rejetto forum

Urgent Help for stunnel squid please

smartchain · 3 · 3578
« previous next »
Pages: 1

0 Members and 1 Guest are viewing this topic.

Offline smartchain

  • Occasional poster
  • *
    • Posts: 2
    • View Profile
on: August 03, 2009, 07:54:13 AM
Can anyone help me to solve this problem:(

Code: [Select]
2009.08.04 12:15:52 LOG7[16648:16960]: Snagged 64 random bytes from C:/.rnd
2009.08.04 12:15:52 LOG7[16648:16960]: Wrote 1024 new random bytes to C:/.rnd
2009.08.04 12:15:52 LOG7[16648:16960]: RAND_status claims sufficient entropy for the PRNG
2009.08.04 12:15:52 LOG7[16648:16960]: PRNG seeded successfully
2009.08.04 12:15:52 LOG7[16648:16960]: Certificate: stunnel.pem
2009.08.04 12:15:52 LOG7[16648:16960]: Certificate loaded
2009.08.04 12:15:52 LOG7[16648:16960]: Key file: stunnel.pem
2009.08.04 12:15:52 LOG7[16648:16960]: Private key loaded
2009.08.04 12:15:52 LOG7[16648:16960]: SSL context initialized for service proxy
2009.08.04 12:15:52 LOG7[16648:16960]: Certificate: stunnel.pem
2009.08.04 12:15:52 LOG7[16648:16960]: Certificate loaded
2009.08.04 12:15:52 LOG7[16648:16960]: Key file: stunnel.pem
2009.08.04 12:15:52 LOG7[16648:16960]: Private key loaded
2009.08.04 12:15:52 LOG7[16648:16960]: SSL context initialized for service https
2009.08.04 12:15:52 LOG5[16648:16960]: stunnel 4.26 on x86-pc-mingw32-gnu with OpenSSL 0.9.8i 15 Sep 2008
2009.08.04 12:15:52 LOG5[16648:16960]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6
2009.08.04 12:15:52 LOG5[16648:22996]: No limit detected for the number of clients
2009.08.04 12:15:52 LOG7[16648:22996]: FD 308 in non-blocking mode
2009.08.04 12:15:52 LOG7[16648:22996]: SO_REUSEADDR option set on accept socket
2009.08.04 12:15:52 LOG7[16648:22996]: proxy bound to 127.0.0.1:8080
2009.08.04 12:15:52 LOG7[16648:22996]: FD 316 in non-blocking mode
2009.08.04 12:15:52 LOG7[16648:22996]: SO_REUSEADDR option set on accept socket
2009.08.04 12:15:52 LOG7[16648:22996]: https bound to 0.0.0.0:443
2009.08.04 12:15:55 LOG7[16648:22996]: proxy accepted FD=320 from 127.0.0.1:48086
2009.08.04 12:15:55 LOG7[16648:22996]: Creating a new thread
2009.08.04 12:15:55 LOG7[16648:22996]: New thread created
2009.08.04 12:15:55 LOG7[16648:8540]: proxy started
2009.08.04 12:15:55 LOG7[16648:8540]: FD 320 in non-blocking mode
2009.08.04 12:15:55 LOG7[16648:8540]: TCP_NODELAY option set on local socket
2009.08.04 12:15:55 LOG5[16648:8540]: proxy accepted connection from 127.0.0.1:48086
2009.08.04 12:15:55 LOG7[16648:8540]: FD 340 in non-blocking mode
2009.08.04 12:15:55 LOG7[16648:8540]: proxy connecting 89.149.253.125:8080
2009.08.04 12:15:55 LOG7[16648:8540]: connect_wait: waiting 10 seconds
2009.08.04 12:15:56 LOG7[16648:8540]: connect_wait: connected
2009.08.04 12:15:56 LOG5[16648:8540]: proxy connected remote server from 192.168.2.3:48088
2009.08.04 12:15:56 LOG7[16648:8540]: Remote FD=340 initialized
2009.08.04 12:15:56 LOG7[16648:8540]: TCP_NODELAY option set on remote socket
2009.08.04 12:15:56 LOG7[16648:8540]: SSL state (connect): before/connect initialization
2009.08.04 12:15:56 LOG7[16648:8540]: SSL state (connect): SSLv3 write client hello A
2009.08.04 12:15:56 LOG7[16648:8540]: SSL state (connect): SSLv3 read server hello A
2009.08.04 12:15:57 LOG7[16648:8540]: SSL state (connect): SSLv3 read server certificate A
2009.08.04 12:15:57 LOG7[16648:8540]: SSL state (connect): SSLv3 read server done A
2009.08.04 12:15:57 LOG7[16648:8540]: SSL state (connect): SSLv3 write client key exchange A
2009.08.04 12:15:57 LOG7[16648:8540]: SSL state (connect): SSLv3 write change cipher spec A
2009.08.04 12:15:57 LOG7[16648:8540]: SSL state (connect): SSLv3 write finished A
2009.08.04 12:15:57 LOG7[16648:8540]: SSL state (connect): SSLv3 flush data
2009.08.04 12:15:57 LOG7[16648:8540]: SSL state (connect): SSLv3 read finished A
2009.08.04 12:15:57 LOG7[16648:8540]:    1 items in the session cache
2009.08.04 12:15:57 LOG7[16648:8540]:    1 client connects (SSL_connect())
2009.08.04 12:15:57 LOG7[16648:8540]:    1 client connects that finished
2009.08.04 12:15:57 LOG7[16648:8540]:    0 client renegotiations requested
2009.08.04 12:15:57 LOG7[16648:8540]:    0 server connects (SSL_accept())
2009.08.04 12:15:57 LOG7[16648:8540]:    0 server connects that finished
2009.08.04 12:15:57 LOG7[16648:8540]:    0 server renegotiations requested
2009.08.04 12:15:57 LOG7[16648:8540]:    0 session cache hits
2009.08.04 12:15:57 LOG7[16648:8540]:    0 session cache misses
2009.08.04 12:15:57 LOG7[16648:8540]:    0 session cache timeouts
2009.08.04 12:15:57 LOG6[16648:8540]: SSL connected: new session negotiated
2009.08.04 12:15:57 LOG6[16648:8540]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
2009.08.04 12:16:05 LOG7[16648:8540]: Socket closed on read
2009.08.04 12:16:05 LOG7[16648:8540]: SSL write shutdown
2009.08.04 12:16:05 LOG7[16648:8540]: SSL alert (write): warning: close notify
2009.08.04 12:16:05 LOG6[16648:8540]: SSL socket closed on SSL_shutdown
2009.08.04 12:16:05 LOG7[16648:8540]: Socket write shutdown
2009.08.04 12:16:05 LOG5[16648:8540]: Connection closed: 3 bytes sent to SSL, 0 bytes sent to socket
2009.08.04 12:16:05 LOG7[16648:8540]: proxy finished (0 left)


