Arch Linux

Raeesi

Member

Registered: 2016-05-19

Posts: 6

Stunnel not working at all

Hi
I'm newbie to arch (couple of days) and i,m in trouble with stunnel
in debian, i needed to install and edit stunnel.conf file for to give it details about server and then just change "ENABLE=0" to "ENABLE=1" and after that, just /etc/init.d/stunnel restart was enugh to make it working.

but in arch, i have no idea what should i do?
i've just edited "/etc/stunnel/stunnel.conf" and there is no "etc/default/stunnel" to be edited.

i've searched in several forums and websites but none of them could help (for example one of them gave a /etc/rc.d/stunnel path instead of /etc/init.d/stunnel but actually there is no rc.d directory at all.

These are my commands outputs:

$ sudo stunnel
[ ] Cron thread initialized
[ ] Clients allowed=500
[.] stunnel 5.32 on x86_64-unknown-linux-gnu platform
[.] Compiled/running with OpenSSL 1.0.2h  3 May 2016
[.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
[ ] errno: (*__errno_location ())
[.] Reading configuration from file /etc/stunnel/stunnel.conf
[.] UTF-8 byte order mark not detected
[.] FIPS mode disabled
[ ] Compression disabled
[ ] PRNG seeded successfully
[ ] Initializing service [stunnel]
[ ] No certificate or private key specified
[:] Service [stunnel] needs authentication to prevent MITM attacks
[ ] SSL options: 0x03000004 (+0x03000000, -0x00000000)
[.] Configuration successful
[ ] Listening file descriptor created (FD=7)
[ ] Service [stunnel] (FD=7) bound to 0.0.0.0:5050
[ ] Executing cron jobs
[ ] Cron jobs completed in 0 seconds
[!] Cannot open log file: /var/log/stunnel/stunnel.log
[ ] Waiting 86400 seconds
[ ] Closing service [stunnel]
[ ] Service [stunnel] closed (FD=7)
[ ] Service [stunnel] closed

$ cat /usr/lib/tmpfiles.d/stunnel.conf
d /var/run/stunnel 0770 stunnel stunnel -

$ sudo nano /etc/stunnel/stunnel.conf

setuid = stunnel
setgid = stunnel
pid = /var/lib/stunnel/stunnel.pid
debug = 7
output = /var/log/stunnel/stunnel.log
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
client = yes
[stunnel]
accept = 5050
connect = MY-SERVER-IP:7080

any idea?

graysky

Wiki Maintainer

From: :wq

Registered: 2008-12-01

Posts: 10,597

Website

Re: Stunnel not working at all

Arch uses systemd as the init system which does not use /etc/rc.d/* but instead uses its own.  Recommend you read the Arch wiki entry for systemd.

---

CPU-optimized Linux-ck packages @ Repo-ck  • AUR packages • Zsh and other configs

Raeesi

Member

Registered: 2016-05-19

Posts: 6

Re: Stunnel not working at all

Arch uses systemd as the init system which does not use /etc/rc.d/* but instead uses its own.  Recommend you read the Arch wiki entry for systemd.

Thanks for reply and recommendation. i did it already but couldn't solve my problem.

graysky

Wiki Maintainer

From: :wq

Registered: 2008-12-01

Posts: 10,597

Website

Re: Stunnel not working at all

Well, if your problem is that you do not know how to start or restart stunnel, the wiki page can help you.  I do not use stunnel but I am assuming that if you are editing an existing conf file, it is likely that the systemd service is aware of it.  You can check this by inspecting the service file.  Pacman can find it for you:

pacman -Ql stunnel | grep service

You can then just cat the service to see what exactly is getting called to run (I am assuming that it has an argument to define a config file but if not, it will be instructive for you to see an example .service file anyway).

Last edited by graysky (2016-05-19 14:48:03)

---

CPU-optimized Linux-ck packages @ Repo-ck  • AUR packages • Zsh and other configs

Raeesi

Member

Registered: 2016-05-19

Posts: 6

Re: Stunnel not working at all

Well, if your problem is that you do not know how to start or restart stunnel, the wiki page can help you.  I do not use stunnel but I am assuming that if you are editing an existing conf file, it is likely that the systemd service is aware of it.  You can check this by inspecting the service file.  Pacman can find it for you:

pacman -Ql stunnel | grep service

You can then just cat the service to see what exactly is getting called to run (I am assuming that it has an argument to define a config file but if not, it will be instructive for you to see an example .service file anyway).

well
these are results of commands:

$ pacman -Ql stunnel | grep service
stunnel /usr/lib/systemd/system/stunnel.service
stunnel /usr/share/doc/stunnel/examples/stunnel.service

$ sudo systemctl restart stunnel
Job for stunnel.service failed because the control process exited with error code. See "systemctl status stunnel.service" and "journalctl -xe" for details.

$ sudo systemctl restart stunnel
Job for stunnel.service failed because the control process exited with error code. See "systemctl status stunnel.service" and "journalctl -xe" for details.
[mansoor@linuxi stunnel]$ sudo systemctl status stunnel.service
* stunnel.service - SSL tunnel for network daemons
   Loaded: loaded (/usr/lib/systemd/system/stunnel.service; disabled; vendor pre
   Active: failed (Result: exit-code) since Thu 2016-05-19 19:22:48 IRDT; 14s ag
  Process: 2628 ExecStart=/usr/bin/stunnel (code=exited, status=1/FAILURE)

