Michael,
I guess what you want to do is to be able to connect to your internal Webserver
via your Win2012 stunnel proxy using a URL like:
https://yourwin2012dnsname:9001/
if that is correct, I suggest to adjust your configuration as follows:
1. Your stunnel mode must be server, not client. So adjust your service stanza
as follows:
[CLI9F529A0A]accept=9001connect=10.xxx.xxx.xxx:9009client=no
2. In your current configuration stunnel is listening only in the localhost
ipv4 address (127.0.0.1). Therefore, you can only connect when you are logged
on the server, you can't connect from a remote client.
Hope this helps you clarify what's going on.
Regards,Jose
<!--#yiv6540481299 _filtered #yiv6540481299 {font-family:Calibri;panose-1:2 15
5 2 2 2 4 3 2 4;} _filtered #yiv6540481299 {font-family:Tahoma;panose-1:2 11 6
4 3 5 4 4 2 4;}#yiv6540481299 #yiv6540481299 p.yiv6540481299MsoNormal,
#yiv6540481299 li.yiv6540481299MsoNormal, #yiv6540481299
div.yiv6540481299MsoNormal
{margin:0in;margin-bottom:.0001pt;font-size:11.0pt;font-family:"Calibri",
"sans-serif";}#yiv6540481299 a:link, #yiv6540481299
span.yiv6540481299MsoHyperlink
{color:blue;text-decoration:underline;}#yiv6540481299 a:visited, #yiv6540481299
span.yiv6540481299MsoHyperlinkFollowed
{color:purple;text-decoration:underline;}#yiv6540481299
p.yiv6540481299MsoAcetate, #yiv6540481299 li.yiv6540481299MsoAcetate,
#yiv6540481299 div.yiv6540481299MsoAcetate
{margin:0in;margin-bottom:.0001pt;font-size:8.0pt;font-family:"Tahoma",
"sans-serif";}#yiv6540481299 span.yiv6540481299EmailStyle17
{font-family:"Calibri", "sans-serif";color:windowtext;}#yiv6540481299
span.yiv6540481299EmailStyle18 {font-family:"Calibri",
"sans-serif";color:#1F497D;}#yiv6540481299 span.yiv6540481299BalloonTextChar
{font-family:"Tahoma", "sans-serif";}#yiv6540481299
span.yiv6540481299EmailStyle21 {font-family:"Calibri",
"sans-serif";color:#1F497D;}#yiv6540481299 .yiv6540481299MsoChpDefault
{font-size:10.0pt;} _filtered #yiv6540481299 {margin:1.0in 1.0in 1.0in
1.0in;}#yiv6540481299 div.yiv6540481299WordSection1 {}--> From: J. Michael Drew
[mailto:[email protected]]
Sent: Monday, June 20, 2016 9:54 AM
To: 'Josealf.rm'
Subject: RE: [stunnel-users] Stunnel with IIS8 on server 2012 64 bit Jose,
Once logged in to the server I can open a browser on the server and connect
through https://localhost/website and I can log in to the site externally as
expected. Here are the log files from IIS and stunnel where stunnel is running
as a service on the Windows 2012 server: When I am not logged in to the server
it fails: #Software: Microsoft Internet Information Services 8.5#Version:
1.0#Date: 2016-06-20 00:30:21#Fields: date time s-ip cs-method cs-uri-stem
cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status
sc-substatus sc-win32-status time-taken2016-06-20 00:30:21 159.xxx.xxx.xxx HEAD
/ - 443 - 190.xxx.xxx.xxx - - 200 0 0 1218#Software: Microsoft Internet
Information Services 8.5#Version: 1.0#Date: 2016-06-20 05:41:01#Fields: date
time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip
cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status
time-taken2016-06-20 05:41:01 10.xxx.xxx.xxx OPTIONS
/C$/windows/system32/NTDLL.DLL - 80 - 159.xxx.xxx.xxx
Microsoft-WebDAV-MiniRedir/6.1.7601 - 200 0 0 5002016-06-20 05:41:01
10.xxx.xxx.xxx PROPFIND /C$/windows/system32/NTDLL.DLL - 80 - 159.xxx.xxx.xxx
Microsoft-WebDAV-MiniRedir/6.1.7601 - 404 0 2 462016-06-20 05:41:01
10.xxx.xxx.xxx PROPFIND /C$/windows/system32 - 80 - 159.xxx.xxx.xxx
Microsoft-WebDAV-MiniRedir/6.1.7601 - 404 0 2 2182016-06-20 05:41:16
10.xxx.xxx.xxx PROPFIND
/patch-{682810b5-36dc-4e5d-81dd-6c02cd8f445b}-patchtoolsd.exe - 80 -
159.82.156.241 Microsoft-WebDAV-MiniRedir/6.1.7601 - 404 0 64 622016-06-20
05:41:27 10.xxx.xxx.xxx PROPFIND /N$cl64.exe - 80 - 159.xxx.xxx.xxx 1
Microsoft-WebDAV-MiniRedir/6.1.7601 - 404 0 2 622016-06-20 05:41:27
10.xxx.xxx.xxx PROPFIND /C$rome.dll - 80 - 159.xxx.xxx.xxx
Microsoft-WebDAV-MiniRedir/6.1.7601 - 404 0 2 296 Stunell.conf: cert =
extwebsvr_ver.pem ; Some performance tuningsocket = l:TCP_NODELAY=1socket =
r:TCP_NODELAY=1 ; Peer Authenticationverify = 2CAfile = extwebsvr_root.pem ;
Debug mode - useful for troubleshootingdebug = 7output = stunnel.log ;
Client modeclient = yes ; Setup tunnels to each EMS node
[CLIxxxxxxxx)]accept=127.0.0.1:9001connect=10.xxx.xxx.xxx:9009 Stunnel.log:
2016.06.20 09:17:39 LOG7[main]: No limit detected for the number of
clients2016.06.20 09:17:39 LOG5[main]: stunnel 5.27 on x86-pc-msvc-1500
platform2016.06.20 09:17:39 LOG5[main]: Compiled/running with OpenSSL
1.0.2e-fips 3 Dec 20152016.06.20 09:17:39 LOG5[main]: Threading:WIN32
Sockets:SELECT,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI2016.06.20 09:17:39 LOG7[main]:
errno: (*_errno())2016.06.20 09:17:39 LOG5[main]: Reading configuration from
file stunnel.conf2016.06.20 09:17:39 LOG7[ui]: GUI message loop
initialized2016.06.20 09:17:39 LOG7[cron]: Cron thread initialized2016.06.20
09:17:39 LOG5[main]: UTF-8 byte order mark detected2016.06.20 09:17:39
LOG6[main]: Initializing service [CLI9F529A0A]2016.06.20 09:17:39 LOG6[main]:
Loading certificate from file: extwebsvr_ver.pem2016.06.20 09:17:39 LOG6[main]:
Certificate loaded from file: extwebsvr_ver.pem2016.06.20 09:17:39 LOG6[main]:
Loading private key from file: extwebsvr_ver.pem2016.06.20 09:17:39 LOG6[main]:
Private key loaded from file: extwebsvr_ver.pem2016.06.20 09:17:39 LOG7[main]:
Private key check succeeded2016.06.20 09:17:39 LOG4[main]: Service
[CLIxxxxxxxx] uses "verify = 2" without subject checks2016.06.20 09:17:39
LOG4[main]: Use "checkHost" or "checkIP" to restrict trusted
certificates2016.06.20 09:17:39 LOG7[main]: SSL options: 0x03000004
(+0x03000000, -0x00000000)2016.06.20 09:17:39 LOG5[main]: Configuration
successful Thanks for your help, Michael From: Josealf.rm
[mailto:[email protected]]
Sent: Monday, June 20, 2016 8:01 AM
To: J. Michael Drew
Cc: [email protected]
Subject: Re: [stunnel-users] Stunnel with IIS8 on server 2012 64 bit Michael,
Is your stunnel running as a service?Please post sanitized logs and
configuration for a better diagnostic ...
Regards Jose
El 20 jun 2016, a las 6:39, J. Michael Drew <[email protected]> escribió:
Hi, I have a website on IIS8 and am using stunnel to forward requests over 9009
inside to my application server. When I log in to the IIS server and stay
logged in everything works as expected. When I log off the IIS 8 web server my
site is unreachable with a “service is unavailable”. Can someone help me?
Sincere thanks, Michael
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