I paste exact stunnel.pem from /etc/stunnel to G:\Program Files\stunnel

My /etc/stunnel/stunnel.conf:
Code: [Select]
cert = /etc/stunnel/stunnel.pem
chroot = /var/run/stunnel/
pid = /stunnel.pid
setuid = nobody
setgid = nobody

[squid]
# Ensure the .connect. line matches your squid port. Default is 3128
accept = 8080
connect = 127.0.0.1:3128


My clinet G:\Program Files\stunnelstunnel.conf:

Code: [Select]
; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular configuration

; Certificate/key is needed in server mode and optional in client mode
; The default certificate is provided only for testing and should not
; be used in a production environment
cert = stunnel.pem
;key = stunnel.pem

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
;CApath = certs
; It's often easier to use CAfile
;CAfile = certs.pem
; Don't forget to c_rehash CRLpath
;CRLpath = crls
; Alternatively you can use CRLfile
;CRLfile = crls.pem

; Some debugging stuff useful for troubleshooting
debug = 7
;output = stunnel.log

; Use it for client mode
;client = yes

; Service-level configuration
client = yes

[proxy]
accept = 127.0.0.1:8080
connect = 89.149.253.125:8080

;[pop3s]
;accept  = 995
;connect = 110

;[imaps]
;accept  = 993
;connect = 143

;[ssmtp]
;accept  = 465
;connect = 25

[https]
accept  = 443
connect = 8080
TIMEOUTclose = 0

; vim:ft=dosini


The article which I used to setup:
http://www.ultranetsolutions.com/Encrypted-browsing-squid-stunnel-with-PAM-Auth.html

Offline smartchain

  • Occasional poster
  • *
    • Posts: 2
    • View Profile
Reply #1 on: August 05, 2009, 07:02:08 AM
thanks for your helps!

Offline SilentPliz

  • Operator
  • Tireless poster
  • *****
    • Posts: 1298
  • ....... chut ! shh!
    • View Profile
Reply #2 on: August 05, 2009, 09:35:25 AM
   
Welcome smartchain!

I see some irony in your second message. (?)

Perhaps would you had any answers if you asked a clear question.

I see some configuration files of Stunnel with links Linux and Windows, you cite an article that helped you ... a tutorial under Mandriva.

You refers to the squid proxy server.
It's a little blur.

Here is the forum of HFS, not Stunnel or squid forum.

You try running HFS and stunnel via squid?

Explain your problem clearly ... You'll have answers.


If it is a problem of language, there is a Russian language forum here:

http://www.rejetto.com/forum/index.php?board=37.0
« Last Edit: August 05, 2009, 11:00:34 AM by SilentPliz »

Pages: 1