Ubuntu

無法在 Ubuntu 15.04 上啟動 stunnel4

  • August 27, 2015

在 Ubuntu 15.04 上啟動 stunnel4 服務時出現以下錯誤:

root@scw-d91ec7:~# service stunnel4 start
Job for stunnel4.service failed. See "systemctl status stunnel4.service" and "journalctl -xe" for details.

root@scw-d91ec7:~# systemctl status stunnel4.service
● stunnel4.service - LSB: Start or stop stunnel 4.x (SSL tunnel for network daemons)
  Loaded: loaded (/etc/init.d/stunnel4)
  Active: failed (Result: exit-code) since Mon 2015-08-24 17:03:25 UTC; 11s ago
    Docs: man:systemd-sysv-generator(8)
 Process: 2869 ExecStart=/etc/init.d/stunnel4 start (code=exited, status=1/FAILURE)

Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [!] Error binding service [ssh] to 212.43.222.123:443
Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [!] bind: Cannot assign requested address (99)
Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [ ] Closing service [ssh]
Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [ ] Service [ssh] closed
Aug 24 17:03:25 scw-d91ec7 systemd[1]: stunnel4.service: control process exited, code=exited status=1
Aug 24 17:03:25 scw-d91ec7 systemd[1]: Failed to start LSB: Start or stop stunnel 4.x (SSL tunnel for network daemons).
Aug 24 17:03:25 scw-d91ec7 systemd[1]: Unit stunnel4.service entered failed state.
Aug 24 17:03:25 scw-d91ec7 systemd[1]: stunnel4.service failed.
Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [Failed: /etc/stunnel/stunnel.conf]
Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: You should check that you have specified the pid= in you configuration file

/etc/stunnel/stunnel.conf:

root@scw-d91ec7:~# cat /etc/stunnel/stunnel.conf
pid = /var/run/stunnel.pid
cert = /etc/stunnel/stunnel.pem
[ssh] accept = 212.43.222.123:443
connect = 127.0.0.1:22

/etc/default/stunnel4:

root@scw-d91ec7:~# cat  /etc/default/stunnel4
# /etc/default/stunnel
# Julien LEMOINE <speedblue@debian.org>
# September 2003

# Change to one to enable stunnel automatic startup
ENABLED=1
FILES="/etc/stunnel/*.conf"
OPTIONS=""

# Change to one to enable ppp restart scripts
PPP_RESTART=0

# Change to enable the setting of limits on the stunnel instances
# For example, to set a large limit on file descriptors (to enable
# more simultaneous client connections), set RLIMITS="-n 4096"
# More than one resource limit may be modified at the same time,
# e.g. RLIMITS="-n 4096 -d unlimited"
RLIMITS=""

Ubuntu 版本:

root@scw-d91ec7:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 15.04
Release:    15.04
Codename:   vivid

隧道版本:

root@scw-d91ec7:~# stunnel -version
stunnel 5.06 on arm-unknown-linux-gnueabihf platform
Compiled/running with OpenSSL 1.0.1f 6 Jan 2014
Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP

Global options:
debug                  = daemon.notice
pid                    = /var/run/stunnel4.pid
RNDbytes               = 64
RNDfile                = /dev/urandom
RNDoverwrite           = yes

Service-level options:
ciphers                = FIPS (with "fips = yes")
ciphers                = HIGH:MEDIUM:+3DES:+DH:!aNULL:!SSLv2 (with "fips = no")
curve                  = prime256v1
sessionCacheSize       = 1000
sessionCacheTimeout    = 300 seconds
stack                  = 65536 bytes
TIMEOUTbusy            = 300 seconds
TIMEOUTclose           = 60 seconds
TIMEOUTconnect         = 10 seconds
TIMEOUTidle            = 43200 seconds
verify                 = none

… 更多細節:

root@scw-d91ec7:~# journalctl -xe
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [.] Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] errno: (*__errno_location ())
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [.] Reading configuration from file /etc/stunnel/stunnel.conf
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [.] FIPS mode disabled
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Compression disabled
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Snagged 64 random bytes from /dev/urandom
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] PRNG seeded successfully
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Initializing service [ssh]
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Loading cert from file: /etc/stunnel/stunnel.pem
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Loading key from file: /etc/stunnel/stunnel.pem
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [:] Insecure file permissions on /etc/stunnel/stunnel.pem
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Private key check succeeded
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] DH initialization
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Could not load DH parameters from /etc/stunnel/stunnel.pem
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Using hardcoded DH parameters
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] DH initialized with 2048-bit key
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] ECDH initialization
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] ECDH initialized with curve prime256v1
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] SSL options: 0x03000004 (+0x03000000, -0x00000000)
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [.] Configuration successful
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Listening file descriptor created (FD=7)
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [!] Error binding service [ssh] to 212.43.222.123:443
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [!] bind: Cannot assign requested address (99)
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Closing service [ssh]
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Service [ssh] closed
Aug 24 17:18:12 scw-d91ec7 systemd[1]: stunnel4.service: control process exited, code=exited status=1
Aug 24 17:18:12 scw-d91ec7 systemd[1]: Failed to start LSB: Start or stop stunnel 4.x (SSL tunnel for network daemons).
-- Subject: Unit stunnel4.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit stunnel4.service has failed.
-- 
-- The result is failed.
Aug 24 17:18:12 scw-d91ec7 systemd[1]: Unit stunnel4.service entered failed state.
Aug 24 17:18:12 scw-d91ec7 systemd[1]: stunnel4.service failed.
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [Failed: /etc/stunnel/stunnel.conf]
Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: You should check that you have specified the pid= in you configuration file

任何的想法 ?

212.43.222.123真的是您伺服器的 IP 地址,還是您在某些東西後面進行了 NAT?如果您是 NAT,那麼您accept =需要指向您的 LAN ip。

的輸出是ifconfig什麼?

或者我想知道/etc/services/文件是否阻止您將埠 443 綁定到 https 以外的服務;如果這確實是 IP 地址,請嘗試註釋掉引用 443 的 2 行,/etc/services然後再次重新啟動 stunnel4。

預設/etc/services行:

https           443/tcp                         # http protocol over TLS/SSL
https           443/udp

更改後:

#https           443/tcp                         # http protocol over TLS/SSL
#https           443/udp

引用自:https://serverfault.com/questions/716367