Replaced a linux router with pfsense to handle NAT. Before stunnel worked from a remote site to a port on the linux router that forwarded to an internal mysql server. Now I haven’t been able to get it working with PFSense, I added the Stunnel package, added the certificate from the remote side into pfsense, and set up the listening port. But when the remote side tries to connect, it just gets:
“ERROR 2013 (HY000): Lost connection to MySQL server at ‘reading initial communication packet’, system error: 104”
and there doesn’t seem to be any logging in PFsense to show whether the connection happened or not. Is there any way to see that logged? how can i troubleshoot this further?
Well I just found in the ‘system’ log messages such as the following:
connect_blocking: s_poll_wait 192.168.0.2:3306: TIMEOUTconnect exceeded
but wonder why it’s timing out? This worked from the linux router on the same internal ip…
Resolved: the source address in pfsense Stunnel needs to be the internal LAN address, but I had the WAN address in there. Obvious in retrospect!