Page 1 of 2

Connection Refused

Posted: Mon Oct 06, 2008 1:20 am
by sam_scott89
Hi guys, running Ubuntu, have installed stunnel and dcpp, both seem to be working fine. But trying to connect to the localhost:8000 connection, I repeatedly get:

*** Connecting to localhost:8000...
*** Connected
*** Connect failed: Connection refused

Would be grateful for any ideas

Posted: Mon Oct 06, 2008 1:29 am
by mids
I'm no expert, but did you use the preconfigured stunnel available here (http://www.twofo.co.uk/resources/stunnel.rar) or the standard one google points you to?

EDIT: that's the one I used for windows last year, not sure if it'd work on linux boxes, but there's a part further down the connect page (see below) which explains how to modify your stunnel configuration file...

Also - stunnel has to be running whenever you try to connect to localhost:8000 otherwise it won't connect...

Rampage would be the one to ask about Ubuntu related matters if it's neither of the problems I could think of, I'm sure he's floating around somewhere... and Astropoint knows pretty much everything there is to know about DC++...

Hopefully they'll drop by at some point to back me up/tear me down...

Good luck connecting again, sam_scott89

(further info: http://www.twofo.co.uk/wiki/index.php/Connect)

Posted: Mon Oct 06, 2008 7:41 am
by Rampage
mids is right, have you followed the steps at http://www.twofo.co.uk/wiki/index.php/C ... inux_Users to configure stunnel?

If you have could you please post the contents of your "/etc/stunnel/stunnel.conf" file here

Posted: Mon Oct 06, 2008 8:36 am
by cocodude
FYI, Valknut supports SSH connections directly so there's no need for stunnel. Valknut isn't that great though so we highly recommend Linux DC++.

Posted: Mon Oct 06, 2008 8:40 am
by astropoint
For the purposes of here that means just doing the following to get onto twofo on valknut:

(Yes it looks like alot of steps, but some of them are just "click on this" type things so it takes barely any time at all)

1. Open the hub list (Action menu -> Hub list), if it's not already open

2. Click the "Bookmarks" tab

3. Right click anywhere in the bookmarks list and choose "Add" to bring up the add bookmark dialog

4. Put "hub.twofo.co.uk:4146" in the "Host" box

5. Tick the box next to "Profile", so that the Profile button gets enabled

6. Press the Profile button. The dialog gets bigger, and a "Secure Socket Layer" checkbox appears

7. Tick the "Secure Socket Layer" box, and just connect to the hub.

8. Put your IP from http://checkip.dyndns.org into the IP box in settings.

9. Go to File --> Quick Options --> Download Mode: Single to disable multi source downloading if on campus. See the FAQ for a detailed explanation as to why this should be done.

Posted: Mon Oct 06, 2008 3:49 pm
by sam_scott89
Rampage wrote:mids is right, have you followed the steps at http://www.twofo.co.uk/wiki/index.php/C ... inux_Users to configure stunnel?

If you have could you please post the contents of your "/etc/stunnel/stunnel.conf" file here
I think it probably is a problem with stunnel. Had a good search on the internet before asking here. Have used the preconfigured version of the conf file as below:

Code: Select all

; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular configuration
; Please make sure you understand them (especially the effect of chroot jail)

; Certificate/key is needed in server mode and optional in client mode
;cert = /etc/stunnel/mail.pem
;key = /etc/stunnel/mail.pem

; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3

; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
; PID is created inside chroot jail
pid = /stunnel4.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
;CAfile = /etc/stunnel/certs.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /etc/stunnel/crls.pem

; Some debugging stuff useful for troubleshooting
;debug = 7
;output = /var/log/stunnel4/stunnel.log

; Use it for client mode
client = yes

; Service-level configuration

[twofo]
connect = hub.twofo.co.uk:4146
accept = 127.0.0.1:8000

[pop3s]
accept  = 995
connect = 110

[imaps]
accept  = 993
connect = 143

[ssmtp]
accept  = 465
connect = 25

;[https]
;accept  = 443
;connect = 80
;TIMEOUTclose = 0

; vim:ft=dosini
have tried some other things. the problem seems to be that for some reason a stunnel.pem file isn't being created. but all guides on the internet haven't found me a solution so far...

