[Cialug] stunnel or something else?
kristau
kristau at gmail.com
Sat Feb 4 11:29:23 CST 2012
Would ssh tunneling or openvpn work as alternatives?
On Feb 4, 2012 1:31 AM, "Matthew Nuzum" <newz at bearfruit.org> wrote:
> Hello, I have a service (mongodb) running on a test-server at my house. I'd
> like to be able to connect to it when I'm roaming around. It used to be
> that stunnel was the way to do this, I could run it on my laptop wither at
> home or remotely and configure my dev environment to connect to the
> localhost port that's forwarded using the tunnel. I'm having probs (see
> below). So I have a couple questions, is stunnel still the tool for the job
> with this? If not, what is suggested, if so, any tips on getting this
> working?
>
> Prob:
> I've got an Ubuntu 10.04 server and I installed stunnel on it. I created a
> pem like this: (and I fixed the perms to make them 0600)
>
> sudo openssl req -new -x509 -out /etc/ssl/certs/stunnel.pem -keyout
> /etc/ssl/certs/stunnel.pem -nodes -days 3650
>
> My config file has the following lines (commented lines left out):
> $ egrep -v '^;' /etc/stunnel/stunnel.conf
> cert = /etc/ssl/certs/stunnel.pem
> sslVersion = SSLv3
> chroot = /var/lib/stunnel4/
> setuid = stunnel4
> setgid = stunnel4
> pid = /stunnel4.pid
> socket = l:TCP_NODELAY=1
> socket = r:TCP_NODELAY=1
>
> And enabled stunnel in /etc/default/stunnel4
> $ cat /etc/default/stunnel4
> ENABLED=1
> FILES="/etc/stunnel/*.conf"
> OPTIONS=""
> PPP_RESTART=0
>
> When I try to start it I get this error:
> $ sudo /etc/init.d/stunnel4 start
> Starting SSL tunnels: 2012.02.04 07:26:41 LOG7[7851:140676830660352]:
> Snagged 64 random bytes from /home/matt/.rnd
> 2012.02.04 07:26:41 LOG7[7851:140676830660352]: Wrote 1024 new random
> bytes
> to /home/matt/.rnd
> 2012.02.04 07:26:41 LOG7[7851:140676830660352]: RAND_status claims
> sufficient entropy for the PRNG
> 2012.02.04 07:26:41 LOG7[7851:140676830660352]: PRNG seeded successfully
> 2012.02.04 07:26:41 LOG7[7851:140676830660352]: Certificate:
> /etc/ssl/certs/stunnel.pem
> 2012.02.04 07:26:41 LOG7[7851:140676830660352]: Certificate loaded
> 2012.02.04 07:26:41 LOG7[7851:140676830660352]: Key file:
> /etc/ssl/certs/stunnel.pem
> 2012.02.04 07:26:41 LOG7[7851:140676830660352]: Private key loaded
> 2012.02.04 07:26:41 LOG7[7851:140676830660352]: SSL context initialized
> for
> service stunnel
> inetd mode must define a remote host or an executable
> [Failed: /etc/stunnel/stunnel.conf]
> You should check that you have specified the pid= in you configuration file
>
> --
> Matthew Nuzum
> newz2000 on freenode, skype, linkedin and twitter
>
> ♫ You're never fully dressed without a smile! ♫
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
More information about the Cialug
mailing list