[stunnel-users] stunnel closing on first packet
justin alexander
jkareg at harshangel.com
Sun Dec 11 18:25:13 CET 2005
I have a client application on a windows machine, which tunnels through
stunnel v4.14 to launch and inetd through stunnel v4.09 on a Linux box.
The Linux side INETD successfully sends a packet of 25B to the client.
The client (windows) receives this packet and returns a 12B packet. The
packet IS received by the INETD but then stunnel immediately closes the
socket.
Why is it doing this?
I'm including all configs and longs.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: client.log
Type: text/x-log
Size: 437 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20051211/159469b4/attachment.bin>
-------------- next part --------------
; Sample stunnel configuration file by Michal Trojnara 2002-2005
; Some options used here may not be adequate for your particular configuration
; Please make sure you understand them (especially the effect of chroot jail)
; Certificate/key is needed in server mode and optional in client mode
cert = /etc/stunnel/certagent.pem
key = /etc/stunnel/certagent.pem
; Some security enhancements for UNIX systems - comment them out on Win32
;chroot = /usr/var/stunnel/
setuid = stunnel4
setgid = stunnel4
; PID is created inside chroot jail
pid = /usr/var/stunnel/stunnel.pid
;/var/run/stunnel4/stunnel.pid
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
compression = rle
;compression = zlib
; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS
; Authentication stuff
verify = 3
; Don't forget to c_rehash CApath; CApath is located inside chroot jail:
CApath = /usr/var/stunnel/certs
; It's often easier to use CAfile:
;CAfile = /usr/etc/stunnel/certs.pem
; Don't forget to c_rehash CRLpath; CRLpath is located inside chroot jail:
CRLpath = /usr/var/stunnel/crls
; Alternatively you can use CRLfile:
;CRLfile = /usr/etc/stunnel/crls.pem
; Some debugging stuff useful for troubleshooting
debug = 7
;output = /var/log/stunnel4/stunnel.log
output = /etc/stunnel/log.txt
; Use it for client mode
client = no
foreground = yes
; Service-level configuration
;[pop3s]
;accept = 995
;connect = 110
;[imaps]
;accept = 993
;connect = 143
;[ssmtp]
;accept = 465
;connect = 25
;[daytime]
;accept = 127.0.0.1:1300
;connect = nimrod:130
;[https]
;accept = 444
;connect = 127.0.0.1:80
[CF2]
accept = 4000
;exec = /usr/bin/env
;execargs = env > /usr/var/stunnel/bin/env.txt
exec = /usr/var/stunnel/bin/CF2
execargs = -p /usr/var/stunnel/pipes/ -l /usr/var/stunnel/CF.log
;TIMEOUTclose = 0
; vim:ft=dosini
-------------- next part --------------
; Sample stunnel configuration file by Michal Trojnara 2002-2005
; Some options used here may not be adequate for your particular configuration
; Please make sure you understand them (especially the effect of chroot jail)
; Certificate/key is needed in server mode and optional in client mode
cert = /etc/stunnel/certagent.pem
key = /etc/stunnel/certagent.pem
; Some security enhancements for UNIX systems - comment them out on Win32
;chroot = /usr/var/stunnel/
setuid = stunnel4
setgid = stunnel4
; PID is created inside chroot jail
pid = /usr/var/stunnel/stunnel.pid
;/var/run/stunnel4/stunnel.pid
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
compression = rle
;compression = zlib
; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS
; Authentication stuff
verify = 3
; Don't forget to c_rehash CApath; CApath is located inside chroot jail:
CApath = /usr/var/stunnel/certs
; It's often easier to use CAfile:
;CAfile = /usr/etc/stunnel/certs.pem
; Don't forget to c_rehash CRLpath; CRLpath is located inside chroot jail:
CRLpath = /usr/var/stunnel/crls
; Alternatively you can use CRLfile:
;CRLfile = /usr/etc/stunnel/crls.pem
; Some debugging stuff useful for troubleshooting
debug = 7
;output = /var/log/stunnel4/stunnel.log
output = /etc/stunnel/log.txt
; Use it for client mode
client = no
foreground = yes
; Service-level configuration
;[pop3s]
;accept = 995
;connect = 110
;[imaps]
;accept = 993
;connect = 143
;[ssmtp]
;accept = 465
;connect = 25
;[daytime]
;accept = 127.0.0.1:1300
;connect = nimrod:130
;[https]
;accept = 444
;connect = 127.0.0.1:80
[CF2]
accept = 4000
;exec = /usr/bin/env
;execargs = env > /usr/var/stunnel/bin/env.txt
exec = /usr/var/stunnel/bin/CF2
execargs = -p /usr/var/stunnel/pipes/ -l /usr/var/stunnel/CF.log
;TIMEOUTclose = 0
; vim:ft=dosini
More information about the stunnel-users
mailing list