[stunnel-users] SSH connection problems inside stunnel

Thu Mar 12 13:28:53 CET 2015

Hello,

I've installed a stunnel between my laptop and my server (both in Debian 
SID) [v5.06-2].

Here is my client stunnel.conf :
pid = /var/run/stunnel.pid
client = yes
sslVersion = TLSv1.2
debug = 7
[ssh]
accept = 5000
protocol = connect
protocolHost = myserver:443
connect = myproxy:8080

The server one :
cert = mycert
key = mykey
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
sslVersion = TLSv1.2
; https ou ssh encapsulé dans du ssl
[sslh]
accept  = 443
connect = myserver:444

And my .ssh/config :
Host myserver
	HostName localhost
	Port 5000
	IdentityFile ~/.ssh/mykey
	ProtocolKeepAlives 6

At home (I use tinyproxy to test), everything is OK. At work, with a 
"true" proxy, sometimes I can connect (but I'm quickly disconnected), 
sometimes I can't...
I've watch the logs but find nothing.

Do you have any idea ? Something to look in the logs ?

Here is an example of a short connection :
~ $ ssh myserver
root at myserver:~# cat /var/log/syslog | grep stunnel
[...]
root at myserver~# Timeout, server localhost not responding.

More often I have :
~ $ ssh myserver
ssh_exchange_identification: Connection closed by remote host

In my local logs :
Mar 12 13:24:41 mylaptop stunnel: LOG7[3984]: Service [ssh] accepted 
(FD=3) from 127.0.0.1:44794
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: Service [ssh] started
Mar 12 13:24:41 mylaptop stunnel: LOG5[3223]: Service [ssh] accepted 
connection from 127.0.0.1:44794
Mar 12 13:24:41 mylaptop stunnel: LOG6[3223]: s_connect: connecting 
myproxy:8080
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: s_connect: s_poll_wait 
myproxy:8080: waiting 10 seconds
Mar 12 13:24:41 mylaptop stunnel: LOG5[3223]: s_connect: connected 
myproxy:8080
Mar 12 13:24:41 mylaptop stunnel: LOG5[3223]: Service [ssh] connected 
remote server from myIP:58282
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: Remote socket (FD=8) 
initialized
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  -> CONNECT myserver:443 
HTTP/1.1
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  -> Host: myserver:443
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  ->
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  <- HTTP/1.1 200 
Connection established
Mar 12 13:24:41 mylaptop stunnel: LOG6[3223]: CONNECT request accepted
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  <-
Mar 12 13:24:41 mylaptop stunnel: LOG6[3223]: SNI: sending servername: 
myserver
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): 
before/connect initialization
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): 
unknown state
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): 
unknown state
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): 
unknown state
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): 
unknown state
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): 
unknown state
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): 
unknown state
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:   54 items in the session 
cache
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  109 client connects 
(SSL_connect())
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  110 client connects that 
finished
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:    0 client renegotiations 
requested
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:    0 server connects 
(SSL_accept())
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:    0 server connects that 
finished
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:    0 server renegotiations 
requested
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:   56 session cache hits
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:    0 external session 
cache hits
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:    0 session cache misses
Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: SSL alert (read): warning: 
close notify
Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: SSL closed (SSL_read)
Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Sent socket write shutdown
Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: Read socket closed 
(readsocket)
Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: Read socket closed 
(hangup)
Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: Write socket closed 
(hangup)
Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Sending close_notify alert
Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: SSL alert (write): 
warning: close notify
Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: SSL_shutdown successfully 
sent close_notify alert
Mar 12 13:24:43 mylaptop stunnel: LOG5[3223]: Connection closed: 32 
byte(s) sent to SSL, 0 byte(s) sent to socket
Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Remote socket (FD=8) 
closed
Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Local socket (FD=3) closed
Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Service [ssh] finished (0 
left)

Thank you.

David.