在 Ubuntu 15.04 上启动 stunnel4 失败

Question

在 Ubuntu 15.04 上启动 stunnel4 服务时出现以下错误：

\n\n

root@scw-d91ec7:~# service stunnel4 start\nJob for stunnel4.service failed. See "systemctl status stunnel4.service" and "journalctl -xe" for details.\n\nroot@scw-d91ec7:~# systemctl status stunnel4.service\n\xe2\x97\x8f stunnel4.service - LSB: Start or stop stunnel 4.x (SSL tunnel for network daemons)\n   Loaded: loaded (/etc/init.d/stunnel4)\n   Active: failed (Result: exit-code) since Mon 2015-08-24 17:03:25 UTC; 11s ago\n     Docs: man:systemd-sysv-generator(8)\n  Process: 2869 ExecStart=/etc/init.d/stunnel4 start (code=exited, status=1/FAILURE)\n\nAug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [!] Error binding service [ssh] to 212.43.222.123:443\nAug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [!] bind: Cannot assign requested address (99)\nAug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [ ] Closing service [ssh]\nAug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [ ] Service [ssh] closed\nAug 24 17:03:25 scw-d91ec7 systemd[1]: stunnel4.service: control process exited, code=exited status=1\nAug 24 17:03:25 scw-d91ec7 systemd[1]: Failed to start LSB: Start or stop stunnel 4.x (SSL tunnel for network daemons).\nAug 24 17:03:25 scw-d91ec7 systemd[1]: Unit stunnel4.service entered failed state.\nAug 24 17:03:25 scw-d91ec7 systemd[1]: stunnel4.service failed.\nAug 24 17:03:25 scw-d91ec7 stunnel4[2869]: [Failed: /etc/stunnel/stunnel.conf]\nAug 24 17:03:25 scw-d91ec7 stunnel4[2869]: You should check that you have specified the pid= in you configuration file\n

\n\n

/etc/stunnel/stunnel.conf：

\n\n

root@scw-d91ec7:~# cat /etc/stunnel/stunnel.conf\npid = /var/run/stunnel.pid\ncert = /etc/stunnel/stunnel.pem\n[ssh] accept = 212.43.222.123:443\nconnect = 127.0.0.1:22\n

\n\n

/etc/default/stunnel4：

\n\n

root@scw-d91ec7:~# cat  /etc/default/stunnel4\n# /etc/default/stunnel\n# Julien LEMOINE <speedblue@debian.org>\n# September 2003\n\n# Change to one to enable stunnel automatic startup\nENABLED=1\nFILES="/etc/stunnel/*.conf"\nOPTIONS=""\n\n# Change to one to enable ppp restart scripts\nPPP_RESTART=0\n\n# Change to enable the setting of limits on the stunnel instances\n# For example, to set a large limit on file descriptors (to enable\n# more simultaneous client connections), set RLIMITS="-n 4096"\n# More than one resource limit may be modified at the same time,\n# e.g. RLIMITS="-n 4096 -d unlimited"\nRLIMITS=""\n

\n\n

Ubuntu 版本：

\n\n

root@scw-d91ec7:~# lsb_release -a\nNo LSB modules are available.\nDistributor ID: Ubuntu\nDescription:    Ubuntu 15.04\nRelease:    15.04\nCodename:   vivid\n

\n\n

隧道版本：

\n\n

root@scw-d91ec7:~# stunnel -version\nstunnel 5.06 on arm-unknown-linux-gnueabihf platform\nCompiled/running with OpenSSL 1.0.1f 6 Jan 2014\nThreading:PTHREAD Sockets:POLL,IPv6,SYSTEMD SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP\n\nGlobal options:\ndebug                  = daemon.notice\npid                    = /var/run/stunnel4.pid\nRNDbytes               = 64\nRNDfile                = /dev/urandom\nRNDoverwrite           = yes\n\nService-level options:\nciphers                = FIPS (with "fips = yes")\nciphers                = HIGH:MEDIUM:+3DES:+DH:!aNULL:!SSLv2 (with "fips = no")\ncurve                  = prime256v1\nsessionCacheSize       = 1000\nsessionCacheTimeout    = 300 seconds\nstack                  = 65536 bytes\nTIMEOUTbusy            = 300 seconds\nTIMEOUTclose           = 60 seconds\nTIMEOUTconnect         = 10 seconds\nTIMEOUTidle            = 43200 seconds\nverify                 = none\n

\n\n

... 更多细节：

\n\n

root@scw-d91ec7:~# journalctl -xe\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [.] Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] errno: (*__errno_location ())\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [.] Reading configuration from file /etc/stunnel/stunnel.conf\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [.] FIPS mode disabled\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Compression disabled\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Snagged 64 random bytes from /dev/urandom\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] PRNG seeded successfully\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Initializing service [ssh]\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Loading cert from file: /etc/stunnel/stunnel.pem\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Loading key from file: /etc/stunnel/stunnel.pem\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [:] Insecure file permissions on /etc/stunnel/stunnel.pem\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Private key check succeeded\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] DH initialization\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Could not load DH parameters from /etc/stunnel/stunnel.pem\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Using hardcoded DH parameters\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] DH initialized with 2048-bit key\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] ECDH initialization\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] ECDH initialized with curve prime256v1\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] SSL options: 0x03000004 (+0x03000000, -0x00000000)\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [.] Configuration successful\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Listening file descriptor created (FD=7)\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [!] Error binding service [ssh] to 212.43.222.123:443\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [!] bind: Cannot assign requested address (99)\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Closing service [ssh]\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [ ] Service [ssh] closed\nAug 24 17:18:12 scw-d91ec7 systemd[1]: stunnel4.service: control process exited, code=exited status=1\nAug 24 17:18:12 scw-d91ec7 systemd[1]: Failed to start LSB: Start or stop stunnel 4.x (SSL tunnel for network daemons).\n-- Subject: Unit stunnel4.service has failed\n-- Defined-By: systemd\n-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel\n-- \n-- Unit stunnel4.service has failed.\n-- \n-- The result is failed.\nAug 24 17:18:12 scw-d91ec7 systemd[1]: Unit stunnel4.service entered failed state.\nAug 24 17:18:12 scw-d91ec7 systemd[1]: stunnel4.service failed.\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: [Failed: /etc/stunnel/stunnel.conf]\nAug 24 17:18:12 scw-d91ec7 stunnel4[3924]: You should check that you have specified the pid= in you configuration file\n

\n\n

任何想法 ？

\n

Answer 1

这212.43.222.123真的是你服务器的 IP 地址吗，还是你在某些东西后面进行了 NAT？如果您是 NAT，那么您accept =需要指向您的 LAN ip。

的输出是什么ifconfig？

或者我想知道/etc/services/文件是否阻止您将端口 443 绑定到 https 以外的服务；如果这确实是 IP 地址，请尝试注释掉引用 443 的 2 行，/etc/services然后再次重新启动 stunnel4。

默认/etc/services行：

https           443/tcp                         # http protocol over TLS/SSL
https           443/udp

更改后：

#https           443/tcp                         # http protocol over TLS/SSL
#https           443/udp