Hi Yutaka, Thanks for your reply. I've been testing using the same config file, with 9.8.5-pre1, but I'm still unsuccessfull. No traffic appears to be going to the destination server (when looking in our firewall logging). Here's the logfile: 09/05 08:35:20.90 [1400] 0+0: --- [ssl] 0 dglibssl.dll 09/05 08:35:20.90 [1400] 0+0: --- [ssl] 0 ssl.dll 09/05 08:35:20.90 [1400] 0+0: --- [ssl] 0 ssl 09/05 08:35:20.90 [1400] 0+0: ## cannot load ssl 09/05 08:35:20.90 [1400] 0+0: --- [libeay32] 0 dgliblibeay32.dll 09/05 08:35:20.90 [1400] 0+0: --- [/DeleGate/lib\libeay32.dll] 09/05 08:35:20.90 [1400] 0+0: --- [libeay32] 10000000 /DeleGate/lib\libeay32.dll 09/05 08:35:20.90 [1400] 0+0: --- [libeay32] optional: SSL_set_SSL_CTX 09/05 08:35:20.90 [1400] 0+0: --- [libeay32] optional: SSL_get_servername 09/05 08:35:20.90 [1400] 0+0: --- [libeay32] optional: SSL_get_servername_type 09/05 08:35:20.90 [1400] 0+0: --- [libeay32] optional: SSL_CTX_callback_ctrl 09/05 08:35:20.90 [1400] 0+0: --- [libeay32] optional: SSL_CTX_use_certificate_chain_file 09/05 08:35:20.90 [1400] 0+0: --- [libeay32] optional: SSL_CTX_set_session_id_context 09/05 08:35:20.90 [1400] 0+0: --- [libeay32] optional: SSL_CTX_set_generate_session_id 09/05 08:35:20.90 [1400] 0+0: ---- [libeay32] loaded 102 syms, unknown=47+7, already=0 09/05 08:35:20.90 [1400] 0+0: --- [ssleay32] 0 dglibssleay32.dll 09/05 08:35:20.90 [1400] 0+0: --- [/DeleGate/lib\ssleay32.dll] 09/05 08:35:20.90 [1400] 0+0: --- [ssleay32] F00000 /DeleGate/lib\ssleay32.dll 09/05 08:35:20.90 [1400] 0+0: ---- [ssleay32] loaded 102 syms, unknown=0+0, already=47 09/05 08:35:20.90 [1400] 0+0: ---- unknown = 0+0, already = 47 / 102 09/05 08:35:20.90 [1400] 0+0: +++ loaded OpenSSL 0.9.8g 19 Oct 2007 09/05 08:35:20.92 [1400] 0+0: ... testing resolver[SYS] with 'WWW.DeleGate.ORG' 09/05 08:35:20.92 [1400] 0+0: ... you can suppress this test by RES_WAIT=0 09/05 08:35:20.92 [1400] 0+0: ... gethostname(rd-was19-v) 09/05 08:35:20.92 [1400] 0+0: configuring default RESOLV ... 09/05 08:35:20.92 [1400] 0+0: ... gethostname()='rd-was19-v' 09/05 08:35:20.92 [1400] 0+0: ... SYS: rd-was19-v -> 192.168.1.60 09/05 08:35:20.92 [1400] 0+0: ... DNS: 192.168.1.60 -> certinternal.test.nl 09/05 08:35:20.92 [1400] 0+0: ... DNS available 09/05 08:35:20.92 [1400] 0+0: ... NIS not available (no default domain) 09/05 08:35:20.92 [1400] 0+0: ... export RES_ORDER=CFD 09/05 08:35:20.92 [1400] 0+0: {R} confid(detected)[9e444c56c82dc1bc55a42ac40c686088]<-[] 09/05 08:35:20.92 [1400] 0+0: export RESOLV=cache,file,dns (set by default) SRCSIGN=9.8.5-pre1:20080905105714+0900:be5143a3b56603e2:Author@DeleGate.. ORG:a9lNFuLHuNUEQU6ImScJCllhLSiOXDlY4v5ZBpFz/hVuOAZ3vijwh5yxPnPP/7tJg/BY