I am using Stunnel to connect to a server with TLS encryption. I start Stunnel, then I use any client to connect to Stunnel (e.g. telnet) and everything works fine.
If I close the client the connection with the server remains active, the connection with the client goes to state TIME_WAIT.
But here is the problem, if I try to open the client again, the connection to Stunnel is lost instantaneously.
What can be the problem?
It was a problem with the server not accepting TSL handsake renegotiation, a feature that comes by default with Stunnel and cannot be changed via configuration.
So I had to modify the source code of stunnel to force it to make the handshake each time the connection is established.
Related
I am running Xdebug extension on PHP webserver (IIS), and VSCode on different development machine.
When I start listening for Xdebug session in VSCode (with Felix Becker's PHP Debug) without proxy, everything works as expected.
Now I am trying to use dbgpProxy because there are multiple devs on the development machine.
I have tried to run dbgpProxy on the webserver and register to it by activating proxy settings in VSCode, but it fails with Connection refused. At the same time, Xdebug connects to the proxy just fine and proxy tries to forward incoming session based on IDE key but of course cannot find it because the registration failed.
So I tried running dbgpProxy on the development machine. This time VSCode registered successfully with the proxy, but when Xdebug tried to connect to the listening proxy, it failed.
I was pretty sure I knew what I was doing, ports were open, everything SHOULD work but it didn't.
It turned out to be a problem in the IP addresses.
I ran the proxy with default settings, which is localhost (127.0.0.1) for both server and client part with respective ports 9000 and 9001. Which was wrong (for my situation).
To listen to the incoming connections from another machine, proxy has to be configured with real IP address of the machine it is running on, otherwise it won't listen.
In my case I have decided to run the proxy on the server, so I run it with just one parameter for the incoming client connections and leave the server parameter default (which is 127.0.0.1:9000 and of course configure XDebug in php.ini to this address and port).
dbgpProxy.exe -i 10.123.54.76:9001
I want to send data with A6 GSM/GPRS module to data.sparkfun.com cloud service. I am using these AT commands:
// Setting up network
AT+CGATT?
AT+CGATT=1
AT+CGDCONT=1,"IP","internet"
AT+CGACT=1,1
AT+CIPSTATUS
AT+CIFSR
// Start the TCP/IP connection to the server
AT+CIPSTART="TCP","54.86.132.254",80 // PROBLEM STARTS HERE
AT+CIPSTATUS
AT+CIPSEND
GET /input/***********?private_key=****************&temp=45.2 HTTP/1.1<cr><lf>Host:data.sparkfun.com<cr><lf>Connection:keep-alive<cr><lf>
^z
When I enter this command AT+CIPSTART="TCP","data.sparkfun.com",80 I will get back CONNECT OK(TCP connection success) and just after that it will automatically close it +TCPCLOSED:0(TCP connection is closed by remote server). There is no time to enter the AT+CIPSEND command because the TCP connection is lost.
I tried to make my own nodejs server but still the same problem.
How to keep the connection alive until I can send data and then close the connection with AT+CIPCLOSE command?
Most probably the solution is very simple.
The AT-Command
AT+CGDCONT=1,"IP","internet"
defines the PDP context and I guess the "internet" was just a generic value and you might have to replace it by the APN of your mobile network provider.
I'm new to RADIUS, servers, and the like. There doesn't seem to be that much documentation on FreeRadius, and I need to get FreeRadius server (3.0.8) running RADSEC for test purposes.
I moved etc/raddb/sites-available/tls to etc/raddb/sites-enabled/ in order to enable "RADSEC".
Questions:
I understand that I need to have a server certificate as well as a public key. I am wondering on if I could get a fake certificate/key just for testing.
Also I'm not sure how I can test the actual server, there's the radtest command (I've been trying to run radtest -P tcp -x testing password 127.0.0.1:2083 10 testing123 but it's returns:
... new connection request on TCP socket
Listening on auth+acct from client (127.0.0.1, 40542) -> (*, 2083, virtual-server=default)
Waking up in 0.4 seconds.
(0) Initiating new EAP-TLS session
(0) Setting verify mode to require certificate from client
(0) Non-TLS data sent to TLS socket: closing
Closing TLS socket from client port 40542
Client has closed connection
... shutting down socket auth+acct from client (127.0.0.1, 40542) -> (*, 2083, virtual-server=default)
Waking up in 2.9 seconds.
... cleaning up socket auth+acct from client (127.0.0.1, 40542) -> (*, 2083, virtual-server=default)
Ready to process requests
Do I need to set up another server as a client so that they can perform the TLS negotiation? And once I do that, how do I get that server to communicate with this RADSEC server?
radtest is attempting a non TLS connect to the server. And thats the reason you are seeing that the server disconnects the connection immediately.
You can explore radsecproxy. It supports TLS (RadSec), as well as RADIUS over TCP. So it can happen as intermediary for the non TLS client and TLS server.
I'm using TURN server and I want to use TLS when authenticating with TURN server but turn it off when it starts acting as relay server. how is this possible? it gives "connection reset" error as soon as I start transmitting unencrypted text
Thanks
Socket Server with SSLStream some times refuses new connections from clients.
I used the telent hostname port, and it says Connecting To host...
Could not open connection to the host, on port 6002: Connect failed
I used netstat -a , and I see TCP status as
TCP 0.0.0.0:6002 host:0 LISTENING
I also see the service as listening in tcpview too.
The error I see on client side is connection refused with error code 10061.
The same socket server was accepting new connections and just runs fine without any issues.But after some time the above issue happens.its random.
When I restart the sockets it just works fine and accepts conenctions, which I don;t want to do it frequently.becasue this disconnects clients, who are already connected.
Could somebody help me to trouble shoot this?
Thanks.
Where are you running netstat? On the server?
Try connecting to the socket from localhost (from the server itself) using the destination IP address 127.0.0.1
Do the same test with the network IP of the server.
My guess is that the firewall is preventing external access or a router in between is preventing the connection.
It works for a while and then stops. Few options I can think of:
Some firewall on the way does some kind of throttling
You open and close too many connections too quickly. In this case you exhaust the ephemeral ports on the client (usually) and/or on the server. If you do netstat -a you will see a lot of sockets in TIME_WAIT state, try this both on client and server. Solution here is to reuse connections (best). Or increase the number of ephemeral ports (registry setting). But this will take you only so far.
You have a bug in your server and it stops accepting new connections after a while.