Network: Ethernet Multiple routers: No Firewall: No Delay: Yes, Automitic (Delayed Start) works like a charm. Capi engine: Yes tried turning it off 32 bit or 64 bit: 32bit running on 64 bit server. I don't see a 64 bit version on the download page? dnscache: Haven't tried it yet.
- stunnel works fine on the server specifically with the service set to Automatic (Delayed Start). And I even tunnel properly to other machines so it not firewalls or routers or network. - Only when it's NOT (Delayed Start) stunnel doe not seem to start even though the service shows as started. - I managed to tunnel from my Desktop to the Server. I have not tried automatic service startup on Desktop because I don't have enough privilidges. But trying to setup the server, since that's the machine that will have stunnel in production. On 23 September 2014 10:04, Pierre DELAAGE <[email protected]> wrote: > Have you tried to change the service dependency from "TCPIP" (the default > in the code), to "dnscache" (ok, EVEN if you do not use hostname > resolution), > this is just to be sure that stunnel relies on something that is using > tcpip as well. > > question : what kind of network interface do you have : > > wifi ? > ethernet board ? > > Are you traversing multiple routers ? > > Are you using multiple firewalls ? > > Have you tuned a delay as suggested a few days ago ? > > Can you try without specifying "capi engine" ? > > Are you using stunnel 32 bits or 64 bits : if 64, try the 32 version as > well. > > I am reviewing the code and soon enter some test on w7-32bits. > > Regards > Pierre > > > > Le 23/09/2014 15:30, John Smith a écrit : > > I wish you were right but unfortunately it's running lol > > On 22 September 2014 18:24, Pierre DELAAGE <[email protected]> wrote: > >> When you observe that log is empty and that "stunnel shows as started", >> do a CTRL ALT DEL to check if there is any process called "stunnel" that >> is really running... >> >> I have a doubt that, although scm says stunnel is running, in fact it is >> not. >> >> Regards >> Pierre >> >> Le 22/09/2014 21:43, John Smith a écrit : >> >> Hi I used administrator account and defaults to install. It is installed >> at Program Files (x86) >> >> The service is set to run as local system account and interact with >> desktop is checked. >> >> Once the machine is booted... Login open service control panel, stunnel >> shows as started. Go look at logs nothing there... In service control panel >> hit the restart button. And it comes up properly. >> >> My config is as follows: >> >> ; Debugging stuff (may useful for troubleshooting) >> ;debug = 7 >> output = stunnel.log >> >> ; Initialize Microsoft CryptoAPI interface >> engine = capi >> ; Also needs "engineID = capi" in each section using the CAPI engine >> >> [es-tcp] >> accept = ${SERVER_IP}:9300 >> connect = 127.0.0.1:9300 >> cert = .... >> CAfile = .... >> verify = 2 >> >> [es-http] >> accept = ${SERVER_IP}:9200 >> connect = 127.0.0.1:9200 >> cert = .... >> CAfile = .... >> verify = 2 >> >> [es-disc-local] >> client = yes >> accept = 127.0.0.1:9700 >> connect = ${SERVER_IP}:9300 >> cert = .... >> >> >> >> On 22 September 2014 14:30, Pierre DELAAGE <[email protected]> >> wrote: >> >>> Hello, >>> I can tell my patch was adressing read file error on conf file, >>> but, unfortunately, not at all "dependencies of stunnel service at start >>> up", >>> which is likely to be the core pb preventing stunnel to start correctly >>> at boot time for people on that thread. >>> >>> Michal added explicit dependencies at startup, that is necessary to >>> solve that bug. I did not check yet its implementation. >>> >>> But maybe some services, although started, are still "not ready" when >>> stunnel starts, so that this makes stunnel fail. >>> >>> I suggest that stunnel checks, not only the availability, but also the >>> "efficiency" of the DNS service by trying to resolve a well known server. >>> it should retry during, eg, 3 seconds, and then stops with some reports >>> if failing to resolve the hostname, >>> either by lack of network, or by lack of answer from the name resolver. >>> But...it seems that when having problems at startup, it cannot even log >>> anything....maybe this is due to the identity of "system user" of stunnel >>> at that particular moment: user that may have no right to write on the