Hello,
We are using Stunnel on a RUT230 to add security to our emails, as the device we use to send the emails does not offer TLSv1.2
This is set to listen on the LAN IP address, port 2525. Authentication is provided by the device (SMTP LOGIN), so Stunnel is just providing the TLS wrapper. All works exactly as we require when first started
PS shows Stunnel running, pid for the process is correctly listed in /var/run/stunnel/stunnel.pid, and netstat confirms this is listening on 2525. Emails are sent and received as expected, and work multiple times.
After a while, the port is closed. Checking the router, netstat shows that there is nothing listening on the port. PS shows that there is no Stunnel process running. There is no pid file at /var/run/stunnel/stunnel.pid
I cannot determine why the process is stopping. I guess it is closing cleanly as the pid file is removed.
One possibility is that the devices are set to reboot, and the port close may be related to this. This would be the only device on LAN, so possibly the interface is going down completely when shows no cable connected to the port. However when I tried to reboot the device on LAN manually the process on the router continued to run and emails were able to be sent after the device came back up.
I have tried checking logread, but doesn't appear to log far enough back in time to pick up any events.
Logread sows entries when checked after stunnel is started and listening:
Tue Aug 25 00:27:49 2020 daemon.notice stunnel: LOG5[ui]: stunnel 5.50 on mips-openwrt-linux-gnu platform
Tue Aug 25 00:27:49 2020 daemon.notice stunnel: LOG5[ui]: Compiled/running with OpenSSL 1.1.1c 28 May 2019
Tue Aug 25 00:27:49 2020 daemon.notice stunnel: LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
Tue Aug 25 00:27:49 2020 daemon.notice stunnel: LOG5[ui]: Reading configuration from file /tmp/etc/stunnel.conf
Tue Aug 25 00:27:49 2020 daemon.notice stunnel: LOG5[ui]: UTF-8 byte order mark not detected
Tue Aug 25 00:27:49 2020 daemon.notice stunnel: LOG5[ui]: FIPS mode disabled
Tue Aug 25 00:27:49 2020 daemon.warn stunnel: LOG4[ui]: Service [SMTPHWE] needs authentication to prevent MITM attacks
Tue Aug 25 00:27:49 2020 daemon.notice stunnel: LOG5[ui]: Configuration successful
Checking logread | grep stunnel after port is closed there are no entries
root@Teltonika-RUT240:/tmp/etc# cat stunnel.conf
; STunnel configuration file generated by uci
; Written Tue Aug 25 00:27:48 2020
foreground = quiet
pid = /var/run/stunnel/stunnel.pid
debug = 5
[SMTPHWE]
protocol = smtp
protocolAuthentication = plain
client = yes
connect = xxx.xxx.xxx:587
accept = 192.168.10.240:2525
Firmware shows as being latest:
Firmware version |
RUT2XX_R_00.01.12.3 |
Firmware build date |
2020-06-15, 07:45:00 |
Kernel version |
3.18.44 |
Bootloader version |
3.2.1 |
Any suggestions for how to resolve this or further troubleshooting?
Thanks
Jack