Windows

無法創建看似簡單的 stunnel 配置

  • April 16, 2019

我有一台工作在防火牆後面的電腦,其內部 IP 地址為 192.168.12.13 … 防火牆將埠 40000 - 40019 映射到此本地電腦上的匹配埠。(例如 40000 - 40000、40001 - 40001 等…)並且,讓我們將外部 ip 定義為 12.34.56.78。

我想設置我的家用電腦以連接到這台工作電腦。

工作電腦 stunnel.config:

[brianserver]
client = no
accept = 127.0.0.1:40020
connect = 192.168.12.13:40000
ciphers = PSK
PSKsecrets = psk1.txt

家用電腦 stunnel.config:

[brianclient]
client = yes
accept = 127.0.0.1:40020
connect = 12.34.56.78:40000
PSKsecrets = psk1.txt

我正在使用一種名為“Hercules SETUP utility”的產品在工作機器上進行監聽:

在此處輸入圖像描述

而且,我正在使用“Hercules SETUP 實用程序”來啟動來自家用機器的連接:

在此處輸入圖像描述

如您所見,我收到一條連接被拒絕的消息。

家用電腦 stunnel.log:(這些消息發生在連接嘗試期間)

2019.04.10 23:36:09 LOG7[main]: Found 1 ready file descriptor(s)
2019.04.10 23:36:09 LOG7[main]: FD=616 ifds=r-x ofds = ---
2019.04.10 23:36:09 LOG7[main]: FD=624 ifds=r-x ofds = ---
2019.04.10 23:36:09 LOG7[main]: Service[brianclient] accepted(FD= 768) from 127.0.0.1:56795
2019.04.10 23:36:09 LOG7[main]: Creating a new thread
2019.04.10 23:36:09 LOG7[main]: New thread created
2019.04.10 23:36:09 LOG7[2]: Service[brianclient] started
2019.04.10 23:36:09 LOG7[2]: Setting local socket options(FD= 768)
2019.04.10 23:36:09 LOG7[2]: Option TCP_NODELAY set on local socket
2019.04.10 23:36:09 LOG5[2]: Service[brianclient] accepted connection from 127.0.0.1:56795
2019.04.10 23:36:09 LOG6[2]: s_connect: connecting 12.34.56.78:40000
2019.04.10 23:36:09 LOG7[2]: s_connect: s_poll_wait 12.34.56.78:40000: waiting 10 seconds
2019.04.10 23:36:10 LOG3[2]: s_connect: connect 12.34.56.78:40000: Connection refused(WSAECONNREFUSED) (10061)
2019.04.10 23:36:10 LOG3[2]: No more addresses to connect
2019.04.10 23:36:10 LOG5[2]: Connection reset: 0 byte (s) sent to TLS, 0 byte (s) sent to socket
2019.04.10 23:36:10 LOG7[2]: Local descriptor(FD= 768) closed
2019.04.10 23:36:10 LOG7[2]: Service[brianclient] finished(0 left)

工作電腦 stunnel.log:(在啟動時執行…連接嘗試時沒有消息)

2019.04.10 21:24:55 LOG7[main]: Running on Windows 6.2
2019.04.10 21:24:55 LOG7[main]: No limit detected for the number of clients
2019.04.10 21:24:55 LOG5[main]: stunnel 5.51 on x64-pc-mingw32-gnu platform
2019.04.10 21:24:55 LOG5[main]: Compiled/running with OpenSSL 1.1.1b  26 Feb 2019
2019.04.10 21:24:55 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,OCSP,PSK,SNI
2019.04.10 21:24:55 LOG7[main]: errno: (* _errno())
2019.04.10 21:24:55 LOG7[service]: GUI message loop initialized
2019.04.10 21:24:55 LOG7[main]: Running on Windows 6.2
2019.04.10 21:24:55 LOG5[main]: Reading configuration from file stunnel.conf
2019.04.10 21:24:55 LOG5[main]: UTF-8 byte order mark detected
2019.04.10 21:24:55 LOG7[main]: Compression disabled
2019.04.10 21:24:55 LOG7[main]: No PRNG seeding was required
2019.04.10 21:24:55 LOG6[main]: Initializing service[brianserver]
2019.04.10 21:24:55 LOG6[main]: PSK identities: 1 retrieved
2019.04.10 21:24:55 LOG7[main]: Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
2019.04.10 21:24:55 LOG7[main]: TLSv1.3 ciphersuites: TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
2019.04.10 21:24:55 LOG7[main]: TLS options: 0x02100004 (+0x00000000, -0x00000000)
2019.04.10 21:24:55 LOG7[main]: No certificate or private key specified
2019.04.10 21:24:55 LOG6[main]: DH initialization not needed
2019.04.10 21:24:55 LOG7[main]: ECDH initialization
2019.04.10 21:24:55 LOG7[main]: ECDH initialized with curves X25519:P-256:X448:P-521:P-384
2019.04.10 21:24:55 LOG5[main]: Configuration successful
2019.04.10 21:24:55 LOG7[main]: Binding service[brianserver]
2019.04.10 21:24:55 LOG7[main]: Listening file descriptor created(FD= 716)
2019.04.10 21:24:55 LOG7[main]: Setting accept socket options(FD= 716)
2019.04.10 21:24:55 LOG7[main]: Option SO_EXCLUSIVEADDRUSE set on accept socket
2019.04.10 21:24:55 LOG6[main]: Service[brianserver] (FD=716) bound to 127.0.0.1:40020
2019.04.10 21:24:55 LOG7[cron]: Cron thread initialized
2019.04.10 21:25:55 LOG6[cron]: Executing cron jobs
2019.04.10 21:25:55 LOG6[cron]: Cron jobs completed in 0 seconds
2019.04.10 21:25:55 LOG7[cron]: Waiting 86400 seconds

此外, psk1.txt 具有匹配的內容:

brianskey:a3...6r

此外,在工作電腦上:

C:\Program Files (x86)\stunnel\bin>netstat -ano|findstr 40020
  TCP    0.0.0.0:40020          0.0.0.0:0              LISTENING       71888
  TCP    127.0.0.1:40020        0.0.0.0:0              LISTENING       34728

注意:在我啟動 Hercules 偵聽器後,會顯示帶有“0.0.0.0:40020”的行。

Accept 告訴 stunnel監聽那個埠。Connect 告訴 stunnel 打開與該埠的連接。您讓兩台電腦都在 localhost:40020 (這是本地環回)上偵聽並嘗試從外部啟動連接。您希望您的工作電腦(伺服器)在 192.168.12.13:40000 上偵聽,然後通過隧道連接到 127.0.0.1 40020,並讓您的遠端電腦連接到您的 12.34.56.78:40000 地址並在本地偵聽 40020(127.0.0.1: 40020)。這會將您家用電腦上的埠 40020 連接到工作電腦上的 40020 埠。

[brianserver]
client = no
accept = 192.168.12.13:40000
connect = 127.0.0.1:40020
ciphers = PSK
PSKsecrets = psk1.txt

[brianclient]
client = yes
accept = 127.0.0.1:40020
connect = 12.34.56.78:40000
PSKsecrets = psk1.txt

引用自:https://serverfault.com/questions/962588