I am attempting to run stunnel on my Windows 10 machine to connect to a remote server. After installing and setting up the stunnel.conf file, it looks like everything is configured but the service never starts.
My stunnel.conf looks like this:
output = C:/Temp/Logs/stunnel.log
[SAMPLE]
client = yes
debug = 7
verify = 2
CAfile = C:/Program Files (x86)/stunnel/config/roots.pem
cert= C:/Program Files (x86)/stunnel/config/stunnel.pem
accept = 127.0.0.1:11000
connect = destination.com:5001
verifyChain = yes
However, when I run stunnel as an admin, this is all that appears in the logs:
2022.09.07 16:58:30 LOG5[main]: stunnel 5.65 on x64-pc-mingw32-gnu platform
2022.09.07 16:58:30 LOG5[main]: Compiled/running with OpenSSL 3.0.5 5 Jul 2022
2022.09.07 16:58:30 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,OCSP,PSK,SNI
2022.09.07 16:58:30 LOG5[main]: Reading configuration from file C:\Program Files (x86)\stunnel\config\stunnel.conf
2022.09.07 16:58:30 LOG5[main]: UTF-8 byte order mark detected
2022.09.07 16:58:30 LOG5[main]: FIPS mode disabled
2022.09.07 16:58:31 LOG4[main]: Service [SAMPLE] uses "verifyChain" without subject checks
2022.09.07 16:58:31 LOG4[main]: Use "checkHost" or "checkIP" to restrict trusted certificates
2022.09.07 16:58:31 LOG5[main]: Configuration successful
I have a collegue who has setup their stunnel with an identical stunnel.conf. They get the same lines in the log to start, but afterwards it looks like stunnel spawns a new thread and starts the service. This is what their logs look like:
2022.09.06 11:18:14 LOG5[main]: stunnel 5.65 on x64-pc-mingw32-gnu platform
2022.09.06 11:18:14 LOG5[main]: Compiled/running with OpenSSL 3.0.5 5 Jul 2022
2022.09.06 11:18:14 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,OCSP,PSK,SNI
2022.09.06 11:18:14 LOG5[main]: Reading configuration from file C:\Program Files (x86)\stunnel\config\stunnel.conf
2022.09.06 11:18:14 LOG5[main]: UTF-8 byte order mark detected
2022.09.06 11:18:14 LOG5[main]: FIPS mode disabled
2022.09.06 11:18:28 LOG4[main]: Service [SAMPLE] uses "verifyChain" without subject checks
2022.09.06 11:18:28 LOG4[main]: Use "checkHost" or "checkIP" to restrict trusted certificates
2022.09.06 11:18:28 LOG5[main]: Configuration successful
2022.09.06 11:18:53 LOG7[0]: Service [SAMPLE] started
2022.09.06 11:18:53 LOG7[0]: Setting local socket options (FD=684)
2022.09.06 11:18:53 LOG7[0]: option TCP_NODELAY set on local socket
2022.09.06 11:18:53 LOG7[0]: Service [SAMPLE] accepted connection from 127.0.0.1:52155
...
So we can't see any errors in the logs, or the event viewer, and we are at a loss at what could be causing the different behavior. Is there any way to know what might be causing this difference, or at least rule things out?
Related
Linux Mint 21
Success install openvpn.
OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Now want to connect to remote setup via openvpn.
sudo openvpn Leo.ovpn
but get error:
2022-08-15 09:29:10 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-08-15 09:29:10 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2022-08-15 09:29:10 WARNING: file 'client.key' is group or others accessible
2022-08-15 09:29:10 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
2022-08-15 09:29:10 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2022-08-15 09:29:10 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2022-08-15 09:29:10 OpenSSL: error:0A00018E:SSL routines::ca md too weak
2022-08-15 09:29:10 Cannot load certificate file client.crt
2022-08-15 09:29:10 Exiting due to fatal error
P.S. I check folder. Exist files: client.crt and ca.crt
I'm running an MQTT server mosquitto version 2.0.11 on the same Raspberry Pi Bullseye (3 A+) as both broker and client. I had code working, but understand that one needs to modify a .conf file to get things working. I must still not be understanding something because here's my file:
# I had pid_file /run/mosquitto/mosquitto.pid below, but changed this when docs suggested below should be included if running automatically when device boots, which it will be.
