[stunnel-users] stunnel not connecting to port 139 on server

Neil Aggarwal neil at JAMMConsulting.com
Sun Feb 5 01:31:31 CET 2006


Hello:

I have two windows machines.  I am trying to connect to a shared drive on
the server over an
stunnel connection following the instructions on this page:
http://research.lumeta.com/ches/cheap/stunnelsolution.html

The connection from the client seems to connect to the server, but the
server-side stunnel 
seems to be getting a timeout when it attempts to connect to port 139.  I am
able to map
the network drive locally, so I am surprised it is not able to connect.

Here is the log from stunnel on the server:

2006.02.04 18:22:17 LOG5[2116:3068]: stunnel 4.14 on x86-pc-mingw32-gnu
WIN32+SELECT+IPv6 with OpenSSL 0.9.7i 14 Oct 2005
2006.02.04 18:22:17 LOG7[2116:3968]: RAND_status claims sufficient entropy
for the PRNG
2006.02.04 18:22:17 LOG6[2116:3968]: PRNG seeded successfully
2006.02.04 18:22:17 LOG7[2116:3968]: Certificate: stunnel.pem
2006.02.04 18:22:17 LOG7[2116:3968]: Key file: stunnel.pem
2006.02.04 18:22:17 LOG5[2116:3968]: No limit detected for the number of
clients
2006.02.04 18:22:17 LOG7[2116:3968]: FD 168 in non-blocking mode
2006.02.04 18:22:17 LOG7[2116:3968]: SO_REUSEADDR option set on accept
socket
2006.02.04 18:22:17 LOG7[2116:3968]: netDrives bound to 0.0.0.0:2139
2006.02.04 18:24:49 LOG7[2116:3968]: netDrives accepted FD=188 from
192.168.1.247:1334
2006.02.04 18:24:49 LOG7[2116:3968]: Creating a new thread
2006.02.04 18:24:49 LOG7[2116:3968]: New thread created
2006.02.04 18:24:49 LOG7[2116:2224]: netDrives started
2006.02.04 18:24:49 LOG7[2116:2224]: FD 188 in non-blocking mode
2006.02.04 18:24:49 LOG7[2116:2224]: TCP_NODELAY option set on local socket
2006.02.04 18:24:49 LOG5[2116:2224]: netDrives connected from
192.168.1.247:1334
2006.02.04 18:24:49 LOG7[2116:2224]: SSL state (accept): before/accept
initialization
2006.02.04 18:24:49 LOG7[2116:2224]: SSL state (accept): SSLv3 read client
hello A
2006.02.04 18:24:49 LOG7[2116:2224]: SSL state (accept): SSLv3 write server
hello A
2006.02.04 18:24:49 LOG7[2116:2224]: SSL state (accept): SSLv3 write
certificate A
2006.02.04 18:24:49 LOG7[2116:2224]: SSL state (accept): SSLv3 write server
done A
2006.02.04 18:24:49 LOG7[2116:2224]: SSL state (accept): SSLv3 flush data
2006.02.04 18:24:49 LOG7[2116:2224]: SSL state (accept): SSLv3 read client
key exchange A
2006.02.04 18:24:49 LOG7[2116:2224]: SSL state (accept): SSLv3 read finished
A
2006.02.04 18:24:49 LOG7[2116:2224]: SSL state (accept): SSLv3 write change
cipher spec A
2006.02.04 18:24:49 LOG7[2116:2224]: SSL state (accept): SSLv3 write
finished A
2006.02.04 18:24:49 LOG7[2116:2224]: SSL state (accept): SSLv3 flush data
2006.02.04 18:24:49 LOG7[2116:2224]:    1 items in the session cache
2006.02.04 18:24:49 LOG7[2116:2224]:    0 client connects (SSL_connect())
2006.02.04 18:24:49 LOG7[2116:2224]:    0 client connects that finished
2006.02.04 18:24:49 LOG7[2116:2224]:    0 client renegotiatations requested
2006.02.04 18:24:49 LOG7[2116:2224]:    1 server connects (SSL_accept())
2006.02.04 18:24:49 LOG7[2116:2224]:    1 server connects that finished
