[stunnel-users] Plz help the n00b (syslog-ng & stunnel)

F.M. Taylor fmtaylor at purdue.edu
Fri May 25 17:02:49 CEST 2007


Greetings all.  Seemed simple enough, but I can seem to get it to work.  I have obviously missed something simple.  
Here is the info you will need (and probably some you won't).  I have tried every combination of options I can think of, 
and I have searched the archives and the web.  It looks like it is almost working, but the server I am trying to connect 
to never sees the data (however "they" have it working on "their" systems, so it must be me).  "They" say it connects, 
talks a little, no real data xfer, closes, then more data (followed by the obligatory TCP_RSTs for dead connects).

[insert begging]

[root at bofh stunnel-4.20]# stunnel /etc/stunnel/stunnel.conf
2007.05.25 10:43:00 LOG7[20728:182894198944]: Snagged 64 random bytes from /root/.rnd
2007.05.25 10:43:00 LOG7[20728:182894198944]: Wrote 1024 new random bytes to /root/.rnd
2007.05.25 10:43:00 LOG7[20728:182894198944]: RAND_status claims sufficient entropy for the PRNG
2007.05.25 10:43:00 LOG7[20728:182894198944]: PRNG seeded successfully
2007.05.25 10:43:00 LOG7[20728:182894198944]: Configuration SSL options: 0x00000FFF
2007.05.25 10:43:00 LOG7[20728:182894198944]: SSL options set: 0x00000FFF
2007.05.25 10:43:00 LOG7[20728:182894198944]: SSL context initialized for service 5140
[root at bofh stunnel-4.20]# tail -f /var/log/stunnel4/stunnel.log
2007.05.25 10:43:00 LOG5[20728:182894198944]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv4 Auth:LIBWRAP
2007.05.25 10:43:00 LOG6[20728:182894198944]: file ulimit = 1024 (can be changed with 'ulimit -n')
2007.05.25 10:43:00 LOG6[20728:182894198944]: poll() used - no FD_SETSIZE limit for file descriptors
2007.05.25 10:43:00 LOG5[20728:182894198944]: 500 clients allowed
2007.05.25 10:43:00 LOG7[20728:182894198944]: FD 4 in non-blocking mode
2007.05.25 10:43:00 LOG7[20728:182894198944]: FD 5 in non-blocking mode
2007.05.25 10:43:00 LOG7[20728:182894198944]: FD 6 in non-blocking mode
2007.05.25 10:43:00 LOG7[20728:182894198944]: SO_REUSEADDR option set on accept socket
2007.05.25 10:43:00 LOG7[20728:182894198944]: 5140 bound to 127.0.0.1:5140
2007.05.25 10:43:00 LOG7[20729:182894198944]: Created pid file /var/run/stunnel4/stunnel.pid
2007.05.25 10:43:29 LOG7[20729:182894198944]: 5140 accepted FD=7 from 127.0.0.1:64820
2007.05.25 10:43:29 LOG7[20729:1073809760]: 5140 started
2007.05.25 10:43:29 LOG7[20729:1073809760]: FD 7 in non-blocking mode
2007.05.25 10:43:29 LOG7[20729:1073809760]: TCP_NODELAY option set on local socket
2007.05.25 10:43:29 LOG7[20729:1073809760]: FD 8 in non-blocking mode
2007.05.25 10:43:29 LOG7[20729:1073809760]: FD 9 in non-blocking mode
2007.05.25 10:43:29 LOG7[20729:1073809760]: Connection from 127.0.0.1:64820 permitted by libwrap
2007.05.25 10:43:29 LOG7[20729:182894198944]: Cleaning up the signal pipe
2007.05.25 10:43:29 LOG5[20729:1073809760]: 5140 accepted connection from 127.0.0.1:64820
2007.05.25 10:43:29 LOG6[20729:182894198944]: Child process 20748 finished with code 0
2007.05.25 10:43:29 LOG7[20729:1073809760]: FD 8 in non-blocking mode
2007.05.25 10:43:29 LOG7[20729:1073809760]: 5140 connecting xxx.xxx.xxx.xxx:5140
2007.05.25 10:43:29 LOG7[20729:1073809760]: connect_wait: waiting 10 seconds
2007.05.25 10:43:29 LOG7[20729:1073809760]: connect_wait: connected
2007.05.25 10:43:29 LOG5[20729:1073809760]: 5140 connected remote server from 192.168.2.23:64821
2007.05.25 10:43:29 LOG7[20729:1073809760]: Remote FD=8 initialized
2007.05.25 10:43:29 LOG7[20729:1073809760]: TCP_NODELAY option set on remote socket
2007.05.25 10:43:29 LOG7[20729:1073809760]: SSL state (connect): before/connect initialization
2007.05.25 10:43:29 LOG7[20729:1073809760]: SSL state (connect): SSLv3 write client hello A
2007.05.25 10:43:29 LOG7[20729:1073809760]: SSL state (connect): SSLv3 read server hello A
2007.05.25 10:43:29 LOG7[20729:1073809760]: SSL state (connect): SSLv3 read server certificate A
2007.05.25 10:43:29 LOG7[20729:1073809760]: SSL state (connect): SSLv3 read server done A
2007.05.25 10:43:29 LOG7[20729:1073809760]: SSL state (connect): SSLv3 write client key exchange A
2007.05.25 10:43:29 LOG7[20729:1073809760]: SSL state (connect): SSLv3 write change cipher spec A
2007.05.25 10:43:29 LOG7[20729:1073809760]: SSL state (connect): SSLv3 write finished A
2007.05.25 10:43:29 LOG7[20729:1073809760]: SSL state (connect): SSLv3 flush data
2007.05.25 10:43:29 LOG7[20729:1073809760]: SSL state (connect): SSLv3 read finished A
2007.05.25 10:43:29 LOG7[20729:1073809760]:    1 items in the session cache
2007.05.25 10:43:29 LOG7[20729:1073809760]:    1 client connects (SSL_connect())
2007.05.25 10:43:29 LOG7[20729:1073809760]:    1 client connects that finished
2007.05.25 10:43:29 LOG7[20729:1073809760]:    0 client renegotiations requested
2007.05.25 10:43:29 LOG7[20729:1073809760]:    0 server connects (SSL_accept())
2007.05.25 10:43:29 LOG7[20729:1073809760]:    0 server connects that finished
2007.05.25 10:43:29 LOG7[20729:1073809760]:    0 server renegotiations requested
2007.05.25 10:43:29 LOG7[20729:1073809760]:    0 session cache hits
2007.05.25 10:43:29 LOG7[20729:1073809760]:    0 session cache misses
2007.05.25 10:43:29 LOG7[20729:1073809760]:    0 session cache timeouts
2007.05.25 10:43:29 LOG6[20729:1073809760]: SSL connected: new session negotiated
2007.05.25 10:43:29 LOG6[20729:1073809760]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
2007.05.25 10:43:29 LOG7[20729:1073809760]: SSL alert (read): warning: close notify
2007.05.25 10:43:29 LOG7[20729:1073809760]: SSL closed on SSL_read
2007.05.25 10:43:29 LOG7[20729:1073809760]: Socket write shutdown
2007.05.25 10:43:29 LOG7[20729:1073809760]: SSL write shutdown
2007.05.25 10:43:29 LOG7[20729:1073809760]: SSL alert (write): warning: close notify
2007.05.25 10:43:29 LOG6[20729:1073809760]: SSL_shutdown successfully sent close_notify
2007.05.25 10:43:29 LOG5[20729:1073809760]: Connection closed: 303 bytes sent to SSL, 0 bytes sent to socket
2007.05.25 10:43:29 LOG7[20729:1073809760]: 5140 finished (0 left)


