treo650
Active Member
I'm still having trouble... Can you please outline the steps?
Are you using tomato or DDWRT?
Setting up stunnel on dd-wrt
- Thread starter SIMKO
- Start date
I'm still having trouble... Can you please outline the steps?
Are you using tomato or DDWRT?
123
Senior Member
wuench,
I have stunnel running on Tomato but I'm missing a key element to have it successfully redirect ports for PCs on my network.
The relevant bits from stunnel.conf:
If I try "telnet MyRouterIPAddress 5000" (telnet to my router on port 5000) from the same PC, the connection is terminated immediately.
Stunnel is running on the router, redirects requests initiated on the router itself, but does not redirect requests made from other PCs. What am I doing wrong?
I have stunnel running on Tomato but I'm missing a key element to have it successfully redirect ports for PCs on my network.
The relevant bits from stunnel.conf:
Code:
client = yes
[ssmtp]
accept = 5000
connect = smtp.gmail.com:465- I enabled debugging and saw in the router log that stunnel started successfully.
- I used netstat -a and Tomato is listening on port 5000. It says: "0.0.0.0:5000".
- Using Putty, I logged into the router and entered the following command: telnet localhost 5000
- Gmail's ESMTP server responded.
If I try "telnet MyRouterIPAddress 5000" (telnet to my router on port 5000) from the same PC, the connection is terminated immediately.
Stunnel is running on the router, redirects requests initiated on the router itself, but does not redirect requests made from other PCs. What am I doing wrong?
123
Senior Member
Some progress to report.
This morning I decided to reboot the router to see if that helps to fix anything. I discovered, for a reason I don't understand yet, the stunnel service is not started automatically.
On Tomato I navigated to "/opt/etc/init.d" (opt is on a USB flash drive) and executed "S68stunnel". I ran "ps" and saw seven instances of /opt/sbin/stunnel running (??). A "To Do" for me is to understand how Tomato is supposed to start stunnel automatically upon reboot.
Anyway, using my PC, I issued a "telnet MyRouterIPAddress 5000" and received an immediate response from Gmail's ESMTP server. This is the desired goal; the router acts as a middleman and should allow my M1 to send email using Gmail. Naturally, "telnet smtp.gmail.com 5000" does not work and I don't know why I tried that last night other than it was late and I was half-asleep (that's my excuse and I'm sticking with it).
treo650,
Thanks for the suggestion but port-forwarding is not required. Can you confirm the following:
stunnel is running. Telnet into your router and run "ps". You should see stunnel listed as a process.
Telnet into your router and then run "telnet localhost 5000". Do you get a response from gmail?
This morning I decided to reboot the router to see if that helps to fix anything. I discovered, for a reason I don't understand yet, the stunnel service is not started automatically.
On Tomato I navigated to "/opt/etc/init.d" (opt is on a USB flash drive) and executed "S68stunnel". I ran "ps" and saw seven instances of /opt/sbin/stunnel running (??). A "To Do" for me is to understand how Tomato is supposed to start stunnel automatically upon reboot.
Anyway, using my PC, I issued a "telnet MyRouterIPAddress 5000" and received an immediate response from Gmail's ESMTP server. This is the desired goal; the router acts as a middleman and should allow my M1 to send email using Gmail. Naturally, "telnet smtp.gmail.com 5000" does not work and I don't know why I tried that last night other than it was late and I was half-asleep (that's my excuse and I'm sticking with it).
treo650,
Thanks for the suggestion but port-forwarding is not required. Can you confirm the following:
stunnel is running. Telnet into your router and run "ps". You should see stunnel listed as a process.
Telnet into your router and then run "telnet localhost 5000". Do you get a response from gmail?
wuench
Senior Member
First of all, you didn't start stunnel when you ssh/telneted in right, you have it running in your startup config? If so, then it is probably a firewall (iptables) on your router blocking. I'm sorry I am not familar with Tomato, you'll probably have to research how to open up that access.
