Stunnel won`t start after pfsense restart!
-
Took me some time to find this thread and to solve the problem. Thx for the solution.
What about a stunnel update? Will there be a new version?
-
Thank you for your reply . :)
yes the Stunnel version 5 is available.
https://www.stunnel.org/downloads.html
-
I would really appreciate a new version. It's really endless simple to use it for enabling ssl support for ftp, webmail, etc…
-
It's really endless simple to use it for enabling ssl support for ftp, webmail, etc…
Stunnel does not support FTP as far as i know, but for most other Stunnel server functionality you should be able to use HAPoxy-devel package.
But I still vote for having new package for Stunnel 5 with all new functionality included!
-
Well, you are right… never tried it with ftp but several other services and all of them were really quick and easy to setup.
-
Looks like it is a bit urgent now. I guess I will dissable stunnel until it's patched.
-
As you know about Heartbleed, i can`t wait for Stunnel package new update, how can i manually update this?
The recently new version of Stunnel is available .
-
We have the same problem here, and being a new PFSense user, I really don't want to be hacking around on it and expect that it will work long-term for our fairly critical environment.
Is there an alternative to what STunnel does on PFsense, or is it the only official package?
Based on prior history, do you all think that there will be a package that will fix this issue and get us to the new heartbleed-proof version?
Thanks!
-
I use Zebedee Package too. it`s simple and powerful.
you can visit http://www.winton.org.uk/zebedee/ for more info.
if you have any problem, don't be hesitate to post it. :)
-
I just encountered this issue today.
I reinstalled the stunnel package and still was not able to launch stunnel.
I ssh-ed into my pfsense box and didfind / | grep stunnelthe result from the above command lead me to examine /usr/local/etc/rc.d/stunnel.sh
cat /usr/local/etc/rc.d/stunnel.shwhich returned
#!/bin/sh # This file was automatically generated # by the pfSense service handler. rc_start() { /usr/local/bin/stunnel /usr/local/etc/stunnel/stunnel.conf } rc_stop() { killall stunnel } case $1 in start) rc_start ;; stop) rc_stop ;; restart) rc_stop rc_start ;; esacThis suggested that /usr/local/etc/stunnel/stunnel.conf is used as the configuration file so I followed with
cat /usr/local/etc/stunnel/stunnel.confto examine the file, which in turn showed
cert = /usr/local/etc/stunnel/stunnel.pem chroot = /var/tmp/stunnel setuid = stunnel setgid = stunnelManually running the following on the command line
/usr/local/bin/stunnel /usr/local/etc/stunnel/stunnel.confconfirmed that stunnel was exiting because there was no actual tunnel endpoints set up.
So I went back to the WebGUI under Services > Stunnel, and took a look at the Tunnels tab where I had 3 tunnel endpoints configured. I figured that clicking the edit button on each entry and then clicking the save button would repopulate the /usr/local/etc/stunnel/stunnel.conf file so I clicked 'edit' and subsequently 'save' for each of my tunnel endpoints.
As a precaution I navigated to the Certificates tab and did the same edit-save procedure for each of my three certificates.
I then went back to the command line and made sure my clicking around had an effect. I ran
cat /usr/local/etc/stunnel/stunnel.confand was glad to see that my clicking around the GUI wasn't in vain; the file was populated with configuration parameters defining my endpoints.
I then manually started stunnel from the commmand line with
/usr/local/bin/stunnel /usr/local/etc/stunnel/stunnel.confand my stunnel is up and running again (also shows green on the Status > Services section).
I haven't yet restarted the firewall and don't know if the solution will persist or not.
Best regards,
V