[stunnel-users] Clearer and Detailed version of the mail Stunnel for HTTP encription
Carter Browne
cbrowne at cbcs-usa.com
Thu Jul 20 17:16:10 CEST 2006
I would suggest changing the accept on the server to read
accept = 123
As I understand the logic, the server is only listening on the loop back
TCP address, not the public one.
Carter
LoopBack Inc wrote:
> Hello.
> I rewrote some parts of the question, and illustrated it by a small
> ASCII picture to clearifiy the whole situation.
> I don't know why I haven't got a single answer, because over 350 people
> are subscribed to the list, so
> I hope that I'll get some help now.
> It would be grateful.
>
> I use SocksCap to forward the iexplore cnnections to another port, a
> port on which stunnel listens.
>
> On PC1, the client, stunnel is listening on port 500. So when I start
> iexplore.exe with SocksCap every connection goes to 127.0.0.1:500.
> PC1 connects to PC2, with
> connect = 192.168.0.2:123
>
> On PC2, the server, stunnel listens on port 500. then is connects to the
> internet with
> connect = 127.0.0.1:80.
>
>
> Here is the problem, stunnel doesn't connect to the internet over
> 127.0.0.1:80.
> I don't know why, but it doesnt.
>
>
> ---Stunnel.conf SERVER---
> ..
> [inet]
> accept = 127.0.0.1:123
> connect = 127.0.0.1:80
>
> ---Stunnel.conf CLIENT---
> ..
> [inet]
> accept = 127.0.0.1:500
> connect = 192.168.0.2:123
>
>
>
> LOGs from the SERVER:
>
> 2006.07.18 16:56:07 LOG7[2332:2720]: inet accepted FD=208 from
> 192.168.0.1:2156
> 2006.07.18 16:56:07 LOG7[2332:2720]: Creating a new thread
> 2006.07.18 16:56:07 LOG7[2332:2720]: New thread created
> 2006.07.18 16:56:07 LOG7[2332:1880]: inet started
> 2006.07.18 16:56:07 LOG7[2332:1880]: FD 208 in non-blocking mode
> 2006.07.18 16:56:07 LOG5[2332:1880]: inet connected from 192.168.0.1:2156
> 2006.07.18 16:56:07 LOG7[2332:1880]: SSL state (accept): before/accept
> initialization
> 2006.07.18 16:56:07 LOG7[2332:1880]: SSL state (accept): SSLv3 read
> client hello A
> 2006.07.18 16:56:07 LOG7[2332:1880]: SSL state (accept): SSLv3 write
> server hello A
> 2006.07.18 16:56:07 LOG7[2332:1880]: SSL state (accept): SSLv3 write
> change cipher spec A
> 2006.07.18 16:56:07 LOG7[2332:1880]: SSL state (accept): SSLv3 write
> finished A
> 2006.07.18 16:56:07 LOG7[2332:1880]: SSL state (accept): SSLv3 flush data
> 2006.07.18 16:56:07 LOG7[2332:1880]: SSL state (accept): SSLv3 read
> finished A
> 2006.07.18 16:56:07 LOG7[2332:1880]: 1 items in the session cache
> 2006.07.18 16:56:07 LOG7[2332:1880]: 0 client connects (SSL_connect())
> 2006.07.18 16:56:07 LOG7[2332:1880]: 0 client connects that finished
> 2006.07.18 16:56:07 LOG7[2332:1880]: 0 client renegotiations requested
> 2006.07.18 16:56:07 LOG7[2332:1880]: 7 server connects (SSL_accept())
> 2006.07.18 16:56:07 LOG7[2332:1880]: 7 server connects that finished
> 2006.07.18 16:56:07 LOG7[2332:1880]: 0 server renegotiations requested
> 2006.07.18 16:56:07 LOG7[2332:1880]: 5 session cache hits
> 2006.07.18 16:56:07 LOG7[2332:1880]: 1 session cache misses
> 2006.07.18 16:56:07 LOG7[2332:1880]: 1 session cache timeouts
> 2006.07.18 16:56:07 LOG6[2332:1880]: SSL accepted: previous session reused
> 2006.07.18 16:56:07 LOG7[2332:1880]: FD 244 in non-blocking mode
> 2006.07.18 16:56:07 LOG7[2332:1880]: inet connecting 127.0.0.1:80
> 2006.07.18 16:56:07 LOG7[2332:1880]: connect_wait: waiting 10 seconds
> 2006.07.18 16:56:07 LOG7[2332:1880]: connect_wait: connected
> 2006.07.18 16:56:07 LOG7[2332:1880]: Remote FD=244 initialized
>
> After nothing happend for 52 seconds I aborted in the iexplore.exe to
> open the page.
