Thx for continuing reply my msg, Yes, there is var/log/messages
Inside there only has some iptables log, FTP, SMTP application log and nothing else. I am positive that this problem is not cause by iptables, becuase I tried with iptables off.
Nothing else related to stunnel is found in that folder.
Any other suggestions?
Mr. Jack
From: sunyucong@gmail.com Date: Mon, 25 Apr 2011 20:00:30 -0700 Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization To: jackliu92@hotmail.com CC: stunnel-users@stunnel.org
I guess in centos that's /var/log/messages but in general, you should probably check everything in /var/log to make sure.
On Mon, Apr 25, 2011 at 5:38 PM, Jack Liu jackliu92@hotmail.com wrote:
Thank you for helping, but both logs r not presented in my var/log/ dir. Any other suggestions?
Mr. Jack
From: sunyucong@gmail.com Date: Mon, 25 Apr 2011 16:25:20 -0700 Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization To: jackliu92@hotmail.com CC: stunnel-users@stunnel.org
Are you sure that's entire log? check /var/log/daemons.log and syslog.log as well.
On Sun, Apr 24, 2011 at 1:30 AM, Jack Liu jackliu92@hotmail.com wrote:
It anyone knows how to fix Stunnel stuck at SSL state (accept): before/accept initialization???
Here is the log:
[root@vps1 ~]#stunnel /etc/stunnel/stunnel.conf 2011.04.24 02:25:13 LOG7[32174:3085993680]: Snagged 64 random bytes from /root/.rnd 2011.04.24 02:25:13 LOG7[32174:3085993680]: Wrote 1024 new random bytes to /root/.rnd 2011.04.24 02:25:13 LOG7[32174:3085993680]: RAND_status claims sufficient entropy for the PRNG 2011.04.24 02:25:13 LOG6[32174:3085993680]: PRNG seeded successfully 2011.04.24 02:25:13 LOG7[32174:3085993680]: Certificate: /etc/stunnel/stunnel.pem 2011.04.24 02:25:13 LOG7[32174:3085993680]: Key file: /etc/stunnel/stunnel.pem 2011.04.24 02:25:13 LOG7[32174:3085993680]: Verify directory set to /etc/stunnel/CA 2011.04.24 02:25:13 LOG7[32174:3085993680]: CRL directory set to /etc/stunnel/CRL 2011.04.24 02:25:13 LOG7[32174:3085993680]: SSL context initialized for service 3proxy 2011.04.24 02:25:13 LOG5[32174:3085993680]: stunnel 4.15 on i686-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 2011.04.24 02:25:13 LOG5[32174:3085993680]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2011.04.24 02:25:13 LOG6[32174:3085993680]: file ulimit = 1024 (can be changed with 'ulimit -n') 2011.04.24 02:25:13 LOG6[32174:3085993680]: poll() used - no FD_SETSIZE limit for file descriptors 2011.04.24 02:25:13 LOG5[32174:3085993680]: 500 clients allowed 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 3 in non-blocking mode 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 4 in non-blocking mode 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 5 in non-blocking mode 2011.04.24 02:25:13 LOG7[32174:3085993680]: SO_REUSEADDR option set on accept socket 2011.04.24 02:25:13 LOG7[32174:3085993680]: 3proxy bound to 0.0.0.0:30001 2011.04.24 02:25:13 LOG7[32174:3085993680]: Created pid file /var/run/stunnel.pid 2011.04.24 02:25:20 LOG7[32174:3085993680]: 3proxy accepted FD=6 from xx.xxx.xxx.xx:41165 2011.04.24 02:25:20 LOG7[32174:3085990800]: 3proxy started 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 6 in non-blocking mode 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 7 in non-blocking mode 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 8 in non-blocking mode 2011.04.24 02:25:20 LOG7[32174:3085993680]: Cleaning up the signal pipe 2011.04.24 02:25:20 LOG6[32174:3085993680]: Child process 32176 finished with code 0 2011.04.24 02:25:20 LOG7[32174:3085990800]: Connection from xx.xxx.xxx.xx:41165 permitted by libwrap 2011.04.24 02:25:20 LOG5[32174:3085990800]: 3proxy connected from xx.xxx.xxx.xx:41165 2011.04.24 02:25:20 LOG7[32174:3085990800]: SSL state (accept): before/accept initialization <-----------------------Stuck here forever!!! 2011.04.24 02:25:22 LOG3[32174:3085990800]: SSL_accept: Peer suddenly disconnected 2011.04.24 02:25:22 LOG5[32174:3085990800]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2011.04.24 02:25:22 LOG7[32174:3085990800]: 3proxy finished (0 left) 2011.04.24 02:25:25 LOG3[32174:3085993680]: Received signal 2; terminating 2011.04.24 02:25:25 LOG7[32174:3085993680]: removing pid file /var/run/stunnel.pid [root@vps1 ~]#
stunnel.conf: cert = /etc/stunnel/stunnel.pem key = /etc/stunnel/stunnel.pem CApath = /etc/stunnel/CA CRLpath = /etc/stunnel/CRL debug = 7 foreground = yes verify = 1 # [3proxy] accept = 30001 connect = 127.0.0.1:33135
I am hosting with CentOS 5.5, and installed Stunnel via yum. Planning to use it with 3Proxy. However I experience the problem above, can someone please help with that? Thank you very much!
Mr. Jack
stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
After adding client = yes into cfg, problem fixed, howerver, new problem created:
2011.04.26 10:47:29 LOG5[27745:3086699408]: Service 3proxy accepted connection from xx.xxx.xxx.xx:2017 2011.04.26 10:47:29 LOG7[27745:3086699408]: remote socket: FD=13 allocated (non-blocking mode) 2011.04.26 10:47:29 LOG6[27745:3086699408]: connect_blocking: connecting 127.0.0.1:30010 2011.04.26 10:47:29 LOG7[27745:3086699408]: connect_blocking: s_poll_wait 127.0.0.1:30010: waiting 10 seconds 2011.04.26 10:47:29 LOG5[27745:3086699408]: connect_blocking: connected 127.0.0.1:30010 2011.04.26 10:47:29 LOG5[27745:3086699408]: Service 3proxy connected remote server from 127.0.0.1:59959 2011.04.26 10:47:29 LOG7[27745:3086699408]: Remote FD=13 initialized 2011.04.26 10:47:29 LOG7[27745:3086699408]: Option TCP_NODELAY set on remote socket 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL state (connect): before/connect initialization 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL state (connect): SSLv3 write client hello A 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL alert (write): fatal: handshake failure 2011.04.26 10:47:29 LOG3[27745:3086699408]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 2011.04.26 10:47:29 LOG5[27745:3086699408]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2011.04.26 10:47:29 LOG7[27745:3086699408]: Service 3proxy finished (0 left) 2011.04.26 10:52:53 LOG7[27745:3086702288]: Dispatching signals from the signal pipe 2011.04.26 10:52:53 LOG6[27745:3086702288]: Child process 27746 terminated on signal 2 2011.04.26 10:52:53 LOG3[27745:3086702288]: Received signal 2; terminating 2011.04.26 10:52:53 LOG7[27745:3086702288]: removing pid file /var/run/stunnel.pid
Anyone have any suggestion how to fix: 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL alert (write): fatal: handshake failure 2011.04.26 10:47:29 LOG3[27745:3086699408]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Thank you!
Mr. Jack
From: jackliu92@hotmail.com To: sunyucong@gmail.com; stunnel-users@stunnel.org Date: Mon, 25 Apr 2011 21:26:58 -0600 Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization
Thx for continuing reply my msg, Yes, there is var/log/messages
Inside there only has some iptables log, FTP, SMTP application log and nothing else. I am positive that this problem is not cause by iptables, becuase I tried with iptables off.
