Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Stunnel became broken

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 3 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      frater
      last edited by

      I've been running 2.1 beta for a while now and a few months ago I needed stunnel to provide ssl for a little pixelserv service I am running on port 80.
      I don't know exactly when it happened, but I recently found out it wasn't running anymore and its package webif is broken.

      If I delete or try to modify the 2 items I placed there, I will get:

      Fatal error: Cannot use string offset as an array in /usr/local/pkg/stunnel.inc on line 14

      Removing and installing the package doesn't help.

      Relevant parts in my /cf/conf/config.xml

      
      <menu>
                              <name>STunnel</name>
                              <tooltiptext>The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or rbe used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate ag the OpenSSL or SSLeay libraries. It calls the underlying crypto libraries, so stunnel supports whatever cryptographic algorithms you compiled into your cryptot>
                              Services
                              <configfile>stunnel.xml</configfile></tooltiptext> </menu>
      
      .
      .
                      <package><name>stunnel</name>
                              <website>http://www.stunnel.org/</website>
      
                              <category>Network Management</category>
                              <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url>
                              <depends_on_package>stunnel-4.43.tbz</depends_on_package>
                              <depends_on_package_pbi>stunnel-4.54-i386.pbi</depends_on_package_pbi>
                              <version>4.43.0</version>
                              <status>Stable</status>
                              <pkginfolink>http://doc.pfsense.org/index.php/Stunnel_package</pkginfolink>
                              <required_version>1.2.1</required_version>
                              <config_file>http://www.pfsense.com/packages/config/stunnel.xml</config_file>
                              <configurationfile>stunnel.xml</configurationfile>
                              <build_port_path>/usr/ports/security/stunnel</build_port_path>
                              <build_options>WITHOUT_FORK=true;WITH_PTHREAD=true;WITHOUT_UCONTEXT=true;WITHOUT_IPV6=true;WITH_LIBWRAP=true;WITHOUT_SSL_PORT=true</build_options></package> 
      .
      .
      .
                      <service><name>stunnel</name>
                              <rcfile>/usr/local/etc/rc.d/stunnel.sh</rcfile>
                              <executable>stunnel</executable></service> 
      
      .
      .
      .
                      <stunnelcerts><stunnel><config><localip>10.0.200.1</localip>
                                      <localport>443</localport>
                                      <certificate><redirectip>10.0.200.1</redirectip>
                                      <redirectport>80</redirectport>
                                      <sourceip>10.0.200.1</sourceip></certificate></config> 
                              <config><localip>10.0.185.1</localip>
                                      <localport>443</localport>
                                      <certificate><redirectip>10.0.185.1</redirectip>
                                      <redirectport>80</redirectport></certificate></config></stunnel> 
                      <tab><text>Tunnels</text>
                              <url>/pkg.php?xml=stunnel.xml</url>
                              <active></active></tab> 
      .
      .
      .</stunnelcerts> 
      
      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        The stunnel package hasn't changed in years… Are you sure nothing changed in your config?

        The line producing the error seems to indicate that it doesn't have any certificate data to work with for that tunnel, which seems to be true since "stunnelcerts" is empty in your config when it should have at least one certificate for each tunnel.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • panzP
          panz
          last edited by

          Testing now stunnel on 2.1RC1 and can't even get it to start. stunnel service onestart tells me that it can't find the service in any rc, but in fact it's correctly configured.

          pfSense 2.3.2-RELEASE-p1 (amd64)
          motherboard: MSI C847MS-E33 Micro ATX (with Intel Celeron CPU 847 @ 1.10 GHz) ~ PSU: Corsair VS350 ~ RAM: Kingston KVR1333D3E9S 4096 MB 240-pin DIMM DDR3 SDRAM 1.5 volt ~ NIC: Intel EXPI9301CTBLK (LAN) ~ NIC: D-Link DFE-528TX (CAM) ~ Hard Disk: Western Digital WD10JFCX Red ~ Case: Cooler Master HAF XB ~ power consumption: 21 Watts.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.