Hello,
I've installed a stunnel between my laptop and my server (both in Debian SID) [v5.06-2].
Here is my client stunnel.conf : pid = /var/run/stunnel.pid client = yes sslVersion = TLSv1.2 debug = 7 [ssh] accept = 5000 protocol = connect protocolHost = myserver:443 connect = myproxy:8080
The server one : cert = mycert key = mykey chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 pid = /stunnel4.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 sslVersion = TLSv1.2 ; https ou ssh encapsulé dans du ssl [sslh] accept = 443 connect = myserver:444
And my .ssh/config : Host myserver HostName localhost Port 5000 IdentityFile ~/.ssh/mykey ProtocolKeepAlives 6
At home (I use tinyproxy to test), everything is OK. At work, with a "true" proxy, sometimes I can connect (but I'm quickly disconnected), sometimes I can't... I've watch the logs but find nothing.
Do you have any idea ? Something to look in the logs ?
Here is an example of a short connection : ~ $ ssh myserver root@myserver:~# cat /var/log/syslog | grep stunnel [...] root@myserver~# Timeout, server localhost not responding.
More often I have : ~ $ ssh myserver ssh_exchange_identification: Connection closed by remote host
In my local logs : Mar 12 13:24:41 mylaptop stunnel: LOG7[3984]: Service [ssh] accepted (FD=3) from 127.0.0.1:44794 Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: Service [ssh] started Mar 12 13:24:41 mylaptop stunnel: LOG5[3223]: Service [ssh] accepted connection from 127.0.0.1:44794 Mar 12 13:24:41 mylaptop stunnel: LOG6[3223]: s_connect: connecting myproxy:8080 Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: s_connect: s_poll_wait myproxy:8080: waiting 10 seconds Mar 12 13:24:41 mylaptop stunnel: LOG5[3223]: s_connect: connected myproxy:8080 Mar 12 13:24:41 mylaptop stunnel: LOG5[3223]: Service [ssh] connected remote server from myIP:58282 Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: Remote socket (FD=8) initialized Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: -> CONNECT myserver:443 HTTP/1.1 Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: -> Host: myserver:443 Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: -> Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: <- HTTP/1.1 200 Connection established Mar 12 13:24:41 mylaptop stunnel: LOG6[3223]: CONNECT request accepted Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: <- Mar 12 13:24:41 mylaptop stunnel: LOG6[3223]: SNI: sending servername: myserver Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): before/connect initialization Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): unknown state Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): unknown state Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): unknown state Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): unknown state Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): unknown state Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): unknown state Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 54 items in the session cache Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 109 client connects (SSL_connect()) Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 110 client connects that finished Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 client renegotiations requested Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 server connects (SSL_accept()) Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 server connects that finished Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 server renegotiations requested Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 56 session cache hits Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 external session cache hits Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 session cache misses Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: SSL alert (read): warning: close notify Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: SSL closed (SSL_read) Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Sent socket write shutdown Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: Read socket closed (readsocket) Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: Read socket closed (hangup) Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: Write socket closed (hangup) Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Sending close_notify alert Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: SSL alert (write): warning: close notify Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: SSL_shutdown successfully sent close_notify alert Mar 12 13:24:43 mylaptop stunnel: LOG5[3223]: Connection closed: 32 byte(s) sent to SSL, 0 byte(s) sent to socket Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Remote socket (FD=8) closed Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Local socket (FD=3) closed Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Service [ssh] finished (0 left)
Thank you.
David.
On Thu, Mar 12, 2015 at 01:28:53PM +0100, debian@bercot.org wrote:
Hello,
I've installed a stunnel between my laptop and my server (both in Debian SID) [v5.06-2].
Here is my client stunnel.conf :
[snip]
The server one :
[snip]
And my .ssh/config :
[snip]
At home (I use tinyproxy to test), everything is OK. At work, with a "true" proxy, sometimes I can connect (but I'm quickly disconnected), sometimes I can't... I've watch the logs but find nothing.
Do you have any idea ? Something to look in the logs ?
Hi,
You may be seeing the problem described in Debian bug #771241 - https://bugs.debian.org/771241 - which was actually fixed in later upstream versions of Stunnel, but I haven't got around to adding the fix to the Debian package yet :( Sorry about that, I'll see what I can do to prepare an updated package within the next couple of days.