Nothing else related to stunnel is found in that folder.
Any other suggestions?
Mr. Jack
From: sunyucong@gmail.com Date: Mon, 25 Apr 2011 20:00:30 -0700 Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization To: jackliu92@hotmail.com CC: stunnel-users@stunnel.org
I guess in centos that's /var/log/messages but in general, you should probably check everything in /var/log to make sure.
On Mon, Apr 25, 2011 at 5:38 PM, Jack Liu jackliu92@hotmail.com wrote:
Thank you for helping, but both logs r not presented in my var/log/ dir. Any other suggestions?
Mr. Jack
From: sunyucong@gmail.com Date: Mon, 25 Apr 2011 16:25:20 -0700 Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization To: jackliu92@hotmail.com CC: stunnel-users@stunnel.org
Are you sure that's entire log? check /var/log/daemons.log and syslog.log as well.
On Sun, Apr 24, 2011 at 1:30 AM, Jack Liu jackliu92@hotmail.com wrote:
It anyone knows how to fix Stunnel stuck at SSL state (accept): before/accept initialization???
Here is the log:
[root@vps1 ~]#stunnel /etc/stunnel/stunnel.conf 2011.04.24 02:25:13 LOG7[32174:3085993680]: Snagged 64 random bytes from /root/.rnd 2011.04.24 02:25:13 LOG7[32174:3085993680]: Wrote 1024 new random bytes to /root/.rnd 2011.04.24 02:25:13 LOG7[32174:3085993680]: RAND_status claims sufficient entropy for the PRNG 2011.04.24 02:25:13 LOG6[32174:3085993680]: PRNG seeded successfully 2011.04.24 02:25:13 LOG7[32174:3085993680]: Certificate: /etc/stunnel/stunnel.pem 2011.04.24 02:25:13 LOG7[32174:3085993680]: Key file: /etc/stunnel/stunnel.pem 2011.04.24 02:25:13 LOG7[32174:3085993680]: Verify directory set to /etc/stunnel/CA 2011.04.24 02:25:13 LOG7[32174:3085993680]: CRL directory set to /etc/stunnel/CRL 2011.04.24 02:25:13 LOG7[32174:3085993680]: SSL context initialized for service 3proxy 2011.04.24 02:25:13 LOG5[32174:3085993680]: stunnel 4.15 on i686-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 2011.04.24 02:25:13 LOG5[32174:3085993680]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2011.04.24 02:25:13 LOG6[32174:3085993680]: file ulimit = 1024 (can be changed with 'ulimit -n') 2011.04.24 02:25:13 LOG6[32174:3085993680]: poll() used - no FD_SETSIZE limit for file descriptors 2011.04.24 02:25:13 LOG5[32174:3085993680]: 500 clients allowed 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 3 in non-blocking mode 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 4 in non-blocking mode 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 5 in non-blocking mode 2011.04.24 02:25:13 LOG7[32174:3085993680]: SO_REUSEADDR option set on accept socket 2011.04.24 02:25:13 LOG7[32174:3085993680]: 3proxy bound to 0.0.0.0:30001 2011.04.24 02:25:13 LOG7[32174:3085993680]: Created pid file /var/run/stunnel.pid 2011.04.24 02:25:20 LOG7[32174:3085993680]: 3proxy accepted FD=6 from xx.xxx.xxx.xx:41165 2011.04.24 02:25:20 LOG7[32174:3085990800]: 3proxy started 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 6 in non-blocking mode 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 7 in non-blocking mode 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 8 in non-blocking mode 2011.04.24 02:25:20 LOG7[32174:3085993680]: Cleaning up the signal pipe 2011.04.24 02:25:20 LOG6[32174:3085993680]: Child process 32176 finished with code 0 2011.04.24 02:25:20 LOG7[32174:3085990800]: Connection from xx.xxx.xxx.xx:41165 permitted by libwrap 2011.04.24 02:25:20 LOG5[32174:3085990800]: 3proxy connected from xx.xxx.xxx.xx:41165 2011.04.24 02:25:20 LOG7[32174:3085990800]: SSL state (accept): before/accept initialization <-----------------------Stuck here forever!!! 2011.04.24 02:25:22 LOG3[32174:3085990800]: SSL_accept: Peer suddenly disconnected 2011.04.24 02:25:22 LOG5[32174:3085990800]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2011.04.24 02:25:22 LOG7[32174:3085990800]: 3proxy finished (0 left) 2011.04.24 02:25:25 LOG3[32174:3085993680]: Received signal 2; terminating 2011.04.24 02:25:25 LOG7[32174:3085993680]: removing pid file /var/run/stunnel.pid [root@vps1 ~]#
stunnel.conf: cert = /etc/stunnel/stunnel.pem key = /etc/stunnel/stunnel.pem CApath = /etc/stunnel/CA CRLpath = /etc/stunnel/CRL debug = 7 foreground = yes verify = 1 # [3proxy] accept = 30001 connect = 127.0.0.1:33135
I am hosting with CentOS 5.5, and installed Stunnel via yum. Planning to use it with 3Proxy. However I experience the problem above, can someone please help with that? Thank you very much!
Mr. Jack
stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Jack,
Looks like you're getting closer... but I don't know where you're going :-)
I want to understand better your problem. So please help me:
1. Exactly what are you trying to acomplish? So far, I see that your stunnel is configured as a client to your 3proxy server.
2. What does the 3proxy server do? What's behind it? Does it works as a SSL server? The error you see suggests it is not speaking SSLV3.
Best regards Jose
________________________________ From: Jack Liu jackliu92@hotmail.com To: Jack Liu jackliu92@hotmail.com; stunnel-users@stunnel.org Sent: Tue, April 26, 2011 12:01:16 PM Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization
After adding client = yes into cfg, problem fixed, howerver, new problem created: 2011.04.26 10:47:29 LOG5[27745:3086699408]: Service 3proxy accepted connection from xx.xxx.xxx.xx:2017 2011.04.26 10:47:29 LOG7[27745:3086699408]: remote socket: FD=13 allocated (non-blocking mode) 2011.04.26 10:47:29 LOG6[27745:3086699408]: connect_blocking: connecting 127.0.0.1:30010 2011.04.26 10:47:29 LOG7[27745:3086699408]: connect_blocking: s_poll_wait 127.0.0.1:30010: waiting 10 seconds 2011.04.26 10:47:29 LOG5[27745:3086699408]: connect_blocking: connected 127.0.0.1:30010 2011.04.26 10:47:29 LOG5[27745:3086699408]: Service 3proxy connected remote server from 127.0.0.1:59959 2011.04.26 10:47:29 LOG7[27745:3086699408]: Remote FD=13 initialized 2011.04.26 10:47:29 LOG7[27745:3086699408]: Option TCP_NODELAY set on remote socket 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL state (connect): before/connect initialization 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL state (connect): SSLv3 write client hello A 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL alert (write): fatal: handshake failure 2011.04.26 10:47:29 LOG3[27745:3086699408]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 2011.04.26 10:47:29 LOG5[27745:3086699408]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2011.04.26 10:47:29 LOG7[27745:3086699408]: Service 3proxy finished (0 left) 2011.04.26 10:52:53 LOG7[27745:3086702288]: Dispatching signals from the signal pipe 2011.04.26 10:52:53 LOG6[27745:3086702288]: Child process 27746 terminated on signal 2 2011.04.26 10:52:53 LOG3[27745:3086702288]: Received signal 2; terminating 2011.04.26 10:52:53 LOG7[27745:3086702288]: removing pid file /var/run/stunnel.pid
Anyone have any suggestion how to fix: 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL alert (write): fatal: handshake failure 2011.04.26 10:47:29 LOG3[27745:3086699408]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Thank you!
