No luck, unfortunately.
pppd option is not needed for OpenBSD pppd implementation (no this option
available for pppd).
It seems a client side problem at all. Server side replies to test telnet
connection.
Any ideas?
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Friday, April 12, 2019 7:58 AM, Flo Rance <[email protected]> wrote:
> Hi,
>
> I never did it, but from what I've read, it seems that there's an argument
> missing on the server side.
>
> [ppp]
> exec = /usr/sbin/pppd
> execargs = 10.0.1.1: local debug noauth
>
> should be
>
> [ppp]
> exec = /usr/sbin/pppd
> execargs = pppd local debug noauth 10.0.1.1:
>
> Flo
>
> On Thu, Apr 11, 2019 at 9:53 PM Martin Got <[email protected]> wrote:
>
>> Trying to set up pppd link with stunnel wrapped between two OpenBSD 6.4amd64
>> machines.
>> I use this reference article as an idea:
>> http://bremford.org/tips/QuickStunnelVPN.html
>>
>> While connecting from client's side by command:
>> /usr/sbin/pppd ptypA 10.0.1.2: local debug noauth passive noccp novj
>> novjccomp nopcomp noaccomp name ppp-clnt connect 'stunnel
>> /etc/stunnel/stunnel-client.conf
>>
>> stunnel-client starts, pppd starts on client's end according to
>> stunnel-clnt.log, but has LCP timeouts:
>>
>> # tail stunnel-clnt.log
>> stunnel: LOG5[ui]: Configuration successful
>> pppd[5421]: Connect: ppp2 <--> /dev/ptypA
>> pppd[5421]: LCP: timeout sending Config-Requests
>> pppd[5421]: Connection terminated.
>> pppd[5421]: Connect script failed
>>
>> It seems no pppd pty client connection to stunnel-local nor remote
>> stunnel-server afterwards. But when I tried to connect to stunnel-client
>> port 1723 using telnet:
>> telnet localhost 1723
>> I received pppd advertisements from remote stunnel-server. It seems exec =
>> /usr/sbin/pppd on stunnel-server is running when client's stunnel-client
>> connection appeared.
>>
>> Can it be a problem with pppd and stunnel-client using pty?
>>
>> Please advice.
>>
>> # cat /etc/stunnel/stunnel-server.conf
>>
>> ;chroot = /var/stunnel # chroot is disabled for testing
>> ;setuid = _stunnel # stunnel started by root for testing currently
>> ;setgid = _stunnel
>> ; PID file is created inside the chroot jail (if enabled)
>> ;pid = /stunnel.pid
>> foreground = yes
>> debug = 7
>> ;output = log/stunnel.log # disabled
>> sslVersion = TLSv1.2
>> socket = l:TCP_NODELAY=1
>> socket = r:TCP_NODELAY=1
>> ; Enable support for the insecure SSLv3 protocol
>> ;options = NO_SSLv3
>> options = NO_TLSv1
>> options = NO_TLSv1.1
>> ; Fix for Eudora "error reading network" can be useful for changing packet
>> length
>> options = DONT_INSERT_EMPTY_FRAGMENTS
>> ; These options provide additional security at some performance degradation
>> ;options = SINGLE_ECDH_USE
>> ;options = SINGLE_DH_USE
>>
>> ; *** TLS server mode services
>> [ppp]
>> accept = 723
>> exec = /usr/sbin/pppd
>> execargs = 10.0.1.1: local debug noauth
>> pty = yes
>> CAfile = /etc/stunnel/ca.crt
>> cert = /etc/stunnel/srv.crt
>> key = /etc/stunnel/private/srv.key
>> verifyChain = yes
>> TIMEOUTclose = 45
>>
>> [default]
>> ; HTTP connections
>> ;ciphers = ALL
>> ;options = CIPHER_SERVER_PREFERENCE
>> accept = 1111
>> connect = 127.0.0.1:80
>> CAfile = /etc/stunnel/ca.crt
>> cert = /etc/stunnel/srv.crt
>> key = /etc/stunnel/private/srv.key
>> verifyChain = yes
>> TIMEOUTclose = 0
>>
>> [ntp]
>> connect = 127.0.0.1:123
>> sni = default:ntp
>> CAfile = /etc/stunnel/ca.crt
>> cert = /etc/stunnel/srv.crt
>> key = /etc/stunnel/private/srv.key
>> verifyChain = yes
>> TIMEOUTclose = 0
>> --------------------
>>
>> # cat /etc/stunnel/stunnel-client.conf
>>
>> chroot = /var/stunnel
>> setuid = _stunnel
>> setgid = _stunnel
>> pid = /stunnel-clnt.pid
>> foreground = yes
>> debug = 7
>> ;output = log/stunnel-clnt.log
>> sslVersion = TLSv1.2
>> socket = l:TCP_NODELAY=1
>> socket = r:TCP_NODELAY=1
>> ; Enable support for the insecure SSLv3 protocol
>> ;options = NO_SSLv3
>> options = NO_TLSv1
>> options = NO_TLSv1.1
>> ; Fix for Eudora "error reading network" can be useful for changing packet
>> length
>> options = DONT_INSERT_EMPTY_FRAGMENTS
>> ; These options provide additional security at some performance degradation
>> ;options = SINGLE_ECDH_USE
>> ;options = SINGLE_DH_USE
>>
>> [ppp]
>> client = yes
>> accept = 127.0.0.1:1723 # 'accept' is absent in client's configuration
>> http://bremford.org/tips/QuickStunnelVPN.htmlbut stunnel reports: [!]
>> Service [ppp]: Each service must define two endpoints on stunnel-5.44
>> connect = STUNNEL-SERVER-IP:723
>> CAfile = /etc/stunnel/ca.crt
>> cert = /etc/stunnel/client.crt
>> key = /etc/stunnel/client.key
>> verifyChain = yes
>> checkHost = hostna.me
>> ;checkIP = 1.2.3.4
>> --------------------
>>
>> _______________________________________________
>> stunnel-users mailing list
>> [email protected]
>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