2006.02.04 18:24:49 LOG7[2116:2224]:    0 server renegotiatiations requested
2006.02.04 18:24:49 LOG7[2116:2224]:    0 session cache hits
2006.02.04 18:24:49 LOG7[2116:2224]:    0 session cache misses
2006.02.04 18:24:49 LOG7[2116:2224]:    0 session cache timeouts
2006.02.04 18:24:49 LOG6[2116:2224]: SSL accepted: new session negotiated
2006.02.04 18:24:49 LOG6[2116:2224]: Negotiated ciphers: AES256-SHA
SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
2006.02.04 18:24:49 LOG7[2116:2224]: FD 216 in non-blocking mode
2006.02.04 18:24:49 LOG7[2116:2224]: netDrives connecting 127.0.0.1:139
2006.02.04 18:24:49 LOG7[2116:2224]: connect_wait: waiting 10 seconds
2006.02.04 18:24:59 LOG7[2116:3968]: netDrives accepted FD=236 from
192.168.1.247:1336
2006.02.04 18:24:59 LOG7[2116:3968]: Creating a new thread
2006.02.04 18:24:59 LOG7[2116:3968]: New thread created
2006.02.04 18:24:59 LOG7[2116:3544]: netDrives started
2006.02.04 18:24:59 LOG7[2116:3544]: FD 236 in non-blocking mode
2006.02.04 18:24:59 LOG7[2116:3544]: TCP_NODELAY option set on local socket
2006.02.04 18:24:59 LOG5[2116:3544]: netDrives connected from
192.168.1.247:1336
2006.02.04 18:24:59 LOG7[2116:3544]: SSL state (accept): before/accept
initialization
2006.02.04 18:24:59 LOG7[2116:3544]: SSL state (accept): SSLv3 read client
hello A
2006.02.04 18:24:59 LOG7[2116:3544]: SSL state (accept): SSLv3 write server
hello A
2006.02.04 18:24:59 LOG7[2116:3544]: SSL state (accept): SSLv3 write change
cipher spec A
2006.02.04 18:24:59 LOG7[2116:3544]: SSL state (accept): SSLv3 write
finished A
2006.02.04 18:24:59 LOG7[2116:3544]: SSL state (accept): SSLv3 flush data
2006.02.04 18:24:59 LOG7[2116:3544]: SSL state (accept): SSLv3 read finished
A
2006.02.04 18:24:59 LOG7[2116:3544]:    1 items in the session cache
2006.02.04 18:24:59 LOG7[2116:3544]:    0 client connects (SSL_connect())
2006.02.04 18:24:59 LOG7[2116:3544]:    0 client connects that finished
2006.02.04 18:24:59 LOG7[2116:3544]:    0 client renegotiatations requested
2006.02.04 18:24:59 LOG7[2116:3544]:    2 server connects (SSL_accept())
2006.02.04 18:24:59 LOG7[2116:3544]:    2 server connects that finished
2006.02.04 18:24:59 LOG7[2116:3544]:    0 server renegotiatiations requested
2006.02.04 18:24:59 LOG7[2116:3544]:    1 session cache hits
2006.02.04 18:24:59 LOG7[2116:3544]:    0 session cache misses
2006.02.04 18:24:59 LOG7[2116:3544]:    0 session cache timeouts
2006.02.04 18:24:59 LOG6[2116:2224]: connect_wait: s_poll_wait timeout
2006.02.04 18:24:59 LOG6[2116:3544]: SSL accepted: previous session reused
2006.02.04 18:24:59 LOG3[2116:2224]: Failed to initialize remote connection
2006.02.04 18:24:59 LOG7[2116:3544]: FD 216 in non-blocking mode
2006.02.04 18:24:59 LOG7[2116:2224]: netDrives finished (1 left)
2006.02.04 18:24:59 LOG7[2116:3544]: netDrives connecting 127.0.0.1:139
2006.02.04 18:24:59 LOG7[2116:3544]: connect_wait: waiting 10 seconds
2006.02.04 18:25:09 LOG6[2116:3544]: connect_wait: s_poll_wait timeout
2006.02.04 18:25:09 LOG3[2116:3544]: Failed to initialize remote connection
2006.02.04 18:25:09 LOG7[2116:3544]: netDrives finished (0 left)

