I received the following error trying to connect to a Windows host using RDP. I use stunnel as a connection point with secure messages coming in and then forwarded as secure messages going the desired end point. Stunnel is running on all three systems, the originator, the relay, and the destination. I have been using stunnel in this role for many years. As an additional point, 5.51 did work properly in the same role for secure telnet. The part of the log showing the failure is below.
Thanks, Carter
Before 2019.05.03 15:44:02 LOG5[ui]: stunnel 5.50 on armv7l-unknown-linux-gnueabihf platform 2019.05.03 15:44:02 LOG5[ui]: Compiled with OpenSSL 1.1.1a 20 Nov 2018 2019.05.03 15:44:02 LOG5[ui]: Running with OpenSSL 1.1.1b 26 Feb 2019 2019.05.03 15:44:02 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI 2019.05.03 15:44:02 LOG5[ui]: Reading configuration from file /etc/stunnel/stunnel.conf 2019.05.03 15:44:02 LOG5[ui]: UTF-8 byte order mark not detected 2019.05.03 15:44:02 LOG5[ui]: FIPS mode disabled 2019.05.03 15:44:52 LOG5[ui]: Configuration successful 2019.05.03 15:44:52 LOG5[ui]: Switched to chroot directory: /var/run/stunnel/ ... 2019.05.08 08:26:08 LOG5[980]: Service [c13alt-rdp] accepted connection from 192.168.179.22:63218 2019.05.08 08:26:09 LOG5[980]: Certificate accepted at depth=0: C=US, ST=Massachusetts, L=Winchester, O=CBCS, OU=MIS, CN=cbrowne-39, emailAddress=cbrowne@cbcs-usa.com 2019.05.08 08:26:09 LOG5[981]: Service [cbrowne-13-rdp] accepted connection from 127.0.0.1:49180 2019.05.08 08:26:09 LOG5[980]: s_connect: connected 127.0.1.127:3389 2019.05.08 08:26:09 LOG5[981]: s_connect: connected 10.251.129.118:8001 2019.05.08 08:26:09 LOG5[981]: Service [cbrowne-13-rdp] connected remote server from 10.251.129.84:44796 2019.05.08 08:26:09 LOG5[980]: Service [c13alt-rdp] connected remote server from 127.0.0.1:49180 2019.05.08 08:26:09 LOG5[981]: Certificate accepted at depth=0: C=US, ST=Massachusetts, L=Winchester, O=CBCS, OU=MIS, CN=cbrowne-13.cbcsnet.local, emailAddress=cbrowne@cbcs-usa.com 2019.05.08 08:26:23 LOG5[980]: Connection closed: 1615 byte(s) sent to TLS, 1061 byte(s) sent to socket 2019.05.08 08:26:23 LOG5[981]: Connection closed: 1061 byte(s) sent to TLS, 1615 byte(s) sent to socket 2019.05.08 08:26:23 LOG5[982]: Service [c13alt-rdp] accepted connection from 192.168.179.22:63243 2019.05.08 08:26:23 LOG5[983]: Service [cbrowne-13-rdp] accepted connection from 127.0.0.1:49184 2019.05.08 08:26:23 LOG5[982]: s_connect: connected 127.0.1.127:3389 2019.05.08 08:26:23 LOG5[982]: Service [c13alt-rdp] connected remote server from 127.0.0.1:49184 2019.05.08 08:26:23 LOG5[983]: s_connect: connected 10.251.129.118:8001 2019.05.08 08:26:23 LOG5[983]: Service [cbrowne-13-rdp] connected remote server from 10.251.129.84:44800 After 2019.05.08 12:50:18 LOG5[ui]: stunnel 5.51 on armv7l-unknown-linux-gnueabihf platform 2019.05.08 12:50:18 LOG5[ui]: Compiled/running with OpenSSL 1.1.1b 26 Feb 2019 2019.05.08 12:50:18 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI 2019.05.08 12:50:18 LOG5[ui]: Reading