Perfect! Thank you very much!
That's the part I was missing the most... I kept trying to telnet to the server... Now to figure out how to keep it running on VMS.... BTW: Rob gmail is blocked for me that's why I keep removing you! :) From: Rob Lockhart [mailto:[email protected]] Sent: Friday, April 24, 2015 12:10 PM To: Coviello, Paul Cc: [email protected] Subject: Re: [stunnel-users] startup issues On Fri, Apr 24, 2015 at 10:41 AM, Coviello, Paul <[email protected]<mailto:[email protected]>> wrote: Hi, Well I got it started on VMS and wanted to put it in debug mode, so I shut it down made my changes to the conf file and now well I can't start it with the command procedure. I even tried the old conf and same thing... $ @STUNNEL_STARTUP_SERVER Is the private key (in the PEM file) encrypted? [Y/N]: Y Enter the password to decrypt the key (please use paired double quotes with it): ""XXXXXXXXX"" Starting up a Stunnel %RUN-S-PROC_ID, identification of created process is 209FCA70 Stunnel server failed to start up-- check the configuration, etc. Nothing is logged... But if I do the following $ stunnel STUNNEL_SERVER.CONF And the output to the screen... 2015.04.24 10:35:24 LOG7[547326662:2071228096]: Snagged 64 random bytes from sys$common:[sysmgr].rnd 2015.04.24 10:35:24 LOG7[547326662:2071228096]: Wrote 1024 new random bytes to sys$common:[sysmgr].rnd 2015.04.24 10:35:24 LOG7[547326662:2071228096]: RAND_status claims sufficient entropy for the PRNG 2015.04.24 10:35:24 LOG7[547326662:2071228096]: PRNG seeded successfully 2015.04.24 10:35:24 LOG7[547326662:2071228096]: Certificate: stunnel.pem 2015.04.24 10:35:24 LOG7[547326662:2071228096]: Certificate loaded 2015.04.24 10:35:24 LOG7[547326662:2071228096]: Key file: stunnel.pem Enter PEM pass phrase: 2015.04.24 10:35:31 LOG7[547326662:2071228096]: Private key loaded 2015.04.24 10:35:31 LOG7[547326662:2071228096]: SSL context initialized for service telnet This is where it sits unless I do a ctrl-c to cancel and get back to the system prompt. And when I do my telnet session I cannot connect. Well I connect but no prompts for me to login But now I have log output! :) 2015.04.24 10:08:31 LOG5[547326662:2071228096]: stunnel undefined on vax-openvms with OpenSSL 0.9.8h 28 May 2008 2015.04.24 10:08:31 LOG5[547326662:2071228096]: Threading:PTHREAD Sockets:POLL,IPv4 2015.04.24 10:08:31 LOG6[547326662:2071228096]: file ulimit = 512 (can be changed with 'ulimit -n') 2015.04.24 10:08:31 LOG6[547326662:2071228096]: poll() used - no FD_SETSIZE limit for file descriptors 2015.04.24 10:08:31 LOG5[547326662:2071228096]: 250 clients allowed 2015.04.24 10:08:31 LOG7[547326662:2071228096]: FD 5 in non-blocking mode 2015.04.24 10:08:31 LOG7[547326662:2071228096]: FD 4 in non-blocking mode 2015.04.24 10:08:31 LOG7[547326662:2071228096]: FD 6 in non-blocking mode 2015.04.24 10:08:31 LOG7[547326662:2071228096]: SO_REUSEADDR option set on accept socket 2015.04.24 10:08:31 LOG7[547326662:2071228096]: telnet bound to 0.0.0.0<http://0.0.0.0>: 2015.04.24 10:15:00 LOG3[547326662:2071228096]: Received signal 2; terminating 2015.04.24 10:18:18 LOG5[547326662:2071228096]: stunnel undefined on vax-openvms with OpenSSL 0.9.8h 28 May 2008 2015.04.24 10:18:18 LOG5[547326662:2071228096]: Threading:PTHREAD Sockets:POLL,IPv4 2015.04.24 10:18:18 LOG6[547326662:2071228096]: file ulimit = 512 (can be changed with 'ulimit -n') 2015.04.24 10:18:18 LOG6[547326662:2071228096]: poll() used - no FD_SETSIZE limit for file descriptors 2015.04.24 10:18:18 LOG5[547326662:2071228096]: 250 clients allowed 2015.04.24 10:18:18 LOG7[547326662:2071228096]: FD 5 in non-blocking mode 2015.04.24 10:18:18 LOG7[547326662:2071228096]: FD 4 in non-blocking mode 2015.04.24 10:18:18 LOG7[547326662:2071228096]: FD 6 in non-blocking mode 2015.04.24 10:18:18 LOG7[547326662:2071228096]: SO_REUSEADDR option set on accept socket 2015.04.24 10:18:19 LOG7[547326662:2071228096]: telnet bound to 0.0.0.0<http://0.0.0.0>: 2015.04.24 