Here is the stunnel.conf file from the server:

; Sample stunnel configuration file by Michal Trojnara 2002-2005
; Some options used here may not be adequate for your particular
configuration

; Certificate/key is needed in server mode and optional in client mode
; The default certificate is provided only for testing and should not
; be used in a production environment
cert = stunnel.pem
;key = stunnel.pem

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
;CApath = certs
; It's often easier to use CAfile
;CAfile = certs.pem
; Don't forget to c_rehash CRLpath
;CRLpath = crls
; Alternatively you can use CRLfile
;CRLfile = crls.pem

; Some debugging stuff useful for troubleshooting
debug = 7
output = stunnel.log

; Use it for client mode
;client = yes

; Service-level configuration

[netDrives]
accept  = 2139
connect = 139

In case you need it, here is the stunnel log from the client:

2006.02.04 18:23:43 LOG5[3236:2376]: stunnel 4.14 on x86-pc-mingw32-gnu
WIN32+SELECT+IPv6 with OpenSSL 0.9.7i 14 Oct 2005
2006.02.04 18:23:43 LOG7[3236:324]: RAND_status claims sufficient entropy
for the PRNG
2006.02.04 18:23:43 LOG6[3236:324]: PRNG seeded successfully
2006.02.04 18:23:43 LOG7[3236:324]: Certificate: stunnel.pem
2006.02.04 18:23:43 LOG7[3236:324]: Key file: stunnel.pem
2006.02.04 18:23:43 LOG5[3236:324]: No limit detected for the number of
clients
2006.02.04 18:23:43 LOG7[3236:324]: FD 200 in non-blocking mode
2006.02.04 18:23:43 LOG7[3236:324]: SO_REUSEADDR option set on accept socket
2006.02.04 18:23:43 LOG7[3236:324]: netDrives bound to 222.222.222.222:139
2006.02.04 18:24:42 LOG7[3236:324]: netDrives accepted FD=220 from
192.168.1.247:1333
2006.02.04 18:24:42 LOG7[3236:324]: Creating a new thread
2006.02.04 18:24:42 LOG7[3236:324]: New thread created
2006.02.04 18:24:42 LOG7[3236:572]: netDrives started
2006.02.04 18:24:42 LOG7[3236:572]: FD 220 in non-blocking mode
2006.02.04 18:24:42 LOG7[3236:572]: TCP_NODELAY option set on local socket
2006.02.04 18:24:42 LOG5[3236:572]: netDrives connected from
192.168.1.247:1333
2006.02.04 18:24:42 LOG7[3236:572]: FD 252 in non-blocking mode
2006.02.04 18:24:42 LOG7[3236:572]: netDrives connecting 192.168.1.10:2139
2006.02.04 18:24:42 LOG7[3236:572]: connect_wait: waiting 10 seconds
2006.02.04 18:24:42 LOG7[3236:572]: connect_wait: connected
2006.02.04 18:24:42 LOG7[3236:572]: Remote FD=252 initialized
2006.02.04 18:24:42 LOG7[3236:572]: TCP_NODELAY option set on remote socket
2006.02.04 18:24:42 LOG7[3236:572]: SSL state (connect): before/connect
initialization
2006.02.04 18:24:42 LOG7[3236:572]: SSL state (connect): SSLv3 write client
hello A
2006.02.04 18:24:42 LOG7[3236:572]: SSL state (connect): SSLv3 read server
hello A
2006.02.04 18:24:42 LOG7[3236:572]: SSL state (connect): SSLv3 read server
certificate A
2006.02.04 18:24:42 LOG7[3236:572]: SSL state (connect): SSLv3 read server
done A
2006.02.04 18:24:42 LOG7[3236:572]: SSL state (connect): SSLv3 write client
key exchange A
2006.02.04 18:24:42 LOG7[3236:572]: SSL state (connect): SSLv3 write change
cipher spec A
2006.02.04 18:24:42 LOG7[3236:572]: SSL state (connect): SSLv3 write
finished A
2006.02.04 18:24:42 LOG7[3236:572]: SSL state (connect): SSLv3 flush data
2006.02.04 18:24:42 LOG7[3236:572]: SSL state (connect): SSLv3 read finished
A
2006.02.04 18:24:42 LOG7[3236:572]:    1 items in the session cache
2006.02.04 18:24:42 LOG7[3236:572]:    1 client connects (SSL_connect())
2006.02.04 18:24:42 LOG7[3236:572]:    1 client connects that finished
2006.02.04 18:24:42 LOG7[3236:572]:    0 client renegotiatations requested
2006.02.04 18:24:42 LOG7[3236:572]:    0 server connects (SSL_accept())
2006.02.04 18:24:42 LOG7[3236:572]:    0 server connects that finished
2006.02.04 18:24:42 LOG7[3236:572]:    0 server renegotiatiations requested
2006.02.04 18:24:42 LOG7[3236:572]:    0 session cache hits
2006.02.04 18:24:42 LOG7[3236:572]:    0 session cache misses
2006.02.04 18:24:42 LOG7[3236:572]:    0 session cache timeouts
2006.02.04 18:24:42 LOG6[3236:572]: SSL connected: new session negotiated
