Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    STunnel Is Modifying PEM File Incorrectly & Not Recreating /var/tmp/stunnel

    Scheduled Pinned Locked Moved pfSense Packages
    11 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alteredstate @alteredstate
      last edited by

      ....Xhnsugqd
      -----END PRIVATE KEY----------BEGIN CERTIFICATE-----
      MIIGaTCCB....
      

      Adding an extra line at the end of: "-----END PRIVATE KEY-----" in the "Private key data" section seems to have fixed this issue and it is properly formatted during a service restart.

      0_1542201796770_0fd79b24-dbeb-4262-b768-1c1a13641dfe-image.png

      But there's still the issue where:

      /var/tmp/stunnel
      

      is removed during a reboot. Is it acceptable to move this directory inside of:

      /usr/local/etc/stunnel
      
      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Stunnel wasn't modifying the pem incorrectly, it just didn't handle a private key that was imported without a trailing newline.

        https://redmine.pfsense.org/issues/9118

        Fixed in stunnel pkg version 5.47, which should show up for upgrade shortly.

        Also, the /var/tmp/stunnel parts are a chroot and not meant to be altered. They will be regenerated when needed.

        The config files written by a package (or even the base system) are never meant to be modified by hand and will be overwritten by the package when syncing, at boot, etc.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        A 1 Reply Last reply Reply Quote 0
        • A
          alteredstate @jimp
          last edited by

          @jimp said in STunnel Is Modifying PEM File Incorrectly & Not Recreating /var/tmp/stunnel:

          Stunnel wasn't modifying the pem incorrectly, it just didn't handle a private key that was imported without a trailing newline.

          https://redmine.pfsense.org/issues/9118

          Fixed in stunnel pkg version 5.47, which should show up for upgrade shortly.

          Also, the /var/tmp/stunnel parts are a chroot and not meant to be altered. They will be regenerated when needed.

          The config files written by a package (or even the base system) are never meant to be modified by hand and will be overwritten by the package when syncing, at boot, etc.

          I'm not altering the:

          /var/tmp/stunnel
          

          something (I assume pfSense or STunnel) is removing that directory after a reboot. I just rebooted pfSense and that directory is gone preventing STunnel from starting.

          This is the error I'm seeing:

          [!] chroot: No such file or directory (2)
          

          See, there's no "stunnel" directory here:

          [2.4.4-RELEASE][admin@pfSense]/root: ls -alh /var/tmp/
          total 16
          drwxrwxrwt   4 root  wheel   512B Nov 14 11:51 .
          drwxr-xr-x  15 root  wheel   512B Nov 14 11:51 ..
          drwxr-xr-x   7 root  wheel   512B Nov 14 11:51 nginx
          drwxr-xr-x   2 root  wheel   512B Nov 14 11:51 vi.recover
          

          Create the directory:

          [2.4.4-RELEASE][admin@pfSense]/root: mkdir /var/tmp/stunnel
          

          Now STunnel starts up and everyone is happy! Would you fix this please?

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            It starts up fine after a reboot here. Do you maybe have /var/ and /tmp/ in RAM disks?

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            A 1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              That should be fixed now, too, once the new packages are built you'll see another update.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • A
                alteredstate @jimp
                last edited by

                @jimp said in STunnel Is Modifying PEM File Incorrectly & Not Recreating /var/tmp/stunnel:

                It starts up fine after a reboot here. Do you maybe have /var/ and /tmp/ in RAM disks?

                Yes, I have this enabled in pfSense:

                0_1542216061677_ba788096-5b76-4005-a858-fddeb0c27e4f-image.png

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  That is what is causing it to be removed every reboot, not the package.

                  I made the package re-create the dirs on each sync now though so it should be fine.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  A 1 Reply Last reply Reply Quote 0
                  • A
                    alteredstate @jimp
                    last edited by

                    @jimp said in STunnel Is Modifying PEM File Incorrectly & Not Recreating /var/tmp/stunnel:

                    That is what is causing it to be removed every reboot, not the package.

                    I made the package re-create the dirs on each sync now though so it should be fine.

                    Great! and this is the updated package you are soon going to add to the repo?

                    1 Reply Last reply Reply Quote 0
                    • jimpJ
                      jimp Rebel Alliance Developer Netgate
                      last edited by

                      It should already be up and available for 2.4.4 users. If not, it will be in a few moments.

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      A 1 Reply Last reply Reply Quote 0
                      • A
                        alteredstate @jimp
                        last edited by

                        @jimp said in STunnel Is Modifying PEM File Incorrectly & Not Recreating /var/tmp/stunnel:

                        It should already be up and available for 2.4.4 users. If not, it will be in a few moments.

                        Wonderful, thanks for the help!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.