stunnel dropping first packet

Question

I'm looking to send GELF (Graylog Extended Log Format) log messages from a logstash instance to Graylog. But since the GELF output in logstash does not support TLS I want to use stunnel to encrypt the communication instead.

I have set up a test environment which consists of two stunnels, one client and one server and just a netcat which emulates the receiving end (eventually Graylog). However when I have configured everything and send messages through stunnel, the first data packet is lost. I have captured the traffic using tshark and can see that the data is sent from the source to stunnel, but stunnel just responds with RST and the packet is nowhere to be found, but the second data packet is delivered just fine.

I have tried to connect the stunnel client to an stunnel server, graylog, HAProxy but there is always packet loss.

Stunnel client

verify = 0

chroot = /usr/local/var/run/stunnel/
pid = /stunnel.pid

setuid = nobody
setgid = nobody

socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

debug = 7
output = stunnel.log

client = yes

[test]
accept  = 3333
connect = <server>:7777

Stunnel server

cert = /etc/stunnel/stunnel.pem

verify = 0

chroot = /usr/local/var/run/stunnel/
pid = /stunnel.pid

setuid = nobody
setgid = nobody

[test]
accept  = 7777
connect = 4445

logstash conf

input {
        syslog {
            port => 10514
    }
}
output {
        gelf {
            host => "localhost"
            port => 3333
            protocol => TCP
    }
}

I test it all using:

loggen --rate 1 --interval 1 localhost 10514

Edit

Tshark of the communication:

    No.     Time           Source                Destination           Protocol Length Info
      1 0.000000000    127.0.0.1             127.0.0.1             TCP      883    47016 → 3333 [PSH, ACK] Seq=1 Ack=1 Win=342 Len=815 TSval=193491 TSecr=160751

No.     Time           Source                Destination           Protocol Length Info
      2 0.000028908    127.0.0.1             127.0.0.1             TCP      56     3333 → 47016 [RST] Seq=1 Win=0 Len=0

No.     Time           Source                Destination           Protocol Length Info
      3 1.019395050    127.0.0.1             127.0.0.1             TCP      76     47040 → 3333 [SYN] Seq=0 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=194510 TSecr=0 WS=128

No.     Time           Source                Destination           Protocol Length Info
      4 -1525790179.613104197 127.0.0.1             127.0.0.1             TCP      76     3333 → 47040 [SYN, ACK] Seq=0 Ack=1 Win=43690 Len=0 MSS=65495 SACK_PERM=1 TSval=194510 TSecr=194510 WS=128

No.     Time           Source                Destination           Protocol Length Info
      5 1.019427365    127.0.0.1             127.0.0.1             TCP      68     47040 → 3333 [ACK] Seq=1 Ack=1 Win=43776 Len=0 TSval=194510 TSecr=194510

No.     Time           Source                Destination           Protocol Length Info
      6 1.019725293    127.0.0.1             127.0.0.1             TCP      883    47040 → 3333 [PSH, ACK] Seq=1 Ack=1 Win=43776 Len=815 TSval=194510 TSecr=194510

No.     Time           Source                Destination           Protocol Length Info
      7 1.019733354    127.0.0.1             127.0.0.1             TCP      68     3333 → 47040 [ACK] Seq=1 Ack=816 Win=45440 Len=0 TSval=194510 TSecr=194510

[

Thanks!

Added the communication from tshark. – Sprvn May 18 '18 at 06:47 — Sprvn, May 18 '18 at 06:47

stunnel dropping first packet

0 Answers0