mkOz6qviTtWeEI/VyPz4cWtrqfWWZw/NKu4erhMyygSXAlffy9O521+JZru/T+8GBdkyjblR sWsqIMV52pPE7keWmROAqZfN5tHUT3E= BLDSIGN=9.8.5-pre1:20080905105837+0900:be5143a3b56603e2::- 09/05 08:35:20.92 [1400] 0+0: --INITIALIZATION START-08090508+0100: 9.8.5-pre1 on WindowsNT-- 09/05 08:35:20.92 [1400] 0+0: BINSHELL=/bin/sh 09/05 08:35:20.92 [1400] 0+0: MAXIMA=delegated:64 for small mem=1341M 09/05 08:35:20.92 [1400] 0+0: scan STLS and FILTERS before beDaemon()... 09/05 08:35:20.92 [1400] 0+0: FILTER[sslway]: sslway -cert lib/cert.crt -key lib/cert.key 09/05 08:35:20.92 [1400] 0+0: STLS -> CMAP="sslway -cert lib/cert.crt -key lib/cert.key:FSV:starttls" 09/05 08:35:20.92 [1400] 0+0: STLS -> CMAP="sslway -cert lib/cert.crt -key lib/cert.key:FCL:starttls" 09/05 08:35:20.92 [1400] 0+0: --- [dgzlib1] 0 dglibdgzlib1.dll 09/05 08:35:20.94 [1400] 0+0: --- [C:\delegate\dgzlib1.dll] 09/05 08:35:20.94 [1400] 0+0: --- [dgzlib1] FC0000 C:\delegate\dgzlib1.dll 09/05 08:35:20.94 [1400] 0+0: ---- [dgzlib1] loaded 17 syms, unknown=0+0, already=0 09/05 08:35:20.94 [1400] 0+0: +++ loaded Zlib 1.2.3.f-DeleGate-v3 09/05 08:35:20.94 [1400] 0+0: #### gzip/gunzip = dynamically linked 09/05 08:35:21.12 [1400] 0+0: ## SSLway ## 0.188000 connected/accepted 09/05 08:35:21.12 [1400] 0+0: ## SSLway initialized ctx #-99577434 0 0 (WIN) 07:35:21.123 [1400] #### send_file (1400,1)[1768,7] -> 1400[1824,0] (0,Err=87) (WIN) 07:35:21.123 [1400] #### file to be sent fd=1 -> 0 5780000 91750400 09/05 08:35:21.14 [1400] 0+0: #### CACHE DISABLED #### Cache directory seems not exist: C:/Program Files/DeleGate/cache 09/05 08:35:21.14 [1400] 0+0: #### start a service... 09/05 08:35:21.14 [1400] 0+0: server_open(delegate,192.168.1.62:443,listen=20) 09/05 08:35:21.14 [1400] 0+0: server_open: 192.168.1.62:443 09/05 08:35:21.14 [1400] 0+0: server_open(delegate,192.168.1.62:443) BOUND 09/05 08:35:23.92 [2400] 0+0: --- [ssl] 0 dglibssl.dll 09/05 08:35:23.92 [2400] 0+0: --- [ssl] 0 ssl.dll 09/05 08:35:23.92 [2400] 0+0: --- [ssl] 0 ssl 09/05 08:35:23.92 [2400] 0+0: ## cannot load ssl 09/05 08:35:23.92 [2400] 0+0: --- [libeay32] optional: SSL_set_SSL_CTX 09/05 08:35:23.92 [2400] 0+0: --- [libeay32] optional: SSL_get_servername 09/05 08:35:23.92 [2400] 0+0: --- [libeay32] optional: SSL_get_servername_type 09/05 08:35:23.92 [2400] 0+0: --- [libeay32] optional: SSL_CTX_callback_ctrl 09/05 08:35:23.92 [2400] 0+0: --- [libeay32] optional: SSL_CTX_use_certificate_chain_file 09/05 08:35:23.92 [2400] 0+0: --- [libeay32] optional: SSL_CTX_set_session_id_context 09/05 08:35:23.92 [2400] 0+0: --- [libeay32] optional: SSL_CTX_set_generate_session_id 09/05 08:35:23.92 [2400] 0+0: ---- [libeay32] loaded 102 syms, unknown=47+7, already=0 09/05 08:35:23.92 [2400] 0+0: ---- [ssleay32] loaded 102 syms, unknown=0+0, already=47 09/05 08:35:23.92 [2400] 0+0: ---- unknown = 0+0, already = 47 / 102 09/05 08:35:23.92 [2400] 0+0: +++ loaded OpenSSL 0.9.8g 19 Oct 2007 09/05 08:35:24.48 [2400] 0+0: -- checked integrity:OK (0.562) a6f1ecf153f75354 09/05 08:35:24.48 [2400] 0+0: ## RES_ORDER=CFD 09/05 08:35:24.48 [2400] 0+0: {R} confid(RESOLV)[95c4b2abee89c01321ca019d478ea2d5]<-[] 09/05 08:35:24.48 [2400] 0+0: ... testing resolver[CFD] with 'WWW.DeleGate.ORG' 09/05 08:35:24.48 [2400] 0+0: ... you can suppress this test by RES_WAIT=0 09/05 08:35:24.50 [2400] 0+0: ... gethostname(rd-was19-v) SRCSIGN=9.8.5-pre1:20080905105714+0900:be5143a3b56603e2:Author@DeleGate.. ORG:a9lNFuLHuNUEQU6ImScJCllhLSiOXDlY4v5ZBpFz/hVuOAZ3vijwh5yxPnPP/7tJg/BY mkOz6qviTtWeEI/VyPz4cWtrqfWWZw/NKu4erhMyygSXAlffy9O521+JZru/T+8GBdkyjblR sWsqIMV52pPE7keWmROAqZfN5tHUT3E= BLDSIGN=9.8.5-pre1:20080905105837+0900:be5143a3b56603e2::- 09/05 08:35:24.50 [2400] 0+0: --INITIALIZATION START-08090508+0100: 9.8.5-pre1 on WindowsNT-- 09/05 08:35:24.50 [2400] 0+0: EXECDIR=C:\delegate 09/05 08:35:24.50 [2400] 0+0: BINSHELL=/bin/sh 09/05 08:35:24.50 [2400] 0+0: MAXIMA=delegated:64 for small mem=1337M 09/05 08:35:24.50 [2400] 0+0: scan STLS and FILTERS before beDaemon()... 09/05 08:35:24.50 [2400] 0+0: FILTER[sslway]: sslway -cert lib/cert.crt -key lib/cert.key 09/05 08:35:24.50 [2400] 0+0: STLS -> CMAP="sslway -cert lib/cert.crt -key lib/cert.key:FSV:starttls" 09/05 08:35:24.50 [2400] 0+0: STLS -> CMAP="sslway -cert lib/cert.crt -key lib/cert.key:FCL:starttls" 09/05 08:35:24.50 [2400] 0+0: ---- [dgzlib1] loaded 17 syms, unknown=0+0, already=0 09/05 08:35:24.50 [2400] 0+0: +++ loaded Zlib 1.2.3.f-DeleGate-v3 09/05 08:35:24.50 [2400] 0+0: #### gzip/gunzip = dynamically linked 09/05 08:35:24.70 [2400] 0+0: ## SSLway ## 0.203000 connected/accepted 09/05 08:35:24.70 [2400] 0+0: ## SSLway initialized ctx #-99577434 0 0 09/05 08:35:24.70 [2400] 0+0: server_open(delegate,192.168.1.62:443,listen=20) 09/05 08:35:24.70 [2400] 0+0: server_open: 192.168.1.62:443 09/05 08:35:24.70 [2400] 0+0: server_open(delegate,192.168.1.62:443) BOUND 09/05 08:35:24.70 [2400] 0+0: NOT-USED DGROOT=/DeleGate/ DGROOT=C:/Program Files/DeleGate^M 09/05 08:35:24.70 [2400] 0+0: <DeleGate/9.8.5-pre1> [2400] -P192.168.1.62:443 READY^M 09/05 08:35:24.70 [2400] 0+0: PORT= 192.168.1.62:443/12 (0,134) 09/05 08:35:24.70 [2400] 0+0: OWNER=nobody => OWNER=?/?(?/?) 