# stunnel: peer suddenly disonnected

## in4mation

Hello,

I'm having problems using stunnel. I would be glad to provide further information upon request. The funny thing is that it was working fine before I shipped the client pc to our remote location. Nothing has changed since. I've tried different services (not just ssmtp) and all give me the same problem.

Here's what I get in the logs:

CLIENT:

```

ssmtp accepted FD=8 from 127.0.0.1:32844

FD 8 in non-blocking mode

ssmtp started

ssmtp connected from 127.0.0.1:32844

FD 9 in non-blocking mode

ssmtp connecting 62.21.201.224:465

remote connect #1: EINPROGRESS: retrying

waitforsocket: FD=9, DIR=write

waitforsocket: ok

Remote FD=9 initialized

SSL state (connect): before/connect initialization

SSL state (connect): SSLv3 write client hello A

waitforsocket: FD=9, DIR=read

waitforsocket: ok

SSL state (connect): SSLv3 read server hello A

SSL state (connect): SSLv3 read server certificate A

SSL state (connect): SSLv3 read server certificate request A

SSL state (connect): SSLv3 read server done A

SSL state (connect): SSLv3 write client certificate A

SSL state (connect): SSLv3 write client key exchange A

SSL state (connect): SSLv3 write certificate verify A

SSL state (connect): SSLv3 write change cipher spec A

SSL state (connect): SSLv3 write finished A

SSL state (connect): SSLv3 flush data

waitforsocket: FD=9, DIR=read

waitforsocket: ok

SSL_connect: Peer suddenly disconnected

ssmtp finished (0 left)

```

SERVER:

```

ssmtp accepted FD=8 from 77.34.26.143:32845

FD 8 in non-blocking mode

ssmtp started

ssmtp connected from 77.34.26.143:32845

SSL state (accept): before/accept initialization

SSL state (accept): SSLv3 read client hello A

SSL state (accept): SSLv3 write server hello A

SSL state (accept): SSLv3 write certificate A

SSL state (accept): SSLv3 write certificate request A

SSL state (accept): SSLv3 flush data

SSL_accept: Peer suddenly disconnected

ssmtp finished (0 left)

```

============================================

CLIENT INFO:

```

stunnel 4.05 on i386-pc-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.7e 25 Oct 2004

Global options

cert            = /etc/stunnel/stunnel.pem

ciphers         = ALL:!ADH:+RC4:@STRENGTH

debug           = 5

key             = /etc/stunnel/stunnel.pem

pid             = /var/run/stunnel4/stunnel.pid

RNDbytes        = 64

RNDfile         = /dev/urandom

RNDoverwrite    = yes

session         = 300 seconds

verify          = none

Service-level options

TIMEOUTbusy     = 300 seconds

TIMEOUTclose    = 60 seconds

TIMEOUTidle     = 43200 seconds

```

SERVER INFO:

```

stunnel 4.09 on x86_64-pc-linux-gnu PTHREAD+POLL+IPv6+LIBWRAP with OpenSSL 0.9.7e 25 Oct 2004

Global options

cert            = /etc/stunnel/stunnel.pem

ciphers         = ALL:!ADH:+RC4:@STRENGTH

debug           = 5

key             = /etc/stunnel/stunnel.pem

pid             = /var/lib/run/stunnel.pid

RNDbytes        = 64

RNDfile         = /dev/urandom

RNDoverwrite    = yes

session         = 300 seconds

verify          = none

Service-level options

TIMEOUTbusy     = 300 seconds

TIMEOUTclose    = 60 seconds

TIMEOUTconnect  = 10 seconds

TIMEOUTidle     = 43200 seconds

```

----------

## frostschutz

Hmmm, I had such a case once, but it was caused by a bad implementation / version difference on the client side (connection was cut because of protocol error or whatever). If you tested this, I guess it's not the case here, huh?

There are several timeout timers in your configuration, just to be 100% sure they don't cause any trouble I'd disable those temporarily.

----------

## in4mation

Playing around with the timeouts (TIMEOUTclose, TIMEOUTconnect) didn't help. Out of curiousity I converted the client into the server and the server into the client and to my surprise it worked.

I also tried setting up my home computer as the client and it connected to the server here at work flawlessly.

So to summarize:

When both machines were on the same network, it worked.When I shipped the client pc, it stopped working.When I turned the client into the server and vice versa it worked.When I connect from my home pc to my server at work it works.

I know for sure its not the firewall at the client side, because I configured that here and had the client pc running from behind it while testing and it worked properly.

That leads me to one conclusion: The ISP on the client side, which happens to be Direcway satellite service (not because I love them but because its the only service available at the client location). I saw a blurb somewhere on their website that they are VPN unfreindly, so maybe this has something to do with it. Although setting up an SSL tunnel, is hardly a VPN. Also the latency is mortal on such a connection. Working with ssh you quickly learn that.

I'm fresh out of ideas.

----------

## frostschutz

If you suspect the ISP, you should investigate further (check out isp / user forums for details or call ISP and ask if they've got some kind of firewall that drops these kinds of connections). In that case maybe switching to a non-standard port could help (assuming the firewall just blocks stunnel port)?  :Confused:  Also, it would be interesting to know if the client machine can connect to other stunnel servers at all.

The only other possibility I could think of (for the server-client vice versa works fact) would be a NAT / Router on one side that just doesn't work correctly.

----------