2006.02.04 18:24:42 LOG6[3236:572]: Negotiated ciphers: AES256-SHA
SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
2006.02.04 18:24:52 LOG3[3236:572]: readsocket: Connection reset by peer
(WSAECONNRESET) (10054)
2006.02.04 18:24:52 LOG7[3236:324]: netDrives accepted FD=276 from
192.168.1.247:1335
2006.02.04 18:24:52 LOG5[3236:572]: Connection reset: 72 bytes sent to SSL,
0 bytes sent to socket
2006.02.04 18:24:52 LOG7[3236:324]: Creating a new thread
2006.02.04 18:24:52 LOG7[3236:572]: netDrives finished (0 left)
2006.02.04 18:24:52 LOG7[3236:324]: New thread created
2006.02.04 18:24:52 LOG7[3236:1336]: netDrives started
2006.02.04 18:24:52 LOG7[3236:1336]: FD 276 in non-blocking mode
2006.02.04 18:24:52 LOG7[3236:1336]: TCP_NODELAY option set on local socket
2006.02.04 18:24:52 LOG5[3236:1336]: netDrives connected from
192.168.1.247:1335
2006.02.04 18:24:52 LOG7[3236:1336]: FD 248 in non-blocking mode
2006.02.04 18:24:52 LOG7[3236:1336]: netDrives connecting 192.168.1.10:2139
2006.02.04 18:24:52 LOG7[3236:1336]: connect_wait: waiting 10 seconds
2006.02.04 18:24:52 LOG7[3236:1336]: connect_wait: connected
2006.02.04 18:24:52 LOG7[3236:1336]: Remote FD=248 initialized
2006.02.04 18:24:52 LOG7[3236:1336]: TCP_NODELAY option set on remote socket
2006.02.04 18:24:52 LOG7[3236:1336]: SSL state (connect): before/connect
initialization
2006.02.04 18:24:52 LOG7[3236:1336]: SSL state (connect): SSLv3 write client
hello A
2006.02.04 18:24:52 LOG7[3236:1336]: SSL state (connect): SSLv3 read server
hello A
2006.02.04 18:24:52 LOG7[3236:1336]: SSL state (connect): SSLv3 read
finished A
2006.02.04 18:24:52 LOG7[3236:1336]: SSL state (connect): SSLv3 write change
cipher spec A
2006.02.04 18:24:52 LOG7[3236:1336]: SSL state (connect): SSLv3 write
finished A
2006.02.04 18:24:52 LOG7[3236:1336]: SSL state (connect): SSLv3 flush data
2006.02.04 18:24:52 LOG7[3236:1336]:    1 items in the session cache
2006.02.04 18:24:52 LOG7[3236:1336]:    2 client connects (SSL_connect())
2006.02.04 18:24:52 LOG7[3236:1336]:    2 client connects that finished
2006.02.04 18:24:52 LOG7[3236:1336]:    0 client renegotiatations requested
2006.02.04 18:24:52 LOG7[3236:1336]:    0 server connects (SSL_accept())
2006.02.04 18:24:52 LOG7[3236:1336]:    0 server connects that finished
2006.02.04 18:24:52 LOG7[3236:1336]:    0 server renegotiatiations requested
2006.02.04 18:24:52 LOG7[3236:1336]:    1 session cache hits
2006.02.04 18:24:52 LOG7[3236:1336]:    0 session cache misses
2006.02.04 18:24:52 LOG7[3236:1336]:    0 session cache timeouts
2006.02.04 18:24:52 LOG6[3236:1336]: SSL connected: previous session reused
2006.02.04 18:25:02 LOG3[3236:1336]: readsocket: Connection reset by peer
(WSAECONNRESET) (10054)
2006.02.04 18:25:02 LOG5[3236:1336]: Connection reset: 72 bytes sent to SSL,
0 bytes sent to socket
2006.02.04 18:25:02 LOG7[3236:1336]: netDrives finished (0 left)

Here is the stunnel.conf file from the client:

; Sample stunnel configuration file by Michal Trojnara 2002-2005
; Some options used here may not be adequate for your particular
configuration

; Certificate/key is needed in server mode and optional in client mode
; The default certificate is provided only for testing and should not
; be used in a production environment
cert = stunnel.pem
;key = stunnel.pem

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
;CApath = certs
; It's often easier to use CAfile
;CAfile = certs.pem
; Don't forget to c_rehash CRLpath
;CRLpath = crls
; Alternatively you can use CRLfile
;CRLfile = crls.pem

; Some debugging stuff useful for troubleshooting
debug = 7
output = stunnel.log

; Use it for client mode
client = yes

; Service-level configuration

[netDrives]
accept  = 222.222.222.222:139
connect = tcServer.crcBusinessServices.com:2139

Any ideas what could be wrong?

Thanks,
	Neil


--
Neil Aggarwal, JAMM Consulting, (214) 986-3533, www.JAMMConsulting.com
FREE! Valuable info on how your business can reduce operating costs by
17% or more in 6 months or less! http://newsletter.JAMMConsulting.com 




More information about the stunnel-users mailing list