09/05 08:35:24.70 [2400] 0+0: FILTER[sslway]: sslway -cert lib/cert.crt -key lib/cert.key 09/05 08:35:24.70 [2400] 0+0: STLS -> CMAP="sslway -cert lib/cert.crt -key lib/cert.key:FSV:starttls" 09/05 08:35:24.70 [2400] 0+0: STLS -> CMAP="sslway -cert lib/cert.crt -key lib/cert.key:FCL:starttls" 09/05 08:35:24.72 [2400] 0+0: REMITTABLE = http,https/{80,443},gopher,ftp,wais 09/05 08:35:24.72 [2400] 0+0: {R} SOA got [188.134.in-addr.arpa][venlo.test.nl][hostmaster.test.nl] 2008060601 14400 3600 604800 86400 09/05 08:35:24.73 [2400] 0+0: ADMIN=admin@test..nl protocol=https(specialist) 09/05 08:35:24.73 [2400] 0+0: #### CACHE DISABLED #### Cache directory seems not exist: C:/Program Files/DeleGate/cache 09/05 08:35:24.73 [2400] 0+0: WORKDIR=/DeleGate/work/192.168.1.62..443 09/05 08:35:24.73 [2400] 0+0: MOUNT[0]X[3] /-/builtin/icons/* = default 09/05 08:35:24.73 [2400] 0+0: MOUNT[1]X[4] /-/* = forbidden,from=!.RELIABLE,default 09/05 08:35:24.73 [2400] 0+0: MOUNT[2]X[0] /-* = default 09/05 08:35:24.73 [2400] 0+0: MOUNT[3]X[1] /=* = default 09/05 08:35:24.73 [2400] 0+0: MOUNT[4]X[5] /favicon.ico builtin:icons/ysato/default.ico default,direction=fo,onerror=404,expires=15m 09/05 08:35:24.73 [2400] 0+0: MOUNT[5]X[2] /* https://192.168.4.24/* via=192.168.1.60 09/05 08:35:24.75 [2400] 0+0: Stay open PIDFILE for accept() lock[fd=16] 09/05 08:35:24.75 [2400] 0+0: StickyReport[17,18]127.0.0.1:1426><127.0.0.1:1427 8192/8192 8192/65536 09/05 08:35:24.75 [2400] 0+0: env[27] LIBPATH=.;C:\WINDOWS\system32;C:/Program Files/DeleGate/lib;C:\delegate;C:/Program Files/DeleGate/etc 09/05 08:35:24.75 [2400] 0+0: ext[0] ADMIN=admin@test..nl 09/05 08:35:24.75 [2400] 0+0: ext[1] DGROOT=/DeleGate/ 09/05 08:35:24.75 [2400] 0+0: ext[2] DELAY=reject:0,unknown:0 09/05 08:35:24.75 [2400] 0+0: ext[3] SERVER=https 09/05 08:35:24.75 [2400] 0+0: ext[4] AUTHORIZER=-ntht 09/05 08:35:24.75 [2400] 0+0: ext[5] HTTPCONF=methods:* 09/05 08:35:24.75 [2400] 0+0: ext[6] STLS=fsv,fcl,sslway -cert lib/cert.crt -key lib/cert.key 09/05 08:35:24.75 [2400] 0+0: ext[7] MOUNT=/* https://192.168.4.24/* via=192.168.1.60 09/05 08:35:24.75 [2400] 0+0: ext[8] REACHABLE=192.168.4.24:443 09/05 08:35:24.75 [2400] 0+0: ext[9] RELIABLE=* 09/05 08:35:24.75 [2400] 0+0: arg[1] LIBPATH=.;C:\delegate;C:/Program Files/DeleGate/lib;delegate;C:/Program Files/DeleGate/etc 09/05 08:35:24.75 [2400] 0+0: arg[2] RESOLV=cache,file,dns 09/05 08:35:24.75 [2400] 0+0: arg[7] ADMIN=admin@test..nl 09/05 08:35:24.75 [2400] 0+0: DELEGATE_Modified[1]: 48c0d32c 1220596524 09/05 08:35:24.75 [2400] 0+0: --INITIALIZATION DONE-08090508+0100: 9.8.5-pre1 on WindowsNT-- (WIN) 