Hello, I struggled recently, with combining sslh and nginx daisy-chaining ip-transparent connections, and realised the same problem, other users reported, when using stunnel. Now that I have found a fix, which solves my problem with sslh, I checked into the stunnel code, and adapted my proposed fix for stunnel: diff client.c_original client.c 1721a1722,1723

if (setsockopt(c->fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof on)) sockerror("setsockopt SO_REUSEADD"); 1769a1772,1776 int on = 1; #ifdef IP_TRANSPARENT if (setsockopt(c->fd, SOL_IP, IP_TRANSPARENT, &on, sizeof on)) sockerror("setsockopt SO_IP_TRANSPARENT");> #endif

I described my findings here in Detail: https://github.com/ftasnetamot/sslh/blob/2024-07-28--documentation/doc/Daisy... This article helped me to figure out, what is wrong: https://blog.cloudflare.com/how-to-stop-running-out-of-ephemeral-ports-and-s... I wrote as well some weeks earlier two documents, describing how to configure ip-transparent connections only with routing and no firewall rules involved. The same works 1:1 with stunnel. https://github.com/yrutschle/sslh/blob/master/doc/simple_transparent_proxy.m... https://github.com/yrutschle/sslh/blob/master/doc/scenarios-for-simple-trans... Happy tunneling .f Sicher versendet mit [Proton Mail](https://proton.me/).