That's great news your up and running. Good detective work on your part. Glad I was able to offer some help. Pete ----- Original Message ----- From: "Tommi Nieminen" <ttn@mbnet.fi> To: "Peter" <pslists@warren-selbert.com> Cc: <stunnel-users@mirt.net> Sent: Saturday, October 21, 2006 2:11 AM Subject: Re: [stunnel-users] Connection problems and TCP frame checksum errors
Hi Peter,
thanks for all your suggestions. They were really helpful in bringing me to the solution of the problem.
1. "netstat -an" - to make sure stunnel is listening on the correct interface and port
This was OK.
2. does "lastcomm stunnel' show anything useful? If you don't use threads a new stunnel process starts with each connection.
This showed nothing useful.
3. just a guess but remove the socket entries in the config file - maybe they are causing a problem. I don't use them but maybe there is a good reason to use them.
The socket entries were there because they were in the original config file which I edited for my purposes. They seemed ok to me so I left them in my config when I began experimenting with stunnel. Commenting them out didn't make any difference for this problem.
4. try connecting directly to the stunnel box (no router). does that always work
Maybe not always, but remarkably better!!!
5. maybe the NIC card is flaky
The card had worked just fine until then, so I didn't really believe in this. I thought I'd save this for the last.
6. run "stunnel -version" to verify all is configured as you think.
Seems all right.
So what the heck could the problem be. It took me a long time to figure out the answer. The fact that almost all connection attempts succeeded when the router was left out of the picture would suggest there was a problem with the router configurations. But no, the router was correctly configured. Instead, the routing tables of the linux work station were not right! That's a problem I've hardly ever had to deal with (and therefore a subject I don't understand enough of) so it took some experimenting to get the routing tables right. Now it looks good. I still can't explain why the original routing tables sometimes worked and sometimes didn't, but I'll study the subject :-)
Tommi