Re: [stunnel-users] Stunnel Connectivity Issue

Jose Alf. Thu, 03 Aug 2017 09:47:31 -0700

Dheeraj,
Are you sure your client application is connecting to 127.0.0.1 port 9260?... 
The fact that no events are logged when you run your application makes me thin 
it is not doing it. You may want to double check. You can use a utility such as 
tcpview to verify or something more powerful like Wireshark.

Regards,
      From: Dheeraj Gautam <[email protected]>
 To: Liz Turi <[email protected]>; [email protected]; 
[email protected] 
Cc: Ishu Singh <[email protected]>; Gurpreet Ahuja 
<[email protected]>; Sumit Sharma <[email protected]>
 Sent: Thursday, August 3, 2017 7:46 AM
 Subject: Re: [stunnel-users] Stunnel Connectivity Issue

Hi Liz, The logs are 
being generating only when I am doing telnet to myself like telnet 127.0.0.1 
9260. No logs are coming while running the application. Could you please remote 
my machine so that you can get complete understanding about the setup. Regards, 
Dheeraj Gautam From: Liz Turi [mailto:[email protected]] 
Sent: Thursday, August 3, 2017 6:13 PM
To: Dheeraj Gautam <[email protected]>; [email protected]; 
[email protected]
Cc: Gurpreet Ahuja <[email protected]>; Sumit Sharma 
<[email protected]>; Ishu Singh <[email protected]>
Subject: RE: [stunnel-users] Stunnel Connectivity Issue This looks like you’re 
successfully negotiating your client connection to the remote server, but 
there’s no data being transferred.  Liz TuriSr. ConsultantMassachusetts eHealth 
Collaborative860 Winter Street, Waltham, MA 02451(m) 339-222-6614 (o) 
781-907-7204 (f) 781-207-8589www.maehc.org From: Dheeraj Gautam 
[mailto:[email protected]] 
Sent: Thursday, August 3, 2017 8:38 AM
To: Liz Turi <[email protected]>; [email protected]; [email protected]
Cc: Gurpreet Ahuja <[email protected]>; Sumit Sharma 
<[email protected]>; Ishu Singh <[email protected]>
Subject: RE: [stunnel-users] Stunnel Connectivity Issue Hi Liz, Find attached 
stunnel log herewith, yes the configured remote server IP address and port 
details are correct.At remote end they have allowed our source address and they 
are getting an error during TLS handshake, the issue appears to be with the TLS 
certificate and are sending them back resulting in the handshake error.Also, 
please let us know if we can have a call with you and remote session to get 
this fix.I will be thankful to you.Regards,Dheeraj Gautam From: Liz Turi 
[mailto:[email protected]] 
Sent: Thursday, August 3, 2017 5:58 PM
To: Dheeraj Gautam <[email protected]>; [email protected]; 
[email protected]
Cc: Gurpreet Ahuja <[email protected]>; Sumit Sharma 
<[email protected]>; Ishu Singh <[email protected]>
Subject: RE: [stunnel-users] Stunnel Connectivity Issue What do your debug logs 
say? What happens when you send a test message through? Are you sure you have 
the remote IP address/port correct? Is there IP filtering or a firewall in 
place between the two? Liz TuriSr. ConsultantMassachusetts eHealth 
Collaborative860 Winter Street, Waltham, MA 02451(m) 339-222-6614 (o) 
781-907-7204 (f) 781-207-8589www.maehc.org From: Dheeraj Gautam 
[mailto:[email protected]] 
Sent: Thursday, August 3, 2017 5:27 AM
To: Liz Turi <[email protected]>; [email protected]; [email protected]
Cc: Gurpreet Ahuja <[email protected]>; Sumit Sharma 
<[email protected]>; Ishu Singh <[email protected]>
Subject: RE: [stunnel-users] Stunnel Connectivity Issue Hi Liz, We have stuck 
badly to establish stunnel connection with one of our partner, We have 
configured Client mode configuration on our server to connect server to run the 
