[stunnel-users] SSH connection problems inside stunnel

Thu, 12 Mar 2015 05:30:16 -0700 

Hello,
I've installed a stunnel between my laptop and my server (both in Debian SID) [v5.06-2]. 

Here is my client stunnel.conf :
pid = /var/run/stunnel.pid
client = yes
sslVersion = TLSv1.2
debug = 7
[ssh]
accept = 5000
protocol = connect
protocolHost = myserver:443
connect = myproxy:8080

The server one :
cert = mycert
key = mykey
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
sslVersion = TLSv1.2
; https ou ssh encapsulé dans du ssl
[sslh]
accept  = 443
connect = myserver:444

And my .ssh/config :
Host myserver
        HostName localhost
        Port 5000
        IdentityFile ~/.ssh/mykey
        ProtocolKeepAlives 6


At home (I use tinyproxy to test), everything is OK. At work, with a 
"true" proxy, sometimes I can connect (but I'm quickly disconnected), 
sometimes I can't...

I've watch the logs but find nothing.

Do you have any idea ? Something to look in the logs ?

Here is an example of a short connection :
~ $ ssh myserver
root@myserver:~# cat /var/log/syslog | grep stunnel
[...]
root@myserver~# Timeout, server localhost not responding.

More often I have :
~ $ ssh myserver
ssh_exchange_identification: Connection closed by remote host

In my local logs :

Mar 12 13:24:41 mylaptop stunnel: LOG7[3984]: Service [ssh] accepted 
(FD=3) from 127.0.0.1:44794

Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: Service [ssh] started

Mar 12 13:24:41 mylaptop stunnel: LOG5[3223]: Service [ssh] accepted 
connection from 127.0.0.1:44794
Mar 12 13:24:41 mylaptop stunnel: LOG6[3223]: s_connect: connecting 
myproxy:8080
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: s_connect: s_poll_wait 
myproxy:8080: waiting 10 seconds
Mar 12 13:24:41 mylaptop stunnel: LOG5[3223]: s_connect: connected 
myproxy:8080
Mar 12 13:24:41 mylaptop stunnel: LOG5[3223]: Service [ssh] connected 
remote server from myIP:58282
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: Remote socket (FD=8) 
initialized
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  -> CONNECT myserver:443 
HTTP/1.1

Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  -> Host: myserver:443
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  ->

Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  <- HTTP/1.1 200 
Connection established

Mar 12 13:24:41 mylaptop stunnel: LOG6[3223]: CONNECT request accepted
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  <-

Mar 12 13:24:41 mylaptop stunnel: LOG6[3223]: SNI: sending servername: 
myserver
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): 
before/connect initialization
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): 
unknown state
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): 
unknown state
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): 
unknown state
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): 
unknown state
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): 
unknown state
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]: SSL state (connect): 
unknown state
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:   54 items in the session 
cache
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  109 client connects 
(SSL_connect())
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:  110 client connects that 
finished
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:    0 client renegotiations 
requested
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:    0 server connects 
(SSL_accept())
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:    0 server connects that 
finished
Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:    0 server renegotiations 
requested

Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:   56 session cache hits

Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:    0 external session 
cache hits

Mar 12 13:24:41 mylaptop stunnel: LOG7[3223]:    0 session cache misses

Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: SSL alert (read): warning: 
close notify

Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: SSL closed (SSL_read)
Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Sent socket write shutdown

Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: Read socket closed 
(readsocket)
Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: Read socket closed 
(hangup)
Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: Write socket closed 
(hangup)

Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Sending close_notify alert

Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: SSL alert (write): 
warning: close notify
Mar 12 13:24:43 mylaptop stunnel: LOG6[3223]: SSL_shutdown successfully 
sent close_notify alert
Mar 12 13:24:43 mylaptop stunnel: LOG5[3223]: Connection closed: 32 
byte(s) sent to SSL, 0 byte(s) sent to socket
Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Remote socket (FD=8) 
closed

Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Local socket (FD=3) closed

Mar 12 13:24:43 mylaptop stunnel: LOG7[3223]: Service [ssh] finished (0 
left)


Thank you.

David.
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users






















					Reply via email to