Não é possível conectar-se ao STunnel quando ele está sendo executado como um serviço

Navegue suas respostas
1

Eu tenho o STunnel configurado para fazer proxy de solicitações POP3 não SSL para o GMail na porta 111. Isso está funcionando bem quando o STunnel está sendo executado como um aplicativo de desktop, mas quando eu executo o serviço STunnel, não consigo me conectar à porta 111 na máquina (usando o Outlook Express, por exemplo).

O arquivo de log Stunnel mostra que a ligação da porta está sendo bem-sucedida, mas nunca vê uma conexão. Há algo impedindo a conexão a essa porta quando o STunnel está sendo executado como um serviço?

Aqui está stunnel.conf 

cert = stunnel.pem

; Some performance tunings  
socket = l:TCP_NODELAY=1  
socket = r:TCP_NODELAY=1  

; Some debugging stuff useful for troubleshooting  
debug = 7  
output = stunnel.log  

; Use it for client mode  
client = yes

; Service-level configuration

[gmail]  
accept = 127.0.0.1:111  
connect = pop.gmail.com:995

stunnel.log do serviço 

2010.10.07 12:14:22 LOG5[80444:72984]: Reading configuration from file stunnel.conf  
2010.10.07 12:14:22 LOG7[80444:72984]: Snagged 64 random bytes from C:/.rnd  
2010.10.07 12:14:23 LOG7[80444:72984]: Wrote 1024 new random bytes to C:/.rnd  
2010.10.07 12:14:23 LOG7[80444:72984]: PRNG seeded successfully  
2010.10.07 12:14:23 LOG7[80444:72984]: Certificate: stunnel.pem  
2010.10.07 12:14:23 LOG7[80444:72984]: Certificate loaded  
2010.10.07 12:14:23 LOG7[80444:72984]: Key file: stunnel.pem  
2010.10.07 12:14:23 LOG7[80444:72984]: Private key loaded  
2010.10.07 12:14:23 LOG7[80444:72984]: SSL context initialized for service gmail  
2010.10.07 12:14:23 LOG5[80444:72984]: Configuration successful  
2010.10.07 12:14:23 LOG5[80444:72984]: No limit detected for the number of clients  
2010.10.07 12:14:23 LOG7[80444:72984]: FD=156 in non-blocking mode  
2010.10.07 12:14:23 LOG7[80444:72984]: Option SO_REUSEADDR set on accept socket  
2010.10.07 12:14:23 LOG7[80444:72984]: Service gmail bound to 0.0.0.0:111  
2010.10.07 12:14:23 LOG7[80444:72984]: Service gmail opened FD=156  
2010.10.07 12:14:23 LOG5[80444:72984]: stunnel 4.34 on x86-pc-mingw32-gnu with OpenSSL 1.0.0a 1 Jun 2010  
2010.10.07 12:14:23 LOG5[80444:72984]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6

stunnel.log do processo de desktop (trabalho) 