May 19 19:22:48 linuxi stunnel[2628]: [ ] Cron jobs completed in 0 seconds
May 19 19:22:48 linuxi stunnel[2628]: [ ] Waiting 86400 seconds
May 19 19:22:48 linuxi stunnel[2628]: [!] Cannot open log file: /var/log/stunnel
May 19 19:22:48 linuxi stunnel[2628]: [ ] Closing service [stunnel]
May 19 19:22:48 linuxi stunnel[2628]: [ ] Service [stunnel] closed (FD=7)
May 19 19:22:48 linuxi stunnel[2628]: [ ] Service [stunnel] closed
May 19 19:22:48 linuxi systemd[1]: stunnel.service: Control process exited, code
May 19 19:22:48 linuxi systemd[1]: Failed to start SSL tunnel for network daemon
May 19 19:22:48 linuxi systemd[1]: stunnel.service: Unit entered failed state.
May 19 19:22:48 linuxi systemd[1]: stunnel.service: Failed with result 'exit-cod

$ sudo journalctl -xe
May 19 19:22:48 linuxi stunnel[2628]: [ ] Waiting 86400 seconds
May 19 19:22:48 linuxi stunnel[2628]: [!] Cannot open log file: /var/log/stunnel
May 19 19:22:48 linuxi stunnel[2628]: [ ] Closing service [stunnel]
May 19 19:22:48 linuxi stunnel[2628]: [ ] Service [stunnel] closed (FD=7)
May 19 19:22:48 linuxi stunnel[2628]: [ ] Service [stunnel] closed
May 19 19:22:48 linuxi systemd[1]: stunnel.service: Control process exited, code
May 19 19:22:48 linuxi systemd[1]: Failed to start SSL tunnel for network daemon
-- Subject: Unit stunnel.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit stunnel.service has failed.
-- 
-- The result is failed.
May 19 19:22:48 linuxi systemd[1]: stunnel.service: Unit entered failed state.
May 19 19:22:48 linuxi systemd[1]: stunnel.service: Failed with result 'exit-cod
May 19 19:22:48 linuxi sudo[2621]: pam_unix(sudo:session): session closed for us
May 19 19:22:48 linuxi polkitd[331]: Unregistered Authentication Agent for unix-
May 19 19:23:02 linuxi sudo[2633]:  mansoor : TTY=pts/0 ; PWD=/etc/stunnel ; USE
May 19 19:23:02 linuxi sudo[2633]: pam_unix(sudo:session): session opened for us
May 19 19:23:05 linuxi sudo[2633]: pam_unix(sudo:session): session closed for us
May 19 19:23:36 linuxi sudo[2638]:  mansoor : TTY=pts/0 ; PWD=/etc/stunnel ; USE
May 19 19:23:36 linuxi sudo[2638]: pam_unix(sudo:session): session opened for us

V1del

Forum Moderator

Registered: 2012-10-16

Posts: 21,736

Re: Stunnel not working at all

Who owns /var/log/stunnel? if you started with sudo before trying the systemd service chances are that the file has been created with wrong permissions and as mentions look (and maybe even post) at the contents of the service file to see if you need to provide it with additional arguments or similar.

Raeesi

Member

Registered: 2016-05-19

Posts: 6

Re: Stunnel not working at all

Who owns /var/log/stunnel? if you started with sudo before trying the systemd service chances are that the file has been created with wrong permissions and as mentions look (and maybe even post) at the contents of the service file to see if you need to provide it with additional arguments or similar.

my user is the only user at this pc & i entered the command with sudo

completely removed and reinstalled stunnel but error still exist.

Last edited by Raeesi (2016-05-19 16:08:13)

Raeesi

Member

Registered: 2016-05-19

Posts: 6

Re: Stunnel not working at all

$ systemctl status stunnel
* stunnel.service - SSL tunnel for network daemons
   Loaded: loaded (/usr/lib/systemd/system/stunnel.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2016-05-19 21:11:44 IRDT; 17s ago
  Process: 1971 ExecStart=/usr/bin/stunnel (code=exited, status=0/SUCCESS)
 Main PID: 1974 (stunnel)
    Tasks: 1 (limit: 512)
   CGroup: /system.slice/stunnel.service
           `-1974 /usr/bin/stunnel

May 19 21:11:44 linuxi systemd[1]: Starting SSL tunnel for network daemons...
May 19 21:11:44 linuxi stunnel[1971]: LOG5[ui]: stunnel 5.32 on x86_64-unknown-linux-gnu platform
May 19 21:11:44 linuxi stunnel[1971]: LOG5[ui]: Compiled/running with OpenSSL 1.0.2h  3 May 2016
May 19 21:11:44 linuxi systemd[1]: Started SSL tunnel for network daemons.

its working like a charm after commenting pid and debugging lines.

these lines:

;pid = /var/run/stunnel.pid
;output = /var/log/stunnel.log

why its happening and how should fix it?

V1del

Forum Moderator

Registered: 2012-10-16

Posts: 21,736

Re: Stunnel not working at all

With a proper service file systemd takes care of both logs and keeping track of the PID, as has been mentioned multiple times, carefully reading through the systemd article/the systemd service file, should give you more information on how this works. Also stunnel creates a  stunnel user if the files mentioned belong to root instead of said stunnel user (because you ran with sudo without needing to) chances are that it can't access those files (if it really needs them, as said systemd takes care of that usually).

Raeesi

Member

Registered: 2016-05-19

Posts: 6

Re: Stunnel not working at all

With a proper service file systemd takes care of both logs and keeping track of the PID, as has been mentioned multiple times, carefully reading through the systemd article/the systemd service file, should give you more information on how this works. Also stunnel creates a  stunnel user if the files mentioned belong to root instead of said stunnel user (because you ran with sudo without needing to) chances are that it can't access those files (if it really needs them, as said systemd takes care of that usually).

Thanks for your reply
i entered commands without sudo at first but a popup window came out and asked me for password. it means system is doing the job with su permission.
do you have any idea to stop that and execute commands with no SU?