No luck...
-----Original Message----- From: Carter Browne [mailto:[email protected]] Sent: Wednesday, April 08, 2015 3:13 PM To: Coviello, Paul; [email protected] Subject: Re: [stunnel-users] openvms and stunnel I meant add client = no to the telnet section. I marked the bad sections below if they actually as they appear in your log file. Carter On 4/8/2015 3:00 PM, Coviello, Paul wrote: > Thanks I changed client to no, and it didn't make a difference unless you > meant to add one in the telnet section? > > Also it must be the copy there are no spaces in the file. > > > > -----Original Message----- > From: Carter Browne [mailto:[email protected]] > Sent: Wednesday, April 08, 2015 2:51 PM > To: Coviello, Paul; [email protected]; [email protected] > Subject: Re: [stunnel-users] openvms and stunnel > > I think you need a "client = no" added to the telnet section. > I am not familiar with your environment to help with the details. I have had > issues with the location of the log file. If the default location of where > stunnel is not write enabled for the program that could be a problem. > In the file below, a number of lines are not on the left hand margin; > e.g,; cert = ;key = debug = output = > > I don't know if that is an artifact of the copying or present in your > configuration file, but they all should be at the left margin. > > Carter > > On 4/8/2015 2:04 PM, Coviello, Paul wrote: >> Nope didn’t make a difference, then removed all except for telnet... >> still fails :-( >> >> >> >> -----Original Message----- >> From: Carter Browne [mailto:[email protected]] >> Sent: Wednesday, April 08, 2015 1:59 PM >> To: Coviello, Paul; [email protected] >> Subject: Re: [stunnel-users] openvms and stunnel >> >> You have two listeners on port 993, to the best of my knowledge, they need >> to be on two different ports. It probably did not get to the point of >> opening the log file. >> >> >> >> On 4/8/2015 12:41 PM, Coviello, Paul wrote: >>> Ok thanks! >>> >>> Now onto the server side... >>> >>> $ @STUNNEL_STARTUP_SERVER.COM >>> Is the private key (in the PEM file) encrypted? [Y/N]: y Enter the >>> password to decrypt the key (please use paired double quotes with it): >>> ""XXXXXXX"" >>> Starting up a Stunnel >>> %RUN-S-PROC_ID, identification of created process is 209F0B0D >>> Stunnel server failed to start up-- check the configuration, etc. >>> >>> And no logfile is created... >>> $ dir stunnel.log >>> %DIRECT-W-NOFILES, no files found >>> $ >>> >>> here are the settings in the conf file... The lines in this section do not line up properly, the ";' should be the first character >>> $ ty STUNNEL_server.CONF >>> ; Sample stunnel configuration file by Michal Trojnara 2002-2006 ; >>> Some options used here may not be adequate for your particular >>> configuration The line in this section do not line up properly, ";' or "cert" should start the line. >>> ; Certificate/key is needed in server mode and optional in client >>> mode ; The default certificate is provided only for testing and >>> should not ; be used in a production environment cert = stunnel.pem >>> ;key = stunnel.pem >>> >>> ; Some performance tunings >>> socket = l:TCP_NODELAY=1 >>> socket = r:TCP_NODELAY=1 >>> >>> ; Workaround for Eudora bug >>> ;options = DONT_INSERT_EMPTY_FRAGMENTS >>> >>> ; Authentication stuff >>> ;verify = 2 >>> ; Don't forget to c_rehash CApath >>> ;CApath = certs >>> ; It's often easier to use CAfile >>> ;CAfile = certs.pem >>> ; Don't forget to c_rehash CRLpath >>> ;CRLpath = crls >>> ; Alternatively you can use CRLfile >>> ;CRLfile = crls.pem The lines is this section do not line up properly. The lines should start with ";", "debug" and "output". >>> ; Some debugging stuff useful for troubleshooting debug = 7 output = >>> stunnel.log >>> >>> ; Use it for client mode >>> client = yes >>> >>> ; Service-level configuration >>> >>> [pop3s] >>> accept = 995 >>> connect = 110 >>> >>> [imaps] >>> accept = 993 >>> connect = 143 >>> >>> [telnet] >>> accept = 993 >>> connect = 23 >>> >>> [ssmtp] >>> accept = 465 >>> connect = 25 >>> >>> ;[https] >>> ;accept = 443 >>> ;connect = 80 >>> ;TIMEOUTclose = 0 >>> >>> ; vim:ft=dosini >>> >>> >>> >>> -----Original Message----- >>> From: Carter Browne [mailto:[email protected]] >>> Sent: Wednesday, April 08, 2015 12:16 PM >>> To: Coviello, Paul; [email protected] >>> Subject: Re: [stunnel-users] openvms and stunnel >>> >>> The configuration: >>> >>> [telnet] >>> accept = 999 >>> connect = x.x.x.x:993 >>> client = no >>> >>> will provide that. >>> >>> If you want a single input port to access multiple destinations: >>> >>> [telnet] >>> accept = 999 >>> connect = x.x.x.x:993 >>> connect = x.x.x.y:993 >>> connect = x.x.x.z:993 >>> client = no >>> And the destinations will be assigned on a round robin basis. >>> >>> If each destination is a distinct connection then >>> >>> [telnet1] >>> accept = 999 >>> connect = x.x.x.x:993 >>> client = no >>> >>> [telnet2] >>> accept = 1999 >>> connect = x.x.x.y:993 >>> client = no >>> >>> [telnet3] >>> accept = 2999 >>> connect = x.x.x.z:993 >>> client = no >>> >>> Carter >>> >>> On 4/8/2015 12:02 PM, Coviello, Paul wrote: >>>> Setup an incoming encrypted link from a windows telnet session to openvms. >>>> >>>> -----Original Message----- >>>> From: stunnel-users [mailto:[email protected]] On >>>> Behalf Of Carter Browne >>>> Sent: Wednesday, April 08, 2015 12:00 PM >>>> To: [email protected] >>>> Subject: Re: [stunnel-users] openvms and stunnel >>>> >>>> Paul, >>>> >>>> What are you trying to do: >>>> >>>> Set up an incoming encrypted link to an outgoing unencrypted link? >>>> Set up an incoming unencrypted link to an outgoing encrypted link? >>>> Something else? >>>> >>>> Carter >>>> >>>> >>>> >>>> On 4/8/2015 11:49 AM, Coviello, Paul wrote: >>>>> Let me see so I need to do the following. >>>>>> connect = 192.168.0.1:993 >>>>>> connect = 192.168.20.140:993 >>>>>> connect = 192.168.xx.xxx:993 >>>>>> connect = 192.168.xx.xxy:993 >>>>> Thanks >>>>> Paul >>>>> >>>>> >>>>> -----Original Message----- >>>>> From: stunnel-users [mailto:[email protected]] On >>>>> Behalf Of Ludolf Holzheid >>>>> Sent: Wednesday, April 08, 2015 11:35 AM >>>>> To: [email protected] >>>>> Subject: Re: [stunnel-users] openvms and stunnel >>>>> >>>>> On Wed, 2015-04-08 11:18:43 -0400, Coviello, Paul wrote: >>>>>> Hello >>>>>> >>>>>> I'm trying to setup stunnel 4.20 yes it is an old version but the only >>>>>> one on HP's website for VMS. >>>>>> >>>>>> I need a little help in the conf files. >>>>>> >>>>>> Since I will be using telnet, do I need to put in each machines ip >>>>>> address that will be connecting? So in the example below do I create a >>>>>> listing of connects? >>>>>> >>>>>> [telnet] >>>>>> accept = 999 >>>>>> connect = 192.168.0.1:993 >>>>> Paul, >>>>> >>>>> the configuration above makes stunnel listen on local port 999, accepting >>>>> connections from all IP addresses and forwards the traffic to port 993 of >>>>> the box with IP address 192.168.0.1. >>>>> >>>>> Depending on the 'client = ...' statement, stunnel expects the traffic at >>>>> port 999 to be encrypted (server mode, client = no, default), or at port >>>>> 993 (client mode, client = yes). >>>>> >>>>> Any access control may be implemented via libwrap and (in server mode) >>>>> via restriction of the accepted certificates. >>>>> >>>>> HTH, >>>>> >>>>> Ludolf >>>>> >> -- >> Carter Browne >> [email protected] >> > -- > Carter Browne > [email protected] > -- Carter Browne [email protected] _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
