[stunnel-users] stunnel closing connections with RST ?

sergei nasdoma at gmail.com
Mon Feb 6 21:19:06 CET 2006


I'm setting up load-balanced service requiring stunnel with SSL on its front
end. There are two hosts behind load balancer running stunnel . Service
behind stunnel does not speak SSL. Every few minutes load balancer checks if
those stunnels are still alive by opening tcp connection to stunnel
listening port. Now problem is that stunnel closes those test connections
with RST and load balancer takes it as that host is dead. This is without
"client = yes" option because service does not speak SSL

load-balancer -> stunnel-host TCP D=1234 S=33007 Syn
stunnel-host -> load-balancer TCP D=33007 S=1234 Syn Ack
load-balancer -> stunnel-host TCP D=1234 S=33007     Ack
load-balancer -> stunnel-host TCP D=1234 S=33007 Fin Ack
stunnel-host -> load-balancer TCP D=33007 S=1234     Ack
stunnel-host -> load-balancer TCP D=33007 S=1234 Rst


On the other hand with client=yes everything works fine

load-balancer -> stunnel-host TCP D=123 S=33010 Syn
stunnel-host -> load-balancer TCP D=33010 S=123 Syn Ack
load-balancer -> stunnel-host TCP D=123 S=33010     Ack
load-balancer -> stunnel-host TCP D=123 S=33010 Fin Ack
stunnel-host -> load-balancer TCP D=33010 S=123 Fin Ack
load-balancer -> stunnel-host TCP D=123 S=33010     Ack


Is there any way to make stunnel without "client = yes" close connection
"normal way" with FIN instead of RST ?

stunnel is last version, load balancer is some older F5 BigIP

thanks
sergei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20060206/98b568f3/attachment.html>


More information about the stunnel-users mailing list