[stunnel-users] Win: sometines don't connect
Miroslav Geisselreiter
mg at intar.cz
Fri Dec 1 15:34:17 CET 2006
Hi,
I use stunnel 4.16 on Windows 2000 and XP with this simple config:
cert = stunnel.pem
CAfile = cacerts.pem
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
client = yes
verify = 3
[VNC2]
accept = localhost:5900
connect = someotherpc:5600
When I start stunnel (as Win service), sometimes it forwards to
someotherpc:5600 (it is correct) but sometimes it doesn't.
Here is the debug 7 info:
2006.12.01 14:52:32 LOG7[3676:4060]: RAND_status claims sufficient
entropy for the PRNG
2006.12.01 14:52:32 LOG7[3676:4060]: PRNG seeded successfully
2006.12.01 14:52:32 LOG7[3676:4060]: Certificate: stunnel.pem
2006.12.01 14:52:32 LOG7[3676:4060]: Certificate loaded
2006.12.01 14:52:32 LOG7[3676:4060]: Key file: stunnel.pem
2006.12.01 14:52:32 LOG7[3676:4060]: Private key loaded
2006.12.01 14:52:32 LOG7[3676:4060]: Loaded verify certificates from
cacerts.pem
2006.12.01 14:52:32 LOG7[3676:4060]: SSL context initialized for service
VNC2
2006.12.01 14:52:32 LOG5[3676:4060]: stunnel 4.16 on x86-pc-mingw32-gnu
with OpenSSL 0.9.7i 14 Oct 2005
2006.12.01 14:52:32 LOG5[3676:4060]: Threading:WIN32 SSL:ENGINE
Sockets:SELECT,IPv6
2006.12.01 14:52:32 LOG5[3676:3108]: No limit detected for the number of
clients
2006.12.01 14:52:32 LOG7[3676:3108]: FD 180 in non-blocking mode
2006.12.01 14:52:32 LOG7[3676:3108]: SO_REUSEADDR option set on accept
socket
2006.12.01 14:52:32 LOG7[3676:3108]: VNC2 bound to 127.0.0.1:5900
When it doesn't work correcly, it stops here, otherwise continues:
2006.12.01 14:52:34 LOG7[3676:3108]: VNC2 accepted FD=188 from
127.0.0.1:1364
2006.12.01 14:52:34 LOG7[3676:3108]: Creating a new thread
2006.12.01 14:52:34 LOG7[3676:3108]: New thread created
2006.12.01 14:52:34 LOG7[3676:4008]: VNC2 started
2006.12.01 14:52:34 LOG7[3676:4008]: FD 188 in non-blocking mode
2006.12.01 14:52:34 LOG7[3676:4008]: TCP_NODELAY option set on local socket
2006.12.01 14:52:34 LOG5[3676:4008]: VNC2 connected from 127.0.0.1:1364
2006.12.01 14:52:34 LOG7[3676:4008]: FD 212 in non-blocking mode
2006.12.01 14:52:34 LOG7[3676:4008]: VNC2 connecting 192.168.1.172:5600
2006.12.01 14:52:34 LOG7[3676:4008]: connect_wait: waiting 10 seconds
2006.12.01 14:52:34 LOG7[3676:4008]: connect_wait: connected
2006.12.01 14:52:34 LOG7[3676:4008]: Remote FD=212 initialized
2006.12.01 14:52:34 LOG7[3676:4008]: TCP_NODELAY option set on remote socket
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): before/connect
initialization
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 write
client hello A
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 read
server hello A
2006.12.01 14:52:34 LOG6[3676:4008]: *** starting OCSP verification ***
2006.12.01 14:52:34 LOG5[3676:4008]: VERIFY OK: depth=0,
some info ....
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 read
server certificate A
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 read
server certificate request A
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 read
server done A
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 write
client certificate A
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 write
client key exchange A
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 write
certificate verify A
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 write
change cipher spec A
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 write
finished A
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 flush data
2006.12.01 14:52:34 LOG7[3676:4008]: SSL state (connect): SSLv3 read
finished A
2006.12.01 14:52:34 LOG7[3676:4008]: 1 items in the session cache
2006.12.01 14:52:34 LOG7[3676:4008]: 1 client connects (SSL_connect())
2006.12.01 14:52:34 LOG7[3676:4008]: 1 client connects that finished
2006.12.01 14:52:34 LOG7[3676:4008]: 0 client renegotiations requested
2006.12.01 14:52:34 LOG7[3676:4008]: 0 server connects (SSL_accept())
2006.12.01 14:52:34 LOG7[3676:4008]: 0 server connects that finished
2006.12.01 14:52:34 LOG7[3676:4008]: 0 server renegotiations requested
2006.12.01 14:52:34 LOG7[3676:4008]: 0 session cache hits
2006.12.01 14:52:34 LOG7[3676:4008]: 0 session cache misses
2006.12.01 14:52:34 LOG7[3676:4008]: 0 session cache timeouts
2006.12.01 14:52:34 LOG6[3676:4008]: SSL connected: new session negotiated
2006.12.01 14:52:34 LOG6[3676:4008]: Negotiated ciphers: AES256-SHA
SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
someotherpc config is here:
service = stunnel
cert = stunnel.pem
CAfile = cacerts.pem
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
verify = 3
taskbar = yes
[VNC]
accept = 5600
connect = localhost:5900
It runs as win service too.
Please help.
--
Miroslav Geisselreiter
--
Odchozi zprava neobsahuje viry.
Zkontrolovano AVG.
Verze: 7.5.432 / Virova baze: 268.15.3/562 - datum vydani: 1.12.2006 13:12
More information about the stunnel-users
mailing list