At this point, my only suggestion is to post your stunnel.conf file
(preferably without any modifications to the lines) so that maybe
someone else can see if there are any obvious issues.
On 4/8/2015 3:46 PM, Coviello, Paul wrote:
No luck...
-----Original Message-----
From: Carter Browne [mailto:[email protected]]
Sent: Wednesday, April 08, 2015 3:13 PM
To: Coviello, Paul; [email protected]
Subject: Re: [stunnel-users] openvms and stunnel
I meant add client = no to the telnet section.
I marked the bad sections below if they actually as they appear in your log
file.
Carter
On 4/8/2015 3:00 PM, Coviello, Paul wrote:
Thanks I changed client to no, and it didn't make a difference unless you
meant to add one in the telnet section?
Also it must be the copy there are no spaces in the file.
-----Original Message-----
From: Carter Browne [mailto:[email protected]]
Sent: Wednesday, April 08, 2015 2:51 PM
To: Coviello, Paul; [email protected]; [email protected]
Subject: Re: [stunnel-users] openvms and stunnel
I think you need a "client = no" added to the telnet section.
I am not familiar with your environment to help with the details. I have had
issues with the location of the log file. If the default location of where
stunnel is not write enabled for the program that could be a problem.
In the file below, a number of lines are not on the left hand margin;
e.g,; cert = ;key = debug = output =
I don't know if that is an artifact of the copying or present in your
configuration file, but they all should be at the left margin.
Carter
On 4/8/2015 2:04 PM, Coviello, Paul wrote:
Nope didn’t make a difference, then removed all except for telnet...
still fails :-(
-----Original Message-----
From: Carter Browne [mailto:[email protected]]
Sent: Wednesday, April 08, 2015 1:59 PM
To: Coviello, Paul; [email protected]
Subject: Re: [stunnel-users] openvms and stunnel
You have two listeners on port 993, to the best of my knowledge, they need to
be on two different ports. It probably did not get to the point of opening the
log file.
On 4/8/2015 12:41 PM, Coviello, Paul wrote:
Ok thanks!
Now onto the server side...
$ @STUNNEL_STARTUP_SERVER.COM
Is the private key (in the PEM file) encrypted? [Y/N]: y Enter the
password to decrypt the key (please use paired double quotes with it):
""XXXXXXX""
Starting up a Stunnel
%RUN-S-PROC_ID, identification of created process is 209F0B0D
Stunnel server failed to start up-- check the configuration, etc.
And no logfile is created...
$ dir stunnel.log
%DIRECT-W-NOFILES, no files found
$
here are the settings in the conf file...
The lines in this section do not line up properly, the ";' should be the first
character
$ ty STUNNEL_server.CONF
; Sample stunnel configuration file by Michal Trojnara 2002-2006 ;
Some options used here may not be adequate for your particular
configuration
The line in this section do not line up properly, ";' or "cert" should start
the line.
; Certificate/key is needed in server mode and optional in client
mode ; The default certificate is provided only for testing and
should not ; be used in a production environment cert = stunnel.pem
;key = stunnel.pem
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS
; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
;CApath = certs
; It's often easier to use CAfile
;CAfile = certs.pem
; Don't forget to c_rehash CRLpath
;CRLpath = crls
; Alternatively you can use CRLfile
;CRLfile = crls.pem
The lines is this section do not line up properly. The lines should start with ";",
"debug" and "output".
; Some debugging stuff useful for troubleshooting debug = 7 output =
stunnel.log
; Use it for client mode
client = yes
; Service-level configuration
[pop3s]
accept = 995
connect = 110
[imaps]
accept = 993
connect = 143
[telnet]
accept = 993
connect = 23
[ssmtp]
accept = 465
connect = 25
;[https]
;accept = 443
;connect = 80
;TIMEOUTclose = 0
; vim:ft=dosini
-----Original Message-----
From: Carter Browne [mailto:[email protected]]
Sent: Wednesday, April 08, 2015 12:16 PM
To: Coviello, Paul; [email protected]
Subject: Re: [stunnel-users] openvms and stunnel
The configuration:
[telnet]
accept = 999
connect = x.x.x.x:993
client = no
will provide that.
If you want a single input port to access multiple destinations:
[telnet]
accept = 999
connect = x.x.x.x:993
connect = x.x.x.y:993
connect = x.x.x.z:993
client = no
And the destinations will be assigned on a round robin basis.
If each destination is a distinct connection then
[telnet1]
accept = 999
connect = x.x.x.x:993
client = no
[telnet2]
accept = 1999
connect = x.x.x.y:993
client = no
[telnet3]
accept = 2999
connect = x.x.x.z:993
client = no
Carter
On 4/8/2015 12:02 PM, Coviello, Paul wrote:
Setup an incoming encrypted link from a windows telnet session to openvms.
-----Original Message-----
From: stunnel-users [mailto:[email protected]] On
Behalf Of Carter Browne
Sent: Wednesday, April 08, 2015 12:00 PM
To: [email protected]
Subject: Re: [stunnel-users] openvms and stunnel
Paul,
What are you trying to do:
Set up an incoming encrypted link to an outgoing unencrypted link?
Set up an incoming unencrypted link to an outgoing encrypted link?
Something else?
Carter
On 4/8/2015 11:49 AM, Coviello, Paul wrote:
Let me see so I need to do the following.
connect = 192.168.0.1:993
connect = 192.168.20.140:993
connect = 192.168.xx.xxx:993
connect = 192.168.xx.xxy:993
Thanks
Paul
-----Original Message-----
From: stunnel-users [mailto:[email protected]] On
Behalf Of Ludolf Holzheid
Sent: Wednesday, April 08, 2015 11:35 AM
To: [email protected]
Subject: Re: [stunnel-users] openvms and stunnel
On Wed, 2015-04-08 11:18:43 -0400, Coviello, Paul wrote:
Hello
I'm trying to setup stunnel 4.20 yes it is an old version but the only one on
HP's website for VMS.
I need a little help in the conf files.
Since I will be using telnet, do I need to put in each machines ip address that
will be connecting? So in the example below do I create a listing of connects?
[telnet]
accept = 999
connect = 192.168.0.1:993
Paul,
the configuration above makes stunnel listen on local port 999, accepting
connections from all IP addresses and forwards the traffic to port 993 of the
box with IP address 192.168.0.1.
Depending on the 'client = ...' statement, stunnel expects the traffic at port
999 to be encrypted (server mode, client = no, default), or at port 993 (client
mode, client = yes).
Any access control may be implemented via libwrap and (in server mode) via
restriction of the accepted certificates.
HTH,
Ludolf
--
Carter Browne
[email protected]
--
Carter Browne
[email protected]
--
Carter Browne
[email protected]
--
Carter Browne
[email protected]
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
