Hello,
I have a program that opens up a connection to port 10000 of a server and sends it some data. It works normally. I'm trying to "stunnel" both ends.
In my program I create a socket, connect to local port 7033, send my data, and close the socket. I verified that every function call returns success (socket, setsockopt (for TCP_NODELAY), gethostbyname, connect, and send).
From what the logs show below, it seems that server stunnel gets the
connection from the client stunnel, they successfully negotiate the SSL stuff, then the client stunnel waits for any data to proxy to the server stunnel. The server stunnel is waiting too, and after 10 seconds of no data, it closes the socket.
For some reason the client stunnel is not getting my data and therefore doesn't forward anything over to the server stunnel. I'm not sure why this is happening, because my program works normally and I've verified that everything returned success.
Any ideas?
- Jeremiah
-----------------------------
ON CLIENT (1.2.3.60)
Linux stunnel 4.16 OpenSSL 0.9.7c
stunnel.conf is... pid = client = yes
[7033] accept = 127.0.0.1:7033 connect = 1.2.3.70:7033
-----------------------------
ON SERVER (1.2.3.70)
Windows stunnel 4.16 windows binary installer (Aug 31 2006)
stunnel.conf is...
cert = stunnel.pem socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7
[7033] accept = 1.2.3.60:7033 connect = 127.0.0.1:10000
-----------------------------
On client I see this debug...
Oct 24 14:38:22 stunnel: LOG5[2892:258]: 7033 connected from 127.0.0.1:10251 Oct 24 14:38:32 stunnel: LOG3[2892:258]: SSL_read: Connection reset by peer (104) Oct 24 14:38:32 stunnel: LOG5[2892:258]: Connection reset: 56 bytes sent to SSL, 0 bytes send to socket
-----------------------------
On server I see this debug...
2006.10.24 14:43:08 LOG7[2596:4068]: 7033 accepted FD=196 from 1.2.3.60:10252 2006.10.24 14:43:08 LOG7[2596:4068]: Creating a new thread 2006.10.24 14:43:09 LOG7[2596:4068]: New thread created 2006.10.24 14:43:09 LOG7[2596:2372]: 7033 started 2006.10.24 14:43:09 LOG7[2596:2372]: FD 196 in non-blocking mode 2006.10.24 14:43:09 LOG7[2596:2372]: TCP_NODELAY option set on local socket 2006.10.24 14:43:09 LOG5[2596:2372]: 7033 connected from 1.2.3.60:10252 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): before/accept initialization 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 read client hello A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write server hello A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write certificate A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write server done A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 flush data 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 read client key exchange A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 read finished A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write change cipher spec A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write finished A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 flush data 2006.10.24 14:43:09 LOG7[2596:2372]: 3 items in the session cache 2006.10.24 14:43:09 LOG7[2596:2372]: 0 client connects (SSL_connect()) 2006.10.24 14:43:09 LOG7[2596:2372]: 0 client connects that finished 2006.10.24 14:43:09 LOG7[2596:2372]: 0 client renegotiations requested 2006.10.24 14:43:09 LOG7[2596:2372]: 5 server connects (SSL_accept()) 2006.10.24 14:43:09 LOG7[2596:2372]: 5 server connects that finished 2006.10.24 14:43:09 LOG7[2596:2372]: 0 server renegotiations requested 2006.10.24 14:43:09 LOG7[2596:2372]: 1 session cache hits 2006.10.24 14:43:09 LOG7[2596:2372]: 1 session cache misses 2006.10.24 14:43:09 LOG7[2596:2372]: 1 session cache timeouts 2006.10.24 14:43:09 LOG6[2596:2372]: SSL accepted: new session negotiated 2006.10.24 14:43:09 LOG6[2596:2372]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 2006.10.24 14:43:09 LOG7[2596:2372]: FD 180 in non-blocking mode 2006.10.24 14:43:09 LOG7[2596:2372]: 7033 connecting 127.0.0.1:10000 2006.10.24 14:43:09 LOG7[2596:2372]: connect_wait: waiting 10 seconds 2006.10.24 14:43:19 LOG6[2596:2372]: connect_wait: s_poll_wait timeout 2006.10.24 14:43:19 LOG5[2596:2372]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2006.10.24 14:43:19 LOG7[2596:2372]: 7033 finished (0 left)
On the server side, I think you should be receiving on 1.2.3.70 (since that is where you are sending the data).
Carter
Jeremiah Martell wrote:
Hello,
I have a program that opens up a connection to port 10000 of a server and sends it some data. It works normally. I'm trying to "stunnel" both ends.
In my program I create a socket, connect to local port 7033, send my data, and close the socket. I verified that every function call returns success (socket, setsockopt (for TCP_NODELAY), gethostbyname, connect, and send).
