3

I am trying to setup stunnel to encrypt traffic from rsyslog (using the relp protocol), but whenever I try starting stunnel and sending logs to the remote server, i get the following:

    Remote socket (FD=13) closed
    Feb 15 01:25:55 ruby stunnel: LOG7[26750:140598316271360]: Local socket (FD=3) closed
    Feb 15 01:25:55 ruby stunnel: LOG7[26750:140598316271360]: Service [ssyslog] finished (0 left)
Feb 15 01:25:55 ruby stunnel: LOG7[26750:140598316320512]: Service [ssyslog] accepted (FD=3) from 127.0.0.1:42481
Feb 15 01:25:55 ruby stunnel: LOG7[26750:140598316271360]: Service [ssyslog] started
Feb 15 01:25:55 ruby stunnel: LOG7[26750:140598316271360]: Waiting for a libwrap process
Feb 15 01:25:55 ruby stunnel: LOG7[26750:140598316271360]: Acquired libwrap process #0
Feb 15 01:25:55 ruby stunnel: LOG7[26750:140598316271360]: Releasing libwrap process #0
Feb 15 01:25:55 ruby stunnel: LOG7[26750:140598316271360]: Released libwrap process #0
Feb 15 01:25:55 ruby stunnel: LOG7[26750:140598316271360]: Service [ssyslog] permitted by libwrap from 127.0.0.1:42481
Feb 15 01:25:55 ruby stunnel: LOG5[26750:140598316271360]: Service [ssyslog] accepted connection from 127.0.0.1:42481
Feb 15 01:25:55 ruby stunnel: LOG6[26750:140598316271360]: connect_blocking: connecting 98.235.203.58:60514
Feb 15 01:25:55 ruby stunnel: LOG7[26750:140598316271360]: connect_blocking: s_poll_wait 98.235.203.58:60514: waiting 10 seconds
Feb 15 01:25:55 ruby stunnel: LOG5[26750:140598316271360]: connect_blocking: connected 98.235.203.58:60514
Feb 15 01:25:55 ruby stunnel: LOG5[26750:140598316271360]: Service [ssyslog] connected remote server from 78.46.65.138:43235
Feb 15 01:25:55 ruby stunnel: LOG7[26750:140598316271360]: Remote socket (FD=13) initialized
Feb 15 01:25:55 ruby stunnel: LOG7[26750:140598316271360]: SNI: host name: xx.xx.xx.xx
Feb 15 01:25:55 ruby stunnel: LOG3[26750:140598316271360]: SSL_connect: Peer suddenly disconnected
Feb 15 01:25:55 ruby stunnel: LOG5[26750:140598316271360]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket

over and over again in rapid succession, would anyone know how I could figure out what is causing this to happen? I've been trying to figure this out for the last few hours, but have not clue what to do at this points

PersianGulf
  • 596
  • 6
  • 21
lacrosse1991
  • 1,407
  • 5
  • 19
  • 24
  • `SSL_connect: Peer suddenly disconnected` your peer doesn't like you? Do you have any ability to get some useful diagnostic information out of your peer? – Zoredache Feb 15 '13 at 01:31
  • @Zoredache ok, after much cussing and fruitless searching on google, I was able to find out what it was. Not sure if I was just being an idiot, or if this is something that is normal, but the remote server was listening on a port (say for 60000 for instance) but for some reason, even when I had told the client to connect to 60000, it kept trying to connect to 60001 instead, so I simply had to tell the client to connect to port 59999 and it worked perfectly :) would you know if that is normal occurrence by any chance? – lacrosse1991 Feb 15 '13 at 05:34

2 Answers2

1

ok, after much cussing and fruitless searching on google, I was able to find out what it was. Not sure if I was just being an idiot, or if this is something that is normal, but the remote server was listening on a port (say for 60000 for instance) but for some reason, even when I had told the client to connect to 60000, it kept trying to connect to 60001 instead, so I simply had to tell the client to connect to port 59999 and it worked perfectly :)

lacrosse1991
  • 1,407
  • 5
  • 19
  • 24
  • This problem is caused by the remote server not listening on the right port for stunnel - it's either configured incorrectly, or stunnel is not implemented on the remote server. By default, stunnel listens on the original port of a service, but uses one port number higher to establish the secure channel - kinda like how HTTP is port 80, but HTTPS is port 443. By decrementing the port number in your client's config, you're tricking it into talking on the original service port - that connection might not be secure. – Mark Tabler Jun 15 '16 at 23:28
-3

EDIT:Not applicable here, but if you stumble on this thread while trying to debug a similar issue for http/https: Ensure that you put in https and not http in the browser/client. Stunnel does not do a automatic redirect to https when someone goes to http

Community
  • 1
norootsquash
  • 29