behaviour when using 127.0.0.1 in the 'connect' field
Hi all - just want to report a problem I solved recently but wanted to get some insights on what was causing the problem. About me - learnt some unix at university (20 years ago) but nothing too serious. Recently (1 month ago) acquired own domain name and now poking around the cloud computing / VPS thing. Project - hand-rolling my own VPN setup on a Ubuntu 18.04 VPS. OpenVPN is easy since it is a git-clone thing and then just follow the openvpn-install script. I wanted to add on the Stunnel wrapper because intended to use the VPN in China and apparently their firewall does deep packet inspection and can recognize (and block) openvpn traffic. Problem - when I set up my stunnel using 127.0.0.1 as the connect destination; it doesn't seem to work (I can see from openvpn window that things seem to pipe through stunnel but then immediately the connection is terminated). If I replace the 127.0.0.1 with IP of the box I am using (say for example 1.2.3.4); everything works! The FQDN is ok as well; as long as I don't use 127.0.0.1 Specifically the stunnel.conf: [OpenVPN] Accept = 443 # clients connect through 443 to further avoid potential blocking Connect = 127.0.0.1:1194 #<- this line won't work; but if I replace with 1.2.3.4:1194 then it will work! Question - My problem is fixed but I am curious if there is any insights on why this is happening given that 1.2.3.4 and 127.0.0.1 are the same machine?
On Tue, Mar 10, 2020 at 01:25:33PM +0800, Kelly Trinh wrote: [formatting fixed a bit]
Hi all - just want to report a problem I solved recently but wanted to get some insights on what was causing the problem.
About me - learnt some unix at university (20 years ago) but nothing too serious. Recently (1 month ago) acquired own domain name and now poking around the cloud computing / VPS thing.
Project - hand-rolling my own VPN setup on a Ubuntu 18.04 VPS. OpenVPN is easy since it is a git-clone thing and then just follow the openvpn-install script. I wanted to add on the Stunnel wrapper because intended to use the VPN in China and apparently their firewall does deep packet inspection and can recognize (and block) openvpn traffic.
Problem - when I set up my stunnel using 127.0.0.1 as the connect destination; it doesn't seem to work (I can see from openvpn window that things seem to pipe through stunnel but then immediately the connection is terminated). If I replace the 127.0.0.1 with IP of the box I am using (say for example 1.2.3.4); everything works! The FQDN is ok as well; as long as I don't use 127.0.0.1
Specifically the stunnel.conf:
[OpenVPN] Accept = 443 # clients connect through 443 to further avoid potential blocking Connect = 127.0.0.1:1194 #<- this line won't work; but if I replace with 1.2.3.4:1194 then it will work!
Question - My problem is fixed but I am curious if there is any insights on why this is happening given that 1.2.3.4 and 127.0.0.1 are the same machine?
Hi, Could you post: - your full stunnel config, not just this snippet - the logfile of stunnel when you have it configured to connect to 127.0.0.1 and you attempt a connection - the output of `lsof -P -n -i tcp:443,1194` as root just after the connection fails (you may need to `apt install lsof` beforehand) Thanks in advance! G'luck, Peter -- Peter Pentchev roam@{ringlet.net,debian.org,FreeBSD.org} pp@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
Kelly, Most likely, your OpenVPN server is not listening on (not bound to) your loopback interface. Check your OpenVPN configuration file. I understand you need to add local 127.0.0.1 to you openvpn.conf regards, Jose
On Mar 10, 2020, at 12:25 AM, Kelly Trinh <kelly@trinhonline.com> wrote:
Hi all - just want to report a problem I solved recently but wanted to get some insights on what was causing the problem.
About me - learnt some unix at university (20 years ago) but nothing too serious. Recently (1 month ago) acquired own domain name and now poking around the cloud computing / VPS thing.
Project - hand-rolling my own VPN setup on a Ubuntu 18.04 VPS. OpenVPN is easy since it is a git-clone thing and then just follow the openvpn-install script. I wanted to add on the Stunnel wrapper because intended to use the VPN in China and apparently their firewall does deep packet inspection and can recognize (and block) openvpn traffic.
Problem - when I set up my stunnel using 127.0.0.1 as the connect destination; it doesn't seem to work (I can see from openvpn window that things seem to pipe through stunnel but then immediately the connection is terminated). If I replace the 127.0.0.1 with IP of the box I am using (say for example 1.2.3.4); everything works! The FQDN is ok as well; as long as I don't use 127.0.0.1
Specifically the stunnel.conf:
[OpenVPN] Accept = 443 # clients connect through 443 to further avoid potential blocking Connect = 127.0.0.1:1194 #<- this line won't work; but if I replace with 1.2.3.4:1194 then it will work!
Question - My problem is fixed but I am curious if there is any insights on why this is happening given that 1.2.3.4 and 127.0.0.1 are the same machine?
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
Hi Jose - thanks; that was the issue thanks to your clue; I searched around a bit and found I can see what openvpn is listen to with this netstat -nlp and turns out editing the server.conf and removing the local line entirely makes openvpn listen on all interfaces and that got things going which was great. ---- On Tue, 10 Mar 2020 19:26:54 +0800 Josealf.rm <josealf@rocketmail.com> wrote ---- Kelly, Most likely, your OpenVPN server is not listening on (not bound to) your loopback interface. Check your OpenVPN configuration file. I understand you need to add local 127.0.0.1 to you openvpn.conf regards, Jose On Mar 10, 2020, at 12:25 AM, Kelly Trinh <mailto:kelly@trinhonline.com> wrote: _______________________________________________ stunnel-users mailing list mailto:stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users Hi all - just want to report a problem I solved recently but wanted to get some insights on what was causing the problem. About me - learnt some unix at university (20 years ago) but nothing too serious. Recently (1 month ago) acquired own domain name and now poking around the cloud computing / VPS thing. Project - hand-rolling my own VPN setup on a Ubuntu 18.04 VPS. OpenVPN is easy since it is a git-clone thing and then just follow the openvpn-install script. I wanted to add on the Stunnel wrapper because intended to use the VPN in China and apparently their firewall does deep packet inspection and can recognize (and block) openvpn traffic. Problem - when I set up my stunnel using 127.0.0.1 as the connect destination; it doesn't seem to work (I can see from openvpn window that things seem to pipe through stunnel but then immediately the connection is terminated). If I replace the 127.0.0.1 with IP of the box I am using (say for example 1.2.3.4); everything works! The FQDN is ok as well; as long as I don't use 127.0.0.1 Specifically the stunnel.conf: [OpenVPN] Accept = 443 # clients connect through 443 to further avoid potential blocking Connect = 127.0.0.1:1194 #<- this line won't work; but if I replace with 1.2.3.4:1194 then it will work! Question - My problem is fixed but I am curious if there is any insights on why this is happening given that 1.2.3.4 and 127.0.0.1 are the same machine?
participants (3)
-
Josealf.rm -
Kelly Trinh -
Peter Pentchev