application. Below is the config which We have done on my server: ; 
***************************************** Example TLS Client mode services; 
Certificatecert = Talomoncert.pemkey = Talomonkey.pemCAfile = 
TalomonCACerts.pem;FIPSfips=no; Protocol version (all, SSLv2, SSLv3, 
TLSv1)sslVersion = TLSv1.2 ; Some performance tunings  socket = l:TCP_NODELAY=1 
 socket = r:TCP_NODELAY=1   ; Some debugging stuff useful for troubleshooting  
debug = 7  output = stunnel.log   ; Use it for client mode  client = yes; 
Service-level configuration[FIX]  accept = 127.0.0.1:9260connect = 
69.191.230.34:8228;protocol=connect;protocolHost= 
69.191.230.34:8228TIMEOUTconnect  = 5 Our partner saying that they are not 
getting any TLS connection on their server due to which connection is not 
establishing. Could you please help us to get this sort out as we have no more 
idea how we can troubleshoot this. Thanks in advance. Regards, Dheeraj Gautam 
From: Liz Turi [mailto:[email protected]] 
Sent: Tuesday, June 13, 2017 11:40 PM
To: Dheeraj Gautam <[email protected]>; [email protected]; 
[email protected]
Subject: RE: [stunnel-users] Stunnel Connectivity Issue Hi, Dheeraj, Your logs 
say that you’re connecting successfully to the port that your application is 
listening on. Have you tried testing from the application, or calls to the 
application? This line (along with the next couple of lines) suggest that 
telnet is connecting through to the remote host listening on 8228.  2017.06.13 
16:38:38 LOG5[11]: s_connect: connected 69.191.198.34:8228 It closes the 
connection via telnet because telnet isn’t going to run your application for 
you. We need more information about how you’re connecting to your application? 
(or intending to)  Liz TuriSr. ConsultantMassachusetts eHealth Collaborative860 
Winter Street, Waltham, MA 02451(m) 339-222-6614 (o) 781-907-7204 (f) 
781-207-8589www.maehc.org From: stunnel-users 
[mailto:[email protected]] On Behalf Of Dheeraj Gautam
Sent: Tuesday, June 13, 2017 1:21 PM
To: [email protected]; [email protected]
Subject: Re: [stunnel-users] Stunnel Connectivity Issue Hi Browne, I am not 
understand like what config I have to do in stunnel config file. As per 
application it will trigger 8228 port of remote server, but at the momen 
stunnel is working only when I am trying to telnet localhost on 9233 port. 
Nothing is happening when running the application, don’t know what I am missing 
as I am the new for stunnel. Please help to fix this out. Regards, Dheeraj 
Gautam   From: stunnel-users [mailto:[email protected]] On 
Behalf Of Carter Browne
Sent: Tuesday, June 13, 2017 10:41 PM
To: [email protected]
Subject: Re: [stunnel-users] Stunnel Connectivity Issue Dheeraj,stunnel will 
keep the connection open for as long as your applications keeps it open.  When 
you exit telnet, it closes the connection.  I use stunnel mostly for RDP, VNC 
and telnet and as long the application is active, the port is open.  You need 
to have your application open the local port you want to route via stunnel (in 
your example 127.0.0.1:9233).  As long as your application keeps the connection 
open (ignoring such issues as communications failures), stunnel will maintain 
the application.  Telnet is a great tool for determining connectivity, but your 
application is going to have to handle the connection going forward.Carter 
Browne On 6/13/2017 12:01 PM, Dheeraj Gautam wrote:
Hi Liz, Thanks for your reply. Actually we need to run a service which will 
work only once stunnel connection establish and the service will work till the 
time connection connected. But at the moment I don’t have idea like how the 
