805264570112]: Error binding test to 0.0.0.0:2406 <http://0.0.0.0:2406> 2015.04.09 16:42:36 LOG3[22524:139805264570112]: bind: Address already in use (98) Same thing happens when I try to change the ports on the client. Any idea how this problem can be solved? Thanks and regards, Daninho On Thu, Apr 9, 2015 at 4:12 PM, <josealf@rocketmail.com <mailto:josealf@rocketmail.com>> wrote: The accept port on the server Config must be the same as the connect port on the client config. The connect port on the server must be the port used by the application/service you try to secure, usually bound to the loopback interfase, as you probably don't want to allow unsecure connections. On the client the accept port is the port your client application will connect to. Hope this helps to clarify a bit. Regards -----Original Message----- From: daninho dj <daninho.dj@gmail.com <mailto:daninho.dj@gmail.com>> Sender: "stunnel-users" <stunnel-users-bounces@stunnel.org <mailto:stunnel-users-bounces@stunnel.org>> Date: Thu, 9 Apr 2015 14:28:25 To: <stunnel-users@stunnel.org <mailto:stunnel-users@stunnel.org>> Subject: [stunnel-users] Session is active but I cannot connect _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org <mailto:stunnel-users@stunnel.org> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users -- daninho <http://daninhodj.com> _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org <mailto:stunnel-users@stunnel.org> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users-- Carter Browne cbrowne@cbcs-usa.com <mailto:cbrowne@cbcs-usa.com>-- daninho http://daninhodj.com
-
Carter Browne -
daninho dj -
josealf@rocketmail.com