>
> 2006.07.18 16:56:59 LOG7[2332:1880]: SSL alert (read): warning: close
> notify
> 2006.07.18 16:56:59 LOG7[2332:1880]: SSL closed on SSL_read
> 2006.07.18 16:56:59 LOG7[2332:1880]: Socket write shutdown
> 2006.07.18 16:56:59 LOG7[2332:1880]: SSL write shutdown
> 2006.07.18 16:56:59 LOG7[2332:1880]: SSL alert (write): warning: close
> notify
> 2006.07.18 16:56:59 LOG6[2332:1880]: SSL_shutdown successfully sent
> close_notify
> 2006.07.18 16:56:59 LOG5[2332:1880]: Connection closed: 0 bytes sent to
> SSL, 3 bytes sent to socket
> 2006.07.18 16:56:59 LOG7[2332:1880]: inet finished (0 left)
>
>
>
>
> LOGs from the CLIENT:
>
> 2006.07.18 17:10:11 LOG7[1756:4756]: inet accepted FD=444 from
> 127.0.0.1:2284
> 2006.07.18 17:10:11 LOG7[1756:4756]: Creating a new thread
> 2006.07.18 17:10:11 LOG7[1756:4756]: New thread created
> 2006.07.18 17:10:11 LOG7[1756:2840]: inet started
> 2006.07.18 17:10:11 LOG7[1756:2840]: FD 444 in non-blocking mode
> 2006.07.18 17:10:11 LOG7[1756:2840]: TCP_NODELAY option set on local socket
> 2006.07.18 17:10:11 LOG5[1756:2840]: inet connected from 127.0.0.1:2284
> 2006.07.18 17:10:11 LOG7[1756:2840]: FD 348 in non-blocking mode
> 2006.07.18 17:10:11 LOG7[1756:2840]: inet connecting 192.168.0.2:123
> 2006.07.18 17:10:11 LOG7[1756:2840]: connect_wait: waiting 10 seconds
> 2006.07.18 17:10:11 LOG7[1756:2840]: connect_wait: connected
> 2006.07.18 17:10:11 LOG7[1756:2840]: Remote FD=348 initialized
> 2006.07.18 17:10:11 LOG7[1756:2840]: TCP_NODELAY option set on remote
> socket
> 2006.07.18 17:10:11 LOG7[1756:2840]: SSL state (connect): before/connect
> initialization
> 2006.07.18 17:10:11 LOG7[1756:2840]: SSL state (connect): SSLv3 write
> client hello A
> 2006.07.18 17:10:11 LOG7[1756:2840]: SSL state (connect): SSLv3 read
> server hello A
> 2006.07.18 17:10:11 LOG7[1756:2840]: SSL state (connect): SSLv3 read
> finished A
> 2006.07.18 17:10:11 LOG7[1756:2840]: SSL state (connect): SSLv3 write
> change cipher spec A
> 2006.07.18 17:10:11 LOG7[1756:2840]: SSL state (connect): SSLv3 write
> finished A
> 2006.07.18 17:10:11 LOG7[1756:2840]: SSL state (connect): SSLv3 flush data
> 2006.07.18 17:10:11 LOG7[1756:2840]: 17 items in the session cache
> 2006.07.18 17:10:11 LOG7[1756:2840]: 65 client connects (SSL_connect())
> 2006.07.18 17:10:11 LOG7[1756:2840]: 65 client connects that finished
> 2006.07.18 17:10:11 LOG7[1756:2840]: 0 client renegotiations requested
> 2006.07.18 17:10:11 LOG7[1756:2840]: 0 server connects (SSL_accept())
> 2006.07.18 17:10:11 LOG7[1756:2840]: 0 server connects that finished
> 2006.07.18 17:10:11 LOG7[1756:2840]: 0 server renegotiations requested
> 2006.07.18 17:10:11 LOG7[1756:2840]: 48 session cache hits
> 2006.07.18 17:10:11 LOG7[1756:2840]: 0 session cache misses
> 2006.07.18 17:10:11 LOG7[1756:2840]: 0 session cache timeouts
> 2006.07.18 17:10:11 LOG6[1756:2840]: SSL connected: previous session reused
>
> Nothing happendend, I aborted iexplore.exe
>
> 2006.07.18 17:10:25 LOG7[1756:2840]: Socket closed on read