Mr. Jack
________________________________ From: jackliu92@hotmail.com To: sunyucong@gmail.com; stunnel-users@stunnel.org Date: Mon, 25 Apr 2011 21:26:58 -0600 Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization
Thx for continuing reply my msg, Yes, there is var/log/messages
Inside there only has some iptables log, FTP, SMTP application log and nothing else. I am positive that this problem is not cause by iptables, becuase I tried with iptables off. Nothing else related to stunnel is found in that folder. Any other suggestions?
Mr. Jack
From: sunyucong@gmail.com Date: Mon, 25 Apr 2011 20:00:30 -0700 Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization To: jackliu92@hotmail.com CC: stunnel-users@stunnel.org
I guess in centos that's /var/log/messages but in general, you should probably check everything in /var/log to make sure.
On Mon, Apr 25, 2011 at 5:38 PM, Jack Liu jackliu92@hotmail.com wrote:
Thank you for helping, but both logs r not presented in my var/log/ dir. Any other suggestions?
Mr. Jack
From: sunyucong@gmail.com Date: Mon, 25 Apr 2011 16:25:20 -0700 Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization To: jackliu92@hotmail.com CC: stunnel-users@stunnel.org
Are you sure that's entire log? check /var/log/daemons.log and syslog.log as well.
On Sun, Apr 24, 2011 at 1:30 AM, Jack Liu jackliu92@hotmail.com wrote:
It anyone knows how to fix Stunnel stuck at SSL state (accept): before/accept initialization???
Here is the log:
[root@vps1 ~]#stunnel /etc/stunnel/stunnel.conf 2011.04.24 02:25:13 LOG7[32174:3085993680]: Snagged 64 random bytes from /root/.rnd 2011.04.24 02:25:13 LOG7[32174:3085993680]: Wrote 1024 new random bytes to /root/.rnd 2011.04.24 02:25:13 LOG7[32174:3085993680]: RAND_status claims sufficient entropy for the PRNG 2011.04.24 02:25:13 LOG6[32174:3085993680]: PRNG seeded successfully 2011.04.24 02:25:13 LOG7[32174:3085993680]: Certificate: /etc/stunnel/stunnel.pem 2011.04.24 02:25:13 LOG7[32174:3085993680]: Key file: /etc/stunnel/stunnel.pem 2011.04.24 02:25:13 LOG7[32174:3085993680]: Verify directory set to /etc/stunnel/CA 2011.04.24 02:25:13 LOG7[32174:3085993680]: CRL directory set to /etc/stunnel/CRL 2011.04.24 02:25:13 LOG7[32174:3085993680]: SSL context initialized for service 3proxy 2011.04.24 02:25:13 LOG5[32174:3085993680]: stunnel 4.15 on i686-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 2011.04.24 02:25:13 LOG5[32174:3085993680]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2011.04.24 02:25:13 LOG6[32174:3085993680]: file ulimit = 1024 (can be changed with 'ulimit -n') 2011.04.24 02:25:13 LOG6[32174:3085993680]: poll() used - no FD_SETSIZE limit for file descriptors 2011.04.24 02:25:13 LOG5[32174:3085993680]: 500 clients allowed 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 3 in non-blocking mode 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 4 in non-blocking mode 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 5 in non-blocking mode 2011.04.24 02:25:13 LOG7[32174:3085993680]: SO_REUSEADDR option set on accept socket 2011.04.24 02:25:13 LOG7[32174:3085993680]: 3proxy bound to 0.0.0.0:30001 2011.04.24 02:25:13 LOG7[32174:3085993680]: Created pid file /var/run/stunnel.pid 2011.04.24 02:25:20 LOG7[32174:3085993680]: 3proxy accepted FD=6 from xx.xxx.xxx.xx:41165 2011.04.24 02:25:20 LOG7[32174:3085990800]: 3proxy started 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 6 in non-blocking mode 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 7 in non-blocking mode 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 8 in non-blocking mode 2011.04.24 02:25:20 LOG7[32174:3085993680]: Cleaning up the signal pipe 2011.04.24 02:25:20 LOG6[32174:3085993680]: Child process 32176 finished with code 0 2011.04.24 02:25:20 LOG7[32174:3085990800]: Connection from xx.xxx.xxx.xx:41165 permitted by libwrap 2011.04.24 02:25:20 LOG5[32174:3085990800]: 3proxy connected from xx.xxx.xxx.xx:41165 2011.04.24 02:25:20 LOG7[32174:3085990800]: SSL state (accept): before/accept initialization <-----------------------Stuck here forever!!! 2011.04.24 02:25:22 LOG3[32174:3085990800]: SSL_accept: Peer suddenly disconnected 2011.04.24 02:25:22 LOG5[32174:3085990800]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2011.04.24 02:25:22 LOG7[32174:3085990800]: 3proxy finished (0 left) 2011.04.24 02:25:25 LOG3[32174:3085993680]: Received signal 2; terminating 2011.04.24 02:25:25 LOG7[32174:3085993680]: removing pid file /var/run/stunnel.pid [root@vps1 ~]#
stunnel.conf: cert = /etc/stunnel/stunnel.pem key = /etc/stunnel/stunnel.pem CApath = /etc/stunnel/CA CRLpath = /etc/stunnel/CRL debug = 7 foreground = yes verify = 1 # [3proxy] accept = 30001 connect = 127.0.0.1:33135
I am hosting with CentOS 5.5, and installed Stunnel via yum. Planning to use it with 3Proxy. However I experience the problem above, can someone please help with that? Thank you very much!
Mr. Jack
stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Thank you for replying... I just solved all my problem out 5 minutes ago, since I was busy today, or else I would solve this earlier.
The problem was cause by misconfiguration/misunderstanding between client and server. Then, I was sending my request to the server directly instead of sending it to 127.0.0.1:xxxx (Stunnel client)
Now I figured everything out, and I am sorry for taking your time for a stupid question like this. Thanks again for everyone who have helped me and have a great day!
Date: Tue, 26 Apr 2011 21:02:31 -0700 From: josealf@rocketmail.com Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization To: jackliu92@hotmail.com CC: stunnel-users@stunnel.org
Jack,
Looks like you're getting closer... but I don't know where you're going :-)
I want to understand better your problem. So please help me:
1. Exactly what are you trying to acomplish? So far, I see that your stunnel is configured as a client to your 3proxy server. 2. What does the 3proxy server do? What's behind it? Does it works as a SSL server? The error you see suggests it is not speaking SSLV3.
