[stunnel-users] Connection problems and TCP frame checksum errors
Peter
pslists at warren-selbert.com
Mon Oct 23 18:30:34 CEST 2006
That's great news your up and running. Good detective work on your part. Glad
I was able to offer some help.
Pete
----- Original Message -----
From: "Tommi Nieminen" <ttn at mbnet.fi>
To: "Peter" <pslists at warren-selbert.com>
Cc: <stunnel-users at mirt.net>
Sent: Saturday, October 21, 2006 2:11 AM
Subject: Re: [stunnel-users] Connection problems and TCP frame checksum errors
>
> Hi Peter,
>
> thanks for all your suggestions. They were really helpful
> in bringing me to the solution of the problem.
>
>> 1. "netstat -an" - to make sure stunnel is listening on the correct
>> interface and port
>
> This was OK.
>
>> 2. does "lastcomm stunnel' show anything useful? If you don't use threads
>> a new stunnel process starts with each connection.
>
> This showed nothing useful.
>
>> 3. just a guess but remove the socket entries in the config file - maybe
>> they are causing a problem. I don't use them but maybe there is a
>> good reason to use them.
>
> The socket entries were there because they were in the original
> config file which I edited for my purposes. They seemed ok to me
> so I left them in my config when I began experimenting with stunnel.
> Commenting them out didn't make any difference for this problem.
>
>> 4. try connecting directly to the stunnel box (no router). does that
>> always work
>
> Maybe not always, but remarkably better!!!
>
>> 5. maybe the NIC card is flaky
>
> The card had worked just fine until then, so I didn't really
> believe in this. I thought I'd save this for the last.
>
>> 6. run "stunnel -version" to verify all is configured as you think.
>
> Seems all right.
>
> So what the heck could the problem be. It took me a long time to
> figure out the answer. The fact that almost all connection attempts
> succeeded when the router was left out of the picture would suggest
> there was a problem with the router configurations. But no, the
> router was correctly configured. Instead, the routing tables of the
> linux work station were not right! That's a problem I've hardly ever
> had to deal with (and therefore a subject I don't understand enough of)
> so it took some experimenting to get the routing tables right. Now it
> looks good. I still can't explain why the original routing tables
> sometimes worked and sometimes didn't, but I'll study the subject :-)
>
> Tommi
>
>
More information about the stunnel-users
mailing list