From what the logs show below, it seems that server stunnel gets the
connection from the client stunnel, they successfully negotiate the SSL stuff, then the client stunnel waits for any data to proxy to the server stunnel. The server stunnel is waiting too, and after 10 seconds of no data, it closes the socket.
For some reason the client stunnel is not getting my data and therefore doesn't forward anything over to the server stunnel. I'm not sure why this is happening, because my program works normally and I've verified that everything returned success.
Any ideas?
- Jeremiah
ON CLIENT (1.2.3.60)
Linux stunnel 4.16 OpenSSL 0.9.7c
stunnel.conf is... pid = client = yes
[7033] accept = 127.0.0.1:7033 connect = 1.2.3.70:7033
ON SERVER (1.2.3.70)
Windows stunnel 4.16 windows binary installer (Aug 31 2006)
stunnel.conf is...
cert = stunnel.pem socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7
[7033] accept = 1.2.3.60:7033 connect = 127.0.0.1:10000
On client I see this debug...
Oct 24 14:38:22 stunnel: LOG5[2892:258]: 7033 connected from 127.0.0.1:10251 Oct 24 14:38:32 stunnel: LOG3[2892:258]: SSL_read: Connection reset by peer (104) Oct 24 14:38:32 stunnel: LOG5[2892:258]: Connection reset: 56 bytes sent to SSL, 0 bytes send to socket
On server I see this debug...
2006.10.24 14:43:08 LOG7[2596:4068]: 7033 accepted FD=196 from 1.2.3.60:10252 2006.10.24 14:43:08 LOG7[2596:4068]: Creating a new thread 2006.10.24 14:43:09 LOG7[2596:4068]: New thread created 2006.10.24 14:43:09 LOG7[2596:2372]: 7033 started 2006.10.24 14:43:09 LOG7[2596:2372]: FD 196 in non-blocking mode 2006.10.24 14:43:09 LOG7[2596:2372]: TCP_NODELAY option set on local socket 2006.10.24 14:43:09 LOG5[2596:2372]: 7033 connected from 1.2.3.60:10252 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): before/accept initialization 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 read client hello A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write server hello A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write certificate A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write server done A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 flush data 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 read client key exchange A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 read finished A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write change cipher spec A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write finished A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 flush data 2006.10.24 14:43:09 LOG7[2596:2372]: 3 items in the session cache 2006.10.24 14:43:09 LOG7[2596:2372]: 0 client connects (SSL_connect()) 2006.10.24 14:43:09 LOG7[2596:2372]: 0 client connects that finished 2006.10.24 14:43:09 LOG7[2596:2372]: 0 client renegotiations requested 2006.10.24 14:43:09 LOG7[2596:2372]: 5 server connects (SSL_accept()) 2006.10.24 14:43:09 LOG7[2596:2372]: 5 server connects that finished 2006.10.24 14:43:09 LOG7[2596:2372]: 0 server renegotiations requested 2006.10.24 14:43:09 LOG7[2596:2372]: 1 session cache hits 2006.10.24 14:43:09 LOG7[2596:2372]: 1 session cache misses 2006.10.24 14:43:09 LOG7[2596:2372]: 1 session cache timeouts 2006.10.24 14:43:09 LOG6[2596:2372]: SSL accepted: new session negotiated 2006.10.24 14:43:09 LOG6[2596:2372]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 2006.10.24 14:43:09 LOG7[2596:2372]: FD 180 in non-blocking mode 2006.10.24 14:43:09 LOG7[2596:2372]: 7033 connecting 127.0.0.1:10000 2006.10.24 14:43:09 LOG7[2596:2372]: connect_wait: waiting 10 seconds 2006.10.24 14:43:19 LOG6[2596:2372]: connect_wait: s_poll_wait timeout 2006.10.24 14:43:19 LOG5[2596:2372]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2006.10.24 14:43:19 LOG7[2596:2372]: 7033 finished (0 left) _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Carter,
You're right. That was a typo error on my part. My config says 1.2.3.70.
Anything other ideas?
Thanks, - Jeremiah
On 10/25/06, Carter Browne cbrowne@cbcs-usa.com wrote:
On the server side, I think you should be receiving on 1.2.3.70 (since that is where you are sending the data).
Carter
Jeremiah Martell wrote:
Hello,
I have a program that opens up a connection to port 10000 of a server and sends it some data. It works normally. I'm trying to "stunnel" both ends.
In my program I create a socket, connect to local port 7033, send my data, and close the socket. I verified that every function call returns success (socket, setsockopt (for TCP_NODELAY), gethostbyname, connect, and send).
