Stunnel Connection Timeouts



  • Hello Everyone,

    This use to work perfectly but not sure what happened. I'm using the pfSense (2.4.4-RELEASE-p3) Stunnel (5.50) package to connect to Blue Iris security camera software installed on Windows 10. I can connect to the Blue Iris web interface as well as through the Blue Iris Android app (which is essentially using the web interface) and even view the live video feed. However if I click out of the live video feed of one camera and try to view another I receive a timeout. The strange thing is this only happens if I'm connecting outside of my local network. If I do this through my OpenVPN on pfSense or on my LAN/WiFi then everything works great even though I'm using the same URL.

    Here is when I connect through my Blue Iris Android app (no OpenVPN). I'm able to log in and watch a video stream but then the app times out if I try to view another video feed or navigate back and forth. Doing this through a web browser also shows time outs.

    Sep 30 12:18:10	stunnel		LOG5[19]: Connection closed: 184390 byte(s) sent to TLS, 340 byte(s) sent to socket
    Sep 30 12:18:10	stunnel		LOG3[19]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing
    Sep 30 12:18:09	stunnel		LOG6[19]: Read socket closed (readsocket)
    Sep 30 12:18:09	stunnel		LOG5[19]: Service [Blue Iris] connected remote server from 192.168.30.1:9941
    Sep 30 12:18:09	stunnel		LOG6[19]: persistence: 192.168.30.2:81 cached
    Sep 30 12:18:09	stunnel		LOG5[19]: s_connect: connected 192.168.30.2:81
    Sep 30 12:18:09	stunnel		LOG6[19]: s_connect: connecting 192.168.30.2:81
    Sep 30 12:18:09	stunnel		LOG6[19]: TLSv1.2 ciphersuite: ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption)
    Sep 30 12:18:09	stunnel		LOG6[19]: TLS accepted: new session negotiated
    Sep 30 12:18:09	stunnel		LOG6[19]: No peer certificate received
    Sep 30 12:18:09	stunnel		LOG6[19]: Peer certificate not required
    Sep 30 12:18:09	stunnel		LOG5[19]: Service [Blue Iris] accepted connection from 70.88.30.238:45558
    Sep 30 12:18:09	stunnel		LOG5[16]: Connection closed: 364416 byte(s) sent to TLS, 269 byte(s) sent to socket
    Sep 30 12:18:09	stunnel		LOG6[16]: TLS socket closed (SSL_read)
    Sep 30 12:18:08	stunnel		LOG5[18]: Connection closed: 895 byte(s) sent to TLS, 307 byte(s) sent to socket
    Sep 30 12:18:08	stunnel		LOG3[18]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing
    Sep 30 12:18:08	stunnel		LOG6[18]: TLS closed (SSL_read)
    Sep 30 12:18:08	stunnel		LOG5[18]: Service [Blue Iris] connected remote server from 192.168.30.1:34341
    Sep 30 12:18:08	stunnel		LOG6[18]: persistence: 192.168.30.2:81 cached
    Sep 30 12:18:08	stunnel		LOG5[18]: s_connect: connected 192.168.30.2:81
    Sep 30 12:18:08	stunnel		LOG6[18]: s_connect: connecting 192.168.30.2:81
    Sep 30 12:18:08	stunnel		LOG6[18]: TLSv1.2 ciphersuite: ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption)
    Sep 30 12:18:08	stunnel		LOG6[18]: TLS accepted: new session negotiated
    Sep 30 12:18:08	stunnel		LOG6[18]: No peer certificate received
    Sep 30 12:18:08	stunnel		LOG6[18]: Peer certificate not required
    Sep 30 12:18:08	stunnel		LOG5[18]: Service [Blue Iris] accepted connection from 70.88.30.238:45556
    Sep 30 12:18:03	stunnel		LOG5[17]: Connection closed: 895 byte(s) sent to TLS, 307 byte(s) sent to socket
    Sep 30 12:18:03	stunnel		LOG3[17]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing
    Sep 30 12:18:03	stunnel		LOG6[17]: SSL_shutdown successfully sent close_notify alert
    Sep 30 12:18:03	stunnel		LOG6[17]: Read socket closed (readsocket)
    Sep 30 12:18:03	stunnel		LOG5[17]: Service [Blue Iris] connected remote server from 192.168.30.1:20582
    Sep 30 12:18:03	stunnel		LOG6[17]: persistence: 192.168.30.2:81 cached
    Sep 30 12:18:03	stunnel		LOG5[17]: s_connect: connected 192.168.30.2:81
    Sep 30 12:18:03	stunnel		LOG6[17]: s_connect: connecting 192.168.30.2:81
    Sep 30 12:18:03	stunnel		LOG6[17]: TLSv1.2 ciphersuite: ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption)
    Sep 30 12:18:03	stunnel		LOG6[17]: TLS accepted: new session negotiated
    Sep 30 12:18:03	stunnel		LOG6[17]: No peer certificate received
    Sep 30 12:18:03	stunnel		LOG6[17]: Peer certificate not required
    Sep 30 12:18:03	stunnel		LOG5[17]: Service [Blue Iris] accepted connection from 70.88.30.238:45554
    

