Dheeraj,
Without some more information, it is difficult to answer your question.
With stunnel in client mode, an application sends un-encrypted data to a
port and stunnel encrypts the data and sends it out a second port, e.g.:
[application]
accept = 127.0.0.1:12345
connect = remote:23456
client =yes
If your application is configured to run using port 8228, then you could
have
[application]
accept = 127.0.0.1:8228
connect = 69.191.198.34:8228
client = yes
... (your other parameters go here)
The information you need for the stunnel.conf file are:
1) The host address and port that you are writing to in your program
(can be a local address or any other valid ip address)
2) The remote address and port that you are connecting to (must be
different from (1).
The connection is only active for as long as your program is running (be
it telnet or any other application).
I hope that helps.
Carter Browne
On 6/13/2017 1:21 PM, Dheeraj Gautam wrote:
Hi Browne,
I am not understand like what config I have to do in stunnel config file.
As per application it will trigger 8228 port of remote server, but at
the momen stunnel is working only when I am trying to telnet localhost
on 9233 port.
Nothing is happening when running the application, don’t know what I
am missing as I am the new for stunnel.
Please help to fix this out.
Regards,
Dheeraj Gautam
*From:*stunnel-users [mailto:[email protected]] *On
Behalf Of *Carter Browne
*Sent:* Tuesday, June 13, 2017 10:41 PM
*To:* [email protected]
*Subject:* Re: [stunnel-users] Stunnel Connectivity Issue
Dheeraj,
stunnel will keep the connection open for as long as your applications
keeps it open. When you exit telnet, it closes the connection. I use
stunnel mostly for RDP, VNC and telnet and as long the application is
active, the port is open. You need to have your application open the
local port you want to route via stunnel (in your example
127.0.0.1:9233). As long as your application keeps the connection
open (ignoring such issues as communications failures), stunnel will
maintain the application. Telnet is a great tool for determining
connectivity, but your application is going to have to handle the
connection going forward.
Carter Browne
On 6/13/2017 12:01 PM, Dheeraj Gautam wrote:
Hi Liz,
Thanks for your reply.
Actually we need to run a service which will work only once
stunnel connection establish and the service will work till the
time connection connected.
But at the moment I don’t have idea like how the stunnel will
remain connected.
Could you please suggest me to fix this so that stunnel connection
remain connected and I can run the application.
Waiting for your valuable response.
Regards,
Dheeraj Gautam
*From:*Liz Turi [mailto:[email protected]]
*Sent:* Tuesday, June 13, 2017 9:19 PM
*To:* Dheeraj Gautam <[email protected]>
<mailto:[email protected]>; Małgorzata Olszówka
<[email protected]>
<mailto:[email protected]>
*Cc:* [email protected] <mailto:[email protected]>
*Subject:* RE: [stunnel-users] Stunnel Connectivity Issue
Hi, Dheeraj,
Are you testing the connection with Telnet? Or are you testing
with the application. What I noticed in testing the connection is
that once the command is completed, the connection is closed.
However, when I test from my application, its only closed once all
transactions in that session are completed, and will show how much
data was passed on (following from my logs at the end of a
non-telnet test session.
*2017.06.13 10:16:08 LOG6[1]: Negotiated TLSv1.2 ciphersuite
AES256-GCM-SHA384 (256-bit encryption)*
*2017.06.13 10:16:18 LOG6[1]: Read socket closed (readsocket)*
*2017.06.13 10:16:18 LOG6[1]: SSL_shutdown successfully sent
close_notify alert*
*2017.06.13 10:16:18 LOG6[1]: TLS closed (SSL_read)*
*2017.06.13 10:16:18 LOG5[1]: Connection closed: 2791 byte(s) sent
to TLS, 1641 byte(s) sent to socket*
*Liz Turi*
Sr. Consultant
Massachusetts eHealth Collaborative
860 Winter Street, Waltham, MA 02451
(m) 339-222-6614 (o) 781-907-7204 (f) 781-207-8589
www.maehc.org<http://www.maehc.org>
fb_icon<https://www.facebook.com/massachusettsehealthcollab?fref=nf>li_icon<https://www.linkedin.com/company/massachusetts-ehealth-collaborative?trk=tyah&trkInfo=clickedVertical%3Acompany%2Cidx%3A1-1-1%2CtarId%3A1432746657126%2Ctas%3AMassachusetts+eHEalth>tw_icon<https://twitter.com/MAeHC_org>
*From:*stunnel-users [mailto:[email protected]]
*On Behalf Of *Dheeraj Gautam
*Sent:* Tuesday, June 13, 2017 11:41 AM
*To:* Małgorzata Olszówka <[email protected]
<mailto:[email protected]>>
*Cc:* [email protected] <mailto:[email protected]>
*Subject:* Re: [stunnel-users] Stunnel Connectivity Issue
HI Guys,
below is the config which i have configured with TLSv1.2, but
still connection establishing only for while when i telnet telnet
127.0.0.1 9233. and just after connection closed.
