Stunnel Connection Timeouts
-
Hello Everyone,
This use to work perfectly but not sure what happened. I'm using the pfSense (2.4.4-RELEASE-p3) Stunnel (5.50) package to connect to Blue Iris security camera software installed on Windows 10. I can connect to the Blue Iris web interface as well as through the Blue Iris Android app (which is essentially using the web interface) and even view the live video feed. However if I click out of the live video feed of one camera and try to view another I receive a timeout. The strange thing is this only happens if I'm connecting outside of my local network. If I do this through my OpenVPN on pfSense or on my LAN/WiFi then everything works great even though I'm using the same URL.
Here is when I connect through my Blue Iris Android app (no OpenVPN). I'm able to log in and watch a video stream but then the app times out if I try to view another video feed or navigate back and forth. Doing this through a web browser also shows time outs.
Sep 30 12:18:10 stunnel LOG5[19]: Connection closed: 184390 byte(s) sent to TLS, 340 byte(s) sent to socket Sep 30 12:18:10 stunnel LOG3[19]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing Sep 30 12:18:09 stunnel LOG6[19]: Read socket closed (readsocket) Sep 30 12:18:09 stunnel LOG5[19]: Service [Blue Iris] connected remote server from 192.168.30.1:9941 Sep 30 12:18:09 stunnel LOG6[19]: persistence: 192.168.30.2:81 cached Sep 30 12:18:09 stunnel LOG5[19]: s_connect: connected 192.168.30.2:81 Sep 30 12:18:09 stunnel LOG6[19]: s_connect: connecting 192.168.30.2:81 Sep 30 12:18:09 stunnel LOG6[19]: TLSv1.2 ciphersuite: ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption) Sep 30 12:18:09 stunnel LOG6[19]: TLS accepted: new session negotiated Sep 30 12:18:09 stunnel LOG6[19]: No peer certificate received Sep 30 12:18:09 stunnel LOG6[19]: Peer certificate not required Sep 30 12:18:09 stunnel LOG5[19]: Service [Blue Iris] accepted connection from 70.88.30.238:45558 Sep 30 12:18:09 stunnel LOG5[16]: Connection closed: 364416 byte(s) sent to TLS, 269 byte(s) sent to socket Sep 30 12:18:09 stunnel LOG6[16]: TLS socket closed (SSL_read) Sep 30 12:18:08 stunnel LOG5[18]: Connection closed: 895 byte(s) sent to TLS, 307 byte(s) sent to socket Sep 30 12:18:08 stunnel LOG3[18]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing Sep 30 12:18:08 stunnel LOG6[18]: TLS closed (SSL_read) Sep 30 12:18:08 stunnel LOG5[18]: Service [Blue Iris] connected remote server from 192.168.30.1:34341 Sep 30 12:18:08 stunnel LOG6[18]: persistence: 192.168.30.2:81 cached Sep 30 12:18:08 stunnel LOG5[18]: s_connect: connected 192.168.30.2:81 Sep 30 12:18:08 stunnel LOG6[18]: s_connect: connecting 192.168.30.2:81 Sep 30 12:18:08 stunnel LOG6[18]: TLSv1.2 ciphersuite: ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption) Sep 30 12:18:08 stunnel LOG6[18]: TLS accepted: new session negotiated Sep 30 12:18:08 stunnel LOG6[18]: No peer certificate received Sep 30 12:18:08 stunnel LOG6[18]: Peer certificate not required Sep 30 12:18:08 stunnel LOG5[18]: Service [Blue Iris] accepted connection from 70.88.30.238:45556 Sep 30 12:18:03 stunnel LOG5[17]: Connection closed: 895 byte(s) sent to TLS, 307 byte(s) sent to socket Sep 30 12:18:03 stunnel LOG3[17]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing Sep 30 12:18:03 stunnel LOG6[17]: SSL_shutdown successfully sent close_notify alert Sep 30 12:18:03 stunnel LOG6[17]: Read socket closed (readsocket) Sep 30 12:18:03 stunnel LOG5[17]: Service [Blue Iris] connected remote server from 192.168.30.1:20582 Sep 30 12:18:03 stunnel LOG6[17]: persistence: 192.168.30.2:81 cached Sep 30 12:18:03 stunnel LOG5[17]: s_connect: connected 192.168.30.2:81 Sep 30 12:18:03 stunnel LOG6[17]: s_connect: connecting 192.168.30.2:81 Sep 30 12:18:03 stunnel LOG6[17]: TLSv1.2 ciphersuite: ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption) Sep 30 12:18:03 stunnel LOG6[17]: TLS accepted: new session negotiated Sep 30 12:18:03 stunnel LOG6[17]: No peer certificate received Sep 30 12:18:03 stunnel LOG6[17]: Peer certificate not required Sep 30 12:18:03 stunnel LOG5[17]: Service [Blue Iris] accepted connection from 70.88.30.238:45554