HD. >>> >>> People should check also the installation location of stunnel : it is >>> supposed (and have predefined shortcuts for that) to be installed >>> PREFERABLY in "c:\program files\stunnel". >>> I recommend to use that location. >>> >>> They also should try to resolve by hand the hostnames they put in their >>> stunnel conf file, just to be sure. >>> >>> On some network or machines, maybe there is a problem with the firewall >>> and SOME services tunneled by stunnel on forbidden ports. >>> >>> On another hand, it sounds strange that just restarting stunnel (in user >>> mode or service mode ?) is solving the problem : >>> this sounds like unavailability of DNS at startup. >>> >>> I did not investigate that particular problem, but I will perform some >>> tests soon with the last 504 (or 505). >>> >>> Yours sincerely >>> Pierre >>> >>> >>> >>> Le 22/09/2014 19:20, [email protected] a écrit : >>> >>> Using Stunnel on several Windows Server 2008 R2 SP1 machines (all such >>> machines are X64 as the OS is only released as X64). >>> >>> During August of 2014 I reported in this forum the current version of >>> Stunnel would not function as a service under the above OS, even if using a >>> delayed start, it might run but it would not work. I reverted to using >>> version 4.35, which did work properly. >>> >>> Pierre DeLagge was kind enough to provide me with a copy of his patched >>> Stunnel 5.02, which I am still using and which is working flawlessly on my >>> production servers. No delayed start required. >>> >>> I am wondering if Pierre's 5.02 patch has been incorporated into the >>> most recently released Stunnel, 5.04? Has anyone been successful in >>> getting the most current version to actually work under the above >>> environment without delaying the start of the service? >>> >>> Just to add a little color and background to the story, I am using the >>> native WS2008R2SP1 SMTP server on each machine, in conjunction with >>> Stunnel, so as to forward OS event notifications through a gmail account. >>> >>> >>> >>> On 09.22.2014 06:54, John Smith wrote: >>> >>> I tried 5.04. on Windows Server 2008 R2 Enterprise Service Pack 1 x64 >>> >>> >>> Same issue. Service shows as started, but no log. If I go manual >>> restart it works. >>> >>> Have to put delayed startup. >>> >>> On 18 September 2014 16:15, John Smith <[email protected]> wrote: >>> >>>> For now i'm happy with 5.03 Already in production so I will have to >>>> wait next time! :) >>>> >>>> On 17 September 2014 17:10, Michal Trojnara <[email protected]> >>>> wrote: >>>> >>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> Hash: SHA1 >>>>> >>>>> Jose Alf. wrote: >>>>> > Regarding stunnel service dependencies, If you read the 5.04 beta >>>>> > announcement, the dependency is created automatically now when you >>>>> > install stunnel as a service. Please give it a try. Looks like it >>>>> > works for me. >>>>> > >>>>> > Thanks to Mike for implementing that. >>>>> >>>>> Thank you for testing it. >>>>> >>>>> Best regards, >>>>> Mike >>>>> -----BEGIN PGP SIGNATURE----- >>>>> Version: GnuPG v1 >>>>> >>>>> iEYEARECAAYFAlQZ+NsACgkQ/NU+nXTHMtGdAgCdFUQ6YWXDdE0g4ZNoys3DSR0Q >>>>> yLoAnRgo4jKIzb93fzEZcV79eoAQLXMR >>>>> =+xFQ >>>>> -----END PGP SIGNATURE----- >>>>> _______________________________________________ >>>>> stunnel-users mailing list >>>>> [email protected] >>>>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users >>>>> >>>> >>>> >>> >>> >>> _______________________________________________ >>> stunnel-users mailing >>> [email protected]https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users >>> >>> >>> >>> >>> _______________________________________________ >>> stunnel-users mailing >>> [email protected]https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users >>> >>> >>> >>> _______________________________________________ >>> stunnel-users mailing list >>> [email protected] >>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users >>> >>> >> >> >> _______________________________________________ >> stunnel-users mailing list >> [email protected] >> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users >> >> > > > _______________________________________________ > stunnel-users mailing list > [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > >
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