07:35:24.763 [2400] --socketpair()=0 OK err=10048 0.015/1 (1426 1427) 0/0 09/05 08:35:24.76 [2400] 0+0: logMMap: 1320000 1336 09/05 08:35:24.76 [2400] 0+0: LOG-Socketpair[23,24] (WIN) 07:36:00.216 [2400] --socketpair()=0 OK err=10048 0.015/1 (1426 1427) 0/0 (WIN) 07:36:00.248 [2400] spawn() = 488 [3956], children(alive=1/1) 0.047s 09/05 08:36:00.25 [2400] 1+0: spawn() = 488 [3956], children(alive=1/1) 0.047s (WIN) 06:36:00.248 [3956] Path-Normalized<<< /DeleGate/ (WIN) 06:36:00.248 [3956] Path-Normalized>>> /DeleGate 09/05 08:36:00.25 [3956] 0+0: {R} confid(RESOLV)[95c4b2abee89c01321ca019d478ea2d5]<-[] 09/05 08:36:00.25 [3956] 1+0: MAXIMA=delegated:64 for small mem=1333M 09/05 08:36:00.25 [3956] 1+0: Stay open PIDFILE for accept() lock[fd=25] 09/05 08:36:00.25 [3956] 1+1: FILTER[sslway]: sslway -cert lib/cert.crt -key lib/cert.key 09/05 08:36:00.25 [3956] 1+1: STLS -> CMAP="sslway -cert lib/cert.crt -key lib/cert.key:FSV:starttls" 09/05 08:36:00.25 [3956] 1+1: STLS -> CMAP="sslway -cert lib/cert.crt -key lib/cert.key:FCL:starttls" 09/05 08:36:00.48 [3956] 1+1: ## SSLway ## 0.187000 connected/accepted 09/05 08:36:00.48 [3956] 1+1: ## SSLway initialized ctx #-99577434 0 0 09/05 08:36:00.51 [3956] 1+1: (0) accepted [58] -@[56.38.217.136]ip76de87.speed.planet.com:34188 (0.265s)(1) 09/05 08:36:00.51 [3956] 1+1: PATH: https://-:443!rd-was19-v:443!ip76de87.speed.planet.com:34188!anonymous@i p76de87.speed.planet.com;1220596560 09/05 08:36:00.51 [3956] 1+1: # SSL record head[16 3 1 0 41] SSL3 8?/70 09/05 08:36:00.51 [3956] 1+1: gethostbyname(-) unknown[0.00s] 09/05 08:36:00.51 [3956] 1+1: ## SSLway BA8 loadSession 0.000000 (0 0) / -1 09/05 08:36:00.55 [3956] 1+1: ## SSLway ## 0.032000 sescache[0] HIT=0 sR=0 cR=1 09/05 08:36:00.56 [3956] 1+1: ## STLS ## IMPLICIT SSL ON 58,58,-1,39 09/05 08:36:00.56 [3956] 1+1: OK: SSL/cl 1220596560.51 0.00/6.00 0.00 0.05 = 1220596560.56 09/05 08:36:00.56 [3956] 1+1: 0.047 CFI_SYNC ready=2 [57/W] 09/05 08:36:00.56 [3956] 1+1: 0.047 CFI_SYNC ready=1 [A] 09/05 08:36:00.72 [3956] 1+1: ## SSLway FCL S-C:0/0 C-S:0/0 09/05 08:36:00.72 [3956] 1+1: SOCKET recv(58)=0 error=0 [0.000] TCP AF_INET :1430 << :1431 09/05 08:36:00.72 [3956] 1+1: HTTP empty_request ? from ip76de87.speed.planet.com (1) 09/05 08:36:00.72 [3956] 1+1: ## left connected but dead [58] 09/05 08:36:00.72 [3956] 1+1: ---CLX 0x1 (0 0 1 0) 1/1 09/05 08:36:00.72 [3956] 1+1: disconnected [58] -@[56.38.217.136]ip76de87.speed.planet.com:34188 (0.468s)(0) 09/05 08:36:00.72 [3956] 1+1: CFI-wait 1/1 0/1 as=0 xpid=-1,-1 0.00 09/05 08:36:00.72 [3956] 1+1: StickyServer done [nonStickyProtocol(https:https:https)] 