[stunnel-users] SSH connection problems inside stunnel
debian at bercot.org
debian at bercot.org
Thu Mar 12 13:28:53 CET 2015
Hello,
I've installed a stunnel between my laptop and my server (both in Debian
SID) [v5.06-2].
Here is my client stunnel.conf :
pid = /var/run/stunnel.pid
client = yes
sslVersion = TLSv1.2
debug = 7
[ssh]
accept = 5000
protocol = connect
protocolHost = myserver:443
connect = myproxy:8080
The server one :
cert = mycert
key = mykey
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
sslVersion = TLSv1.2
; https ou ssh encapsulé dans du ssl
[sslh]
accept = 443
connect = myserver:444
And my .ssh/config :
Host myserver
HostName localhost
Port 5000
IdentityFile ~/.ssh/mykey
ProtocolKeepAlives 6
At home (I use tinyproxy to test), everything is OK. At work, with a
"true" proxy, sometimes I can connect (but I'm quickly disconnected),
sometimes I can't...
I've watch the logs but find nothing.
Do you have any idea ? Something to look in the logs ?
Here is an example of a short connection :
~ $ ssh myserver
root at myserver:~# cat /var/log/syslog | grep stunnel
[...]
root at myserver~# Timeout, server localhost not responding.
More often I have :
~ $ ssh myserver
ssh_exchange_identification: Connection closed by remote host
In my local logs :
Mar 12 13:24:41 mylaptop stunnel: LOG7[3984]: Service [ssh] accepted
(FD=3) from 127.0.0.1:44794
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: Service [ssh] started
Mar 12 13:24:41 mylaptop stunnel: LOG5[3223]: Service [ssh] accepted
connection from 127.0.0.1:44794
Mar 12 13:24:41 mylaptop stunnel: LOG6[3223]: s_connect: connecting
myproxy:8080
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: s_connect: s_poll_wait
myproxy:8080: waiting 10 seconds
Mar 12 13:24:41 mylaptop stunnel: LOG5[3223]: s_connect: connected
myproxy:8080
Mar 12 13:24:41 mylaptop stunnel: LOG5[3223]: Service [ssh] connected
remote server from myIP:58282
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: Remote socket (FD=8)
initialized
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: -> CONNECT myserver:443
HTTP/1.1
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: -> Host: myserver:443
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: ->
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: <- HTTP/1.1 200
Connection established
Mar 12 13:24:41 mylaptop stunnel: LOG6[3223]: CONNECT request accepted
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: <-
Mar 12 13:24:41 mylaptop stunnel: LOG6[3223]: SNI: sending servername:
myserver
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect):
before/connect initialization
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect):
unknown state
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect):
unknown state
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect):
unknown state
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect):
unknown state
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect):
unknown state
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect):
unknown state
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 54 items in the session
cache
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 109 client connects
(SSL_connect())
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 110 client connects that
finished
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 client renegotiations
requested
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 server connects
(SSL_accept())
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 server connects that
finished
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 server renegotiations
requested
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 56 session cache hits
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 external session
cache hits
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: 0 session cache misses
Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: SSL alert (read): warning:
close notify
Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: SSL closed (SSL_read)
Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Sent socket write shutdown
Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: Read socket closed
(readsocket)
Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: Read socket closed
(hangup)
Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: Write socket closed
(hangup)
Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Sending close_notify alert
Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: SSL alert (write):
warning: close notify
Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: SSL_shutdown successfully
sent close_notify alert
Mar 12 13:24:43 mylaptop stunnel: LOG5[3223]: Connection closed: 32
byte(s) sent to SSL, 0 byte(s) sent to socket
Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Remote socket (FD=8)
closed
Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Local socket (FD=3) closed
Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Service [ssh] finished (0
left)
Thank you.
David.
More information about the stunnel-users
mailing list