LINUX.ORG.RU

Stunnel не шифрует


0

0

Установил я на сервере и клиенте stunnel сгенерил сертификаты все отлично, запускаем, строка запуска на сервере
/usr/local/sbin/stunnel -f -d 2020 -v 2 -D 7 -L /usr/sbin/pppd -- pppd 10.10.0.1: noauth local
и на клиенте
stunnel -p /usr/local/ssl/certs/stunnel.pem -c -r X.X.X.X:2020 -D 7 -L /usr/sbin/pppd -- pppd 10.10.0.2: noauth local
соединение

bash# /usr/local/sbin/stunnel -f -d 2020 -v 2 -D 7 -L /usr/sbin/pppd -- pppd 10.10.0.1: noauth local
2003.11.23 05:20:09 LOG5[8565:1024]: Using 'pppd' as tcpwrapper service name
2003.11.23 05:20:09 LOG7[8565:1024]: Snagged 64 random bytes from /var/tmp/.rnd
2003.11.23 05:20:09 LOG7[8565:1024]: Wrote 1024 new random bytes to /var/tmp/.rnd
2003.11.23 05:20:09 LOG7[8565:1024]: RAND_status claims sufficient entropy for the PRNG
2003.11.23 05:20:09 LOG6[8565:1024]: PRNG seeded successfully
2003.11.23 05:20:09 LOG7[8565:1024]: Certificate: /usr/local/ssl/certs//stunnel.pem
2003.11.23 05:20:09 LOG7[8565:1024]: cert_defaults is 2
2003.11.23 05:20:09 LOG7[8565:1024]: cert_dir is
2003.11.23 05:20:09 LOG7[8565:1024]: cert_file is
2003.11.23 05:20:09 LOG7[8565:1024]: installing defaults where not set
2003.11.23 05:20:09 LOG7[8565:1024]: Set verify directory to /usr/local/ssl/certs/trusted/
2003.11.23 05:20:09 LOG5[8565:1024]: stunnel 3.26 on i586-pc-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.7c 30 Sep 2003
2003.11.23 05:20:09 LOG7[8565:1024]: Created pid file /usr/local/var/stunnel/stunnel.pppd.pid
2003.11.23 05:20:09 LOG5[8565:1024]: FD_SETSIZE=1024, file ulimit=1024 -> 500 clients allowed
2003.11.23 05:20:09 LOG7[8565:1024]: SO_REUSEADDR option set on accept socket
2003.11.23 05:20:09 LOG7[8565:1024]: pppd bound to 0.0.0.0:2020
2003.11.23 05:20:13 LOG7[8565:1024]: pppd accepted FD=6 from X.X.X.X:34814
2003.11.23 05:20:13 LOG7[8567:1026]: pppd started
2003.11.23 05:20:13 LOG5[8567:1026]: pppd connected from X.X.X.X:34814
2003.11.23 05:20:13 LOG7[8567:1026]: Relying on OpenSSL RSA Blinding.
2003.11.23 05:20:13 LOG7[8567:1026]: SSL state (accept): before/accept initialization
2003.11.23 05:20:13 LOG7[8567:1026]: SSL state (accept): SSLv3 read client hello A
2003.11.23 05:20:13 LOG7[8567:1026]: SSL state (accept): SSLv3 write server hello A
2003.11.23 05:20:13 LOG7[8567:1026]: SSL state (accept): SSLv3 write certificate A
2003.11.23 05:20:13 LOG7[8567:1026]: SSL state (accept): SSLv3 write certificate request A
2003.11.23 05:20:13 LOG7[8567:1026]: SSL state (accept): SSLv3 flush data
2003.11.23 05:20:15 LOG5[8567:1026]: VERIFY OK: depth=0, /C=XX/ST=XXXXX/L=XXXXX/O=XXXXXXXXXXXXX/OU=XXXXXXXXXX/CN=XXXX 2003.11.23 05:20:15 LOG7[8567:1026]: SSL state (accept): SSLv3 read client certificate A
2003.11.23 05:20:15 LOG7[8567:1026]: SSL state (accept): SSLv3 read client key exchange A
2003.11.23 05:20:15 LOG7[8567:1026]: SSL state (accept): SSLv3 read certificate verify A
2003.11.23 05:20:15 LOG7[8567:1026]: SSL state (accept): SSLv3 read finished A
2003.11.23 05:20:15 LOG7[8567:1026]: SSL state (accept): SSLv3 write change cipher spec A
2003.11.23 05:20:15 LOG7[8567:1026]: SSL state (accept): SSLv3 write finished A
2003.11.23 05:20:15 LOG7[8567:1026]: SSL state (accept): SSLv3 flush data
2003.11.23 05:20:15 LOG7[8567:1026]:    1 items in the session cache
2003.11.23 05:20:15 LOG7[8567:1026]:    0 client connects (SSL_connect())
2003.11.23 05:20:15 LOG7[8567:1026]:    0 client connects that finished
2003.11.23 05:20:15 LOG7[8567:1026]:    0 client renegotiatations requested
2003.11.23 05:20:15 LOG7[8567:1026]:    1 server connects (SSL_accept())
2003.11.23 05:20:15 LOG7[8567:1026]:    1 server connects that finished
2003.11.23 05:20:15 LOG7[8567:1026]:    0 server renegotiatiations requested
2003.11.23 05:20:15 LOG7[8567:1026]:    0 session cache hits
2003.11.23 05:20:15 LOG7[8567:1026]:    0 session cache misses
2003.11.23 05:20:15 LOG7[8567:1026]:    0 session cache timeouts
2003.11.23 05:20:15 LOG6[8567:1026]: Negotiated ciphers: AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
2003.11.23 05:20:15 LOG7[8567:1026]: /dev/pts/2 allocated
2003.11.23 05:20:15 LOG6[8567:1026]: Local mode child started (PID=8568)
2003.11.23 05:20:15 LOG7[8567:1026]: Remote FD=9 initialized

-------------

Соединились, но когда делаю допустим телнет на 10.10.0.1:51234
там стоит сквид. смотрю tcpdump'om а он мне plain text выдает вот кусок
x0160   0d0a 0d0a 3c21 444f 4354 5950 4520 4854        ....<!DOCTYPE.HT
0x0170   4d4c 2050 5542 4c49 4320 222d 2f2f 5733        ML.PUBLIC."-//W3
0x0180   432f 2f44 5444 2048 544d 4c20 342e 3031        C//DTD.HTML.4.01
0x0190   2054 7261 6e73 6974 696f 6e61 6c2f 2f45        .Transitional//E
0x01a0   4e22 2022 6874 7470 3a2f 2f77 7777 2e77        N"."http://www.w
0x01b0   332e 6f72 672f 5452 2f68 746d 6c34 2f6c        3.org/TR/html4/l
0x01c0   6f6f 7365 2e64 7464 223e 0a3c 4854 4d4c        oose.dtd">.<HTML
0x01d0   3e3c 4845 4144 3e3c 4d45 5441 2048 5454        ><HEAD><META.HTT
0x01e0   502d 4551 5549 563d 2243 6f6e 7465 6e74        P-EQUIV="Content
0x01f0   2d54 7970 6522 2043 4f4e 5445 4e54 3d22        -Type".CONTENT="
0x0200   7465 7874 2f68 746d 6c3b 2063 6861 7273        text/html;.chars
0x0210   6574 3d69 736f 2d38 3835 392d 3122 3e0a        et=iso-8859-1">.
0x0220   3c54 4954 4c45 3e45 5252 4f52 3a20 5468        <TITLE>ERROR:.Th
0x0230   6520 7265 7175 6573 7465 6420 5552 4c20        e.requested.URL.
0x0240   636f 756c 6420 6e6f 7420 6265 2072 6574        could.not.be.ret
0x0250   7269 6576 6564 3c2f 5449 544c 453e 0a3c        rieved</TITLE>.<
0x0260   5354 594c 4520 7479 7065 3d22 7465 7874        STYLE.type="text
0x0270   2f63 7373 223e 3c21 2d2d 424f 4459 7b62        /css"><!--BODY{b
0x0280   6163 6b67 726f 756e 642d 636f 6c6f 723a        ackground-color:
0x0290   2366 6666 6666 663b 666f 6e74 2d66 616d        #ffffff;font-fam

Вопрос, почему он не шифрует? мож че не так сделал?

Спасибо

Извеняюсь, ступил сам, не тот интерфейс снифил, вопрос закрыт

dronchik
() автор топика
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.