stunnel will remain connected. Could you please suggest me to fix this so that 
stunnel connection remain connected and I can run the application. Waiting for 
your valuable response. Regards, Dheeraj Gautam From: Liz Turi 
[mailto:[email protected]] 
Sent: Tuesday, June 13, 2017 9:19 PM
To: Dheeraj Gautam <[email protected]>; Małgorzata Olszówka 
<[email protected]>
Cc: [email protected]
Subject: RE: [stunnel-users] Stunnel Connectivity Issue Hi, Dheeraj, Are you 
testing the connection with Telnet? Or are you testing with the application. 
What I noticed in testing the connection is that once the command is completed, 
the connection is closed. However, when I test from my application, its only 
closed once all transactions in that session are completed, and will show how 
much data was passed on (following from my logs at the end of a non-telnet test 
session. 2017.06.13 10:16:08 LOG6[1]: Negotiated TLSv1.2 ciphersuite 
AES256-GCM-SHA384 (256-bit encryption)2017.06.13 10:16:18 LOG6[1]: Read socket 
closed (readsocket)2017.06.13 10:16:18 LOG6[1]: SSL_shutdown successfully sent 
close_notify alert2017.06.13 10:16:18 LOG6[1]: TLS closed (SSL_read)2017.06.13 
10:16:18 LOG5[1]: Connection closed: 2791 byte(s) sent to TLS, 1641 byte(s) 
sent to socket Liz TuriSr. ConsultantMassachusetts eHealth Collaborative860 
Winter Street, Waltham, MA 02451(m) 339-222-6614 (o) 781-907-7204 (f) 
781-207-8589www.maehc.org From: stunnel-users 
[mailto:[email protected]] On Behalf Of Dheeraj Gautam
Sent: Tuesday, June 13, 2017 11:41 AM
To: Małgorzata Olszówka <[email protected]>
Cc: [email protected]
Subject: Re: [stunnel-users] Stunnel Connectivity Issue HI Guys, below is the 
config which i have configured with TLSv1.2, but still connection establishing 
only for while when i telnet telnet 127.0.0.1 9233. and just after connection 
closed. [TCP]client=yescert = BBG_cert.pemkey = BBG_key.pemverifyChain = 
yesCAfile = BBG_CACerts.pemconnect = 69.191.198.34:8228accept  = 
127.0.0.1:9233sslVersion = TLSv1.2 below the logs: 2017.06.13 11:57:49 
LOG5[main]: Reading configuration from file stunnel.conf2017.06.13 11:57:49 
LOG5[main]: UTF-8 byte order mark detected2017.06.13 11:57:49 LOG5[main]: FIPS 
mode disabled2017.06.13 11:57:49 LOG3[main]: Service [TCP]: Each service must 
define two endpoints2017.06.13 11:57:49 LOG3[main]: Failed to reload the 
configuration file2017.06.13 16:37:16 LOG5[main]: Reading configuration from 
file stunnel.conf2017.06.13 16:37:16 LOG5[main]: UTF-8 byte order mark 
detected2017.06.13 16:37:16 LOG5[main]: FIPS mode disabled2017.06.13 16:37:16 
LOG4[main]: Service [TCP] uses "verifyChain" without subject checks2017.06.13 
16:37:16 LOG4[main]: Use "checkHost" or "checkIP" to restrict trusted 
certificates2017.06.13 16:37:16 LOG5[main]: Configuration successful2017.06.13 
16:38:38 LOG5[11]: Service [TCP] accepted connection from 
127.0.0.1:627362017.06.13 16:38:38 LOG5[11]: s_connect: connected 
69.191.198.34:82282017.06.13 16:38:38 LOG5[11]: Service [TCP] connected remote 
server from 172.16.1.23:627372017.06.13 16:38:39 LOG5[11]: Certificate accepted 
at depth=0: C=US, ST=NEW YORK, L=NEW YORK, O=Bloomberg LP, OU=FIXBETA, 
CN=fixbeta.bloomberg.com, [email protected] 16:39:10 
LOG5[11]: Connection closed: 0 byte(s) sent to TLS, 0 byte(s) sent to socket i 
want connection remained connected every time so that i can run the 
application. application can be work only if the connection remain connected. 
please help me to sort this out. Regards, Dheeraj Gautam On 25 May 2017 at 
12:29, Małgorzata Olszówka <[email protected]> wrote:

Could you please let us know what parameters we are missing here due to which 
connection is not establishing with remote server.

Although, stunnel logs indicating that configuration successful, but in logs no 
where is mentioned about the connection is it connected or not, 

Hello Dheeraj,

You should set the verifyChain option in order to verify the certificate stored 
in the file specified with CAfile:
verifyChain = yes

Then you can test your connection:
telnet 127.0.0.1 9233
the stunnel logs will show information about the connection attempt.

Regards,
Małgorzata
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
  www.arborfs.comThis e-mail and any attachment are confidential and contain 
proprietary information, some or all of which may be legally privileged.It is 
intended solely for the use of the individual or entity to which it is 
addressed.  If you are not the intended recipient, please notify the author 
immediately by telephone or by replying to this e-mail, and then delete all 
copies of the e-mail on your system.  If you are not the intended recipient, 
you must not use, disclose, distribute, copy, print or rely on this 
e-mail.Whilst we have taken reasonable precautions to ensure that this e-mail 
and any attachment has been checked for viruses, we cannot guarantee that they 
are virus free and we cannot accept liability for any damage sustained as a 
result of software viruses.  We would advise that you carry out your own virus 
checks, especially before opening an attachment.
CONFIDENTIALITY NOTICE
The information contained in this email transmission is legally privileged and 
confidential information intended only for the use of the addressee named 
above. If the reader of this message is not the intended recipient you are 
hereby notified that any dissemination, distribution or copying of this email 
transmission is strictly prohibited. If you have received this email 
transmission in error, please notify us immediately. Thank you. 
www.arborfs.comThis e-mail and any attachment are confidential and contain 
proprietary information, some or all of which may be legally privileged.It is 
intended solely for the use of the individual or entity to which it is 
addressed.  If you are not the intended recipient, please notify the author 
immediately by telephone or by replying to this e-mail, and then delete all 
copies of the e-mail on your system.  If you are not the intended recipient, 
you must not use, disclose, distribute, copy, print or rely on this 
e-mail.Whilst we have taken reasonable precautions to ensure that this e-mail 
and any attachment has been checked for viruses, we cannot guarantee that they 
are virus free and we cannot accept liability for any damage sustained as a 
result of software viruses.  We would advise that you carry out your own virus 
checks, especially before opening an attachment. 
_______________________________________________stunnel-users mailing 
[email protected]https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
  www.arborfs.comThis e-mail and any attachment are confidential and contain 
proprietary information, some or all of which may be legally privileged.It is 
intended solely for the use of the individual or entity to which it is 
addressed.  If you are not the intended recipient, please notify the author 
immediately by telephone or by replying to this e-mail, and then delete all 
copies of the e-mail on your system.  If you are not the intended recipient, 
you must not use, disclose, distribute, copy, print or rely on this 
e-mail.Whilst we have taken reasonable precautions to ensure that this e-mail 
and any attachment has been checked for viruses, we cannot guarantee that they 
are virus free and we cannot accept liability for any damage sustained as a 
result of software viruses.  We would advise that you carry out your own virus 
checks, especially before opening an attachment.
CONFIDENTIALITY NOTICE
The information contained in this email transmission is legally privileged and 
confidential information intended only for the use of the addressee named 
above. If the reader of this message is not the intended recipient you are 
hereby notified that any dissemination, distribution or copying of this email 
transmission is strictly prohibited. If you have received this email 
transmission in error, please notify us immediately. Thank you. 
www.arborfs.comThis e-mail and any attachment are confidential and contain 
proprietary information, some or all of which may be legally privileged.It is 
intended solely for the use of the individual or entity to which it is 
addressed.  If you are not the intended recipient, please notify the author 
immediately by telephone or by replying to this e-mail, and then delete all 
copies of the e-mail on your system.  If you are not the intended recipient, 
you must not use, disclose, distribute, copy, print or rely on this 
e-mail.Whilst we have taken reasonable precautions to ensure that this e-mail 
and any attachment has been checked for viruses, we cannot guarantee that they 
are virus free and we cannot accept liability for any damage sustained as a 
result of software viruses.  We would advise that you carry out your own virus 
checks, especially before opening an attachment.
CONFIDENTIALITY NOTICE
The information contained in this email transmission is legally privileged and 
confidential information intended only for the use of the addressee named 
above. If the reader of this message is not the intended recipient you are 
hereby notified that any dissemination, distribution or copying of this email 
transmission is strictly prohibited. If you have received this email 
transmission in error, please notify us immediately. Thank you. 
www.arborfs.comThis e-mail and any attachment are confidential and contain 
proprietary information, some or all of which may be legally privileged.It is 
intended solely for the use of the individual or entity to which it is 
addressed.  If you are not the intended recipient, please notify the author 
immediately by telephone or by replying to this e-mail, and then delete all 
copies of the e-mail on your system.  If you are not the intended recipient, 
you must not use, disclose, distribute, copy, print or rely on this 
e-mail.Whilst we have taken reasonable precautions to ensure that this e-mail 
and any attachment has been checked for viruses, we cannot guarantee that they 
are virus free and we cannot accept liability for any damage sustained as a 
result of software viruses.  We would advise that you carry out your own virus 
checks, especially before opening an attachment.
CONFIDENTIALITY NOTICE
The information contained in this email transmission is legally privileged and 
confidential information intended only for the use of the addressee named 
above. If the reader of this message is not the intended recipient you are 
hereby notified that any dissemination, distribution or copying of this email 
transmission is strictly prohibited. If you have received this email 
transmission in error, please notify us immediately. Thank you.
www.arborfs.com
This e-mail and any attachment areconfidential and contain proprietary 
information, some or all of which may belegally privileged.It is intended 
solely for the use of theindividual or entity to which it is addressed.  If you 
are not theintended recipient, please notify the author immediately by 
telephone or byreplying to this e-mail, and then delete all copies of the 
e-mail on yoursystem.  If you are not the intended recipient, you must not 
use,disclose, distribute, copy, print or rely on this e-mail.Whilst we have 
taken reasonableprecautions to ensure that this e-mail and any attachment has 
been checked forviruses, we cannot guarantee that they are virus free and we 
cannot acceptliability for any damage sustained as a result of software 
viruses.  Wewould advise that you carry out your own virus checks, especially 
beforeopening an attachment._______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

Re: [stunnel-users] Stunnel Connectivity Issue

Reply via email to