EDIT: Crosspost, glad you got it working. Yeah all the monkeying with init they do on these routers to make things easier for us, really has me confused as well....
EDIT: Crosspost, glad you got it working. Yeah all the monkeying with init they do on these routers to make things easier for us, really has me confused as well....
123
Senior Member
I spoke too soon; it's unstable. 
I tried "telnet MyRouterIPAddress 5000" again and get no response. The screen blanks, the cursor blinks, commands like "QUIT" are ignored.
I also have stunnel installed on my home server using the exact same configuration as on the Tomato router. If I use "telnet MyServerIPAddress 5000" it gets a response from Gmail every time.
Despite Tomato's logs saying everything is AOK with stunnel, there is something wrong somewhere because stunnel is unstable (for me).
I tried "telnet MyRouterIPAddress 5000" again and get no response. The screen blanks, the cursor blinks, commands like "QUIT" are ignored.
I also have stunnel installed on my home server using the exact same configuration as on the Tomato router. If I use "telnet MyServerIPAddress 5000" it gets a response from Gmail every time.
Despite Tomato's logs saying everything is AOK with stunnel, there is something wrong somewhere because stunnel is unstable (for me).
treo650
Active Member
I nominate @123.... He got it working on tomato, which is what I need!
@123, I am clueless in Linux, only a windows Guy, so seriously, I would need a step by step if you can. Or if you have the time.
I am pretty good at googling for answers, but stunnel on tomato (or even dd-wrt) is not documented on the interwebs.
So far I got, installing openwrt onto a Linux formatted usb stick... And I got the package installed, but I don't even know how to edit the conf file.
If you have time, a step by step would do me wonders!
I currently have lavabit setup for my email, but why go through the middleman, when you can use gmail directly!
@123, I am clueless in Linux, only a windows Guy, so seriously, I would need a step by step if you can. Or if you have the time.
I am pretty good at googling for answers, but stunnel on tomato (or even dd-wrt) is not documented on the interwebs.
So far I got, installing openwrt onto a Linux formatted usb stick... And I got the package installed, but I don't even know how to edit the conf file.
If you have time, a step by step would do me wonders!
I currently have lavabit setup for my email, but why go through the middleman, when you can use gmail directly!
wuench
Senior Member
I would clean up your multiple process problem first. Maybe start by killing the processes, launch stunnel in a shell then see if it is stable that way. Or maybe it is time to move to DDWRT It has been rock solid for me on DDWRT. I have several tunnels running for various things.
It has been rock solid for me on DDWRT. I have several tunnels running for various things.
123
Senior Member
treo650,
I learned Unix in the early 80's (in university and during my first job as Test Engineer). That gives me just enough experience to be dangerous with Linux.
When you say you don't know how to edit "stunnel.conf", do you mean you don't know what changes to make, or what text-editor to use, or both?
I use the "vi" editor. "vi stunnel.conf". Press "x" to delete a character. Press "i" to get into "Insert mode" and enter text, press "ESC" to get out of Insert Mode and back into "Command Mode". Enter ":wq" to write and quit the editor. Enter ":q!" to quit and discard all modifications (useful if you mangled the file and don't want to save it).
The minimum you need in stunnel.conf is:
client = yes
[ssmtp]
accept = 5000
connect = smtp.gmail.com:465
The bracketed name [ssmtp] can actually be any name you want, like [gmail] or [smtp] or [whysodifficult], stunnel just needs a unique label. I've uncommented (delete the leading semi-colon character) from ";debug = 7" in order to see more detailed log information.
I'm still having trouble figring out how Tomato is supposed to start the service automatically. Running the included S68stunnel script gives me mulitple sessions and, as per wuench's suggestion, this may the cause of the instability I'm seeing.
wuench,
I agree; the multiple instances of stunnel can't be right. Tomato has been solid but I'm having trouble finding any information on the Tomato/LinkSysInfo forum that reveals how to start the service correctly. I've seen examples where they use the "service stunnel start" command. When I try it I get a "Done" response but it fails to start stunnel. I found the S68stunnel script and it simply kills all existing stunnel processes and then runs /opt/sbin/stunnel. Why it results in mulitple stunnel processes is unclear to me.
