Stunnel/Debugging: Difference between revisions
From charlesreid1
No edit summary |
No edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
=A Guide to Debugging Stunnel Connections= | |||
==Start with Stunnel== | |||
Debugging stunnel is a lot easier if you can run stunnel in the foreground in one window, and monitor its output activity while you try and connect. This is true of monitoring stunnel on both the client side and the server side. | Debugging stunnel is a lot easier if you can run stunnel in the foreground in one window, and monitor its output activity while you try and connect. This is true of monitoring stunnel on both the client side and the server side. | ||
| Line 21: | Line 25: | ||
==Monitor stunnel log== | |||
check the log via: | |||
<pre> | |||
[remote] $ tail -f /var/log/stunnel4/stunnel.log | |||
</pre> | |||
==Check your ports== | |||
Use nmap to scan the server and verify the external port you specified the stunnel server and client to use (443, or 273, or 8000, or whatever) should show up in the nmap scan as "open". | |||
If you can't reach the server, you might have a firewall issue. Fix the firewall by using iptables. | |||
<pre> | |||
#!/bin/bash | |||
port=443 | |||
iptables -A INPUT -p tcp --dport ${port} -j ACCEPT | |||
iptables -A FORWARD -p tcp -j ACCEPT --dport ${port} -m state --state NEW | |||
</pre> | |||
=Flags= | =Flags= | ||
| Line 28: | Line 52: | ||
{{SSHFlag}} | {{SSHFlag}} | ||
[[ | [[Category:Stunnel.conf]] | ||
Latest revision as of 05:31, 5 April 2017
A Guide to Debugging Stunnel Connections
Start with Stunnel
Debugging stunnel is a lot easier if you can run stunnel in the foreground in one window, and monitor its output activity while you try and connect. This is true of monitoring stunnel on both the client side and the server side.
Just add these two lines to your stunnel.conf:
debug = 7 foreground = yes
Now, when you run the stunnel command, the output will be shown directly on the screen, and you'll be able to monitor what's happening with stunnel when you try and connect.
For example stunnel.conf files, see the following links:
- https://git.charlesreid1.com/docker/d-stunnel
- https://git.charlesreid1.com/rpi/pi-stunnel
- https://git.charlesreid1.com/mac/m-stunnel
There are also some wiki files with config files:
- https://charlesreid1.com/wiki/Stunnel/Rsync
- https://charlesreid1.com/wiki/Stunnel/SSH
- https://charlesreid1.com/wiki/Stunnel/Scp
Monitor stunnel log
check the log via:
[remote] $ tail -f /var/log/stunnel4/stunnel.log
Check your ports
Use nmap to scan the server and verify the external port you specified the stunnel server and client to use (443, or 273, or 8000, or whatever) should show up in the nmap scan as "open".
If you can't reach the server, you might have a firewall issue. Fix the firewall by using iptables.
#!/bin/bash
port=443
iptables -A INPUT -p tcp --dport ${port} -j ACCEPT
iptables -A FORWARD -p tcp -j ACCEPT --dport ${port} -m state --state NEW
Flags
 |
stunnel secure tunnel - create secure encrypted connections on any port to wrap any protocol
Using: Client: Stunnel/Client Server: Stunnel/Server Stunnel Over Docker: Stunnel/Docker Certificates: Stunnel/Certificates
Protocols: Stunnel/Rsync · Stunnel/SSH · Stunnel/Scp · Stunnel/HTTP · Stunnel/OpenVPN
Other Links: RaspberryPi/Headless · RaspberryPi/Reverse SSH Category:Stunnel · Category:SSH · Category:Networking
|
|
ssh secure shell, the most useful tool in unix
Tunnels: Building SSH tunnels: SSH Tunnels Tunnel SSH through HTTPS: Stunnel Tunnel SSH through DNS: Iodine
Raspberry Pi and SSH: RaspberryPi/Headless · RaspberryPi/Reverse SSH RaspberryPi/SSH Stunnel · RaspberryPi/Reverse SSH Stunnel Category:SSH · Category:Networking
Linux and SSH:
Category:SSH · Category:Kali · Category:Networking Flags · Template:SSHFlag · e |