Authentication Server + STunnel does not work in specific configuration

mrnb

pfsense 2.5.2
stunnel 5.50_10

stunnel woes.png

I set up an Authentication Server to reach out to Google secure LDAP via Stunnel.

When I bind stunnel to Listen on Port 127.0.0.1:1636, and the Authentication Server reaches out to hostname 127.0.0.1:1636, it works.

However, I wanted to change the stunnel Listen on Port, so I can share the stunnel with other internal services. In this example, I am using stunnel 10.1.1.15:1636.

I also changed the Authentication server to reach out to 10.1.1.15:1636. Now the authentication server does not work.

The only error I found, when Using Diagnosis -> Authentication was in the System -> General Logs:

Mar 23 14:26:07	php-fpm	92889	/diag_authentication.php: ERROR! Could not bind to LDAP server Google Workspace. Please check the bind credentials.

I tried adding a duplicate stunnel to listen on port 127.0.0.1:1636 and another on 10.1.1.15:1636 but that also fails with the same error:

Mar 23 14:35:07	php-fpm	52277	/diag_authentication.php: ERROR! Could not bind to LDAP server Google Workspace. Please check the bind credentials.

It seems I can only have 1 stunnel internface working (even though it appears like I should be able to add multiple interfaces)

Both Stunnels share the same credentials.

I even tried to change the Listen port, in case something weird was going on, but that didn't solve it.

Anyone have any idea what might be going on?