[stunnel-users] stunnel transparent mode

Julian D. Seifert spam at julian-seifert.de
Thu Aug 18 13:05:00 CEST 2011 

Am 18.08.2011 12:58, schrieb Julian D. Seifert:
> Am 18.08.2011 10:19, schrieb Michal Trojnara:
>> On Thu, 18 Aug 2011 02:59:30 +0200, Julian D. Seifert wrote:
>>> If I try it like I get "local_bind (original port): Cannot assign
>>> requested address (99) stunnel" and clients get connection abort.
>>
>> I guess either you're not running one of the supported kernels, or
>> you're not running stunnel as root.
> I checked (with ps) that stunnel is running as root(I commented out the
> setuid setgid options in the config file)
> I had two setups, one with standard ubuntu lucid lts kernel and one with
> 2.6.32. (I can also provide the kernelconfigurations or the settings of
> the options that are necessary)

Linux ubuntu 2.6.32-21-generic #32-Ubuntu SMP Fri Apr 16 08:10:02 UTC
2010 i686 GNU/Linux
lsmod | grep -ie tprox
xt_TPROXY               1165  0
nf_defrag_ipv4          1073  2 xt_TPROXY,xt_socket
nf_tproxy_core          1608  2 xt_TPROXY,xt_socket,[permanent]
x_tables               14299  4 xt_TPROXY,xt_MARK,xt_socket,ip_tables


ps:
root      2024  0.0  0.0   3876   492 pts/0    S    04:01   0:00
./stunnel stunnel.conf
root      2025  0.0  0.0   3876   492 pts/0    S    04:01   0:00
./stunnel stunnel.conf


stunnel version:
No limit detected for the number of clients
signal_pipe: FD=3 allocated (non-blocking mode)
signal_pipe: FD=4 allocated (non-blocking mode)
stunnel 4.39 on i686-pc-linux-gnu platform
Compiled/running with OpenSSL 0.9.8k 25 Mar 2009
Threading:PTHREAD SSL:ENGINE Auth:LIBWRAP Sockets:POLL,IPv6
stunnel 4.39 on i686-pc-linux-gnu platform
Compiled/running with OpenSSL 0.9.8k 25 Mar 2009
Threading:PTHREAD SSL:ENGINE Auth:LIBWRAP Sockets:POLL,IPv6

Global option defaults
debug           = daemon.notice
pid             = /usr/local/var/run/stunnel/stunnel.pid
RNDbytes        = 64
RNDfile         = /dev/urandom
RNDoverwrite    = yes

Service-level option defaults
cert            = /usr/local/etc/stunnel/stunnel.pem
ciphers         = RC4-MD5:HIGH:!aNULL:!SSLv2
curve           = sect163r2
session         = 300 seconds
sslVersion      = TLSv1 for client, all for server
stack           = 65536 bytes
TIMEOUTbusy     = 300 seconds
TIMEOUTclose    = 60 seconds
TIMEOUTconnect  = 10 seconds
TIMEOUTidle     = 43200 seconds
verify          = none

More information about the stunnel-users mailing list