G'luck, Peter
Le 2015-03-12 15:30, Peter Pentchev a écrit :
On Thu, Mar 12, 2015 at 01:28:53PM +0100, debian@bercot.org wrote:
Hello,
I've installed a stunnel between my laptop and my server (both in Debian SID) [v5.06-2].
Here is my client stunnel.conf :
[snip]
The server one :
[snip]
And my .ssh/config :
[snip]
At home (I use tinyproxy to test), everything is OK. At work, with a "true" proxy, sometimes I can connect (but I'm quickly disconnected), sometimes I can't... I've watch the logs but find nothing.
Do you have any idea ? Something to look in the logs ?
Hi,
You may be seeing the problem described in Debian bug #771241 - https://bugs.debian.org/771241 - which was actually fixed in later upstream versions of Stunnel, but I haven't got around to adding the fix to the Debian package yet :( Sorry about that, I'll see what I can do to prepare an updated package within the next couple of days.
G'luck, Peter
Well, if it's a bug, it's good news for me ;-) I've seen there is a patch : 17-upstream-POLLRDHUP-handling-error-fix.patch It is only for the client ? Do you know if I can apply it ?
Thank you.
David.
I can't unsubscribe from the list, I want to unsubscribe
I enter my email address it wants a password. I enter one it says Illegal email address.
I don't remember any password. I click Remind, and it still says Illegal email address
https://www.stunnel.org/cgi-bin/mailman/options/stunnel-users
Le Thu, 12 Mar 2015 15:38:56 +0100, debian@bercot.org a écrit :
Le 2015-03-12 15:30, Peter Pentchev a écrit :
On Thu, Mar 12, 2015 at 01:28:53PM +0100, debian@bercot.org wrote:
Hello,
I've installed a stunnel between my laptop and my server (both in Debian SID) [v5.06-2].
Here is my client stunnel.conf :
[snip]
The server one :
[snip]
And my .ssh/config :
[snip]
At home (I use tinyproxy to test), everything is OK. At work, with a "true" proxy, sometimes I can connect (but I'm quickly disconnected), sometimes I can't... I've watch the logs but find nothing.
Do you have any idea ? Something to look in the logs ?
Hi,
You may be seeing the problem described in Debian bug #771241 - https://bugs.debian.org/771241 - which was actually fixed in later upstream versions of Stunnel, but I haven't got around to adding the fix to the Debian package yet :( Sorry about that, I'll see what I can do to prepare an updated package within the next couple of days.
G'luck, Peter
Well, if it's a bug, it's good news for me ;-) I've seen there is a patch : 17-upstream-POLLRDHUP-handling-error-fix.patch It is only for the client ? Do you know if I can apply it ?
Thank you.
David.
Well, I've compiled the last version (5.11) on the client side. I will test it tomorrow in order to verify that everything is OK.
Thank you.
David.
Le Thu, 12 Mar 2015 17:59:08 +0100, David BERCOT debian@bercot.org a écrit :
Le Thu, 12 Mar 2015 15:38:56 +0100, debian@bercot.org a écrit :
Le 2015-03-12 15:30, Peter Pentchev a écrit :
On Thu, Mar 12, 2015 at 01:28:53PM +0100, debian@bercot.org wrote:
Hello,
I've installed a stunnel between my laptop and my server (both in Debian SID) [v5.06-2].
Here is my client stunnel.conf :
[snip]
The server one :
[snip]
And my .ssh/config :
[snip]
At home (I use tinyproxy to test), everything is OK. At work, with a "true" proxy, sometimes I can connect (but I'm quickly disconnected), sometimes I can't... I've watch the logs but find nothing.
Do you have any idea ? Something to look in the logs ?
Hi,
You may be seeing the problem described in Debian bug #771241 - https://bugs.debian.org/771241 - which was actually fixed in later upstream versions of Stunnel, but I haven't got around to adding the fix to the Debian package yet :( Sorry about that, I'll see what I can do to prepare an updated package within the next couple of days.
G'luck, Peter
Well, if it's a bug, it's good news for me ;-) I've seen there is a patch : 17-upstream-POLLRDHUP-handling-error-fix.patch It is only for the client ? Do you know if I can apply it ?
Thank you.
David.
Well, I've compiled the last version (5.11) on the client side. I will test it tomorrow in order to verify that everything is OK.
Thank you.
David.
Hello,
I've tested this morning and everything is OK with 5.11 on the client side.
David.
-
David BERCOT -
debian@bercot.org
-
narly -
Peter Pentchev