My problem with stunnel follows this thread basically: http://ubuntuforums.org/archive/in.dex. ... 79779.html But the thread is closed.
Had seen somewhere that ps -A |grep stunnel will show if stunnel is running, my output for that is:
7793 ? 00:00:00 stunnel4
7794 ? 00:00:00 stunnel4
7795 ? 00:00:00 stunnel4
7796 ? 00:00:00 stunnel4
7797 ? 00:00:00 stunnel4
7798 ? 00:00:00 stunnel4

It may look like I just have to give up and use my vista partition for dc++ instead. would be a shame though.

Thanks a lot guys for replying so quick btw!

Posted: Mon Oct 06, 2008 4:07 pm
by astropoint
If it's simply a case of not creating the stunnel.pem file, have you tried sticking the one from the windows zip file into the relevant location? it's all stunnel after all...

http://www.twofo.co.uk/resources/stunnel.zip

Posted: Mon Oct 06, 2008 4:26 pm
by sam_scott89
astropoint wrote:If it's simply a case of not creating the stunnel.pem file, have you tried sticking the one from the windows zip file into the relevant location? it's all stunnel after all...

http://www.twofo.co.uk/resources/stunnel.zip
Yea, its the same as in the ubuntuforums thread. copied to the stunnel folder, changed permissions of the pem file

The error message in the terminal is:
sam@sam-laptop:~/Desktop/stunnel-4.26$ stunnel
2008.10.06 17:25:43 LOG3[5649:140360964830944]: Error reading certificate file: /etc/stunnel/stunnel.pem
2008.10.06 17:25:43 LOG3[5649:140360964830944]: error stack: 140DC002 : error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib
2008.10.06 17:25:43 LOG3[5649:140360964830944]: error stack: 20074002 : error:20074002:BIO routines:FILE_CTRL:system lib
2008.10.06 17:25:43 LOG3[5649:140360964830944]: SSL_CTX_use_certificate_chain_file: 200100D: error:0200100D:system library:fopen:Permission denied

Posted: Mon Oct 06, 2008 4:51 pm
by astropoint
You should be running 'sudo stunnel4' I think, rather than just 'stunnel'

Posted: Mon Oct 06, 2008 4:53 pm
by sam_scott89
astropoint wrote:You should be running 'sudo stunnel4' I think, rather than just 'stunnel'
Well that just doesn't do anything

Posted: Mon Oct 06, 2008 4:54 pm
by sam_scott89
It shouldnt matter I don't think. There's only 1 version of stunnel on my comp

Posted: Mon Oct 06, 2008 5:35 pm
by astropoint
I meant to sudo bit mainly. From what I remember it isn't meant to run not as root.

Posted: Mon Oct 06, 2008 7:33 pm
by Rampage
there is no need of the stunnel.pem file as you are only using stunnel as a client rather than the server.

And from your output stunnel is running os I don't see why it would not be accepting connections.

Try redownload the config file from http://www.twofo.co.uk/wiki/index.php/C ... inux_Users and then run

Code: Select all

sudo stunnel4
Then run the following code and check if stunnel is listening on port 8000.

Code: Select all

netstat -l | grep 8000
which will output something like

Code: Select all

tcp        0      0 *:8000                  *:*                     LISTEN  
Hope that fixes things
Cheers

Posted: Tue Oct 07, 2008 7:32 pm
by xyzzy
The stunnel.conf in the .zip needlessly loads the stunnel sample certificate, the one here: http://www.twofo.co.uk/resources/stunnel.conf has a load of extra security for servers (change user/group/root directory) which probably doesn't help.

The minimal config file is:

Code: Select all

output = /tmp/stunnel.log
pid = /tmp/stunnel.pid

[twofo]
client = yes
connect = hub.twofo.co.uk:4146
accept = localhost:8000
That doesn't require sudo.

Posted: Tue Oct 07, 2008 7:49 pm
by Rampage
Thanks for the info