[TCP]
client=yes
cert = BBG_cert.pem
key = BBG_key.pem
verifyChain = yes
CAfile = BBG_CACerts.pem
connect = 69.191.198.34:8228 <http://69.191.198.34:8228>
accept = 127.0.0.1:9233 <http://127.0.0.1:9233>
sslVersion = TLSv1.2
below the logs:
2017.06.13 11:57:49 LOG5[main]: Reading configuration from file
stunnel.conf
2017.06.13 11:57:49 LOG5[main]: UTF-8 byte order mark detected
2017.06.13 11:57:49 LOG5[main]: FIPS mode disabled
2017.06.13 11:57:49 LOG3[main]: Service [TCP]: Each service must
define two endpoints
2017.06.13 11:57:49 LOG3[main]: Failed to reload the configuration
file
2017.06.13 16:37:16 LOG5[main]: Reading configuration from file
stunnel.conf
2017.06.13 16:37:16 LOG5[main]: UTF-8 byte order mark detected
2017.06.13 16:37:16 LOG5[main]: FIPS mode disabled
2017.06.13 16:37:16 LOG4[main]: Service [TCP] uses "verifyChain"
without subject checks
2017.06.13 16:37:16 LOG4[main]: Use "checkHost" or "checkIP" to
restrict trusted certificates
2017.06.13 16:37:16 LOG5[main]: Configuration successful
2017.06.13 16:38:38 LOG5[11]: Service [TCP] accepted connection
from 127.0.0.1:62736 <http://127.0.0.1:62736>
2017.06.13 16:38:38 LOG5[11]: s_connect: connected
69.191.198.34:8228 <http://69.191.198.34:8228>
2017.06.13 16:38:38 LOG5[11]: Service [TCP] connected remote
server from 172.16.1.23:62737 <http://172.16.1.23:62737>
2017.06.13 16:38:39 LOG5[11]: Certificate accepted at depth=0:
C=US, ST=NEW YORK, L=NEW YORK, O=Bloomberg LP, OU=FIXBETA,
CN=fixbeta.bloomberg.com <http://fixbeta.bloomberg.com>,
[email protected] <mailto:[email protected]>
2017.06.13 16:39:10 LOG5[11]: Connection closed: 0 byte(s) sent to
TLS, 0 byte(s) sent to socket
i want connection remained connected every time so that i can run
the application.
application can be work only if the connection remain connected.
please help me to sort this out.
Regards,
Dheeraj Gautam
On 25 May 2017 at 12:29, Małgorzata Olszówka
<[email protected]
<mailto:[email protected]>> wrote:
Could you please let us know what parameters we are
missing here due to which connection is not establishing
with remote server.
Although, stunnel logs indicating that configuration
successful, but in logs no where is mentioned about the
connection is it connected or not,
Hello Dheeraj,
You should set the verifyChain option in order to verify the
certificate stored in the file specified with CAfile:
verifyChain = yes
Then you can test your connection:
telnet 127.0.0.1 9233
the stunnel logs will show information about the connection
attempt.
Regards,
Małgorzata
_______________________________________________
stunnel-users mailing list
[email protected] <mailto:[email protected]>
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
www.arborfs.com <http://www.arborfs.com>
This e-mail and any attachment are confidential and contain
proprietary information, some or all of which may be legally
privileged.
It is intended solely for the use of the individual or entity to
which it is addressed. If you are not the intended recipient,
please notify the author immediately by telephone or by replying
to this e-mail, and then delete all copies of the e-mail on your
system. If you are not the intended recipient, you must not use,
disclose, distribute, copy, print or rely on this e-mail.
Whilst we have taken reasonable precautions to ensure that this
e-mail and any attachment has been checked for viruses, we cannot
guarantee that they are virus free and we cannot accept liability
for any damage sustained as a result of software viruses. We
would advise that you carry out your own virus checks, especially
before opening an attachment.
CONFIDENTIALITY NOTICE
The information contained in this email transmission is legally
privileged and confidential information intended only for the use
of the addressee named above. If the reader of this message is not
the intended recipient you are hereby notified that any
dissemination, distribution or copying of this email transmission
is strictly prohibited. If you have received this email
transmission in error, please notify us immediately. Thank you.
www.arborfs.com <http://www.arborfs.com>
This e-mail and any attachment are confidential and contain
proprietary information, some or all of which may be legally
privileged.
It is intended solely for the use of the individual or entity to
which it is addressed. If you are not the intended recipient,
please notify the author immediately by telephone or by replying
to this e-mail, and then delete all copies of the e-mail on your
system. If you are not the intended recipient, you must not use,
disclose, distribute, copy, print or rely on this e-mail.
Whilst we have taken reasonable precautions to ensure that this
e-mail and any attachment has been checked for viruses, we cannot
guarantee that they are virus free and we cannot accept liability
for any damage sustained as a result of software viruses. We
would advise that you carry out your own virus checks, especially
before opening an attachment.
_______________________________________________
stunnel-users mailing list
[email protected] <mailto:[email protected]>
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
www.arborfs.com <http://www.arborfs.com>
This e-mail and any attachment are confidential and contain
proprietary information, some or all of which may be legally privileged.
It is intended solely for the use of the individual or entity to which
it is addressed. If you are not the intended recipient, please notify
the author immediately by telephone or by replying to this e-mail, and
then delete all copies of the e-mail on your system. If you are not
the intended recipient, you must not use, disclose, distribute, copy,
print or rely on this e-mail.
Whilst we have taken reasonable precautions to ensure that this e-mail
and any attachment has been checked for viruses, we cannot guarantee
that they are virus free and we cannot accept liability for any damage
sustained as a result of software viruses. We would advise that you
carry out your own virus checks, especially before opening an attachment.
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
