[stunnel-users] sTunnel client connecting to load balanced URL - stunnel 5.02 on x86-pc-msvc-1500 platform
Tony
nissan4x4 at optusnet.com.au
Mon Mar 19 05:56:51 CET 2018
Hi all,
I have a situation where I'm trying to use sTunnel as the client to connect
to a service on a secure URL, but the hiccup is that the secure URL is load
balanced.
If a do an nslookup on the URL, the response comes back as it being an
alias.
Non-authoritative answer:
Name: eu1571393051174.ssl.ondemand.com
Address: 155.56.210.164
Aliases: l4884-iflmap.hcisbp.eu1.hana.ondemand.com
Looking at the sTunnel log, it resolves to the IP of the server. But the IP
itself does not host the service so I'm getting http:503 errors.
2018.03.16 14:44:44 LOG7[18796]: Service [ssl-OSRdev] (FD=564) bound to
0.0.0.0:8085
2018.03.16 14:44:55 LOG7[18796]: Service [ssl-OSRdev] accepted (FD=572) from
192.168.0.22:61093
2018.03.16 14:44:55 LOG7[18796]: Creating a new thread
2018.03.16 14:44:55 LOG7[18796]: New thread created
2018.03.16 14:44:55 LOG7[30864]: Service [ssl-OSRdev] started
2018.03.16 14:44:55 LOG5[30864]: Service [ssl-OSRdev] accepted connection
from 192.168.0.22:61093
2018.03.16 14:44:55 LOG6[30864]: s_connect: connecting 155.56.210.164:443
2018.03.16 14:44:55 LOG7[30864]: s_connect: s_poll_wait 155.56.210.164:443:
waiting 10 seconds
2018.03.16 14:44:56 LOG5[30864]: s_connect: connected 155.56.210.164:443
2018.03.16 14:44:56 LOG5[30864]: Service [ssl-OSRdev] connected remote
server from 192.168.0.32:30269
2018.03.16 14:44:56 LOG7[30864]: Remote socket (FD=588) initialized
2018.03.16 14:44:56 LOG7[30864]: SNI: sending servername:
l4884-iflmap.hcisbp.eu1.hana.ondemand.com
2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): before/connect
initialization
2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv2/v3 write client
hello A
2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv3 read server
hello A
2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv3 read server
certificate A
2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv3 read server key
exchange A
2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv3 read server
certificate request A
2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv3 read server done
A
2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv3 write client
certificate A
2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv3 write client key
exchange A
2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv3 write
certificate verify A
2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv3 write change
cipher spec A
2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv3 write finished A
2018.03.16 14:44:56 LOG7[30864]: SSL state (connect): SSLv3 flush data
2018.03.16 14:44:57 LOG7[30864]: SSL state (connect): SSLv3 read finished A
2018.03.16 14:44:57 LOG7[30864]: 1 items in the session cache
2018.03.16 14:44:57 LOG7[30864]: 1 client connects (SSL_connect())
2018.03.16 14:44:57 LOG7[30864]: 1 client connects that finished
2018.03.16 14:44:57 LOG7[30864]: 0 client renegotiations requested
2018.03.16 14:44:57 LOG7[30864]: 0 server connects (SSL_accept())
2018.03.16 14:44:57 LOG7[30864]: 0 server connects that finished
2018.03.16 14:44:57 LOG7[30864]: 0 server renegotiations requested
2018.03.16 14:44:57 LOG7[30864]: 0 session cache hits
2018.03.16 14:44:57 LOG7[30864]: 0 external session cache hits
2018.03.16 14:44:57 LOG7[30864]: 0 session cache misses
2018.03.16 14:44:57 LOG7[30864]: 0 session cache timeouts
2018.03.16 14:44:57 LOG7[30864]: Peer certificate was cached (3826 bytes)
2018.03.16 14:44:57 LOG6[30864]: SSL connected: new session negotiated
2018.03.16 14:44:57 LOG6[30864]: Negotiated TLSv1/SSLv3 ciphersuite:
ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption)
2018.03.16 14:44:57 LOG6[30864]: Compression: null, expansion: null
2018.03.16 14:44:58 LOG6[30864]: SSL socket closed (SSL_read)
2018.03.16 14:44:58 LOG7[30864]: Sent socket write shutdown
2018.03.16 14:44:58 LOG5[30864]: Connection closed: 1730 byte(s) sent to
SSL, 274 byte(s) sent to socket
2018.03.16 14:44:58 LOG7[30864]: Remote socket (FD=588) closed
2018.03.16 14:44:58 LOG7[30864]: Local socket (FD=572) closed
2018.03.16 14:44:58 LOG7[30864]: Service [ssl-OSRdev] finished (0 left)
2018.03.16 14:44:58 LOG7[30864]: str_stats: 3 block(s), 4294962489 data
byte(s), 150 control byte(s)
2018.03.16 14:44:58 LOG7[30864]: str_stats: 20 byte(s) at
..\src\network.c:413
2018.03.16 14:44:58 LOG7[30864]: str_stats: 20 byte(s) at
..\src\network.c:412
2018.03.16 14:44:58 LOG7[30864]: str_stats: 20 byte(s) at
..\src\network.c:411
I have tested the service using SoapUI and it works.
Is it possible to have sTunnel follow the URL redirection?
Regards, Tony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20180319/2f58c23f/attachment.html>
More information about the stunnel-users
mailing list