Windows
無法創建看似簡單的 stunnel 配置
我有一台工作在防火牆後面的電腦,其內部 IP 地址為 192.168.12.13 … 防火牆將埠 40000 - 40019 映射到此本地電腦上的匹配埠。(例如 40000 - 40000、40001 - 40001 等…)並且,讓我們將外部 ip 定義為 12.34.56.78。
我想設置我的家用電腦以連接到這台工作電腦。
工作電腦 stunnel.config:
[brianserver] client = no accept = 127.0.0.1:40020 connect = 192.168.12.13:40000 ciphers = PSK PSKsecrets = psk1.txt
家用電腦 stunnel.config:
[brianclient] client = yes accept = 127.0.0.1:40020 connect = 12.34.56.78:40000 PSKsecrets = psk1.txt
我正在使用一種名為“Hercules SETUP utility”的產品在工作機器上進行監聽:
而且,我正在使用“Hercules SETUP 實用程序”來啟動來自家用機器的連接:
如您所見,我收到一條連接被拒絕的消息。
家用電腦 stunnel.log:(這些消息發生在連接嘗試期間)
2019.04.10 23:36:09 LOG7[main]: Found 1 ready file descriptor(s) 2019.04.10 23:36:09 LOG7[main]: FD=616 ifds=r-x ofds = --- 2019.04.10 23:36:09 LOG7[main]: FD=624 ifds=r-x ofds = --- 2019.04.10 23:36:09 LOG7[main]: Service[brianclient] accepted(FD= 768) from 127.0.0.1:56795 2019.04.10 23:36:09 LOG7[main]: Creating a new thread 2019.04.10 23:36:09 LOG7[main]: New thread created 2019.04.10 23:36:09 LOG7[2]: Service[brianclient] started 2019.04.10 23:36:09 LOG7[2]: Setting local socket options(FD= 768) 2019.04.10 23:36:09 LOG7[2]: Option TCP_NODELAY set on local socket 2019.04.10 23:36:09 LOG5[2]: Service[brianclient] accepted connection from 127.0.0.1:56795 2019.04.10 23:36:09 LOG6[2]: s_connect: connecting 12.34.56.78:40000 2019.04.10 23:36:09 LOG7[2]: s_connect: s_poll_wait 12.34.56.78:40000: waiting 10 seconds 2019.04.10 23:36:10 LOG3[2]: s_connect: connect 12.34.56.78:40000: Connection refused(WSAECONNREFUSED) (10061) 2019.04.10 23:36:10 LOG3[2]: No more addresses to connect 2019.04.10 23:36:10 LOG5[2]: Connection reset: 0 byte (s) sent to TLS, 0 byte (s) sent to socket 2019.04.10 23:36:10 LOG7[2]: Local descriptor(FD= 768) closed 2019.04.10 23:36:10 LOG7[2]: Service[brianclient] finished(0 left)
工作電腦 stunnel.log:(在啟動時執行…連接嘗試時沒有消息)
2019.04.10 21:24:55 LOG7[main]: Running on Windows 6.2 2019.04.10 21:24:55 LOG7[main]: No limit detected for the number of clients 2019.04.10 21:24:55 LOG5[main]: stunnel 5.51 on x64-pc-mingw32-gnu platform 2019.04.10 21:24:55 LOG5[main]: Compiled/running with OpenSSL 1.1.1b 26 Feb 2019 2019.04.10 21:24:55 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,OCSP,PSK,SNI 2019.04.10 21:24:55 LOG7[main]: errno: (* _errno()) 2019.04.10 21:24:55 LOG7[service]: GUI message loop initialized 2019.04.10 21:24:55 LOG7[main]: Running on Windows 6.2 2019.04.10 21:24:55 LOG5[main]: Reading configuration from file stunnel.conf 2019.04.10 21:24:55 LOG5[main]: UTF-8 byte order mark detected 2019.04.10 21:24:55 LOG7[main]: Compression disabled 2019.04.10 21:24:55 LOG7[main]: No PRNG seeding was required 2019.04.10 21:24:55 LOG6[main]: Initializing service[brianserver] 2019.04.10 21:24:55 LOG6[main]: PSK identities: 1 retrieved 2019.04.10 21:24:55 LOG7[main]: Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK 2019.04.10 21:24:55 LOG7[main]: TLSv1.3 ciphersuites: TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 2019.04.10 21:24:55 LOG7[main]: TLS options: 0x02100004 (+0x00000000, -0x00000000) 2019.04.10 21:24:55 LOG7[main]: No certificate or private key specified 2019.04.10 21:24:55 LOG6[main]: DH initialization not needed 2019.04.10 21:24:55 LOG7[main]: ECDH initialization 2019.04.10 21:24:55 LOG7[main]: ECDH initialized with curves X25519:P-256:X448:P-521:P-384 2019.04.10 21:24:55 LOG5[main]: Configuration successful 2019.04.10 21:24:55 LOG7[main]: Binding service[brianserver] 2019.04.10 21:24:55 LOG7[main]: Listening file descriptor created(FD= 716) 2019.04.10 21:24:55 LOG7[main]: Setting accept socket options(FD= 716) 2019.04.10 21:24:55 LOG7[main]: Option SO_EXCLUSIVEADDRUSE set on accept socket 2019.04.10 21:24:55 LOG6[main]: Service[brianserver] (FD=716) bound to 127.0.0.1:40020 2019.04.10 21:24:55 LOG7[cron]: Cron thread initialized 2019.04.10 21:25:55 LOG6[cron]: Executing cron jobs 2019.04.10 21:25:55 LOG6[cron]: Cron jobs completed in 0 seconds 2019.04.10 21:25:55 LOG7[cron]: Waiting 86400 seconds
此外, psk1.txt 具有匹配的內容:
brianskey:a3...6r
此外,在工作電腦上:
C:\Program Files (x86)\stunnel\bin>netstat -ano|findstr 40020 TCP 0.0.0.0:40020 0.0.0.0:0 LISTENING 71888 TCP 127.0.0.1:40020 0.0.0.0:0 LISTENING 34728
注意:在我啟動 Hercules 偵聽器後,會顯示帶有“0.0.0.0:40020”的行。
Accept 告訴 stunnel監聽那個埠。Connect 告訴 stunnel 打開與該埠的連接。您讓兩台電腦都在 localhost:40020 (這是本地環回)上偵聽並嘗試從外部啟動連接。您希望您的工作電腦(伺服器)在 192.168.12.13:40000 上偵聽,然後通過隧道連接到 127.0.0.1 40020,並讓您的遠端電腦連接到您的 12.34.56.78:40000 地址並在本地偵聽 40020(127.0.0.1: 40020)。這會將您家用電腦上的埠 40020 連接到工作電腦上的 40020 埠。
[brianserver] client = no accept = 192.168.12.13:40000 connect = 127.0.0.1:40020 ciphers = PSK PSKsecrets = psk1.txt [brianclient] client = yes accept = 127.0.0.1:40020 connect = 12.34.56.78:40000 PSKsecrets = psk1.txt