pid_file /var/run/mosquitto/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
listener 1883
allow_anonymous true
Now when I try to run mosquitto like this:
mosquitto -c /etc/mosquitto/conf.d/mosquitto.conf
I get this error:
1637370455: Loading config file /etc/mosquitto/conf.d/mosquitto.conf
1637370455: Error: Duplicate pid_file value in configuration.
1637370455: Error found at /etc/mosquitto/conf.d/mosquitto.conf:7.
1637370455: Error found at /etc/mosquitto/conf.d/mosquitto.conf:14.
Line 7 is the pid_file /var/run/mosquitto/mosquitto.pid
Line 14 is the include_dir /etc/mosquitto/conf.d
I can make basic pub and sub tests with localhost but still no luck with the hostname. Yes I know you should use security but I have an app that controls a robot over local WiFi and want to preserve app usage without changing that component too.
Any help on getting me back on track to getting the Mosquitto broker & client working on the same pi, allowing anonymous access, and running, is much appreciated. I hav gone through the docs, example file, and consulted other tutorials like Steve’s but proper configuration is still unclear. Thx!
Firstly the errors about not being able to open the pid or log files are because you are running mosquitto as a normal user (probably pi). This user does not have permission to read/write to file in /var/run or /var/log hence the failure when you try and run it "manually".
You've not said how you installed 2.0.11, as the default version bundled with Bullseys is still a 1.5.x build. Assuming you used the mosquitto.org repository then the mosquitto service will have been installed and configured. It will automatically pick up the default config file at /etc/mosquitto/mosquitto.conf as should be displayed with:
$ sudo service mosquitto status
● mosquitto.service - Mosquitto MQTT Broker
Loaded: loaded (/lib/systemd/system/mosquitto.service; enabled; vendor preset
Active: active (running) since Sun 2021-10-31 17:28:52 GMT; 2 weeks 5 days ag
Docs: man:mosquitto.conf(5)
man:mosquitto(8)
Process: 499 ExecStartPre=/bin/mkdir -m 740 -p /var/log/mosquitto (code=exited
Process: 505 ExecStartPre=/bin/chown mosquitto /var/log/mosquitto (code=exited
Process: 507 ExecStartPre=/bin/mkdir -m 740 -p /run/mosquitto (code=exited, st
Process: 510 ExecStartPre=/bin/chown mosquitto /run/mosquitto (code=exited, st
Process: 25679 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCE
Main PID: 511 (mosquitto)
Tasks: 1 (limit: 2181)
CGroup: /system.slice/mosquitto.service
└─511 /usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
Nov 19 00:00:10 www systemd[1]: Reloading Mosquitto MQTT Broker.
Nov 19 00:00:10 www systemd[1]: Reloaded Mosquitto MQTT Broker.
Warning: Journal has been rotated since unit was started. Log output is incomple
The simplest way to enable access from other machines is to do the following:
Reset the default config file to as it was when installed
# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example
pid_file /var/run/mosquitto/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
port 1883
include_dir /etc/mosquitto/conf.d
create a new file in /etc/mosquitto/conf.d e.g. called connect.conf
listener 1883
allow_anonymous true
restart the service with sudo service mosquitto restart
I am trying to set up OpenVPN on Ubuntu 20.04. I'm not experienced in this area. After I set up OpenVPN, I perform test connectivity. I received handshake error message:
Sun Jul 26 05:53:17 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]68.228.217.219:1194
Sun Jul 26 05:53:17 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Jul 26 05:53:17 2020 UDP link local: (not bound)
Sun Jul 26 05:53:17 2020 UDP link remote: [AF_INET]My_Public_ISP_IP:1194
Sun Jul 26 05:54:17 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Jul 26 05:54:17 2020 TLS Error: TLS handshake failed
Sun Jul 26 05:54:17 2020 SIGUSR1[soft,tls-error] received, process restarting
Sun Jul 26 05:54:17 2020 Restart pause, 5 second(s)
Then I check to log
journalctl --identifier openvpn
I found two error message I believe why my OpenVPN cannot connect:
This is one of the error messages:
Could not determine IPv4/IPv6 protocol. Using AF_INET
I notice it's using my old client .conf file:
Error Message
My new .conf file is local.ovpn/
I tried removing client conf. sudo rm -vf BigK and replace it with local.ovpn. but it didnt work.
