[stunnel-users] Stunnel on Android 7.x not working?

John Appleseed Sat, 14 Oct 2017 15:04:22 -0700

Hello,
I have trouble with stunnel on Android 7.x..
I'm trying to connect to OpenVPN server through SSL tunneling with stunnel.
On phone I'm using stunnel installed in Termux and OpenVPN. Everything is
correctly configured, Im using the same config on other devices in same
network and it works perfectly.
I tried it with different devices with Android 7.x and it is not working at
all :(


Immediately after succesful connection I am receiving:
TLS fd: Software caused connection abort (103)
TLS socket closed (SSL_read)

And it is still reconnecting again and again with the same error.
I also tried it with stunnel downloaded directly from stunnel.org site..

Anyone with new Android who have working stunnel? Where can be the problem?

Example stunnel.conf on Android:
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = debug
[openvpn]
client = yes
accept = 1337
connect = *****.ddns.net:993
cert = /path/to/stunnel.pem

and on server:
chroot = /var/lib/stunnel4
pid    = /stunnel.pid
output = /stunnel.log
setuid = stunnel4
setgid = stunnel4
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
[openvpn]
client = no
accept = 993
connect = 127.0.0.1:1194
cert = /etc/stunnel/stunnel.pem

Example stunnel.log is in attachment.
Thank you very much

2017.10.14 23:08:32 LOG7[ui]: Clients allowed=500
2017.10.14 23:08:32 LOG5[ui]: stunnel 5.42 on aarch64-unknown-linux-android platform
2017.10.14 23:08:32 LOG5[ui]: Compiled/running with OpenSSL 1.0.2l  25 May 2017
2017.10.14 23:08:32 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI
2017.10.14 23:08:32 LOG7[ui]: errno: (*__errno())
2017.10.14 23:08:32 LOG5[ui]: Reading configuration from file /data/data/com.termux/files/usr/etc/stunnel/stunnel.conf
2017.10.14 23:08:32 LOG5[ui]: UTF-8 byte order mark not detected
2017.10.14 23:08:32 LOG7[ui]: PRNG seeded successfully
2017.10.14 23:08:32 LOG6[ui]: Initializing service [openvpn]
2017.10.14 23:08:32 LOG7[ui]: Ciphers: HIGH:!DH:!aNULL:!SSLv2
2017.10.14 23:08:32 LOG7[ui]: TLS options: 0x03000004 (+0x03000000, -0x00000000)
2017.10.14 23:08:32 LOG6[ui]: Loading certificate and private key from file: /data/data/com.termux/files/usr/etc/stunnel/stunnel.p12
2017.10.14 23:08:32 LOG6[ui]: Certificate and private key loaded from file: /data/data/com.termux/files/usr/etc/stunnel/stunnel.p12
2017.10.14 23:08:32 LOG7[ui]: Private key check succeeded
2017.10.14 23:08:32 LOG4[ui]: Service [openvpn] needs authentication to prevent MITM attacks
2017.10.14 23:08:32 LOG5[ui]: Configuration successful
2017.10.14 23:08:32 LOG7[ui]: Listening file descriptor created (FD=6)
2017.10.14 23:08:32 LOG7[ui]: Option SO_REUSEADDR set on accept socket
2017.10.14 23:08:32 LOG7[ui]: Service [openvpn] (FD=6) bound to 0.0.0.0:1337
2017.10.14 23:08:32 LOG7[main]: No pid file being created
2017.10.14 23:08:32 LOG7[cron]: Cron thread initialized
2017.10.14 23:08:42 LOG7[main]: Found 1 ready file descriptor(s)
2017.10.14 23:08:42 LOG7[main]: FD=4 events=0x2001 revents=0x0
2017.10.14 23:08:42 LOG7[main]: FD=6 events=0x2001 revents=0x1
2017.10.14 23:08:42 LOG7[main]: Service [openvpn] accepted (FD=3) from 127.0.0.1:55511
2017.10.14 23:08:42 LOG7[0]: Service [openvpn] started
2017.10.14 23:08:42 LOG7[0]: Option TCP_NODELAY set on local socket
2017.10.14 23:08:42 LOG5[0]: Service [openvpn] accepted connection from 127.0.0.1:55511
2017.10.14 23:08:42 LOG6[0]: s_connect: connecting [SERVER_IP]:993
2017.10.14 23:08:42 LOG7[0]: s_connect: s_poll_wait [SERVER_IP]:993: waiting 10 seconds
2017.10.14 23:08:42 LOG5[0]: s_connect: connected [SERVER_IP]:993
2017.10.14 23:08:42 LOG5[0]: Service [openvpn] connected remote server from 192.168.1.24:58961
2017.10.14 23:08:42 LOG7[0]: Option TCP_NODELAY set on remote socket
2017.10.14 23:08:42 LOG7[0]: Remote descriptor (FD=9) initialized
2017.10.14 23:08:42 LOG6[0]: SNI: sending servername: *****.ddns.net
2017.10.14 23:08:42 LOG6[0]: Peer certificate not required
2017.10.14 23:08:42 LOG7[0]: TLS state (connect): before/connect initialization
2017.10.14 23:08:42 LOG7[0]: TLS state (connect): SSLv3 write client hello A
2017.10.14 23:08:42 LOG7[0]: TLS state (connect): SSLv3 read server hello A
2017.10.14 23:08:42 LOG6[0]: Certificate verification disabled
2017.10.14 23:08:42 LOG6[0]: Certificate verification disabled
2017.10.14 23:08:42 LOG7[0]: TLS state (connect): SSLv3 read server certificate A
2017.10.14 23:08:42 LOG7[0]: TLS state (connect): SSLv3 read server key exchange A
2017.10.14 23:08:42 LOG6[0]: Client certificate not requested
2017.10.14 23:08:42 LOG7[0]: TLS state (connect): SSLv3 read server done A
2017.10.14 23:08:42 LOG7[0]: TLS state (connect): SSLv3 write client key exchange A
2017.10.14 23:08:42 LOG7[0]: TLS state (connect): SSLv3 write change cipher spec A
2017.10.14 23:08:42 LOG7[0]: TLS state (connect): SSLv3 write finished A
2017.10.14 23:08:42 LOG7[0]: TLS state (connect): SSLv3 flush data
2017.10.14 23:08:42 LOG7[0]: TLS state (connect): SSLv3 read finished A
2017.10.14 23:08:42 LOG7[0]:      1 client connect(s) requested
2017.10.14 23:08:42 LOG7[0]:      1 client connect(s) succeeded
2017.10.14 23:08:42 LOG7[0]:      0 client renegotiation(s) requested
2017.10.14 23:08:42 LOG7[0]:      0 session reuse(s)
2017.10.14 23:08:42 LOG6[0]: TLS connected: new session negotiated
2017.10.14 23:08:42 LOG7[0]: Peer certificate was cached (3321 bytes)
2017.10.14 23:08:42 LOG6[0]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)
2017.10.14 23:08:44 LOG3[0]: TLS fd: Software caused connection abort (103)
2017.10.14 23:08:44 LOG6[0]: TLS socket closed (SSL_read)
2017.10.14 23:08:44 LOG7[0]: Sent socket write shutdown
2017.10.14 23:08:44 LOG5[0]: Connection closed: 3330 byte(s) sent to TLS, 3231 byte(s) sent to socket
2017.10.14 23:08:44 LOG7[0]: Remote descriptor (FD=9) closed
2017.10.14 23:08:44 LOG7[0]: Local descriptor (FD=3) closed
2017.10.14 23:08:44 LOG7[0]: Service [openvpn] finished (0 left)
2017.10.14 23:08:49 LOG7[main]: Found 1 ready file descriptor(s)
2017.10.14 23:08:49 LOG7[main]: FD=4 events=0x2001 revents=0x0
2017.10.14 23:08:49 LOG7[main]: FD=6 events=0x2001 revents=0x1
2017.10.14 23:08:49 LOG7[main]: Service [openvpn] accepted (FD=3) from 127.0.0.1:55513
2017.10.14 23:08:49 LOG7[1]: Service [openvpn] started
2017.10.14 23:08:49 LOG7[1]: Option TCP_NODELAY set on local socket
2017.10.14 23:08:49 LOG5[1]: Service [openvpn] accepted connection from 127.0.0.1:55513
2017.10.14 23:08:49 LOG6[1]: s_connect: connecting [SERVER_IP]:993
2017.10.14 23:08:49 LOG7[1]: s_connect: s_poll_wait [SERVER_IP]:993: waiting 10 seconds
2017.10.14 23:08:49 LOG5[1]: s_connect: connected [SERVER_IP]:993
2017.10.14 23:08:49 LOG5[1]: Service [openvpn] connected remote server from 192.168.1.24:58963
2017.10.14 23:08:49 LOG7[1]: Option TCP_NODELAY set on remote socket
2017.10.14 23:08:49 LOG7[1]: Remote descriptor (FD=9) initialized
2017.10.14 23:08:49 LOG6[1]: SNI: sending servername: *****.ddns.net
2017.10.14 23:08:49 LOG6[1]: Peer certificate not required
2017.10.14 23:08:49 LOG7[1]: TLS state (connect): before/connect initialization
2017.10.14 23:08:49 LOG7[1]: TLS state (connect): SSLv3 write client hello A
2017.10.14 23:08:49 LOG7[1]: TLS state (connect): SSLv3 read server hello A
2017.10.14 23:08:49 LOG7[1]: TLS state (connect): SSLv3 read finished A
2017.10.14 23:08:49 LOG7[1]: TLS state (connect): SSLv3 write change cipher spec A
2017.10.14 23:08:49 LOG7[1]: TLS state (connect): SSLv3 write finished A
2017.10.14 23:08:49 LOG7[1]: TLS state (connect): SSLv3 flush data
2017.10.14 23:08:49 LOG7[1]:      2 client connect(s) requested
2017.10.14 23:08:49 LOG7[1]:      2 client connect(s) succeeded
2017.10.14 23:08:49 LOG7[1]:      0 client renegotiation(s) requested
2017.10.14 23:08:49 LOG7[1]:      1 session reuse(s)
2017.10.14 23:08:49 LOG6[1]: TLS connected: previous session reused
2017.10.14 23:08:50 LOG3[1]: TLS fd: Software caused connection abort (103)
2017.10.14 23:08:50 LOG6[1]: TLS socket closed (SSL_read)
2017.10.14 23:08:50 LOG7[1]: Sent socket write shutdown
2017.10.14 23:08:50 LOG5[1]: Connection closed: 3330 byte(s) sent to TLS, 3231 byte(s) sent to socket
2017.10.14 23:08:50 LOG7[1]: Remote descriptor (FD=9) closed
2017.10.14 23:08:50 LOG7[1]: Local descriptor (FD=3) closed
2017.10.14 23:08:50 LOG7[1]: Service [openvpn] finished (0 left)

_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

[stunnel-users] Stunnel on Android 7.x not working?

Reply via email to