Best regards Jose
From: Jack Liu jackliu92@hotmail.com To: Jack Liu jackliu92@hotmail.com; stunnel-users@stunnel.org Sent: Tue, April 26, 2011 12:01:16 PM Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization
After adding client = yes into cfg, problem fixed, howerver, new problem created:
2011.04.26 10:47:29 LOG5[27745:3086699408]: Service 3proxy accepted connection from xx.xxx.xxx.xx:2017 2011.04.26 10:47:29 LOG7[27745:3086699408]: remote socket: FD=13 allocated (non-blocking mode) 2011.04.26 10:47:29 LOG6[27745:3086699408]: connect_blocking: connecting 127.0.0.1:30010 2011.04.26 10:47:29 LOG7[27745:3086699408]: connect_blocking: s_poll_wait 127.0.0.1:30010: waiting 10 seconds 2011.04.26 10:47:29 LOG5[27745:3086699408]: connect_blocking: connected 127.0.0.1:30010 2011.04.26 10:47:29 LOG5[27745:3086699408]: Service 3proxy connected remote server from 127.0.0.1:59959 2011.04.26 10:47:29 LOG7[27745:3086699408]: Remote FD=13 initialized 2011.04.26 10:47:29 LOG7[27745:3086699408]: Option TCP_NODELAY set on remote socket 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL state (connect): before/connect initialization 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL state (connect): SSLv3 write client hello A 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL alert (write): fatal: handshake failure 2011.04.26 10:47:29 LOG3[27745:3086699408]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 2011.04.26 10:47:29 LOG5[27745:3086699408]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2011.04.26 10:47:29 LOG7[27745:3086699408]: Service 3proxy finished (0 left) 2011.04.26 10:52:53 LOG7[27745:3086702288]: Dispatching signals from the signal pipe 2011.04.26 10:52:53 LOG6[27745:3086702288]: Child process 27746 terminated on signal 2 2011.04.26 10:52:53 LOG3[27745:3086702288]: Received signal 2; terminating 2011.04.26 10:52:53 LOG7[27745:3086702288]: removing pid file /var/run/stunnel.pid
Anyone have any suggestion how to fix: 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL alert (write): fatal: handshake failure 2011.04.26 10:47:29 LOG3[27745:3086699408]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Thank you!
Mr. Jack
From: jackliu92@hotmail.com To: sunyucong@gmail.com; stunnel-users@stunnel.org Date: Mon, 25 Apr 2011 21:26:58 -0600 Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization
Thx for continuing reply my msg, Yes, there is var/log/messages
Inside there only has some iptables log, FTP, SMTP application log and nothing else. I am positive that this problem is not cause by iptables, becuase I tried with iptables off.
Nothing else related to stunnel is found in that folder.
Any other suggestions?
Mr. Jack
From: sunyucong@gmail.com Date: Mon, 25 Apr 2011 20:00:30 -0700 Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization To: jackliu92@hotmail.com CC: stunnel-users@stunnel.org
I guess in centos that's /var/log/messages but in general, you should probably check everything in /var/log to make sure.
On Mon, Apr 25, 2011 at 5:38 PM, Jack Liu jackliu92@hotmail.com wrote:
Thank you for helping, but both logs r not presented in my var/log/ dir. Any other suggestions?
Mr. Jack
From: sunyucong@gmail.com Date: Mon, 25 Apr 2011 16:25:20 -0700 Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization To: jackliu92@hotmail.com CC: stunnel-users@stunnel.org
Are you sure that's entire log? check /var/log/daemons.log and syslog.log as well.
On Sun, Apr 24, 2011 at 1:30 AM, Jack Liu jackliu92@hotmail.com wrote:
It anyone knows how to fix Stunnel stuck at SSL state (accept): before/accept initialization???
Here is the log:
[root@vps1 ~]#stunnel /etc/stunnel/stunnel.conf 2011.04.24 02:25:13 LOG7[32174:3085993680]: Snagged 64 random bytes from /root/.rnd 2011.04.24 02:25:13 LOG7[32174:3085993680]: Wrote 1024 new random bytes to /root/.rnd 2011.04.24 02:25:13 LOG7[32174:3085993680]: RAND_status claims sufficient entropy for the PRNG 2011.04.24 02:25:13 LOG6[32174:3085993680]: PRNG seeded successfully 2011.04.24 02:25:13 LOG7[32174:3085993680]: Certificate: /etc/stunnel/stunnel.pem 2011.04.24 02:25:13 LOG7[32174:3085993680]: Key file: /etc/stunnel/stunnel.pem 2011.04.24 02:25:13 LOG7[32174:3085993680]: Verify directory set to /etc/stunnel/CA 2011.04.24 02:25:13 LOG7[32174:3085993680]: CRL directory set to /etc/stunnel/CRL 2011.04.24 02:25:13 LOG7[32174:3085993680]: SSL context initialized for service 3proxy 2011.04.24 02:25:13 LOG5[32174:3085993680]: stunnel 4.15 on i686-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 2011.04.24 02:25:13 LOG5[32174:3085993680]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2011.04.24 02:25:13 LOG6[32174:3085993680]: file ulimit = 1024 (can be changed with 'ulimit -n') 2011.04.24 02:25:13 LOG6[32174:3085993680]: poll() used - no FD_SETSIZE limit for file descriptors 2011.04.24 02:25:13 LOG5[32174:3085993680]: 500 clients allowed 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 3 in non-blocking mode 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 4 in non-blocking mode 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 5 in non-blocking mode 2011.04.24 02:25:13 LOG7[32174:3085993680]: SO_REUSEADDR option set on accept socket 2011.04.24 02:25:13 LOG7[32174:3085993680]: 3proxy bound to 0.0.0.0:30001 2011.04.24 02:25:13 LOG7[32174:3085993680]: Created pid file /var/run/stunnel.pid 2011.04.24 02:25:20 LOG7[32174:3085993680]: 3proxy accepted FD=6 from xx.xxx.xxx.xx:41165 2011.04.24 02:25:20 LOG7[32174:3085990800]: 3proxy started 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 6 in non-blocking mode 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 7 in non-blocking mode 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 8 in non-blocking mode 2011.04.24 02:25:20 LOG7[32174:3085993680]: Cleaning up the signal pipe 2011.04.24 02:25:20 LOG6[32174:3085993680]: Child process 32176 finished with code 0 2011.04.24 02:25:20 LOG7[32174:3085990800]: Connection from xx.xxx.xxx.xx:41165 permitted by libwrap 2011.04.24 02:25:20 LOG5[32174:3085990800]: 3proxy connected from xx.xxx.xxx.xx:41165 2011.04.24 02:25:20 LOG7[32174:3085990800]: SSL state (accept): before/accept initialization <-----------------------Stuck here forever!!! 2011.04.24 02:25:22 LOG3[32174:3085990800]: SSL_accept: Peer suddenly disconnected 2011.04.24 02:25:22 LOG5[32174:3085990800]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2011.04.24 02:25:22 LOG7[32174:3085990800]: 3proxy finished (0 left) 2011.04.24 02:25:25 LOG3[32174:3085993680]: Received signal 2; terminating 2011.04.24 02:25:25 LOG7[32174:3085993680]: removing pid file /var/run/stunnel.pid [root@vps1 ~]#
stunnel.conf: cert = /etc/stunnel/stunnel.pem key = /etc/stunnel/stunnel.pem CApath = /etc/stunnel/CA CRLpath = /etc/stunnel/CRL debug = 7 foreground = yes verify = 1 # [3proxy] accept = 30001 connect = 127.0.0.1:33135
I am hosting with CentOS 5.5, and installed Stunnel via yum. Planning to use it with 3Proxy. However I experience the problem above, can someone please help with that? Thank you very much!
Mr. Jack
stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Jack,
No need to apologize. There are no stupid questions... but those are the easiest to solve ;-)
It is not a waste of time if we all learn something, and I still don't know what you are doing with this combination of stunnel and 3proxy. So please, enlighten me. It could be useful for any of us. Thanks.
Jose -----Original Message----- From: Jack Liu jackliu92@hotmail.com Date: Tue, 26 Apr 2011 23:59:59 To: josealf@rocketmail.com; stunnel-users@stunnel.org Subject: RE: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization
Thank you for replying... I just solved all my problem out 5 minutes ago, since I was busy today, or else I would solve this earlier.
