[stunnel-users] Connection closed with a turn server backend

pablo platt pablo.platt at gmail.com
Sat Apr 12 12:59:44 CEST 2014


Hi,

I'm trying to tunnel TLS connection to a turn server
https://code.google.com/p/rfc5766-turn-server/

The connection is closed with;
SSL socket closed on SSL_read

I'm using the ubuntu 12.04 package
http://packages.ubuntu.com/precise/stunnel4

Am I missing a configuration option in my stunnel config?

Please see my config and log bellow.

-----------------------------------------------
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid
debug = 7
output = /stunnel.log

[ssl]
accept  = 443
connect = 3478
cert = /etc/stunnel/cert.pem
key = /etc/stunnel/key.pem
----------------------------------------------------

2014.04.12 13:40:15 LOG7[14983:140499885700864]: No limit detected for the
number of clients
2014.04.12 13:40:15 LOG7[14983:140499885700864]: signal_pipe: FD=3
allocated (non-blocking mode)
2014.04.12 13:40:15 LOG7[14983:140499885700864]: signal_pipe: FD=4
allocated (non-blocking mode)
2014.04.12 13:40:15 LOG5[14983:140499885700864]: stunnel 4.42 on
x86_64-pc-linux-gnu platform
2014.04.12 13:40:15 LOG5[14983:140499885700864]: Compiled/running with
OpenSSL 1.0.1 14 Mar 2012
2014.04.12 13:40:15 LOG5[14983:140499885700864]: Threading:PTHREAD
SSL:ENGINE Auth:LIBWRAP Sockets:POLL,IPv6
2014.04.12 13:40:15 LOG5[14983:140499885700864]: Reading configuration from
file /etc/stunnel/stunnel.conf
2014.04.12 13:40:15 LOG7[14983:140499885700864]: PRNG seeded successfully
2014.04.12 13:40:15 LOG6[14983:140499885700864]: Initializing SSL context
for service ssl
2014.04.12 13:40:15 LOG4[14983:140499885700864]: Insecure file permissions
on /etc/stunnel/key.pem
2014.04.12 13:40:15 LOG7[14983:140499885700864]: Certificate:
/etc/stunnel/cert.pem
2014.04.12 13:40:15 LOG7[14983:140499885700864]: Certificate loaded
2014.04.12 13:40:15 LOG7[14983:140499885700864]: Key file:
/etc/stunnel/key.pem
2014.04.12 13:40:15 LOG7[14983:140499885700864]: Private key loaded
2014.04.12 13:40:15 LOG7[14983:140499885700864]: Could not load DH
parameters from /etc/stunnel/cert.pem
2014.04.12 13:40:15 LOG7[14983:140499885700864]: Using hardcoded DH
parameters
2014.04.12 13:40:15 LOG7[14983:140499885700864]: DH initialized with
2048-bit key
2014.04.12 13:40:15 LOG7[14983:140499885700864]: ECDH initialized with
curve prime256v1
2014.04.12 13:40:15 LOG7[14983:140499885700864]: SSL options set: 0x00000004
2014.04.12 13:40:15 LOG6[14983:140499885700864]: SSL context initialized
2014.04.12 13:40:15 LOG5[14983:140499885700864]: Configuration successful
2014.04.12 13:40:15 LOG7[14983:140499885700864]: libwrap_init: FD=5
allocated (blocking mode)
2014.04.12 13:40:15 LOG7[14983:140499885700864]: libwrap_init: FD=6
allocated (blocking mode)
2014.04.12 13:40:15 LOG7[14983:140499885700864]: libwrap_init: FD=6
allocated (blocking mode)
2014.04.12 13:40:15 LOG7[14983:140499885700864]: libwrap_init: FD=7
allocated (blocking mode)
2014.04.12 13:40:15 LOG7[14983:140499885700864]: libwrap_init: FD=7
allocated (blocking mode)
2014.04.12 13:40:15 LOG7[14983:140499885700864]: libwrap_init: FD=8
allocated (blocking mode)
2014.04.12 13:40:15 LOG7[14983:140499885700864]: libwrap_init: FD=8
allocated (blocking mode)
2014.04.12 13:40:15 LOG7[14983:140499885700864]: libwrap_init: FD=9
allocated (blocking mode)
2014.04.12 13:40:15 LOG7[14983:140499885700864]: libwrap_init: FD=9
allocated (blocking mode)
2014.04.12 13:40:15 LOG7[14983:140499885700864]: libwrap_init: FD=10
allocated (blocking mode)
2014.04.12 13:40:15 LOG7[14983:140499885700864]: accept socket: FD=11
allocated (non-blocking mode)
2014.04.12 13:40:15 LOG7[14983:140499885700864]: Option SO_REUSEADDR set on
accept socket
2014.04.12 13:40:15 LOG7[14983:140499885700864]: Service ssl bound to
0.0.0.0:443
2014.04.12 13:40:15 LOG7[14983:140499885700864]: Service ssl opened FD=11
2014.04.12 13:40:15 LOG7[14989:140499885700864]: Created pid file
/stunnel4.pid
2014.04.12 13:40:17 LOG7[14989:140499885700864]: local socket: FD=0
allocated (non-blocking mode)
2014.04.12 13:40:17 LOG7[14989:140499885700864]: Service ssl accepted FD=0
from 192.168.56.1:54561
2014.04.12 13:40:17 LOG7[14989:140499885700864]: local socket: FD=1
allocated (non-blocking mode)
2014.04.12 13:40:17 LOG7[14989:140499885700864]: Service ssl accepted FD=1
from 192.168.56.1:54562
2014.04.12 13:40:17 LOG7[14989:140499885692672]: Service ssl started
2014.04.12 13:40:17 LOG7[14989:140499885692672]: Option TCP_NODELAY set on
local socket
2014.04.12 13:40:17 LOG7[14989:140499885692672]: Waiting for a libwrap
process
2014.04.12 13:40:17 LOG7[14989:140499885692672]: Acquired libwrap process #0
2014.04.12 13:40:17 LOG7[14989:140499885790976]: Service ssl started
2014.04.12 13:40:17 LOG7[14989:140499885790976]: Option TCP_NODELAY set on
local socket
2014.04.12 13:40:17 LOG7[14989:140499885790976]: Waiting for a libwrap
process
2014.04.12 13:40:17 LOG7[14989:140499885790976]: Acquired libwrap process #1
2014.04.12 13:40:17 LOG7[14989:140499885692672]: Releasing libwrap process
#0
2014.04.12 13:40:17 LOG7[14989:140499885692672]: Released libwrap process #0
2014.04.12 13:40:17 LOG7[14989:140499885692672]: Service ssl permitted by
libwrap from 192.168.56.1:54562
2014.04.12 13:40:17 LOG5[14989:140499885692672]: Service ssl accepted
connection from 192.168.56.1:54562
2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept):
before/accept initialization
2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3
read client hello A
2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3
write server hello A
2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3
write certificate A
2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3
write key exchange A
2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3
write server done A
2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3
flush data
2014.04.12 13:40:17 LOG7[14989:140499885790976]: Releasing libwrap process
#1
2014.04.12 13:40:17 LOG7[14989:140499885790976]: Released libwrap process #1
2014.04.12 13:40:17 LOG7[14989:140499885790976]: Service ssl permitted by
libwrap from 192.168.56.1:54561
2014.04.12 13:40:17 LOG5[14989:140499885790976]: Service ssl accepted
connection from 192.168.56.1:54561
2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept):
before/accept initialization
2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3
read client hello A
2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3
write server hello A
2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3
write certificate A
2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3
write key exchange A
2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3
write server done A
2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3
flush data
2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3
read client key exchange A
2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3
read finished A
2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3
write session ticket A
2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3
write change cipher spec A
2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3
write finished A
2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL state (accept): SSLv3
flush data
2014.04.12 13:40:17 LOG7[14989:140499885692672]:    0 items in the session
cache
2014.04.12 13:40:17 LOG7[14989:140499885692672]:    0 client connects
(SSL_connect())
2014.04.12 13:40:17 LOG7[14989:140499885692672]:    0 client connects that
finished
2014.04.12 13:40:17 LOG7[14989:140499885692672]:    0 client renegotiations
requested
2014.04.12 13:40:17 LOG7[14989:140499885692672]:    2 server connects
(SSL_accept())
2014.04.12 13:40:17 LOG7[14989:140499885692672]:    1 server connects that
finished
2014.04.12 13:40:17 LOG7[14989:140499885692672]:    0 server renegotiations
requested
2014.04.12 13:40:17 LOG7[14989:140499885692672]:    0 session cache hits
2014.04.12 13:40:17 LOG7[14989:140499885692672]:    0 external session
cache hits
2014.04.12 13:40:17 LOG7[14989:140499885692672]:    0 session cache misses
2014.04.12 13:40:17 LOG7[14989:140499885692672]:    0 session cache timeouts
2014.04.12 13:40:17 LOG6[14989:140499885692672]: SSL accepted: new session
