我在Ubuntu 15.04上启动stunnel4服务时出现以下错误:
root@scw-d91ec7:~# service stunnel4 start Job for stunnel4.service Failed. See "systemctl status stunnel4.service" and "journalctl -xe" for details. root@scw-d91ec7:~# systemctl status stunnel4.service ● stunnel4.service - LSB: Start or stop stunnel 4.x (SSL tunnel for network daemons) Loaded: loaded (/etc/init.d/stunnel4) Active: Failed (Result: exit-code) since Mon 2015-08-24 17:03:25 UTC; 11s ago Docs: man:systemd-sysv-generator(8) Process: 2869 ExecStart=/etc/init.d/stunnel4 start (code=exited,status=1/FAILURE) Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [!] Error binding service [ssh] to 212.43.222.123:443 Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [!] bind: Cannot assign requested address (99) Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [ ] Closing service [ssh] Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [ ] Service [ssh] closed Aug 24 17:03:25 scw-d91ec7 systemd[1]: stunnel4.service: control process exited,code=exited status=1 Aug 24 17:03:25 scw-d91ec7 systemd[1]: Failed to start LSB: Start or stop stunnel 4.x (SSL tunnel for network daemons). Aug 24 17:03:25 scw-d91ec7 systemd[1]: Unit stunnel4.service entered Failed state. Aug 24 17:03:25 scw-d91ec7 systemd[1]: stunnel4.service Failed. Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [Failed: /etc/stunnel/stunnel.conf] Aug 24 17:03:25 scw-d91ec7 stunnel4[2869]: You should check that you have specified the pid= in you configuration file
/etc/stunnel/stunnel.conf:
root@scw-d91ec7:~# cat /etc/stunnel/stunnel.conf pid = /var/run/stunnel.pid cert = /etc/stunnel/stunnel.pem [ssh] accept = 212.43.222.123:443 connect = 127.0.0.1:22
在/ etc /默认/ stunnel4:
root@scw-d91ec7:~# cat /etc/default/stunnel4 # /etc/default/stunnel # Julien LEMOINE <speedblue@debian.org> # September 2003 # Change to one to enable stunnel automatic startup ENABLED=1 FILES="/etc/stunnel/*.conf" OPTIONS="" # Change to one to enable ppp restart scripts PPP_RESTART=0 # Change to enable the setting of limits on the stunnel instances # For example,to set a large limit on file descriptors (to enable # more simultaneous client connections),set RLIMITS="-n 4096" # More than one resource limit may be modified at the same time,# e.g. RLIMITS="-n 4096 -d unlimited" RLIMITS=""
Ubuntu发布:
root@scw-d91ec7:~# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 15.04 Release: 15.04 Codename: vivid
stunnel版本:
root@scw-d91ec7:~# stunnel -version stunnel 5.06 on arm-unknown-linux-gnueabihf platform Compiled/running with OpenSSL 1.0.1f 6 Jan 2014 Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP Global options: debug = daemon.notice pid = /var/run/stunnel4.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes Service-level options: ciphers = FIPS (with "fips = yes") ciphers = HIGH:MEDIUM:+3DES:+DH:!aNULL:!SSLv2 (with "fips = no") curve = prime256v1 sessionCacheSize = 1000 sessionCacheTimeout = 300 seconds stack = 65536 bytes TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none
… 更多细节:
root@scw-d91ec7:~# journalctl -xe Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [.] Threading:PTHREAD Sockets:POLL,FIPS Auth:LIBWRAP Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] errno: (*__errno_location ()) Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [.] Reading configuration from file /etc/stunnel/stunnel.conf Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [.] FIPS mode disabled Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Compression disabled Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Snagged 64 random bytes from /dev/urandom Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] PRNG seeded successfully Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Initializing service [ssh] Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Loading cert from file: /etc/stunnel/stunnel.pem Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Loading key from file: /etc/stunnel/stunnel.pem Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [:] Insecure file permissions on /etc/stunnel/stunnel.pem Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Private key check succeeded Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] DH initialization Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Could not load DH parameters from /etc/stunnel/stunnel.pem Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Using hardcoded DH parameters Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] DH initialized with 2048-bit key Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] ECDH initialization Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] ECDH initialized with curve prime256v1 Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] SSL options: 0x03000004 (+0x03000000,-0x00000000) Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [.] Configuration successful Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Listening file descriptor created (FD=7) Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [!] Error binding service [ssh] to 212.43.222.123:443 Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [!] bind: Cannot assign requested address (99) Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Closing service [ssh] Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Service [ssh] closed Aug 24 17:18:12 scw-d91ec7 systemd[1]: stunnel4.service: control process exited,code=exited status=1 Aug 24 17:18:12 scw-d91ec7 systemd[1]: Failed to start LSB: Start or stop stunnel 4.x (SSL tunnel for network daemons). -- Subject: Unit stunnel4.service has Failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit stunnel4.service has Failed. -- -- The result is Failed. Aug 24 17:18:12 scw-d91ec7 systemd[1]: Unit stunnel4.service entered Failed state. Aug 24 17:18:12 scw-d91ec7 systemd[1]: stunnel4.service Failed. Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [Failed: /etc/stunnel/stunnel.conf] Aug 24 17:18:12 scw-d91ec7 stunnel4[3924]: You should check that you have specified the pid= in you configuration file
任何的想法 ?
这212.43.222.123真的是你的服务器的IP地址,还是你背后的NAT?如果你是NAT,那么你的accept =需要指向你的局域网IP.
原文链接:https://www.f2er.com/ubuntu/347566.htmlifconfig的输出是什么?
或者我想知道/etc/services/文件是否阻止您将端口443绑定到https以外的服务;如果这确实是ip地址,请尝试在/ etc / services中注释掉引用443的2行,然后再次重启stunnel4.
默认/ etc / services行:
https 443/tcp # http protocol over TLS/SSL https 443/udp
改变后:
#https 443/tcp # http protocol over TLS/SSL #https 443/udp
