[stunnel-users] Win: sometines don't connect

Miroslav Geisselreiter mg at intar.cz
Fri Dec 1 15:34:17 CET 2006 

Hi,

I use stunnel 4.16 on Windows 2000 and XP with this simple config:

cert = stunnel.pem
CAfile = cacerts.pem
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
client = yes
verify = 3

[VNC2]
accept  = localhost:5900
connect = someotherpc:5600

When I start stunnel (as Win service), sometimes it forwards to 
someotherpc:5600 (it is correct) but sometimes it doesn't.

Here is the debug 7 info:

2006.12.01 14:52:32 LOG7[3676:4060]: RAND_status claims sufficient 
entropy for the PRNG
2006.12.01 14:52:32 LOG7[3676:4060]: PRNG seeded successfully
2006.12.01 14:52:32 LOG7[3676:4060]: Certificate: stunnel.pem
2006.12.01 14:52:32 LOG7[3676:4060]: Certificate loaded
2006.12.01 14:52:32 LOG7[3676:4060]: Key file: stunnel.pem
2006.12.01 14:52:32 LOG7[3676:4060]: Private key loaded
2006.12.01 14:52:32 LOG7[3676:4060]: Loaded verify certificates from 
cacerts.pem
2006.12.01 14:52:32 LOG7[3676:4060]: SSL context initialized for service 
VNC2
2006.12.01 14:52:32 LOG5[3676:4060]: stunnel 4.16 on x86-pc-mingw32-gnu 
with OpenSSL 0.9.7i 14 Oct 2005
2006.12.01 14:52:32 LOG5[3676:4060]: Threading:WIN32 SSL:ENGINE 
Sockets:SELECT,IPv6
2006.12.01 14:52:32 LOG5[3676:3108]: No limit detected for the number of 
clients
2006.12.01 14:52:32 LOG7[3676:3108]: FD 180 in non-blocking mode
2006.12.01 14:52:32 LOG7[3676:3108]: SO_REUSEADDR option set on accept 
socket
2006.12.01 14:52:32 LOG7[3676:3108]: VNC2 bound to 127.0.0.1:5900

When it doesn't work correcly, it stops here, otherwise continues:

2006.12.01 14:52:34 LOG7[3676:3108]: VNC2 accepted FD=188 from 
127.0.0.1:1364
2006.12.01 14:52:34 LOG7[3676:3108]: Creating a new thread
2006.12.01 14:52:34 LOG7[3676:3108]: New thread created
2006.12.01 14:52:34 LOG7[3676:4008]: VNC2 started
2006.12.01 14:52:34 LOG7[3676:4008]: FD 188 in non-blocking mode
2006.12.01 14:52:34 LOG7[3676:4008]: TCP_NODELAY option set on local socket
2006.12.01 14:52:34 LOG5[3676:4008]: VNC2 connected from 127.0.0.1:1364
2006.12.01 14:52:34 LOG7[3676:4008]: FD 212 in non-blocking mode
2006.12.01 14:52:34 LOG7[3676:4008]: VNC2 connecting 192.168.1.172:5600
2006.12.01 14:52:34 LOG7[3676:4008]: connect_wait: waiting 10 seconds
2006.12.01 14:52:34 LOG7[3676:4008]: connect_wait: connected
2006.12.01 14:52:34 LOG7[3676:4008]: Remote FD=212 initialized
2006.12.01 14:52:34 LOG7[3676:4008]: TCP_NODELAY option set on remote socket
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): before/connect 
initialization
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 write 
client hello A
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 read 
server hello A
2006.12.01 14:52:34 LOG6[3676:4008]: *** starting OCSP verification ***
2006.12.01 14:52:34 LOG5[3676:4008]: VERIFY OK: depth=0,
some info ....
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 read 
server certificate A
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 read 
server certificate request A
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 read 
server done A
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 write 
client certificate A
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 write 
client key exchange A
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 write 
certificate verify A
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 write 
change cipher spec A
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 write 
finished A
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 flush data
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 read 
finished A
2006.12.01 14:52:34 LOG7[3676:4008]:    1 items in the session cache
2006.12.01 14:52:34 LOG7[3676:4008]:    1 client connects (SSL_connect())
2006.12.01 14:52:34 LOG7[3676:4008]:    1 client connects that finished
2006.12.01 14:52:34 LOG7[3676:4008]:    0 client renegotiations requested
2006.12.01 14:52:34 LOG7[3676:4008]:    0 server connects (SSL_accept())
2006.12.01 14:52:34 LOG7[3676:4008]:    0 server connects that finished
2006.12.01 14:52:34 LOG7[3676:4008]:    0 server renegotiations requested
2006.12.01 14:52:34 LOG7[3676:4008]:    0 session cache hits
2006.12.01 14:52:34 LOG7[3676:4008]:    0 session cache misses
2006.12.01 14:52:34 LOG7[3676:4008]:    0 session cache timeouts
2006.12.01 14:52:34 LOG6[3676:4008]: SSL connected: new session negotiated
2006.12.01 14:52:34 LOG6[3676:4008]: Negotiated ciphers: AES256-SHA 
          SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1

someotherpc config is here:

service = stunnel
cert = stunnel.pem
CAfile = cacerts.pem
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
verify = 3
taskbar = yes

[VNC]
accept  = 5600
connect = localhost:5900

It runs as win service too.

Please help.
-- 
Miroslav Geisselreiter



-- 
Odchozi zprava neobsahuje viry.
Zkontrolovano AVG.
Verze: 7.5.432 / Virova baze: 268.15.3/562 - datum vydani: 1.12.2006 13:12

More information about the stunnel-users mailing list