Stunnel won`t start after pfsense restart!
-
Hi
i installed a stunnel v4.43.0 on pfsense 2.1 and work perfectly. after firs restart, it won`t start again without any log!i can start it after a remove and re-install the package .
how can i fix this ?
thanks.
-
finally found the solution.
stunnel can`t create a folder in /var/tmp/stunnel /var/tmp/run/stunnel for chroot and .pid .
follow this:
1- mkdir /usr/local/etc/stunnel/run or /tmp
2- chown -R stunnel:stunnel /usr/local/etc/stunnel/run
3- ee /usr/local/pkg/stunnel.inc
replace "/var/tmp/stunnel" to "/usr/local/etc/stunnel/run" on line : 120 , 206 , 217 ,234
add " fwrite($fout, "pid = /stunnel.pid \n"); " to line 123
4- config stunnel and done.
-
finally found the solution.
stunnel can`t create a folder in /var/tmp/stunnel /var/tmp/run/stunnel for chroot and .pid .
follow this:
1- mkdir /usr/local/etc/stunnel/run or /tmp
2- chown -R stunnel:stunnel /usr/local/etc/stunnel/run
3- ee /usr/local/pkg/stunnel.inc
replace "/var/tmp/stunnel" to "/usr/local/etc/stunnel/run" on line : 120 , 206 , 217 ,234
add " fwrite($fout, "pid = /stunnel.pid \n"); " to line 1234- config stunnel and done.
Is this something that can get added to the package?
-
Yes, i think Stunnel package need some updates for PFsense 2.1
-
Took me some time to find this thread and to solve the problem. Thx for the solution.
What about a stunnel update? Will there be a new version?
-
Thank you for your reply . :)
yes the Stunnel version 5 is available.
https://www.stunnel.org/downloads.html
-
I would really appreciate a new version. It's really endless simple to use it for enabling ssl support for ftp, webmail, etc…
-
It's really endless simple to use it for enabling ssl support for ftp, webmail, etc…
Stunnel does not support FTP as far as i know, but for most other Stunnel server functionality you should be able to use HAPoxy-devel package.
But I still vote for having new package for Stunnel 5 with all new functionality included!
-
Well, you are right… never tried it with ftp but several other services and all of them were really quick and easy to setup.
-
Looks like it is a bit urgent now. I guess I will dissable stunnel until it's patched.
-
As you know about Heartbleed, i can`t wait for Stunnel package new update, how can i manually update this?
The recently new version of Stunnel is available .
-
We have the same problem here, and being a new PFSense user, I really don't want to be hacking around on it and expect that it will work long-term for our fairly critical environment.
Is there an alternative to what STunnel does on PFsense, or is it the only official package?
Based on prior history, do you all think that there will be a package that will fix this issue and get us to the new heartbleed-proof version?
Thanks!
-
I use Zebedee Package too. it`s simple and powerful.
you can visit http://www.winton.org.uk/zebedee/ for more info.
if you have any problem, don't be hesitate to post it. :)
-
I just encountered this issue today.
I reinstalled the stunnel package and still was not able to launch stunnel.
I ssh-ed into my pfsense box and didfind / | grep stunnel
the result from the above command lead me to examine /usr/local/etc/rc.d/stunnel.sh
cat /usr/local/etc/rc.d/stunnel.sh
which returned
#!/bin/sh # This file was automatically generated # by the pfSense service handler. rc_start() { /usr/local/bin/stunnel /usr/local/etc/stunnel/stunnel.conf } rc_stop() { killall stunnel } case $1 in start) rc_start ;; stop) rc_stop ;; restart) rc_stop rc_start ;; esac
This suggested that /usr/local/etc/stunnel/stunnel.conf is used as the configuration file so I followed with
cat /usr/local/etc/stunnel/stunnel.conf
to examine the file, which in turn showed
cert = /usr/local/etc/stunnel/stunnel.pem chroot = /var/tmp/stunnel setuid = stunnel setgid = stunnel
Manually running the following on the command line
/usr/local/bin/stunnel /usr/local/etc/stunnel/stunnel.conf
confirmed that stunnel was exiting because there was no actual tunnel endpoints set up.
So I went back to the WebGUI under Services > Stunnel, and took a look at the Tunnels tab where I had 3 tunnel endpoints configured. I figured that clicking the edit button on each entry and then clicking the save button would repopulate the /usr/local/etc/stunnel/stunnel.conf file so I clicked 'edit' and subsequently 'save' for each of my tunnel endpoints.
As a precaution I navigated to the Certificates tab and did the same edit-save procedure for each of my three certificates.
I then went back to the command line and made sure my clicking around had an effect. I ran
cat /usr/local/etc/stunnel/stunnel.conf
and was glad to see that my clicking around the GUI wasn't in vain; the file was populated with configuration parameters defining my endpoints.
I then manually started stunnel from the commmand line with
/usr/local/bin/stunnel /usr/local/etc/stunnel/stunnel.conf
and my stunnel is up and running again (also shows green on the Status > Services section).
I haven't yet restarted the firewall and don't know if the solution will persist or not.
Best regards,
V