[stunnel-users] stunnel OK without "transparent = source", with = timeout problem

Elodie BOSSIER elodieuse at gmail.com
Thu Jul 28 12:25:19 CEST 2011


Greetings again,

Thanks so much to have updated the manual about SNI, my stunel works 
correctly.

But i have a tiny problem, when i visit my webserver, the 
SERVER['REMOTE_ADDR'] with PHP isn't the ip adress of the visitor but 
the IP of the stunnel.
I have read the manual about this transparent proxy and i don't sucess 
with the configuration.

This is my config file :

pid = /stunnel.pid
options = NO_SSLv2
transparent = source
[virtual]
accept = 443
cert = /usr/local/openssl/etc/CERTIFICATES/www.franceserv.fr_cert.cert
key = /usr/local/openssl/etc/PRIVATE_KEYS/www.franceserv.fr_key.pem
connect = www.franceserv.fr:80
[sni1]
sni = virtual:elodie.franceserv.com
cert = /etc/ssl-fsh/cert-elodie.franceserv.com.pem
key = /etc/ssl-fsh/key-franceserv.key
connect = elodie.franceserv.com:80
[sni2]
sni = virtual:befun.franceserv.com
cert = /etc/ssl-fsh/cert-befun.franceserv.com.pem
key = /etc/ssl-fsh/key-franceserv.key
connect = befun.franceserv.com:80

It's don't work, i have a timeout with my browser.

With iptables, i have set this :

   iptables -t mangle -N DIVERT
   iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
   iptables -t mangle -A DIVERT -j MARK --set-mark 1
   iptables -t mangle -A DIVERT -j ACCEPT
   ip rule add fwmark 1 lookup 100
   ip route add local 0.0.0.0/0 dev lo table 100
   echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
   echo 1 > /proc/sys/net/ipv4/ip_forward

My stunnel is on the server 192.168.0.20 and the webserver on 192.168.0.2

I try to follow the help of 
http://www.stunnel.org/static/stunnel.html#service_level_options
with : transparent = none | source | destination | both (Unix only)

Could you tell me what i make wrong please ?



More information about the stunnel-users mailing list