Ok thanks! Now onto the server side...
$ @STUNNEL_STARTUP_SERVER.COM Is the private key (in the PEM file) encrypted? [Y/N]: y Enter the password to decrypt the key (please use paired double quotes with it): ""XXXXXXX"" Starting up a Stunnel %RUN-S-PROC_ID, identification of created process is 209F0B0D Stunnel server failed to start up-- check the configuration, etc. And no logfile is created... $ dir stunnel.log %DIRECT-W-NOFILES, no files found $ here are the settings in the conf file... $ ty STUNNEL_server.CONF ; Sample stunnel configuration file by Michal Trojnara 2002-2006 ; Some options used here may not be adequate for your particular configuration ; Certificate/key is needed in server mode and optional in client mode ; The default certificate is provided only for testing and should not ; be used in a production environment cert = stunnel.pem ;key = stunnel.pem ; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ; Workaround for Eudora bug ;options = DONT_INSERT_EMPTY_FRAGMENTS ; Authentication stuff ;verify = 2 ; Don't forget to c_rehash CApath ;CApath = certs ; It's often easier to use CAfile ;CAfile = certs.pem ; Don't forget to c_rehash CRLpath ;CRLpath = crls ; Alternatively you can use CRLfile ;CRLfile = crls.pem ; Some debugging stuff useful for troubleshooting debug = 7 output = stunnel.log ; Use it for client mode client = yes ; Service-level configuration [pop3s] accept = 995 connect = 110 [imaps] accept = 993 connect = 143 [telnet] accept = 993 connect = 23 [ssmtp] accept = 465 connect = 25 ;[https] ;accept = 443 ;connect = 80 ;TIMEOUTclose = 0 ; vim:ft=dosini -----Original Message----- From: Carter Browne [mailto:[email protected]] Sent: Wednesday, April 08, 2015 12:16 PM To: Coviello, Paul; [email protected] Subject: Re: [stunnel-users] openvms and stunnel The configuration: [telnet] accept = 999 connect = x.x.x.x:993 client = no will provide that. If you want a single input port to access multiple destinations: [telnet] accept = 999 connect = x.x.x.x:993 connect = x.x.x.y:993 connect = x.x.x.z:993 client = no And the destinations will be assigned on a round robin basis. If each destination is a distinct connection then [telnet1] accept = 999 connect = x.x.x.x:993 client = no [telnet2] accept = 1999 connect = x.x.x.y:993 client = no [telnet3] accept = 2999 connect = x.x.x.z:993 client = no Carter On 4/8/2015 12:02 PM, Coviello, Paul wrote: > Setup an incoming encrypted link from a windows telnet session to openvms. > > -----Original Message----- > From: stunnel-users [mailto:[email protected]] On Behalf Of > Carter Browne > Sent: Wednesday, April 08, 2015 12:00 PM > To: [email protected] > Subject: Re: [stunnel-users] openvms and stunnel > > Paul, > > What are you trying to do: > > Set up an incoming encrypted link to an outgoing unencrypted link? > Set up an incoming unencrypted link to an outgoing encrypted link? > Something else? > > Carter > > > > On 4/8/2015 11:49 AM, Coviello, Paul wrote: >> Let me see so I need to do the following. >>> connect = 192.168.0.1:993 >>> connect = 192.168.20.140:993 >>> connect = 192.168.xx.xxx:993 >>> connect = 192.168.xx.xxy:993 >> Thanks >> Paul >> >> >> -----Original Message----- >> From: stunnel-users [mailto:[email protected]] On Behalf Of >> Ludolf Holzheid >> Sent: Wednesday, April 08, 2015 11:35 AM >> To: [email protected] >> Subject: Re: [stunnel-users] openvms and stunnel >> >> On Wed, 2015-04-08 11:18:43 -0400, Coviello, Paul wrote: >>> Hello >>> >>> I'm trying to setup stunnel 4.20 yes it is an old version but the only one >>> on HP's website for VMS. >>> >>> I need a little help in the conf files. >>> >>> Since I will be using telnet, do I need to put in each machines ip address >>> that will be connecting? So in the example below do I create a listing of >>> connects? >>> >>> [telnet] >>> accept = 999 >>> connect = 192.168.0.1:993 >> Paul, >> >> the configuration above makes stunnel listen on local port 999, accepting >> connections from all IP addresses and forwards the traffic to port 993 of >> the box with IP address 192.168.0.1. >> >> Depending on the 'client = ...' statement, stunnel expects the traffic at >> port 999 to be encrypted (server mode, client = no, default), or at port 993 >> (client mode, client = yes). >> >> Any access control may be implemented via libwrap and (in server mode) via >> restriction of the accepted certificates. >> >> HTH, >> >> Ludolf >> -- Carter Browne [email protected] _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