negotiated
2014.04.12 13:40:17 LOG6[14989:140499885692672]: Negotiated ciphers:
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
2014.04.12 13:40:17 LOG7[14989:140499885692672]: remote socket: FD=2
allocated (non-blocking mode)
2014.04.12 13:40:17 LOG6[14989:140499885692672]: connect_blocking:
connecting 192.169.56.300:3478
2014.04.12 13:40:17 LOG7[14989:140499885692672]: connect_blocking:
s_poll_wait 192.169.56.300:3478: waiting 10 seconds
2014.04.12 13:40:17 LOG5[14989:140499885692672]: connect_blocking:
connected 192.169.56.300:3478
2014.04.12 13:40:17 LOG5[14989:140499885692672]: Service ssl connected
remote server from 192.169.56.300:59744
2014.04.12 13:40:17 LOG7[14989:140499885692672]: Remote FD=2 initialized
2014.04.12 13:40:17 LOG7[14989:140499885692672]: Option TCP_NODELAY set on
remote socket
2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3
read client key exchange A
2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3
read finished A
2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3
write session ticket A
2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3
write change cipher spec A
2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3
write finished A
2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL state (accept): SSLv3
flush data
2014.04.12 13:40:17 LOG7[14989:140499885790976]:    0 items in the session
cache
2014.04.12 13:40:17 LOG7[14989:140499885790976]:    0 client connects
(SSL_connect())
2014.04.12 13:40:17 LOG7[14989:140499885790976]:    0 client connects that
finished
2014.04.12 13:40:17 LOG7[14989:140499885790976]:    0 client renegotiations
requested
2014.04.12 13:40:17 LOG7[14989:140499885790976]:    2 server connects
(SSL_accept())
2014.04.12 13:40:17 LOG7[14989:140499885790976]:    2 server connects that
finished
2014.04.12 13:40:17 LOG7[14989:140499885790976]:    0 server renegotiations
requested
2014.04.12 13:40:17 LOG7[14989:140499885790976]:    0 session cache hits
2014.04.12 13:40:17 LOG7[14989:140499885790976]:    0 external session
cache hits
2014.04.12 13:40:17 LOG7[14989:140499885790976]:    0 session cache misses
2014.04.12 13:40:17 LOG7[14989:140499885790976]:    0 session cache timeouts
2014.04.12 13:40:17 LOG6[14989:140499885790976]: SSL accepted: new session
negotiated
2014.04.12 13:40:17 LOG6[14989:140499885790976]: Negotiated ciphers:
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
2014.04.12 13:40:17 LOG7[14989:140499885692672]: SSL socket closed on
SSL_read
2014.04.12 13:40:17 LOG7[14989:140499885692672]: Sending socket write
shutdown
2014.04.12 13:40:17 LOG5[14989:140499885692672]: Connection closed: 0 bytes
sent to SSL, 0 bytes sent to socket
2014.04.12 13:40:17 LOG7[14989:140499885692672]: Service ssl finished (1
left)
2014.04.12 13:40:17 LOG7[14989:140499885692672]: str_stats: 0 block(s), 0
byte(s)
2014.04.12 13:40:17 LOG7[14989:140499885790976]: remote socket: FD=1
allocated (non-blocking mode)
2014.04.12 13:40:17 LOG6[14989:140499885790976]: connect_blocking:
connecting 192.169.56.300:3478
2014.04.12 13:40:17 LOG7[14989:140499885790976]: connect_blocking:
s_poll_wait 192.169.56.300:3478: waiting 10 seconds
2014.04.12 13:40:17 LOG5[14989:140499885790976]: connect_blocking:
connected 192.169.56.300:3478
2014.04.12 13:40:17 LOG5[14989:140499885790976]: Service ssl connected
remote server from 192.169.56.300:59745
2014.04.12 13:40:17 LOG7[14989:140499885790976]: Remote FD=1 initialized
2014.04.12 13:40:17 LOG7[14989:140499885790976]: Option TCP_NODELAY set on
remote socket
2014.04.12 13:40:17 LOG7[14989:140499885790976]: SSL socket closed on
SSL_read
2014.04.12 13:40:17 LOG7[14989:140499885790976]: Sending socket write
shutdown
2014.04.12 13:40:17 LOG5[14989:140499885790976]: Connection closed: 0 bytes
sent to SSL, 0 bytes sent to socket
2014.04.12 13:40:17 LOG7[14989:140499885790976]: Service ssl finished (0
left)
2014.04.12 13:40:17 LOG7[14989:140499885790976]: str_stats: 0 block(s), 0
byte(s)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20140412/09ed241c/attachment.html>


More information about the stunnel-users mailing list