• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Stunnel Refuses To Start After Installing

Scheduled Pinned Locked Moved pfSense Packages
stunnelcertificatepackages
2 Posts 1 Posters 1.3k Views 1 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A Offline
    alteredstate
    last edited by Sep 9, 2018, 3:54 PM

    Hello Everyone,

    Stunnel 5.37 refuses to start on pfSense 2.4.3-RELEASE-p1 (amd64) with this error in the log:

    Sep 9 00:31:03	stunnel		LOG5[ui]: stunnel 5.44 on amd64-portbld-freebsd11.1 platform
    Sep 9 00:31:03	stunnel		LOG5[ui]: Compiled/running with OpenSSL 1.0.2m-freebsd 2 Nov 2017
    Sep 9 00:31:03	stunnel		LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI
    Sep 9 00:31:03	stunnel		LOG5[ui]: Reading configuration from file /usr/local/etc/stunnel/stunnel.conf
    Sep 9 00:31:03	stunnel		LOG5[ui]: UTF-8 byte order mark not detected
    Sep 9 00:31:03	stunnel		LOG4[ui]: Insecure file permissions on /usr/local/etc/stunnel/56b3fec8a19e2.pem
    Sep 9 00:31:03	stunnel		LOG5[ui]: Configuration successful
    Sep 9 00:32:17	check_reload_status		Syncing firewall
    Sep 9 00:32:17	stunnel		LOG5[main]: Terminated
    

    First, 56b3fec8a19e2.pem does not exist in: /usr/local/etc/stunnel/ which is my webConfigurator default certificate but in the Stunnel menu I have selected the Certificate to be Default:

    0_1536508262668_Screen Shot 2018-09-09 at 11.49.24.png

    which I assumed would be the:

    /usr/local/etc/stunnel/stunnel.pem. Even the: /usr/local/etc/stunnel/stunnel.conf has the stunnel.pem set to be used:

    cert = /usr/local/etc/stunnel/stunnel.pem 
    chroot = /var/tmp/stunnel 
    setuid = stunnel 
    setgid = stunnel
    

    I'm not sure why Stunnel still wants to use the webConfigurator default certificate and at this point it appears this is preventing Stunnel from starting or is it something else?

    1 Reply Last reply Reply Quote 0
    • A Offline
      alteredstate
      last edited by Sep 12, 2018, 12:59 AM

      Would anyone have an idea as to what is going on? I'm kind of stumped at this point.

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received