10:21:08 LOG6[547326662:2071228096]: going to accept mode 2015.04.24 10:21:08 LOG7[547326662:2071228096]: telnet accepted FD=7 from 192.168.20.140:59281<http://192.168.20.140:59281> 2015.04.24 10:21:08 LOG6[547326662:2071228096]: accepted connection 2015.04.24 10:21:08 LOG7[547326662:8966656]: telnet started 2015.04.24 10:21:08 LOG7[547326662:8966656]: FD 7 in non-blocking mode 2015.04.24 10:21:08 LOG7[547326662:8966656]: TCP_NODELAY option set on local socket 2015.04.24 10:21:08 LOG5[547326662:8966656]: telnet accepted connection from 0.0.0.0<http://0.0.0.0>: 2015.04.24 10:21:08 LOG7[547326662:8966656]: SSL state (accept): before/accept initialization 2015.04.24 10:21:30 LOG3[547326662:8966656]: SSL_accept: Peer suddenly disconnected 2015.04.24 10:21:30 LOG5[547326662:8966656]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2015.04.24 10:21:30 LOG7[547326662:8966656]: telnet finished (0 left) 2015.04.24 10:21:31 LOG6[547326662:2071228096]: going to accept mode 2015.04.24 10:21:31 LOG7[547326662:2071228096]: telnet accepted FD=7 from 192.168.20.140:59283<http://192.168.20.140:59283> 2015.04.24 10:21:31 LOG6[547326662:2071228096]: accepted connection 2015.04.24 10:21:31 LOG7[547326662:8966656]: telnet started 2015.04.24 10:21:31 LOG7[547326662:8966656]: FD 7 in non-blocking mode 2015.04.24 10:21:31 LOG7[547326662:8966656]: TCP_NODELAY option set on local socket 2015.04.24 10:21:31 LOG5[547326662:8966656]: telnet accepted connection from 0.0.0.0<http://0.0.0.0>: 2015.04.24 10:21:31 LOG7[547326662:8966656]: SSL state (accept): before/accept initialization 2015.04.24 10:21:32 LOG3[547326662:8966656]: SSL_accept: Peer suddenly disconnected 2015.04.24 10:21:32 LOG5[547326662:8966656]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2015.04.24 10:21:32 LOG7[547326662:8966656]: telnet finished (0 left) 2015.04.24 10:21:33 LOG6[547326662:2071228096]: going to accept mode 2015.04.24 10:21:33 LOG7[547326662:2071228096]: telnet accepted FD=7 from 192.168.20.140:59284<http://192.168.20.140:59284> 2015.04.24 10:21:33 LOG6[547326662:2071228096]: accepted connection 2015.04.24 10:21:33 LOG7[547326662:8966656]: telnet started 2015.04.24 10:21:33 LOG7[547326662:8966656]: FD 7 in non-blocking mode 2015.04.24 10:21:33 LOG7[547326662:8966656]: TCP_NODELAY option set on local socket 2015.04.24 10:21:33 LOG5[547326662:8966656]: telnet accepted connection from 0.0.0.0<http://0.0.0.0>: 2015.04.24 10:21:33 LOG7[547326662:8966656]: SSL state (accept): before/accept initialization 2015.04.24 10:21:34 LOG3[547326662:8966656]: SSL_accept: Peer suddenly disconnected 2015.04.24 10:21:34 LOG5[547326662:8966656]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2015.04.24 10:21:34 LOG7[547326662:8966656]: telnet finished (0 left) Without knowing your current configuration files (server and client), it's difficult to debug. I would set up something as simple as this (assuming telnet is port 21 on your system, if not change as appropriate). You will have to stick with TLSv1 as the highest level of encryption based on your OpenSSL library version. 1. Create a stunnel.conf file for the client with the following contents (change SERVERIP to be the actual server's public IP address or the LAN IP address if you're behind a firewall on both computers): sslVersion=TLSv1 FIPS = no socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 client = yes [stunnel_telnet] accept = 127.0.0.1:2021<http://127.0.0.1:2021> connect = SERVERIP:2121 delay = no 2. Create a stunnel.conf file for the server with the following contents (modify as appropriate for the stunnel.pem file location): sslVersion=TLSv1 cert=stunnel.pem socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 client = no [stunnel_telnet] accept = 2121 connect = 127.0.0.1:21<http://127.0.0.1:21> delay = no 3. Now, start the service first, then the client 4. On your windows box, telnet to port 2021 of localhost. This should work.
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