/etc/stunnel/stunnel.conf

setuid = stunnel4
setgid = stunnel4
pid = /var/run/stunnel4/stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 7
output = /var/log/stunnel4/stunnel.log
[5140]
client = yes
options = ALL
accept = 127.0.0.1:5140
connect = xxx.xxx.xxx.xxx:5140


[root at bofh stunnel-4.20]# tail /var/log/syslog
May 25 10:57:35 bofh syslog-ng[1926]: EOF occurred while idle; fd='11'
May 25 10:57:35 bofh syslog-ng[1926]: Connection broken; time_reopen='60'
May 25 10:58:37 bofh syslog-ng[1926]: EOF occurred while idle; fd='11'
May 25 10:58:37 bofh syslog-ng[1926]: Connection broken; time_reopen='60'
May 25 10:59:38 bofh syslog-ng[1926]: EOF occurred while idle; fd='11'
May 25 10:59:38 bofh syslog-ng[1926]: Connection broken; time_reopen='60'

-- 
......\\|//........^^^^^........)))((........%%%%%........,,,,,......
......(- -)........(o o)........(- o)........(0-0)........(* *)......     
+--ooO-(_)-Ooo--oo0-(_)-0oo--ooO-(_)-Ooo--oo0-(_)-0oo--ooO-(_)-Ooo--+
| F.M. (Mike) Taylor........'Recedite, plebes! Gero rem imperialem!'|
| 'Ecce potestas casei'..............GIAC GSEC & GCFW Certified.....|
| Desk: 4-1872...........................C: 812-841-1876............|
+-------------------------------------------------------------------+



More information about the stunnel-users mailing list