From what the logs show below, it seems that server stunnel gets the
connection from the client stunnel, they successfully negotiate the SSL stuff, then the client stunnel waits for any data to proxy to the server stunnel. The server stunnel is waiting too, and after 10 seconds of no data, it closes the socket.
For some reason the client stunnel is not getting my data and therefore doesn't forward anything over to the server stunnel. I'm not sure why this is happening, because my program works normally and I've verified that everything returned success.
Any ideas?
- Jeremiah
ON CLIENT (1.2.3.60)
Linux stunnel 4.16 OpenSSL 0.9.7c
stunnel.conf is... pid = client = yes
[7033] accept = 127.0.0.1:7033 connect = 1.2.3.70:7033
ON SERVER (1.2.3.70)
Windows stunnel 4.16 windows binary installer (Aug 31 2006)
stunnel.conf is...
cert = stunnel.pem socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7
[7033] accept = 1.2.3.60:7033 connect = 127.0.0.1:10000
On client I see this debug...
Oct 24 14:38:22 stunnel: LOG5[2892:258]: 7033 connected from 127.0.0.1:10251 Oct 24 14:38:32 stunnel: LOG3[2892:258]: SSL_read: Connection reset by peer (104) Oct 24 14:38:32 stunnel: LOG5[2892:258]: Connection reset: 56 bytes sent to SSL, 0 bytes send to socket
On server I see this debug...
2006.10.24 14:43:08 LOG7[2596:4068]: 7033 accepted FD=196 from 1.2.3.60:10252 2006.10.24 14:43:08 LOG7[2596:4068]: Creating a new thread 2006.10.24 14:43:09 LOG7[2596:4068]: New thread created 2006.10.24 14:43:09 LOG7[2596:2372]: 7033 started 2006.10.24 14:43:09 LOG7[2596:2372]: FD 196 in non-blocking mode 2006.10.24 14:43:09 LOG7[2596:2372]: TCP_NODELAY option set on local socket 2006.10.24 14:43:09 LOG5[2596:2372]: 7033 connected from 1.2.3.60:10252 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): before/accept initialization 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 read client hello A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write server hello A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write certificate A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write server done A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 flush data 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 read client key exchange A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 read finished A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write change cipher spec A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write finished A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 flush data 2006.10.24 14:43:09 LOG7[2596:2372]: 3 items in the session cache 2006.10.24 14:43:09 LOG7[2596:2372]: 0 client connects (SSL_connect()) 2006.10.24 14:43:09 LOG7[2596:2372]: 0 client connects that finished 2006.10.24 14:43:09 LOG7[2596:2372]: 0 client renegotiations requested 2006.10.24 14:43:09 LOG7[2596:2372]: 5 server connects (SSL_accept()) 2006.10.24 14:43:09 LOG7[2596:2372]: 5 server connects that finished 2006.10.24 14:43:09 LOG7[2596:2372]: 0 server renegotiations requested 2006.10.24 14:43:09 LOG7[2596:2372]: 1 session cache hits 2006.10.24 14:43:09 LOG7[2596:2372]: 1 session cache misses 2006.10.24 14:43:09 LOG7[2596:2372]: 1 session cache timeouts 2006.10.24 14:43:09 LOG6[2596:2372]: SSL accepted: new session negotiated 2006.10.24 14:43:09 LOG6[2596:2372]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 2006.10.24 14:43:09 LOG7[2596:2372]: FD 180 in non-blocking mode 2006.10.24 14:43:09 LOG7[2596:2372]: 7033 connecting 127.0.0.1:10000 2006.10.24 14:43:09 LOG7[2596:2372]: connect_wait: waiting 10 seconds 2006.10.24 14:43:19 LOG6[2596:2372]: connect_wait: s_poll_wait timeout 2006.10.24 14:43:19 LOG5[2596:2372]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2006.10.24 14:43:19 LOG7[2596:2372]: 7033 finished (0 left) _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Jeremiah,
I set the debug level on a stunnel configuration to 7 to understand better where you are failing. You have established good connection to stunnel, but stunnel cannot get to 127.0.0.1:10000. So is your application listening on 127.0.0.1:10000? Have you tried running netstat -an to establish that there is a process listening to the port?
Carter
Jeremiah Martell wrote:
Carter,
You're right. That was a typo error on my part. My config says 1.2.3.70.
Anything other ideas?
Thanks,
- Jeremiah
On 10/25/06, Carter Browne cbrowne@cbcs-usa.com wrote:
On the server side, I think you should be receiving on 1.2.3.70 (since that is where you are sending the data).
Carter
Jeremiah Martell wrote:
Hello,
I have a program that opens up a connection to port 10000 of a server and sends it some data. It works normally. I'm trying to "stunnel" both ends.
In my program I create a socket, connect to local port 7033, send my data, and close the socket. I verified that every function call returns success (socket, setsockopt (for TCP_NODELAY), gethostbyname, connect, and send).