The problem was cause by misconfiguration/misunderstanding between client and server. Then, I was sending my request to the server directly instead of sending it to 127.0.0.1:xxxx (Stunnel client)
Now I figured everything out, and I am sorry for taking your time for a stupid question like this. Thanks again for everyone who have helped me and have a great day!
Date: Tue, 26 Apr 2011 21:02:31 -0700 From: josealf@rocketmail.com Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization To: jackliu92@hotmail.com CC: stunnel-users@stunnel.org
Jack,
Looks like you're getting closer... but I don't know where you're going :-)
I want to understand better your problem. So please help me:
1. Exactly what are you trying to acomplish? So far, I see that your stunnel is configured as a client to your 3proxy server. 2. What does the 3proxy server do? What's behind it? Does it works as a SSL server? The error you see suggests it is not speaking SSLV3.
Best regards Jose
From: Jack Liu jackliu92@hotmail.com To: Jack Liu jackliu92@hotmail.com; stunnel-users@stunnel.org Sent: Tue, April 26, 2011 12:01:16 PM Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization
After adding client = yes into cfg, problem fixed, howerver, new problem created:
2011.04.26 10:47:29 LOG5[27745:3086699408]: Service 3proxy accepted connection from xx.xxx.xxx.xx:2017 2011.04.26 10:47:29 LOG7[27745:3086699408]: remote socket: FD=13 allocated (non-blocking mode) 2011.04.26 10:47:29 LOG6[27745:3086699408]: connect_blocking: connecting 127.0.0.1:30010 2011.04.26 10:47:29 LOG7[27745:3086699408]: connect_blocking: s_poll_wait 127.0.0.1:30010: waiting 10 seconds 2011.04.26 10:47:29 LOG5[27745:3086699408]: connect_blocking: connected 127.0.0.1:30010 2011.04.26 10:47:29 LOG5[27745:3086699408]: Service 3proxy connected remote server from 127.0.0.1:59959 2011.04.26 10:47:29 LOG7[27745:3086699408]: Remote FD=13 initialized 2011.04.26 10:47:29 LOG7[27745:3086699408]: Option TCP_NODELAY set on remote socket 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL state (connect): before/connect initialization 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL state (connect): SSLv3 write client hello A 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL alert (write): fatal: handshake failure 2011.04.26 10:47:29 LOG3[27745:3086699408]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 2011.04.26 10:47:29 LOG5[27745:3086699408]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2011.04.26 10:47:29 LOG7[27745:3086699408]: Service 3proxy finished (0 left) 2011.04.26 10:52:53 LOG7[27745:3086702288]: Dispatching signals from the signal pipe 2011.04.26 10:52:53 LOG6[27745:3086702288]: Child process 27746 terminated on signal 2 2011.04.26 10:52:53 LOG3[27745:3086702288]: Received signal 2; terminating 2011.04.26 10:52:53 LOG7[27745:3086702288]: removing pid file /var/run/stunnel.pid
Anyone have any suggestion how to fix: 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL alert (write): fatal: handshake failure 2011.04.26 10:47:29 LOG3[27745:3086699408]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Thank you!
Mr. Jack
From: jackliu92@hotmail.com To: sunyucong@gmail.com; stunnel-users@stunnel.org Date: Mon, 25 Apr 2011 21:26:58 -0600 Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization
Thx for continuing reply my msg, Yes, there is var/log/messages
Inside there only has some iptables log, FTP, SMTP application log and nothing else. I am positive that this problem is not cause by iptables, becuase I tried with iptables off.
Nothing else related to stunnel is found in that folder.
Any other suggestions?
Mr. Jack
From: sunyucong@gmail.com Date: Mon, 25 Apr 2011 20:00:30 -0700 Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization To: jackliu92@hotmail.com CC: stunnel-users@stunnel.org
I guess in centos that's /var/log/messages but in general, you should probably check everything in /var/log to make sure.
On Mon, Apr 25, 2011 at 5:38 PM, Jack Liu jackliu92@hotmail.com wrote:
Thank you for helping, but both logs r not presented in my var/log/ dir. Any other suggestions?
Mr. Jack
From: sunyucong@gmail.com Date: Mon, 25 Apr 2011 16:25:20 -0700 Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization To: jackliu92@hotmail.com CC: stunnel-users@stunnel.org
Are you sure that's entire log? check /var/log/daemons.log and syslog.log as well.
On Sun, Apr 24, 2011 at 1:30 AM, Jack Liu jackliu92@hotmail.com wrote:
It anyone knows how to fix Stunnel stuck at SSL state (accept): before/accept initialization???
Here is the log:
[root@vps1 ~]#stunnel /etc/stunnel/stunnel.conf 2011.04.24 02:25:13 LOG7[32174:3085993680]: Snagged 64 random bytes from /root/.rnd 2011.04.24 02:25:13 LOG7[32174:3085993680]: Wrote 1024 new random bytes to /root/.rnd 2011.04.24 02:25:13 LOG7[32174:3085993680]: RAND_status claims sufficient entropy for the PRNG 2011.04.24 02:25:13 LOG6[32174:3085993680]: PRNG seeded successfully 2011.04.24 02:25:13 LOG7[32174:3085993680]: Certificate: /etc/stunnel/stunnel.pem 2011.04.24 02:25:13 LOG7[32174:3085993680]: Key file: /etc/stunnel/stunnel.pem 2011.04.24 02:25:13 LOG7[32174:3085993680]: Verify directory set to /etc/stunnel/CA 2011.04.24 02:25:13 LOG7[32174:3085993680]: CRL directory set to /etc/stunnel/CRL 2011.04.24 02:25:13 LOG7[32174:3085993680]: SSL context initialized for service 3proxy 2011.04.24 02:25:13 LOG5[32174:3085993680]: stunnel 4.15 on i686-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 2011.04.24 02:25:13 LOG5[32174:3085993680]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2011.04.24 02:25:13 LOG6[32174:3085993680]: file ulimit = 1024 (can be changed with 'ulimit -n') 2011.04.24 02:25:13 LOG6[32174:3085993680]: poll() used - no FD_SETSIZE limit for file descriptors 2011.04.24 02:25:13 LOG5[32174:3085993680]: 500 clients allowed 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 3 in non-blocking mode 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 4 in non-blocking mode 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 5 in non-blocking mode 2011.04.24 02:25:13 LOG7[32174:3085993680]: SO_REUSEADDR option set on accept socket 2011.04.24 02:25:13 LOG7[32174:3085993680]: 3proxy bound to 0.0.0.0:30001 2011.04.24 02:25:13 LOG7[32174:3085993680]: Created pid file /var/run/stunnel.pid 2011.04.24 02:25:20 LOG7[32174:3085993680]: 3proxy accepted FD=6 from xx.xxx.xxx.xx:41165 2011.04.24 02:25:20 LOG7[32174:3085990800]: 3proxy started 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 6 in non-blocking mode 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 7 in non-blocking mode 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 8 in non-blocking mode 2011.04.24 02:25:20 LOG7[32174:3085993680]: Cleaning up the signal pipe 2011.04.24 02:25:20 LOG6[32174:3085993680]: Child process 32176 finished with code 0 2011.04.24 02:25:20 LOG7[32174:3085990800]: Connection from xx.xxx.xxx.xx:41165 permitted by libwrap 2011.04.24 02:25:20 LOG5[32174:3085990800]: 3proxy connected from xx.xxx.xxx.xx:41165 2011.04.24 02:25:20 LOG7[32174:3085990800]: SSL state (accept): before/accept initialization <-----------------------Stuck here forever!!! 2011.04.24 02:25:22 LOG3[32174:3085990800]: SSL_accept: Peer suddenly disconnected 2011.04.24 02:25:22 LOG5[32174:3085990800]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2011.04.24 02:25:22 LOG7[32174:3085990800]: 3proxy finished (0 left) 2011.04.24 02:25:25 LOG3[32174:3085993680]: Received signal 2; terminating 2011.04.24 02:25:25 LOG7[32174:3085993680]: removing pid file /var/run/stunnel.pid [root@vps1 ~]#
stunnel.conf: cert = /etc/stunnel/stunnel.pem key = /etc/stunnel/stunnel.pem CApath = /etc/stunnel/CA CRLpath = /etc/stunnel/CRL debug = 7 foreground = yes verify = 1 # [3proxy] accept = 30001 connect = 127.0.0.1:33135
I am hosting with CentOS 5.5, and installed Stunnel via yum. Planning to use it with 3Proxy. However I experience the problem above, can someone please help with that? Thank you very much!
Mr. Jack
stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Okay no problem.
I am hosting a private Socket5 proxy with 3Proxy, adding Stunnel to it can encrypte data so it can secure my data when I am connecting through an unsecured network. Eg. My Computer--->Proxycap(or other proxy soft)--(local)-->Stunnel(encryption,client)--->Unsecured WLAN(or network)--->Gateway&Network--->Stunnel(Decryption, server) --(local)-->3Proxy--->Gateway&Network--->Final destination If someone is hijacking my data with unsecured wireless, they wont easily see that I am sending. This is what I needed for. **WLAN: Wireless LAN**
The other thing you can do: My Computer--->Proxycap(or other proxy soft)--(local)-->Stunnel(encryption,client)--->Filter(Unable to analysis data)--->Gateway&Network--->Stunnel(Decryption, server) --(local)-->3Proxy--->Gateway&Network--->Final destination If there is a web filter in the network, most them should not be able to filter encrypted data. This is what I found out later on.
One thing I not sure is that I think your ISP will not know what site r u visiting by using Stunnel, but I think they can find out that your are sending some unknown(encrypted) data to some IP. However the ISP on my VPS will know what site did I visited for sure.
Thank you!
Mr. Jack
Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept):before/accept initialization To: jackliu92@hotmail.com; stunnel-users@stunnel.org From: josealf@rocketmail.com Date: Wed, 27 Apr 2011 10:05:06 +0000
Jack,
No need to apologize. There are no stupid questions... but those are the easiest to solve ;-)
It is not a waste of time if we all learn something, and I still don't know what you are doing with this combination of stunnel and 3proxy. So please, enlighten me. It could be useful for any of us. Thanks.
Jose
From: Jack Liu jackliu92@hotmail.com Date: Tue, 26 Apr 2011 23:59:59 -0600 To: josealf@rocketmail.com; stunnel-users@stunnel.org Subject: RE: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization
Thank you for replying... I just solved all my problem out 5 minutes ago, since I was busy today, or else I would solve this earlier.
The problem was cause by misconfiguration/misunderstanding between client and server. Then, I was sending my request to the server directly instead of sending it to 127.0.0.1:xxxx (Stunnel client)
Now I figured everything out, and I am sorry for taking your time for a stupid question like this. Thanks again for everyone who have helped me and have a great day!
Date: Tue, 26 Apr 2011 21:02:31 -0700 From: josealf@rocketmail.com Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization To: jackliu92@hotmail.com CC: stunnel-users@stunnel.org
Jack,
Looks like you're getting closer... but I don't know where you're going :-)
I want to understand better your problem. So please help me:
1. Exactly what are you trying to acomplish? So far, I see that your stunnel is configured as a client to your 3proxy server. 2. What does the 3proxy server do? What's behind it? Does it works as a SSL server? The error you see suggests it is not speaking SSLV3.
Best regards Jose
From: Jack Liu jackliu92@hotmail.com To: Jack Liu jackliu92@hotmail.com; stunnel-users@stunnel.org Sent: Tue, April 26, 2011 12:01:16 PM Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization
After adding client = yes into cfg, problem fixed, howerver, new problem created:
2011.04.26 10:47:29 LOG5[27745:3086699408]: Service 3proxy accepted connection from xx.xxx.xxx.xx:2017 2011.04.26 10:47:29 LOG7[27745:3086699408]: remote socket: FD=13 allocated (non-blocking mode) 2011.04.26 10:47:29 LOG6[27745:3086699408]: connect_blocking: connecting 127.0.0.1:30010 2011.04.26 10:47:29 LOG7[27745:3086699408]: connect_blocking: s_poll_wait 127.0.0.1:30010: waiting 10 seconds 2011.04.26 10:47:29 LOG5[27745:3086699408]: connect_blocking: connected 127.0.0.1:30010 2011.04.26 10:47:29 LOG5[27745:3086699408]: Service 3proxy connected remote server from 127.0.0.1:59959 2011.04.26 10:47:29 LOG7[27745:3086699408]: Remote FD=13 initialized 2011.04.26 10:47:29 LOG7[27745:3086699408]: Option TCP_NODELAY set on remote socket 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL state (connect): before/connect initialization 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL state (connect): SSLv3 write client hello A 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL alert (write): fatal: handshake failure 2011.04.26 10:47:29 LOG3[27745:3086699408]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 2011.04.26 10:47:29 LOG5[27745:3086699408]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2011.04.26 10:47:29 LOG7[27745:3086699408]: Service 3proxy finished (0 left) 2011.04.26 10:52:53 LOG7[27745:3086702288]: Dispatching signals from the signal pipe 2011.04.26 10:52:53 LOG6[27745:3086702288]: Child process 27746 terminated on signal 2 2011.04.26 10:52:53 LOG3[27745:3086702288]: Received signal 2; terminating 2011.04.26 10:52:53 LOG7[27745:3086702288]: removing pid file /var/run/stunnel.pid
Anyone have any suggestion how to fix: 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL alert (write): fatal: handshake failure 2011.04.26 10:47:29 LOG3[27745:3086699408]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Thank you!
Mr. Jack
From: jackliu92@hotmail.com To: sunyucong@gmail.com; stunnel-users@stunnel.org Date: Mon, 25 Apr 2011 21:26:58 -0600 Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization
Thx for continuing reply my msg, Yes, there is var/log/messages
Inside there only has some iptables log, FTP, SMTP application log and nothing else. I am positive that this problem is not cause by iptables, becuase I tried with iptables off.
Nothing else related to stunnel is found in that folder.
Any other suggestions?
Mr. Jack
From: sunyucong@gmail.com Date: Mon, 25 Apr 2011 20:00:30 -0700 Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization To: jackliu92@hotmail.com CC: stunnel-users@stunnel.org
I guess in centos that's /var/log/messages but in general, you should probably check everything in /var/log to make sure.
On Mon, Apr 25, 2011 at 5:38 PM, Jack Liu jackliu92@hotmail.com wrote:
Thank you for helping, but both logs r not presented in my var/log/ dir. Any other suggestions?
Mr. Jack
From: sunyucong@gmail.com Date: Mon, 25 Apr 2011 16:25:20 -0700 Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization To: jackliu92@hotmail.com CC: stunnel-users@stunnel.org
Are you sure that's entire log? check /var/log/daemons.log and syslog.log as well.
On Sun, Apr 24, 2011 at 1:30 AM, Jack Liu jackliu92@hotmail.com wrote:
It anyone knows how to fix Stunnel stuck at SSL state (accept): before/accept initialization???
