2012/9/12 Willy Tarreau w@1wt.eu:

Janusz,

I just saw your mail on stunnel-users. You don't need to use IP_FREEBIND to bind to a non-existent address under Linux. You can simply enable sys.net.ipv4.ip_nonlocal_bind to do this. This is how most users deal with VRRP setups. It does not allow the backup server to receive the traffic aimed at the missing address, but it allows the process to bind even when the address is missing so that it becomes operational upon a switchover.

I am aware of this sysctl. However, this will allows any process on the system to bind to any address. In my case I prefer to enable this on per process basis to avoid any possible configuration errors in any other service running on my machines. Since stunnel already had low level socket options exposed I've simply added IP_FREEBIND to the list;)