I need help figuring this issue out. i tried researching on my own but i came up short.
UPDATE
After several hours of researching online. the closet post I see helping me is this post https://unix.stackexchange.com/questions/385966/openvpn-error-status-2-and-cant-connect-to-internet-while-usingwhich didn't help.
I checked my client.conf
client
dev tun
proto udp
remote Public_IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
block-outside-dns
verb 3
<ca>
Here is my server.conf
local IP
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
explicit-exit-notify
Here is localvpn.ovpn
client
dev tun
proto udp
remote Public_IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
block-outside-dns
verb 3
I faced the same problem and didn't find any solution. I was looking for another way to connect to OpenVPN server and it helped me.
Ubuntu 20.04 has a default tool for using OpenVPN:
Settings -> Network
Click + icon on one line with the VPN title
Choose Import from file... option and select your .ovpn config file in the popup window
Click Add button and that's it
PS: I hope it will help somebody to save any hours
I have installed pgbouncer. I can't get it started because the directory that houses the .pid file re-generates its own ownership.
2020-07-31 04:58:34.083 EDT [3682] DEBUG loading auth_file: "/etc/pgbouncer/userlist.txt"
2020-07-31 04:58:34.088 EDT [3682] DEBUG pktbuf_dynamic(128): 0x8d52f0
2020-07-31 04:58:34.088 EDT [3682] DEBUG make_room(0x8d52f0, 9): realloc newlen=256
2020-07-31 04:58:34.088 EDT [3682] DEBUG pktbuf_dynamic(128): 0x8d54d0
2020-07-31 04:58:34.089 EDT [3682] FATAL could not open pidfile '/var/run/pgbouncer/pgbouncer.pid': Permission denied
I've set the permissions on /var/run/pgbouncer/ to postgres:postgres after the original installation (forget what those permissions were) and it is still being denied due to permissions. I restart the box and the permissions change back to pgbouncer:pgbouncer. So it seems the package install forms this permissions issue right from the start.
How can I get pgbouncer to work? Any insight appreciated. Cheers
I have ActiveMQ Artemis embedded to WildFly10 (as it comes) and want to monitor it via Hawt.io.
What I did:
ActiveMQ Artemis is configured and running
I dropped hawtio.war to deployment directory.
I dropped builded by maven artemis-plugin with name chanaged just to artemis-plugin.war
I even dropped jolokia.war
I tried with the standalone jar - made a plugin directory and put artemis-plugin.war there.
when I connect to jolokia I get CPU usage (and stuff like that) for WildFly, I can see, via JMX the queue, but still, to success with Artemis.
hawtio doesnot recognize the pluginhawtio doesnot recognize the plugin however it got loaded:
[main] INFO org.eclipse.jetty.webapp.WebAppContext - An Artemis plugin at http://0.0.0.0:8081/artemis-plugin
[main] INFO jetty - Added 3rd party plugin with context-path: /artemis-plugin
Added 3rd party plugin with context-path: /artemis-plugin
I donot have 'Artemis' tab. , going to http://0.0.0.0:8081/artemis-plugin shows me the dir:
Directory: /artemis-plugin/
META-INF/ 4096 bytes Aug 4, 2016 10:41:10 AM
WEB-INF/ 4096 bytes Aug 4, 2016 10:41:10 AM
log4j.properties 215 bytes Aug 3, 2016 3:39:10 PM
plugin/ 4096 bytes Aug 4, 2016 10:41:09 AM
Any ideas?
jmx managment has to be switched on:
<management jmx-enabled="true"/>
source