Here is the log:
[root@vps1 ~]#stunnel /etc/stunnel/stunnel.conf 2011.04.24 02:25:13 LOG7[32174:3085993680]: Snagged 64 random bytes from /root/.rnd 2011.04.24 02:25:13 LOG7[32174:3085993680]: Wrote 1024 new random bytes to /root/.rnd 2011.04.24 02:25:13 LOG7[32174:3085993680]: RAND_status claims sufficient entropy for the PRNG 2011.04.24 02:25:13 LOG6[32174:3085993680]: PRNG seeded successfully 2011.04.24 02:25:13 LOG7[32174:3085993680]: Certificate: /etc/stunnel/stunnel.pem 2011.04.24 02:25:13 LOG7[32174:3085993680]: Key file: /etc/stunnel/stunnel.pem 2011.04.24 02:25:13 LOG7[32174:3085993680]: Verify directory set to /etc/stunnel/CA 2011.04.24 02:25:13 LOG7[32174:3085993680]: CRL directory set to /etc/stunnel/CRL 2011.04.24 02:25:13 LOG7[32174:3085993680]: SSL context initialized for service 3proxy 2011.04.24 02:25:13 LOG5[32174:3085993680]: stunnel 4.15 on i686-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 2011.04.24 02:25:13 LOG5[32174:3085993680]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2011.04.24 02:25:13 LOG6[32174:3085993680]: file ulimit = 1024 (can be changed with 'ulimit -n') 2011.04.24 02:25:13 LOG6[32174:3085993680]: poll() used - no FD_SETSIZE limit for file descriptors 2011.04.24 02:25:13 LOG5[32174:3085993680]: 500 clients allowed 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 3 in non-blocking mode 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 4 in non-blocking mode 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 5 in non-blocking mode 2011.04.24 02:25:13 LOG7[32174:3085993680]: SO_REUSEADDR option set on accept socket 2011.04.24 02:25:13 LOG7[32174:3085993680]: 3proxy bound to 0.0.0.0:30001 2011.04.24 02:25:13 LOG7[32174:3085993680]: Created pid file /var/run/stunnel.pid 2011.04.24 02:25:20 LOG7[32174:3085993680]: 3proxy accepted FD=6 from xx.xxx.xxx.xx:41165 2011.04.24 02:25:20 LOG7[32174:3085990800]: 3proxy started 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 6 in non-blocking mode 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 7 in non-blocking mode 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 8 in non-blocking mode 2011.04.24 02:25:20 LOG7[32174:3085993680]: Cleaning up the signal pipe 2011.04.24 02:25:20 LOG6[32174:3085993680]: Child process 32176 finished with code 0 2011.04.24 02:25:20 LOG7[32174:3085990800]: Connection from xx.xxx.xxx.xx:41165 permitted by libwrap 2011.04.24 02:25:20 LOG5[32174:3085990800]: 3proxy connected from xx.xxx.xxx.xx:41165 2011.04.24 02:25:20 LOG7[32174:3085990800]: SSL state (accept): before/accept initialization <-----------------------Stuck here forever!!! 2011.04.24 02:25:22 LOG3[32174:3085990800]: SSL_accept: Peer suddenly disconnected 2011.04.24 02:25:22 LOG5[32174:3085990800]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2011.04.24 02:25:22 LOG7[32174:3085990800]: 3proxy finished (0 left) 2011.04.24 02:25:25 LOG3[32174:3085993680]: Received signal 2; terminating 2011.04.24 02:25:25 LOG7[32174:3085993680]: removing pid file /var/run/stunnel.pid [root@vps1 ~]#
stunnel.conf: cert = /etc/stunnel/stunnel.pem key = /etc/stunnel/stunnel.pem CApath = /etc/stunnel/CA CRLpath = /etc/stunnel/CRL debug = 7 foreground = yes verify = 1 # [3proxy] accept = 30001 connect = 127.0.0.1:33135
I am hosting with CentOS 5.5, and installed Stunnel via yum. Planning to use it with 3Proxy. However I experience the problem above, can someone please help with that? Thank you very much!
Mr. Jack
stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Thank you. I find it cool and useful.
Jose -----Original Message----- From: Jack Liu jackliu92@hotmail.com Date: Wed, 27 Apr 2011 11:41:59 To: josealf@rocketmail.com; stunnel-users@stunnel.org Subject: RE: [stunnel-users] Stunnel stuck at SSL state (accept):before/accept initialization
Okay no problem.
I am hosting a private Socket5 proxy with 3Proxy, adding Stunnel to it can encrypte data so it can secure my data when I am connecting through an unsecured network. Eg. My Computer--->Proxycap(or other proxy soft)--(local)-->Stunnel(encryption,client)--->Unsecured WLAN(or network)--->Gateway&Network--->Stunnel(Decryption, server) --(local)-->3Proxy--->Gateway&Network--->Final destination If someone is hijacking my data with unsecured wireless, they wont easily see that I am sending. This is what I needed for. **WLAN: Wireless LAN**
The other thing you can do: My Computer--->Proxycap(or other proxy soft)--(local)-->Stunnel(encryption,client)--->Filter(Unable to analysis data)--->Gateway&Network--->Stunnel(Decryption, server) --(local)-->3Proxy--->Gateway&Network--->Final destination If there is a web filter in the network, most them should not be able to filter encrypted data. This is what I found out later on.
One thing I not sure is that I think your ISP will not know what site r u visiting by using Stunnel, but I think they can find out that your are sending some unknown(encrypted) data to some IP. However the ISP on my VPS will know what site did I visited for sure.
Thank you!
Mr. Jack
Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept):before/accept initialization To: jackliu92@hotmail.com; stunnel-users@stunnel.org From: josealf@rocketmail.com Date: Wed, 27 Apr 2011 10:05:06 +0000
Jack,
No need to apologize. There are no stupid questions... but those are the easiest to solve ;-)
It is not a waste of time if we all learn something, and I still don't know what you are doing with this combination of stunnel and 3proxy. So please, enlighten me. It could be useful for any of us. Thanks.
Jose
From: Jack Liu jackliu92@hotmail.com Date: Tue, 26 Apr 2011 23:59:59 -0600 To: josealf@rocketmail.com; stunnel-users@stunnel.org Subject: RE: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization
Thank you for replying... I just solved all my problem out 5 minutes ago, since I was busy today, or else I would solve this earlier.
The problem was cause by misconfiguration/misunderstanding between client and server. Then, I was sending my request to the server directly instead of sending it to 127.0.0.1:xxxx (Stunnel client)
Now I figured everything out, and I am sorry for taking your time for a stupid question like this. Thanks again for everyone who have helped me and have a great day!
Date: Tue, 26 Apr 2011 21:02:31 -0700 From: josealf@rocketmail.com Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization To: jackliu92@hotmail.com CC: stunnel-users@stunnel.org
Jack,
Looks like you're getting closer... but I don't know where you're going :-)
I want to understand better your problem. So please help me:
1. Exactly what are you trying to acomplish? So far, I see that your stunnel is configured as a client to your 3proxy server. 2. What does the 3proxy server do? What's behind it? Does it works as a SSL server? The error you see suggests it is not speaking SSLV3.
