0

I created an ssl tunnel that I can connect with ssh, but when I want to connect, I cannot connect

My stunnel.conf

cert = /etc/stunnel/stunnel.pem
client = no
socket = a:SO_REUSEADDR=1
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

[ssh]
accept = 441
connect = 0.0.0.0:22

22 and 441 port(My 443 port is taken so I useing 441)

sudo netstat -tuln | grep :22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN

sudo netstat -tuln | grep :441
tcp        0      0 0.0.0.0:441             0.0.0.0:*               LISTEN

My stunnel status:

sudo systemctl status stunnel4
● stunnel4.service - LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons)
     Loaded: loaded (/etc/init.d/stunnel4; generated)
     Active: active (running) since Thu 2024-09-26 16:21:49 -03; 19min ago
       Docs: man:systemd-sysv-generator(8)
    Process: 3434447 ExecStart=/etc/init.d/stunnel4 start (code=exited, status=0/SUCCESS)
      Tasks: 2 (limit: 38417)
     Memory: 2.5M
        CPU: 21ms
     CGroup: /system.slice/stunnel4.service
             └─3434463 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf

Sep 26 16:21:49 domain.com stunnel[3434461]: LOG5[ui]: Compiled/running with OpenSSL 3.0.2 15 Mar 2022
Sep 26 16:21:49 domain.com stunnel[3434461]: LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,OCSP,PSK,SNI Auth:LIBWRAP
Sep 26 16:21:49 domain.com stunnel[3434461]: LOG5[ui]: Reading configuration from file /etc/stunnel/stunnel.conf
Sep 26 16:21:49 domain.com stunnel[3434461]: LOG5[ui]: UTF-8 byte order mark not detected
Sep 26 16:21:49 domain.com stunnel[3434461]: LOG5[ui]: FIPS mode disabled
Sep 26 16:21:49 domain.com stunnel[3434461]: LOG4[ui]: Insecure file permissions on /etc/stunnel/stunnel.pem
Sep 26 16:21:49 domain.com stunnel4[3434447]: Starting TLS tunnels: /etc/stunnel/stunnel.conf: started (no pid=pidfile specified!)
Sep 26 16:21:49 domain.com stunnel[3434461]: LOG5[ui]: Configuration successful
Sep 26 16:21:49 domain.com stunnel[3434461]: LOG5[ui]: Binding service [ssh] to :::441: Address already in use (98)
Sep 26 16:21:49 domain.com systemd[1]: Started LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons).

I activated ufw permissions but still can't connect

Improve this question
3
  • According to the logs, your :441 is ALSO taken by SOMETHING ELSE. Try netstat -tlnp | grep :441 to see what. (Neither SSL/TLS or SSH uses UDP so you don't need -u but if you want to include it that doesn't hurt.)
    – dave_thompson_085
    Commented Sep 27 at 0:41
  • @dave_thompson_085 I already opened 441, so it seems to be in use netstat -tlnp | grep :441 tcp 0 0 0.0.0.0:441 0.0.0.0:* LISTEN 3434463/stunnel4
    – patdirt
    Commented Sep 27 at 10:30
  • I didn't notice before that you apparently have two different processes -- stunnel and stunnel4. You can't have both of these listening on 441 (or any other single port).
    – dave_thompson_085
    Commented Oct 8 at 5:08

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .