Solved

Persistent Connection for Stunnel

Posted on 2007-11-21
6
2,642 Views
Last Modified: 2012-06-27
with Stunnel as the HTTPS SSL proxy I am connecting to a SSL server, with stunnel listening in my localhost on 4800. However, for every connection i make to localhost:4800 it seems to make a new connection to the remote SSL server too.

What I need is that when I run stunnel, it will connect to the remote server and maintain the connection. This same connection will be used for all the rest of the data I send to localhost:4800 and not create a new one.

Is there a setting I can add to make it persistant?

0
Comment
Question by:archerlogic
  • 2
6 Comments
 
LVL 19

Accepted Solution

by:
alextoft earned 500 total points
Comment Utility
stunnel appears to be working as intended.

Perhaps what might be more suitable for your requirements is an IPsec VPN?
0
 
LVL 28

Expert Comment

by:Jan Springer
Comment Utility
ssh -P -f -l 4800:<remote ip>:<remote port> <username>@<ssh host> sleep 10000

so that:

ssh -P -f -l 4800:192.168.1.15:80 me@192.168.1.85 sleep 10000
0
 
LVL 27

Expert Comment

by:Nopius
Comment Utility
Stunnel _can_ keep connection active when 'session' and 'TIMEOUTidle' are specified. man stunnel. But some remote WEB servers close connection after each https:// request.

I just tested this very simple stunnel configuration:

[https]
accept  = 8080
client  = yes
connect = dave.sni.velox.ch:443
session = 300
TIMEOUTclose = 0
TIMEOUTidle = 180

When trying to connect to localhost:8080 and  get any page:
Connected to localhost.
Escape character is '^]'.
GET / HTTP/1.1
Host: dave.sni.velox.ch
Connection: keep-alive

I always get "Connection: close" with subsequent TCP connection close:

HTTP/1.1 200 OK
Date: Thu, 22 Nov 2007 04:05:10 GMT
Server: Apache/2.2
Cache-Control: max-age=0
Expires: Thu, 22 Nov 2007 04:05:10 GMT
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=ISO-8859-1

...

So I guess the problem is not in stunnel, but in remote server, that closes connection and you can do nothing with that.

0
 
LVL 27

Expert Comment

by:Nopius
Comment Utility
Oops, after some more testing with tcpdump I agree with alextoft, new connection to stunnel = new outgong TCP request. When incoming connection closes, outgoing connection also closes. That's logical, otherwise we could use other session, say after someone had authenticated, dropped connection and we connected to the same session and resume connection as that first authenticated user.

0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Cloud connection query 2 65
Office 365 SSL Issues 5 50
can't umount nfs share after server goes offline... 4 65
Backing Up Ipset 9 64
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video discusses moving either the default database or any database to a new volume.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now