2010.10.07 12:10:31 LOG5[80824:81200]: Reading configuration from file stunnel.conf  
2010.10.07 12:10:31 LOG7[80824:81200]: Snagged 64 random bytes from C:/.rnd  
2010.10.07 12:10:32 LOG7[80824:81200]: Wrote 1024 new random bytes to C:/.rnd  
2010.10.07 12:10:32 LOG7[80824:81200]: PRNG seeded successfully  
2010.10.07 12:10:32 LOG7[80824:81200]: Certificate: stunnel.pem  
2010.10.07 12:10:32 LOG7[80824:81200]: Certificate loaded  
2010.10.07 12:10:32 LOG7[80824:81200]: Key file: stunnel.pem  
2010.10.07 12:10:32 LOG7[80824:81200]: Private key loaded  
2010.10.07 12:10:32 LOG7[80824:81200]: SSL context initialized for service gmail  
2010.10.07 12:10:32 LOG5[80824:81200]: Configuration successful  
2010.10.07 12:10:32 LOG5[80824:81200]: No limit detected for the number of clients  
2010.10.07 12:10:32 LOG7[80824:81200]: FD=156 in non-blocking mode  
2010.10.07 12:10:32 LOG7[80824:81200]: Option SO_REUSEADDR set on accept socket  
2010.10.07 12:10:32 LOG7[80824:81200]: Service gmail bound to 0.0.0.0:111  
2010.10.07 12:10:32 LOG7[80824:81200]: Service gmail opened FD=156  
2010.10.07 12:10:33 LOG5[80824:81200]: stunnel 4.34 on x86-pc-mingw32-gnu with OpenSSL 1.0.0a 1 Jun 2010  
2010.10.07 12:10:33 LOG5[80824:81200]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6  
2010.10.07 12:10:33 LOG7[80824:81844]: Service gmail accepted FD=188 from 127.0.0.1:24813  
2010.10.07 12:10:33 LOG7[80824:81844]: Creating a new thread  
2010.10.07 12:10:33 LOG7[80824:81844]: New thread created  
2010.10.07 12:10:33 LOG7[80824:25144]: Service gmail started  
2010.10.07 12:10:33 LOG7[80824:25144]: FD=188 in non-blocking mode  
2010.10.07 12:10:33 LOG7[80824:25144]: Option TCP_NODELAY set on local socket  
2010.10.07 12:10:33 LOG5[80824:25144]: Service gmail accepted connection from 127.0.0.1:24813  
2010.10.07 12:10:33 LOG7[80824:25144]: FD=212 in non-blocking mode  
2010.10.07 12:10:33 LOG6[80824:25144]: connect_blocking: connecting 209.85.227.109:995  
2010.10.07 12:10:33 LOG7[80824:25144]: connect_blocking: s_poll_wait 209.85.227.109:995: waiting 10 seconds  
2010.10.07 12:10:33 LOG5[80824:25144]: connect_blocking: connected 209.85.227.109:995  
2010.10.07 12:10:33 LOG5[80824:25144]: Service gmail connected remote server from 192.168.1.9:24814  
2010.10.07 12:10:33 LOG7[80824:25144]: Remote FD=212 initialized  
2010.10.07 12:10:33 LOG7[80824:25144]: Option TCP_NODELAY set on remote socket  
2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): before/connect initialization  
2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 write client hello A  
2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 read server hello A  
2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 read server certificate A  
2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 read server done A  
2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 write client key exchange A  
2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 write change cipher spec A  
2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 write finished A  
2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 flush data  
2010.10.07 12:10:33 LOG7[80824:25144]: SSL state (connect): SSLv3 read finished A  
2010.10.07 12:10:33 LOG7[80824:25144]:    1 items in the session cache  
2010.10.07 12:10:33 LOG7[80824:25144]:    1 client connects (SSL_connect())  
2010.10.07 12:10:33 LOG7[80824:25144]:    1 client connects that finished  
2010.10.07 12:10:33 LOG7[80824:25144]:    0 client renegotiations requested  
2010.10.07 12:10:33 LOG7[80824:25144]:    0 server connects (SSL_accept())  
2010.10.07 12:10:33 LOG7[80824:25144]:    0 server connects that finished  
2010.10.07 12:10:33 LOG7[80824:25144]:    0 server renegotiations requested  
2010.10.07 12:10:33 LOG7[80824:25144]:    0 session cache hits  
2010.10.07 12:10:33 LOG7[80824:25144]:    0 external session cache hits  
2010.10.07 12:10:33 LOG7[80824:25144]:    0 session cache misses  
2010.10.07 12:10:33 LOG7[80824:25144]:    0 session cache timeouts  
2010.10.07 12:10:33 LOG6[80824:25144]: SSL connected: new session negotiated  
2010.10.07 12:10:33 LOG6[80824:25144]: Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5   
2010.10.07 12:10:34 LOG7[80824:25144]: SSL socket closed on SSL_read  
2010.10.07 12:10:34 LOG7[80824:25144]: Sending socket write shutdown  
2010.10.07 12:10:34 LOG5[80824:25144]: Connection closed: 53 bytes sent to SSL, 118 bytes sent to socket  
2010.10.07 12:10:34 LOG7[80824:25144]: Service gmail finished (0 left)
    
por John Francis 06.10.2010 / 12:07

2 respostas

1

Eu tive o mesmo problema em um servidor de datacenter W2003 x64 (um servidor virtual). Desligar o firefall do Windows não resolveu o problema. Uma coisa me fez pensar: o serviço não apareceu na lista services.msc.

Depois de adicionar serviço = stunnel para o conf-arquivo, parecia funcionar.

Depois reiniciei o servidor e não funcionou novamente. Eu entrei, reiniciei o serviço via services.msc e funcionou novamente. Coisa realmente estranha.

    
por 15.02.2011 / 16:18
0

Tente colocar: 

foreground = yes

lá.

O "stunnel.log" contém algo que você possa postar?

    
por 07.10.2010 / 12:57

Tags

Atualização do MS10-070 para o 2003 R2 SP1 Como direcionar a autenticação básica do Apache via SSL?