[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[leafnode-list] Re: leafnode and stunnel

Nick C wrote:
> On 15.10.2005 13:09, Matthias Andree wrote:
>>Chances are you have upgraded from stunnel 3.x to stunnel 4.x and you
>>need to adjust your stunnel.conf to the new format. Just guessing,
>>because I don't use Ubuntu, I only know it's Debian based.
>>Can you show your stunnel.conf? (show only the relevant parts if there
>>is lot of commentary in that file)
> And I really do not know what are the differences between old config file
> and the new one. During the dist-upgrade process, when some program wants
> to install a new version of the *.conf file, it asks user would he or she
> keep the old one or install the new one.
> The situation with my Ubuntu disto is that I already had stunnel custom
> build (./configure && make) by me, and I had stunnel.conf file in
> /usr/local/etc/stunnel/ and when dist-upgrade process started to upgrade
> stunnel package it simple did not replaced or just asked to replace
> stunnel.conf in /usr/local/etc/stunnel/ because, that's not the place to
> keep conf files :-). So then, I made a /etc/stunnel/ directory and put
> stunnel.conf from /usr/local/etc/stunnel/ to /etc/stunnel/. That why now I
> have the old conf file. Do you know how the new one looks, so that I can
> make a change in this one? Thanks.

Revisiting your former error messages, I think you may be running
stunnel v3, or the v3-wrapper for v4, whereas your configuration file
should be fit for stunnel v4 AFAICT.  stunnel v4 has no -l, -r or
similar options, that's what rang the bell. Perhaps it might be helpful
to see which stunnel version exactly is installed, or trying to install
stunnel 4.12 (be sure to use the right --prefix option that matches your

I am running stunnel standalone (not from inetd) for the _server_ side,
and my configuration is at the end of this message, although probably
not helpful to you (but perhaps to others).

My client side is Mozilla Thunderbird 1.0.7 at the moment, which has SSL
built-in. (I would normally use Gnus, but I did't want to go through the
hassle of configuring it on Winbloze. I'm abroad and Linux lacks just
too many drivers for this centrino-based Sony notebook that I borrowed,
so I'm stuck with Windows + Cygwin for the nonce.)

> pid = /stunnel.pid
> setuid = nobody
> setgid = nogroup

> client = yes
> # Service-level configuration
> # [nntps]
> # accept = 563
> connect = secnews.netscape.com:563

Looks correct for v4, the [service] is commented out, and no accept
statements are used (also commented out).

My server-side configuration for standalone stunnel with leafnode-2 (I
use the regular /etc/init.d/stunnel start script that ships with SUSE
Linux 9.3) is essentially this:

client = no
pid = /var/run/stunnel.pid
cert = /etc/stunnel/stunnel.pem
accept = 563
exec = /usr/local/sbin/leafnode
execargs = leafnode -F /etc/leafnode/config.passwd

where config.passwd is just a copy of my regular /etc/leafnode/config
with "authenticate=internal" set, and, unlike port 119 (which is
firewalled), port 563 is accessible from the outside.

leafnode-list mailing list