Hi everyone,

How do I get rid of this message?

I have a stunnel server setup on a remote machine using the socks protocol. I use two keys plus the certificates and a private CA to protect the SSL link. On a local machine I have an stunnel client running without a protocol option set.

If I try to make a socks connection to an interface IP of the remote server it works perfectly, bypassing the intervening firewalls through the protected tunnel. But the interface IP changes and I only want to allow connections to the remote server through the tunnel.

I could setup traditional tunnels, but while one of the services (remote desktop to the Windows server) is constant the others are dynamically configurable. I have even considered using SNI to distinguish the incoming connections to the various services but while this allows there to be just one tunnel port it will still need a remote reconfiguration of stunnel every time a service port is added or removed.

The best way to express this limit is that the socks server should ONLY connect to localhost; but it's "rejected".

In actual operation I will probably need to allow the local network too which will probably be an rfc1597 address.

Looking at the source it appears that this condition is hard coded into the "validate" function so my question becomes: can you please remove this or add a flag to turn it off?