Here is when I first establish an OpenVPN connection and then open the Blue Iris Android app which works great and does not time out:
Sep 30 12:35:53 stunnel LOG5[241]: Connection closed: 65503 byte(s) sent to TLS, 248 byte(s) sent to socket Sep 30 12:35:53 stunnel LOG3[241]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing Sep 30 12:35:53 stunnel LOG6[241]: Read socket closed (readsocket) Sep 30 12:35:53 stunnel LOG5[241]: Service [Blue Iris] connected remote server from 192.168.30.1:52310 Sep 30 12:35:53 stunnel LOG6[241]: persistence: 192.168.30.2:81 cached Sep 30 12:35:53 stunnel LOG5[241]: s_connect: connected 192.168.30.2:81 Sep 30 12:35:53 stunnel LOG6[241]: s_connect: connecting 192.168.30.2:81 Sep 30 12:35:53 stunnel LOG6[241]: TLSv1.2 ciphersuite: ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption) Sep 30 12:35:53 stunnel LOG6[241]: TLS accepted: previous session reused Sep 30 12:35:53 stunnel LOG5[240]: Connection closed: 5991 byte(s) sent to TLS, 240 byte(s) sent to socket Sep 30 12:35:53 stunnel LOG3[240]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing Sep 30 12:35:53 stunnel LOG6[240]: SSL_shutdown successfully sent close_notify alert Sep 30 12:35:53 stunnel LOG6[240]: Read socket closed (readsocket) Sep 30 12:35:53 stunnel LOG6[241]: Peer certificate not required Sep 30 12:35:53 stunnel LOG5[241]: Service [Blue Iris] accepted connection from 10.68.77.2:58342 Sep 30 12:35:53 stunnel LOG5[240]: Service [Blue Iris] connected remote server from 192.168.30.1:4683 Sep 30 12:35:53 stunnel LOG6[240]: persistence: 192.168.30.2:81 cached Sep 30 12:35:53 stunnel LOG5[240]: s_connect: connected 192.168.30.2:81 Sep 30 12:35:53 stunnel LOG6[240]: s_connect: connecting 192.168.30.2:81 Sep 30 12:35:53 stunnel LOG6[240]: TLSv1.2 ciphersuite: ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption) Sep 30 12:35:53 stunnel LOG6[240]: TLS accepted: previous session reused Sep 30 12:35:53 stunnel LOG5[239]: Connection closed: 85960 byte(s) sent to TLS, 248 byte(s) sent to socket Sep 30 12:35:53 stunnel LOG3[239]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing Sep 30 12:35:53 stunnel LOG6[239]: SSL_shutdown successfully sent close_notify alert Sep 30 12:35:52 stunnel LOG6[239]: Read socket closed (readsocket) Sep 30 12:35:52 stunnel LOG6[240]: Peer certificate not required Sep 30 12:35:52 stunnel LOG5[240]: Service [Blue Iris] accepted connection from 10.68.77.2:58340 Sep 30 12:35:52 stunnel LOG5[238]: Connection closed: 8780 byte(s) sent to TLS, 236 byte(s) sent to socket Sep 30 12:35:52 stunnel LOG3[238]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing Sep 30 12:35:52 stunnel LOG6[238]: SSL_shutdown successfully sent close_notify alert Sep 30 12:35:52 stunnel LOG6[238]: Read socket closed (readsocket) Sep 30 12:35:52 stunnel LOG5[237]: Connection closed: 894 byte(s) sent to TLS, 307 byte(s) sent to socket Sep 30 12:35:52 stunnel LOG3[237]: transfer: s_poll_wait: TIMEOUTclose exceeded: closing Sep 30 12:35:52 stunnel LOG6[237]: SSL_shutdown successfully sent close_notify alert Sep 30 12:35:52 stunnel LOG6[237]: Read socket closed (readsocket) Sep 30 12:35:52 stunnel LOG5[238]: Service [Blue Iris] connected remote server from 192.168.30.1:24215 Sep 30 12:35:52 stunnel LOG6[238]: persistence: 192.168.30.2:81 cached Sep 30 12:35:52 stunnel LOG5[238]: s_connect: connected 192.168.30.2:81 Sep 30 12:35:52 stunnel LOG6[238]: s_connect: connecting 192.168.30.2:81 Sep 30 12:35:52 stunnel LOG6[238]: TLSv1.2 ciphersuite: ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption) Sep 30 12:35:52 stunnel LOG6[238]: TLS accepted: new session negotiated Sep 30 12:35:52 stunnel LOG6[238]: No peer certificate received Sep 30 12:35:52 stunnel LOG5[239]: Service [Blue Iris] connected remote server from 192.168.30.1:42731
I did a packet capture on that particular VLAN and noticed there was a RST package sent if this has any relevance:
(Blue Iris= 192.168.30.2)
Anyone have any ideas as to what might be causing this or some different Stunnel options I could try?