[Cialug] stunnel or something else?

Matthew Nuzum newz at bearfruit.org
Sat Feb 4 01:30:57 CST 2012


Hello, I have a service (mongodb) running on a test-server at my house. I'd
like to be able to connect to it when I'm roaming around. It used to be
that stunnel was the way to do this, I could run it on my laptop wither at
home or remotely and configure my dev environment to connect to the
localhost port that's forwarded using the tunnel. I'm having probs (see
below). So I have a couple questions, is stunnel still the tool for the job
with this? If not, what is suggested, if so, any tips on getting this
working?

Prob:
I've got an Ubuntu 10.04 server and I installed stunnel on it. I created a
pem like this: (and I fixed the perms to make them 0600)

    sudo openssl req -new -x509 -out /etc/ssl/certs/stunnel.pem -keyout
/etc/ssl/certs/stunnel.pem -nodes -days 3650

My config file has the following lines (commented lines left out):
$ egrep -v '^;' /etc/stunnel/stunnel.conf
cert = /etc/ssl/certs/stunnel.pem
sslVersion = SSLv3
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

And enabled stunnel in /etc/default/stunnel4
$ cat /etc/default/stunnel4
ENABLED=1
FILES="/etc/stunnel/*.conf"
OPTIONS=""
PPP_RESTART=0

When I try to start it I get this error:
$ sudo /etc/init.d/stunnel4 start
Starting SSL tunnels: 2012.02.04 07:26:41 LOG7[7851:140676830660352]:
Snagged 64 random bytes from /home/matt/.rnd
2012.02.04 07:26:41 LOG7[7851:140676830660352]: Wrote 1024 new random bytes
to /home/matt/.rnd
2012.02.04 07:26:41 LOG7[7851:140676830660352]: RAND_status claims
sufficient entropy for the PRNG
2012.02.04 07:26:41 LOG7[7851:140676830660352]: PRNG seeded successfully
2012.02.04 07:26:41 LOG7[7851:140676830660352]: Certificate:
/etc/ssl/certs/stunnel.pem
2012.02.04 07:26:41 LOG7[7851:140676830660352]: Certificate loaded
2012.02.04 07:26:41 LOG7[7851:140676830660352]: Key file:
/etc/ssl/certs/stunnel.pem
2012.02.04 07:26:41 LOG7[7851:140676830660352]: Private key loaded
2012.02.04 07:26:41 LOG7[7851:140676830660352]: SSL context initialized for
service stunnel
inetd mode must define a remote host or an executable
[Failed: /etc/stunnel/stunnel.conf]
You should check that you have specified the pid= in you configuration file

-- 
Matthew Nuzum
newz2000 on freenode, skype, linkedin and twitter

♫ You're never fully dressed without a smile! ♫


More information about the Cialug mailing list