Thanks I changed client to no, and it didn't make a difference unless you meant to add one in the telnet section?
Also it must be the copy there are no spaces in the file. -----Original Message----- From: Carter Browne [mailto:[email protected]] Sent: Wednesday, April 08, 2015 2:51 PM To: Coviello, Paul; [email protected]; [email protected] Subject: Re: [stunnel-users] openvms and stunnel I think you need a "client = no" added to the telnet section. I am not familiar with your environment to help with the details. I have had issues with the location of the log file. If the default location of where stunnel is not write enabled for the program that could be a problem. In the file below, a number of lines are not on the left hand margin; e.g,; cert = ;key = debug = output = I don't know if that is an artifact of the copying or present in your configuration file, but they all should be at the left margin. Carter On 4/8/2015 2:04 PM, Coviello, Paul wrote: > Nope didn’t make a difference, then removed all except for telnet... > still fails :-( > > > > -----Original Message----- > From: Carter Browne [mailto:[email protected]] > Sent: Wednesday, April 08, 2015 1:59 PM > To: Coviello, Paul; [email protected] > Subject: Re: [stunnel-users] openvms and stunnel > > You have two listeners on port 993, to the best of my knowledge, they need to > be on two different ports. It probably did not get to the point of opening > the log file. > > > > On 4/8/2015 12:41 PM, Coviello, Paul wrote: >> Ok thanks! >> >> Now onto the server side... >> >> $ @STUNNEL_STARTUP_SERVER.COM >> Is the private key (in the PEM file) encrypted? [Y/N]: y Enter the >> password to decrypt the key (please use paired double quotes with it): >> ""XXXXXXX"" >> Starting up a Stunnel >> %RUN-S-PROC_ID, identification of created process is 209F0B0D Stunnel >> server failed to start up-- check the configuration, etc. >> >> And no logfile is created... >> $ dir stunnel.log >> %DIRECT-W-NOFILES, no files found >> $ >> >> here are the settings in the conf file... >> >> $ ty STUNNEL_server.CONF >> ; Sample stunnel configuration file by Michal Trojnara 2002-2006 ; >> Some options used here may not be adequate for your particular >> configuration >> >> ; Certificate/key is needed in server mode and optional in client >> mode ; The default certificate is provided only for testing and >> should not ; be used in a production environment cert = stunnel.pem >> ;key = stunnel.pem >> >> ; Some performance tunings >> socket = l:TCP_NODELAY=1 >> socket = r:TCP_NODELAY=1 >> >> ; Workaround for Eudora bug >> ;options = DONT_INSERT_EMPTY_FRAGMENTS >> >> ; Authentication stuff >> ;verify = 2 >> ; Don't forget to c_rehash CApath >> ;CApath = certs >> ; It's often easier to use CAfile >> ;CAfile = certs.pem >> ; Don't forget to c_rehash CRLpath >> ;CRLpath = crls >> ; Alternatively you can use CRLfile >> ;CRLfile = crls.pem >> >> ; Some debugging stuff useful for troubleshooting debug = 7 output = >> stunnel.log >> >> ; Use it for client mode >> client = yes >> >> ; Service-level configuration >> >> [pop3s] >> accept = 995 >> connect = 110 >> >> [imaps] >> accept = 993 >> connect = 143 >> >> [telnet] >> accept = 993 >> connect = 23 >> >> [ssmtp] >> accept = 465 >> connect = 25 >> >> ;[https] >> ;accept = 443 >> ;connect = 80 >> ;TIMEOUTclose = 0 >> >> ; vim:ft=dosini >> >> >> >> -----Original Message----- >> From: Carter Browne [mailto:[email protected]] >> Sent: Wednesday, April 08, 2015 12:16 PM >> To: Coviello, Paul; [email protected] >> Subject: Re: [stunnel-users] openvms and stunnel >> >> The configuration: >> >> [telnet] >> accept = 999 >> connect = x.x.x.x:993 >> client = no >> >> will provide that. >> >> If you want a single input port to access multiple destinations: >> >> [telnet] >> accept = 999 >> connect = x.x.x.x:993 >> connect = x.x.x.y:993 >> connect = x.x.x.z:993 >> client = no >> And the destinations will be assigned on a round robin basis. >> >> If each destination is a distinct connection then >> >> [telnet1] >> accept = 999 >> connect = x.x.x.x:993 >> client = no >> >> [telnet2] >> accept = 1999 >> connect = x.x.x.y:993 >> client = no >> >> [telnet3] >> accept = 2999 >> connect = x.x.x.z:993 >> client = no >> >> Carter >> >> On 4/8/2015 12:02 PM, Coviello, Paul wrote: >>> Setup an incoming encrypted link from a windows telnet session to openvms. >>> >>> -----Original Message----- >>> From: stunnel-users [mailto:[email protected]] On >>> Behalf Of Carter Browne >>> Sent: Wednesday, April 08, 2015 12:00 PM >>> To: [email protected] >>> Subject: Re: [stunnel-users] openvms and stunnel >>> >>> Paul, >>> >>> What are you trying to do: >>> >>> Set up an incoming encrypted link to an outgoing unencrypted link? >>> Set up an incoming unencrypted link to an outgoing encrypted link? >>> Something else? >>> >>> Carter >>> >>> >>> >>> On 4/8/2015 11:49 AM, Coviello, Paul wrote: >>>> Let me see so I need to do the following. >>>>> connect = 192.168.0.1:993 >>>>> connect = 192.168.20.140:993 >>>>> connect = 192.168.xx.xxx:993 >>>>> connect = 192.168.xx.xxy:993 >>>> Thanks >>>> Paul >>>> >>>> >>>> -----Original Message----- >>>> From: stunnel-users [mailto:[email protected]] On >>>> Behalf Of Ludolf Holzheid >>>> Sent: Wednesday, April 08, 2015 11:35 AM >>>> To: [email protected] >>>> Subject: Re: [stunnel-users] openvms and stunnel >>>> >>>> On Wed, 2015-04-08 11:18:43 -0400, Coviello, Paul wrote: >>>>> Hello >>>>> >>>>> I'm trying to setup stunnel 4.20 yes it is an old version but the only >>>>> one on HP's website for VMS. >>>>> >>>>> I need a little help in the conf files. >>>>> >>>>> Since I will be using telnet, do I need to put in each machines ip >>>>> address that will be connecting? So in the example below do I create a >>>>> listing of connects? >>>>> >>>>> [telnet] >>>>> accept = 999 >>>>> connect = 192.168.0.1:993 >>>> Paul, >>>> >>>> the configuration above makes stunnel listen on local port 999, accepting >>>> connections from all IP addresses and forwards the traffic to port 993 of >>>> the box with IP address 192.168.0.1. >>>> >>>> Depending on the 'client = ...' statement, stunnel expects the traffic at >>>> port 999 to be encrypted (server mode, client = no, default), or at port >>>> 993 (client mode, client = yes). >>>> >>>> Any access control may be implemented via libwrap and (in server mode) via >>>> restriction of the accepted certificates. >>>> >>>> HTH, >>>> >>>> Ludolf >>>> > -- > Carter Browne > [email protected] > -- Carter Browne [email protected] _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