BTW, it's telling that we're asking these questions here on friendly and helpful Cocoontech. I searched for stunnel assistance on Tomato's LinkSysInfo forum and the existing responses were few and unhelpful. Maybe I'll try searching the DDWRT forum.
I learned Unix in the early 80's (in university and during my first job as Test Engineer). That gives me just enough experience to be dangerous with Linux.
When you say you don't know how to edit "stunnel.conf", do you mean you don't know what changes to make, or what text-editor to use, or both?
I use the "vi" editor. "vi stunnel.conf". Press "x" to delete a character. Press "i" to get into "Insert mode" and enter text, press "ESC" to get out of Insert Mode and back into "Command Mode". Enter ":wq" to write and quit the editor. Enter ":q!" to quit and discard all modifications (useful if you mangled the file and don't want to save it).
The minimum you need in stunnel.conf is:
client = yes
[ssmtp]
accept = 5000
connect = smtp.gmail.com:465
The bracketed name [ssmtp] can actually be any name you want, like [gmail] or [smtp] or [whysodifficult], stunnel just needs a unique label. I've uncommented (delete the leading semi-colon character) from ";debug = 7" in order to see more detailed log information.
I'm still having trouble figring out how Tomato is supposed to start the service automatically. Running the included S68stunnel script gives me mulitple sessions and, as per wuench's suggestion, this may the cause of the instability I'm seeing.
wuench,
I agree; the multiple instances of stunnel can't be right. Tomato has been solid but I'm having trouble finding any information on the Tomato/LinkSysInfo forum that reveals how to start the service correctly. I've seen examples where they use the "service stunnel start" command. When I try it I get a "Done" response but it fails to start stunnel. I found the S68stunnel script and it simply kills all existing stunnel processes and then runs /opt/sbin/stunnel. Why it results in mulitple stunnel processes is unclear to me.
BTW, it's telling that we're asking these questions here on friendly and helpful Cocoontech. I searched for stunnel assistance on Tomato's LinkSysInfo forum and the existing responses were few and unhelpful. Maybe I'll try searching the DDWRT forum.
treo650
Active Member
Please keep us updated.
I've been trying to get it working for a few days, but eventually gave up...
Linux is a completely different language for me.
I don't even know if I have the correct /opt path with stunnel to be quite honest...
I will probably have to start from scratch, and I'll be waiting on your cliffnotes
I've been trying to get it working for a few days, but eventually gave up...
Linux is a completely different language for me.
I don't even know if I have the correct /opt path with stunnel to be quite honest...
I will probably have to start from scratch, and I'll be waiting on your cliffnotes
123
Senior Member
I killed all seven stunnel processes and then manually executed "/opt/sbin/stunnel". The result was seven fresh new stunnel processes. OK <shrug>.
I configured my M1XEP to send email via MyRouterIPAddress on port 5000, and use authentication, and then rebooted it. Using RP, I created a rule to send an email every 5 minutes (the M1XEP's built-in "Test" email button fails every time) and, lo and behold, I receive the M1's email messages, via Gmail, every 5 minutes. I've now changed the rule's interval to 30 minutes and will let it run for the rest of the day to test stunnel's stability.
I found nothing about stunnel in the DDWRT forum. I've posted a new topic on the Tomato forum describing what I did and asking how to configure it to start automatically.
I configured my M1XEP to send email via MyRouterIPAddress on port 5000, and use authentication, and then rebooted it. Using RP, I created a rule to send an email every 5 minutes (the M1XEP's built-in "Test" email button fails every time) and, lo and behold, I receive the M1's email messages, via Gmail, every 5 minutes. I've now changed the rule's interval to 30 minutes and will let it run for the rest of the day to test stunnel's stability.
I found nothing about stunnel in the DDWRT forum. I've posted a new topic on the Tomato forum describing what I did and asking how to configure it to start automatically.
Similar threads
- Sticky