Best regards Jose
From: Jack Liu jackliu92@hotmail.com To: Jack Liu jackliu92@hotmail.com; stunnel-users@stunnel.org Sent: Tue, April 26, 2011 12:01:16 PM Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization
After adding client = yes into cfg, problem fixed, howerver, new problem created:
2011.04.26 10:47:29 LOG5[27745:3086699408]: Service 3proxy accepted connection from xx.xxx.xxx.xx:2017 2011.04.26 10:47:29 LOG7[27745:3086699408]: remote socket: FD=13 allocated (non-blocking mode) 2011.04.26 10:47:29 LOG6[27745:3086699408]: connect_blocking: connecting 127.0.0.1:30010 2011.04.26 10:47:29 LOG7[27745:3086699408]: connect_blocking: s_poll_wait 127.0.0.1:30010: waiting 10 seconds 2011.04.26 10:47:29 LOG5[27745:3086699408]: connect_blocking: connected 127.0.0.1:30010 2011.04.26 10:47:29 LOG5[27745:3086699408]: Service 3proxy connected remote server from 127.0.0.1:59959 2011.04.26 10:47:29 LOG7[27745:3086699408]: Remote FD=13 initialized 2011.04.26 10:47:29 LOG7[27745:3086699408]: Option TCP_NODELAY set on remote socket 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL state (connect): before/connect initialization 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL state (connect): SSLv3 write client hello A 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL alert (write): fatal: handshake failure 2011.04.26 10:47:29 LOG3[27745:3086699408]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 2011.04.26 10:47:29 LOG5[27745:3086699408]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2011.04.26 10:47:29 LOG7[27745:3086699408]: Service 3proxy finished (0 left) 2011.04.26 10:52:53 LOG7[27745:3086702288]: Dispatching signals from the signal pipe 2011.04.26 10:52:53 LOG6[27745:3086702288]: Child process 27746 terminated on signal 2 2011.04.26 10:52:53 LOG3[27745:3086702288]: Received signal 2; terminating 2011.04.26 10:52:53 LOG7[27745:3086702288]: removing pid file /var/run/stunnel.pid
Anyone have any suggestion how to fix: 2011.04.26 10:47:29 LOG7[27745:3086699408]: SSL alert (write): fatal: handshake failure 2011.04.26 10:47:29 LOG3[27745:3086699408]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Thank you!
Mr. Jack
From: jackliu92@hotmail.com To: sunyucong@gmail.com; stunnel-users@stunnel.org Date: Mon, 25 Apr 2011 21:26:58 -0600 Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization
Thx for continuing reply my msg, Yes, there is var/log/messages
Inside there only has some iptables log, FTP, SMTP application log and nothing else. I am positive that this problem is not cause by iptables, becuase I tried with iptables off.
Nothing else related to stunnel is found in that folder.
Any other suggestions?
Mr. Jack
From: sunyucong@gmail.com Date: Mon, 25 Apr 2011 20:00:30 -0700 Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization To: jackliu92@hotmail.com CC: stunnel-users@stunnel.org
I guess in centos that's /var/log/messages but in general, you should probably check everything in /var/log to make sure.
On Mon, Apr 25, 2011 at 5:38 PM, Jack Liu jackliu92@hotmail.com wrote:
Thank you for helping, but both logs r not presented in my var/log/ dir. Any other suggestions?
Mr. Jack
From: sunyucong@gmail.com Date: Mon, 25 Apr 2011 16:25:20 -0700 Subject: Re: [stunnel-users] Stunnel stuck at SSL state (accept): before/accept initialization To: jackliu92@hotmail.com CC: stunnel-users@stunnel.org
Are you sure that's entire log? check /var/log/daemons.log and syslog.log as well.
On Sun, Apr 24, 2011 at 1:30 AM, Jack Liu jackliu92@hotmail.com wrote:
It anyone knows how to fix Stunnel stuck at SSL state (accept): before/accept initialization???
Here is the log:
[root@vps1 ~]#stunnel /etc/stunnel/stunnel.conf 2011.04.24 02:25:13 LOG7[32174:3085993680]: Snagged 64 random bytes from /root/.rnd 2011.04.24 02:25:13 LOG7[32174:3085993680]: Wrote 1024 new random bytes to /root/.rnd 2011.04.24 02:25:13 LOG7[32174:3085993680]: RAND_status claims sufficient entropy for the PRNG 2011.04.24 02:25:13 LOG6[32174:3085993680]: PRNG seeded successfully 2011.04.24 02:25:13 LOG7[32174:3085993680]: Certificate: /etc/stunnel/stunnel.pem 2011.04.24 02:25:13 LOG7[32174:3085993680]: Key file: /etc/stunnel/stunnel.pem 2011.04.24 02:25:13 LOG7[32174:3085993680]: Verify directory set to /etc/stunnel/CA 2011.04.24 02:25:13 LOG7[32174:3085993680]: CRL directory set to /etc/stunnel/CRL 2011.04.24 02:25:13 LOG7[32174:3085993680]: SSL context initialized for service 3proxy 2011.04.24 02:25:13 LOG5[32174:3085993680]: stunnel 4.15 on i686-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 2011.04.24 02:25:13 LOG5[32174:3085993680]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2011.04.24 02:25:13 LOG6[32174:3085993680]: file ulimit = 1024 (can be changed with 'ulimit -n') 2011.04.24 02:25:13 LOG6[32174:3085993680]: poll() used - no FD_SETSIZE limit for file descriptors 2011.04.24 02:25:13 LOG5[32174:3085993680]: 500 clients allowed 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 3 in non-blocking mode 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 4 in non-blocking mode 2011.04.24 02:25:13 LOG7[32174:3085993680]: FD 5 in non-blocking mode 2011.04.24 02:25:13 LOG7[32174:3085993680]: SO_REUSEADDR option set on accept socket 2011.04.24 02:25:13 LOG7[32174:3085993680]: 3proxy bound to 0.0.0.0:30001 2011.04.24 02:25:13 LOG7[32174:3085993680]: Created pid file /var/run/stunnel.pid 2011.04.24 02:25:20 LOG7[32174:3085993680]: 3proxy accepted FD=6 from xx.xxx.xxx.xx:41165 2011.04.24 02:25:20 LOG7[32174:3085990800]: 3proxy started 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 6 in non-blocking mode 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 7 in non-blocking mode 2011.04.24 02:25:20 LOG7[32174:3085990800]: FD 8 in non-blocking mode 2011.04.24 02:25:20 LOG7[32174:3085993680]: Cleaning up the signal pipe 2011.04.24 02:25:20 LOG6[32174:3085993680]: Child process 32176 finished with code 0 2011.04.24 02:25:20 LOG7[32174:3085990800]: Connection from xx.xxx.xxx.xx:41165 permitted by libwrap 2011.04.24 02:25:20 LOG5[32174:3085990800]: 3proxy connected from xx.xxx.xxx.xx:41165 2011.04.24 02:25:20 LOG7[32174:3085990800]: SSL state (accept): before/accept initialization <-----------------------Stuck here forever!!! 2011.04.24 02:25:22 LOG3[32174:3085990800]: SSL_accept: Peer suddenly disconnected 2011.04.24 02:25:22 LOG5[32174:3085990800]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2011.04.24 02:25:22 LOG7[32174:3085990800]: 3proxy finished (0 left) 2011.04.24 02:25:25 LOG3[32174:3085993680]: Received signal 2; terminating 2011.04.24 02:25:25 LOG7[32174:3085993680]: removing pid file /var/run/stunnel.pid [root@vps1 ~]#
stunnel.conf: cert = /etc/stunnel/stunnel.pem key = /etc/stunnel/stunnel.pem CApath = /etc/stunnel/CA CRLpath = /etc/stunnel/CRL debug = 7 foreground = yes verify = 1 # [3proxy] accept = 30001 connect = 127.0.0.1:33135
I am hosting with CentOS 5.5, and installed Stunnel via yum. Planning to use it with 3Proxy. However I experience the problem above, can someone please help with that? Thank you very much!
Mr. Jack
stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
-
Jack Liu -
Jose Alf. -
josealf@rocketmail.com