From what the logs show below, it seems that server stunnel gets the
connection from the client stunnel, they successfully negotiate the SSL stuff, then the client stunnel waits for any data to proxy to the server stunnel. The server stunnel is waiting too, and after 10 seconds of no data, it closes the socket.
For some reason the client stunnel is not getting my data and therefore doesn't forward anything over to the server stunnel. I'm not sure why this is happening, because my program works normally and I've verified that everything returned success.
Any ideas?
- Jeremiah
ON CLIENT (1.2.3.60)
Linux stunnel 4.16 OpenSSL 0.9.7c
stunnel.conf is... pid = client = yes
[7033] accept = 127.0.0.1:7033 connect = 1.2.3.70:7033
ON SERVER (1.2.3.70)
Windows stunnel 4.16 windows binary installer (Aug 31 2006)
stunnel.conf is...
cert = stunnel.pem socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7
[7033] accept = 1.2.3.60:7033 connect = 127.0.0.1:10000
On client I see this debug...
Oct 24 14:38:22 stunnel: LOG5[2892:258]: 7033 connected from 127.0.0.1:10251 Oct 24 14:38:32 stunnel: LOG3[2892:258]: SSL_read: Connection reset by peer (104) Oct 24 14:38:32 stunnel: LOG5[2892:258]: Connection reset: 56 bytes sent to SSL, 0 bytes send to socket
On server I see this debug...
2006.10.24 14:43:08 LOG7[2596:4068]: 7033 accepted FD=196 from 1.2.3.60:10252 2006.10.24 14:43:08 LOG7[2596:4068]: Creating a new thread 2006.10.24 14:43:09 LOG7[2596:4068]: New thread created 2006.10.24 14:43:09 LOG7[2596:2372]: 7033 started 2006.10.24 14:43:09 LOG7[2596:2372]: FD 196 in non-blocking mode 2006.10.24 14:43:09 LOG7[2596:2372]: TCP_NODELAY option set on local
socket
2006.10.24 14:43:09 LOG5[2596:2372]: 7033 connected from 1.2.3.60:10252 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): before/accept initialization 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 read client hello A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write server hello A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write certificate A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write server done A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 flush
data
2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 read client key exchange A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 read finished A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write change cipher spec A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 write finished A 2006.10.24 14:43:09 LOG7[2596:2372]: SSL state (accept): SSLv3 flush
data
2006.10.24 14:43:09 LOG7[2596:2372]: 3 items in the session cache 2006.10.24 14:43:09 LOG7[2596:2372]: 0 client connects
(SSL_connect())
2006.10.24 14:43:09 LOG7[2596:2372]: 0 client connects that finished 2006.10.24 14:43:09 LOG7[2596:2372]: 0 client renegotiations
requested
2006.10.24 14:43:09 LOG7[2596:2372]: 5 server connects
(SSL_accept())
2006.10.24 14:43:09 LOG7[2596:2372]: 5 server connects that finished 2006.10.24 14:43:09 LOG7[2596:2372]: 0 server renegotiations
requested
2006.10.24 14:43:09 LOG7[2596:2372]: 1 session cache hits 2006.10.24 14:43:09 LOG7[2596:2372]: 1 session cache misses 2006.10.24 14:43:09 LOG7[2596:2372]: 1 session cache timeouts 2006.10.24 14:43:09 LOG6[2596:2372]: SSL accepted: new session
negotiated
2006.10.24 14:43:09 LOG6[2596:2372]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 2006.10.24 14:43:09 LOG7[2596:2372]: FD 180 in non-blocking mode 2006.10.24 14:43:09 LOG7[2596:2372]: 7033 connecting 127.0.0.1:10000 2006.10.24 14:43:09 LOG7[2596:2372]: connect_wait: waiting 10 seconds 2006.10.24 14:43:19 LOG6[2596:2372]: connect_wait: s_poll_wait timeout 2006.10.24 14:43:19 LOG5[2596:2372]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2006.10.24 14:43:19 LOG7[2596:2372]: 7033 finished (0 left) _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Jeremiah Martell wrote:
[7033] accept = 1.2.3.60:7033 connect = 127.0.0.1:10000
[cut]
2006.10.24 14:43:09 LOG7[2596:2372]: 7033 connecting 127.0.0.1:10000 2006.10.24 14:43:09 LOG7[2596:2372]: connect_wait: waiting 10 seconds 2006.10.24 14:43:19 LOG6[2596:2372]: connect_wait: s_poll_wait timeout
Your server is unable to connect localhost:10000. I bet it's blocked by a (personal) firewall.
Best regards, Mike
-
Carter Browne -
Jeremiah Martell -
Michal Trojnara