> 2006.07.18 17:10:25 LOG7[1756:2840]: SSL write shutdown
> 2006.07.18 17:10:25 LOG7[1756:2840]: SSL alert (write): warning: close
> notify
> 2006.07.18 17:10:25 LOG7[1756:2840]: SSL_shutdown retrying
> 2006.07.18 17:10:25 LOG7[1756:2840]: SSL doesn't need to read or write
> 2006.07.18 17:10:25 LOG7[1756:2840]: SSL alert (read): warning: close
> notify
> 2006.07.18 17:10:26 LOG7[1756:2840]: SSL closed on SSL_read
> 2006.07.18 17:10:26 LOG7[1756:2840]: Socket write shutdown
> 2006.07.18 17:10:26 LOG5[1756:2840]: Connection closed: 3 bytes sent to
> SSL, 0 bytes sent to socket
> 2006.07.18 17:10:26 LOG7[1756:2840]: inet finished (0 left)
>
>
>
> So the problem is that stunnel doesn't connect to the internet on PC2.
> I think i have to use something different than connect = 127.0.0.1:80 on
> PC2, but not sure.
>
> The version of stunnel is 4.15
> I'm using Windows.
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today - it's
> FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> ------------------------------------------------------------------------------------------------------------------------
>
>
> PC1 PC2
> 192.168.0.1 192.168.0.2
> Stunnel Client Stunnel Server
>
> -------------------------
>
>
> -------------------------------------
> - Sockscap opens Iexplore.exe -
> - I enter the address of a webpage -
> - Iexplrore.exe --> 127.0.0.1:500 -
> -------------------------------------
>
> : ******************************************************
> : * Sockscap is only to redirect the connections *
> : * of the Webbroswer to Stunnel, normally the *
> : * webbrowser would direclty connect to the Internet *
> : * on port 80 and then going to the destination site. *
> : * In this case the webrowser connects to stunnel on *
> : * port 500 where stunnel is listening. *
> : *******************************************************
> :
> :
> :
> :
> :
> :
>
>
> --------------------------------------------------------------------------------------------------------------------
>
> - Stunnel Client Stunnel
> Server -
> --------------
> -------------- -
> - Listening on port 500 Encripted Listening on
> port 123 -
> - The Browser sends to port 500 ---------->> Gets
> Browser data, encripted -
> - Encription
> Decription -
> - Connecting to 192.168.0.2:123 Encripted Connects
> to 127.0.0.1:80 -
> -
> . -
> -
> . -
> -
> . -
> -
> . -
> -
> +.+++++++++++++++++++++++++++++++++ -
> - +..---> Should connect to
> Internet+ -
> -
> +++++++++++++++++++++++++++++++++++ -
> - -
> - -
> ---------------------------------------------------------------------------------------------------------------------
>
> ------------------------------------------------------------------------------------------------------------------------
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cbrowne.vcf
Type: text/x-vcard
Size: 220 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20060720/cd6b3ef4/attachment.vcf>
More information about the stunnel-users
mailing list