    Here is when I first establish an OpenVPN connection and then open the Blue Iris Android app which works great and does not time out:

    Sep 30 12:35:53	stunnel		LOG5[241]: Connection closed: 65503 byte(s) sent to TLS, 248 byte(s) sent to socket
    Sep 30 12:35:53	stunnel		LOG3[241]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing
    Sep 30 12:35:53	stunnel		LOG6[241]: Read socket closed (readsocket)
    Sep 30 12:35:53	stunnel		LOG5[241]: Service [Blue Iris] connected remote server from 192.168.30.1:52310
    Sep 30 12:35:53	stunnel		LOG6[241]: persistence: 192.168.30.2:81 cached
    Sep 30 12:35:53	stunnel		LOG5[241]: s_connect: connected 192.168.30.2:81
    Sep 30 12:35:53	stunnel		LOG6[241]: s_connect: connecting 192.168.30.2:81
    Sep 30 12:35:53	stunnel		LOG6[241]: TLSv1.2 ciphersuite: ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption)
    Sep 30 12:35:53	stunnel		LOG6[241]: TLS accepted: previous session reused
    Sep 30 12:35:53	stunnel		LOG5[240]: Connection closed: 5991 byte(s) sent to TLS, 240 byte(s) sent to socket
    Sep 30 12:35:53	stunnel		LOG3[240]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing
    Sep 30 12:35:53	stunnel		LOG6[240]: SSL_shutdown successfully sent close_notify alert
    Sep 30 12:35:53	stunnel		LOG6[240]: Read socket closed (readsocket)
    Sep 30 12:35:53	stunnel		LOG6[241]: Peer certificate not required
    Sep 30 12:35:53	stunnel		LOG5[241]: Service [Blue Iris] accepted connection from 10.68.77.2:58342
    Sep 30 12:35:53	stunnel		LOG5[240]: Service [Blue Iris] connected remote server from 192.168.30.1:4683
    Sep 30 12:35:53	stunnel		LOG6[240]: persistence: 192.168.30.2:81 cached
    Sep 30 12:35:53	stunnel		LOG5[240]: s_connect: connected 192.168.30.2:81
    Sep 30 12:35:53	stunnel		LOG6[240]: s_connect: connecting 192.168.30.2:81
    Sep 30 12:35:53	stunnel		LOG6[240]: TLSv1.2 ciphersuite: ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption)
    Sep 30 12:35:53	stunnel		LOG6[240]: TLS accepted: previous session reused
    Sep 30 12:35:53	stunnel		LOG5[239]: Connection closed: 85960 byte(s) sent to TLS, 248 byte(s) sent to socket
    Sep 30 12:35:53	stunnel		LOG3[239]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing
    Sep 30 12:35:53	stunnel		LOG6[239]: SSL_shutdown successfully sent close_notify alert
    Sep 30 12:35:52	stunnel		LOG6[239]: Read socket closed (readsocket)
    Sep 30 12:35:52	stunnel		LOG6[240]: Peer certificate not required
    Sep 30 12:35:52	stunnel		LOG5[240]: Service [Blue Iris] accepted connection from 10.68.77.2:58340
    Sep 30 12:35:52	stunnel		LOG5[238]: Connection closed: 8780 byte(s) sent to TLS, 236 byte(s) sent to socket
    Sep 30 12:35:52	stunnel		LOG3[238]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing
    Sep 30 12:35:52	stunnel		LOG6[238]: SSL_shutdown successfully sent close_notify alert
    Sep 30 12:35:52	stunnel		LOG6[238]: Read socket closed (readsocket)
    Sep 30 12:35:52	stunnel		LOG5[237]: Connection closed: 894 byte(s) sent to TLS, 307 byte(s) sent to socket
    Sep 30 12:35:52	stunnel		LOG3[237]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing
    Sep 30 12:35:52	stunnel		LOG6[237]: SSL_shutdown successfully sent close_notify alert
    Sep 30 12:35:52	stunnel		LOG6[237]: Read socket closed (readsocket)
    Sep 30 12:35:52	stunnel		LOG5[238]: Service [Blue Iris] connected remote server from 192.168.30.1:24215
    Sep 30 12:35:52	stunnel		LOG6[238]: persistence: 192.168.30.2:81 cached
    Sep 30 12:35:52	stunnel		LOG5[238]: s_connect: connected 192.168.30.2:81
    Sep 30 12:35:52	stunnel		LOG6[238]: s_connect: connecting 192.168.30.2:81
    Sep 30 12:35:52	stunnel		LOG6[238]: TLSv1.2 ciphersuite: ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption)
    Sep 30 12:35:52	stunnel		LOG6[238]: TLS accepted: new session negotiated
    Sep 30 12:35:52	stunnel		LOG6[238]: No peer certificate received
    Sep 30 12:35:52	stunnel		LOG5[239]: Service [Blue Iris] connected remote server from 192.168.30.1:42731
    

    I did a packet capture on that particular VLAN and noticed there was a RST package sent if this has any relevance:
    (Blue Iris= 192.168.30.2)
    9c64935b-10b4-4db5-88f7-286de6b7d618-image.png

    Anyone have any ideas as to what might be causing this or some different Stunnel options I could try?


Log in to reply