configuration from file /etc/stunnel/stunnel.conf 2019.05.08 12:50:18 LOG5[ui]: UTF-8 byte order mark not detected 2019.05.08 12:50:18 LOG5[ui]: FIPS mode disabled 2019.05.08 12:50:42 LOG5[ui]: Configuration successful 2019.05.08 12:51:01 LOG5[2]: Service [c13alt-rdp] accepted connection from 192.168.179.22:64139 2019.05.08 12:51:02 LOG5[2]: Certificate accepted at depth=0: C=US, ST=Massachusetts, L=Winchester, O=CBCS, OU=MIS, CN=cbrowne-39, emailAddress=cbrowne@cbcs-usa.com 2019.05.08 12:51:02 LOG5[3]: Service [cbrowne-13-rdp] accepted connection from 127.0.0.1:49330 2019.05.08 12:51:02 LOG5[2]: s_connect: connected 127.0.1.127:3389 2019.05.08 12:51:02 LOG5[2]: Service [c13alt-rdp] connected remote server from 127.0.0.1:49330 2019.05.08 12:51:02 LOG5[3]: s_connect: connected 10.251.129.118:8001 2019.05.08 12:51:02 LOG5[3]: Service [cbrowne-13-rdp] connected remote server from 10.251.129.84:44946 2019.05.08 12:51:02 LOG5[3]: Certificate accepted at depth=0: C=US, ST=Massachusetts, L=Winchester, O=CBCS, OU=MIS, CN=cbrowne-13.cbcsnet.local, emailAddress=cbrowne@cbcs-usa.com 2019.05.08 12:51:15 LOG5[2]: Connection closed: 1615 byte(s) sent to TLS, 1061 byte(s) sent to socket 2019.05.08 12:51:15 LOG5[3]: Connection closed: 1061 byte(s) sent to TLS, 1615 byte(s) sent to socket 2019.05.08 12:51:15 LOG5[4]: Service [c13alt-rdp] accepted connection from 192.168.179.22:64141 2019.05.08 12:51:15 LOG5[5]: Service [cbrowne-13-rdp] accepted connection from 127.0.0.1:49334 2019.05.08 12:51:15 LOG5[4]: s_connect: connected 127.0.1.127:3389 2019.05.08 12:51:15 LOG5[4]: Service [c13alt-rdp] connected remote server from 127.0.0.1:49334 2019.05.08 12:51:15 LOG5[5]: s_connect: connected 10.251.129.118:8001 2019.05.08 12:51:15 LOG5[5]: Service [cbrowne-13-rdp] connected remote server from 10.251.129.84:44950 2019.05.08 12:51:18 LOG3[4]: transfer() loop executes not transferring any data 2019.05.08 12:51:18 LOG3[4]: please report the problem to Michal.Trojnara@stunnel.org 2019.05.08 12:51:18 LOG3[4]: stunnel 5.51 on armv7l-unknown-linux-gnueabihf platform 2019.05.08 12:51:18 LOG3[4]: Compiled/running with OpenSSL 1.1.1b 26 Feb 2019 2019.05.08 12:51:18 LOG3[4]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI 2019.05.08 12:51:18 LOG3[4]: protocol=TLSv1.2, SSL_pending=0 2019.05.08 12:51:18 LOG3[4]: sock_open_rd=Y, sock_open_wr=Y 2019.05.08 12:51:18 LOG3[4]: SSL_RECEIVED_SHUTDOWN=n, SSL_SENT_SHUTDOWN=n 2019.05.08 12:51:18 LOG3[4]: sock_can_rd=n, sock_can_wr=n 2019.05.08 12:51:18 LOG3[4]: ssl_can_rd=n, ssl_can_wr=n 2019.05.08 12:51:18 LOG3[4]: read_wants_read=Y, read_wants_write=n 2019.05.08 12:51:18 LOG3[4]: write_wants_read=n, write_wants_write=n 2019.05.08 12:51:18 LOG3[4]: shutdown_wants_read=n, shutdown_wants_write=n 2019.05.08 12:51:18 LOG3[4]: socket input buffer: 0 byte(s), TLS input buffer: 0 byte(s) 2019.05.08 12:51:18 LOG5[4]: Connection reset: 2786 byte(s) sent to TLS, 5077 byte(s) sent to socket 2019.05.08 12:51:18 LOG5[5]: Connection closed: 5077 byte(s) sent to TLS, 2989 byte(s) sent to socket 2019.05.08 12:52:03 LOG5[6]: Service [c13alt-rdp] accepted connection from 192.168.179.22:64144 2019.05.08 12:52:03 LOG5[6]: s_connect: connected 127.0.1.127:3389 2019.05.08 12:52:03 LOG5[6]: Service [c13alt-rdp] connected remote server from 127.0.0.1:49340 2019.05.08 12:52:03 LOG5[7]: Service [cbrowne-13-rdp] accepted connection from 127.0.0.1:49340 2019.05.08 12:52:03 LOG5[7]: s_connect: connected 10.251.129.118:8001 2019.05.08 12:52:03 LOG5[7]: Service [cbrowne-13-rdp] connected remote server from 10.251.129.84:44956 2019.05.08 12:52:14 LOG5[6]: Connection closed: 1615 byte(s) sent to TLS, 1061 byte(s) sent to socket 2019.05.08 12:52:14 LOG5[7]: Connection closed: 1061 byte(s) sent to TLS, 1615 byte(s) sent to socket 2019.05.08 12:52:14 LOG5[8]: Service [c13alt-rdp] accepted connection from 192.168.179.22:64147 2019.05.08 12:52:14 LOG5[9]: Service [cbrowne-13-rdp] accepted connection from 127.0.0.1:49344 2019.05.08 12:52:14 LOG5[9]: s_connect: connected 10.251.129.118:8001 2019.05.08 12:52:14 LOG5[9]: Service [cbrowne-13-rdp] connected remote server from 10.251.129.84:44960 2019.05.08 12:52:14 LOG5[8]: s_connect: connected 127.0.1.127:3389 2019.05.08 12:52:14 LOG5[8]: Service [c13alt-rdp] connected remote server from 127.0.0.1:49344 2019.05.08 12:52:16 LOG3[8]: transfer() loop executes not transferring any data 2019.05.08 12:52:16 LOG3[8]: please report the problem to Michal.Trojnara@stunnel.org
Carter,
On 5/8/19 14:47, Carter Browne wrote:
I received the following error trying to connect to a Windows host using RDP. I use stunnel as a connection point with secure messages coming in and then forwarded as secure messages going the desired end point. Stunnel is running on all three systems, the originator, the relay, and the destination. I have been using stunnel in this role for many years. As an additional point, 5.51 did work properly in the same role for secure telnet. The part of the log showing the failure is below.
Can you try again with stunnel 5.53? It looks like both 5.51 and 5.52 have some serious problems and maybe shouldn't be used in production.
-chris
Chris,
I've stopped building my own copy, I'll give 5.53 a try when archlinuxarm releases it. The arch linux group is very much leading edge, so I expect it will be soon.
Thanks, Carter
On 5/8/2019 3:06 PM, Christopher Schultz wrote:
Carter,
On 5/8/19 14:47, Carter Browne wrote:
I received the following error trying to connect to a Windows host using RDP. I use stunnel as a connection point with secure messages coming in and then forwarded as secure messages going the desired end point. Stunnel is running on all three systems, the originator, the relay, and the destination. I have been using stunnel in this role for many years. As an additional point, 5.51 did work properly in the same role for secure telnet. The part of the log showing the failure is below.
Can you try again with stunnel 5.53? It looks like both 5.51 and 5.52 have some serious problems and maybe shouldn't be used in production.
-chris
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-
Carter Browne -
Christopher Schultz