1 req / 1+0/1 conn / 0 sec (WIN) 07:36:15.373 [2400] wait3(N) = 488 [3956] 0, children(alive=0/1) 0.00s 09/05 08:36:15.37 [2400] 1+0: wait3(N) = 488 [3956] 0, children(alive=0/1) 0.00s (WIN) 07:36:39.357 [2400] --socketpair()=0 OK err=10048 0.016/1 (1426 1427) 0/0 (WIN) 07:36:39.388 [2400] spawn() = 476 [1872], children(alive=1/2) 0.047s 09/05 08:36:39.39 [2400] 2+0: spawn() = 476 [1872], children(alive=1/2) 0.047s (WIN) 06:36:39.388 [1872] Path-Normalized<<< /DeleGate/ (WIN) 06:36:39.388 [1872] Path-Normalized>>> /DeleGate 09/05 08:36:39.39 [1872] 0+0: {R} confid(RESOLV)[95c4b2abee89c01321ca019d478ea2d5]<-[] 09/05 08:36:39.39 [1872] 2+0: MAXIMA=delegated:64 for small mem=1333M 09/05 08:36:39.40 [1872] 2+0: Stay open PIDFILE for accept() lock[fd=25] 09/05 08:36:39.40 [1872] 2+1: FILTER[sslway]: sslway -cert lib/cert.crt -key lib/cert.key 09/05 08:36:39.40 [1872] 2+1: STLS -> CMAP="sslway -cert lib/cert.crt -key lib/cert.key:FSV:starttls" 09/05 08:36:39.40 [1872] 2+1: STLS -> CMAP="sslway -cert lib/cert.crt -key lib/cert.key:FCL:starttls" 09/05 08:36:39.62 [1872] 2+1: ## SSLway ## 0.188000 sescache[0] HIT=0 sR=0 cR=2 09/05 08:36:39.62 [1872] 2+1: ## SSLway initialized ctx #-99577434 0 0 09/05 08:36:39.64 [1872] 2+1: (0) accepted [56] -@[56.38.217.136]ip76de87.speed.planet.com:34191 (0.250s)(1) 09/05 08:36:39.64 [1872] 2+1: PATH: https://-:443!rd-was19-v:443!ip76de87.speed.planet.com:34191!anonymous@i p76de87.speed.planet.com;1220596599 09/05 08:36:39.64 [1872] 2+1: # SSL record head[16 3 1 0 61] SSL3 8?/102 09/05 08:36:39.64 [1872] 2+1: gethostbyname(-) unknown[0.00s] 09/05 08:36:39.64 [1872] 2+1: ## SSLway 20C loadSession 0.000000 (0 1) / 1 09/05 08:36:39.67 [1872] 2+1: ## SSLway ## 0.032000 sescache[1] HIT=1 sR=0 cR=1 09/05 08:36:39.67 [1872] 2+1: ## SSLway FCL S-C:0/0 C-S:0/0 09/05 08:36:39.69 [1872] 2+1: ## STLS ## IMPLICIT SSL ON 56,56,-1,37 09/05 08:36:39.69 [1872] 2+1: OK: SSL/cl 1220596599.64 0.00/6.00 0.00 0.05 = 1220596599.68 09/05 08:36:39.69 [1872] 2+1: 0.047 CFI_SYNC ready=2 [57/W] 09/05 08:36:39.69 [1872] 2+1: 0.047 CFI_SYNC ready=1 [A] 09/05 08:36:39.69 [1872] 2+1: ## left connected but dead [56] 09/05 08:36:39.69 [1872] 2+1: ## left connected but dead [56] 09/05 08:36:39.69 [1872] 2+1: ERROR: SSL/cl disconnected: 1 A 0[56] 09/05 08:36:39.69 [1872] 2+1: disconnected [56] -@[56.38.217.136]ip76de87.speed.planet.com:34191 (0.297s)(0) 09/05 08:36:39.69 [1872] 2+1: CFI-wait 1/1 0/1 as=0 xpid=-1,-1 0.00 09/05 08:36:39.69 [1872] 2+1: StickyServer done [nonStickyProtocol(https:https:https)] 1 req / 1+0/2 conn / 0 sec (WIN) 07:36:39.732 [2400] --socketpair()=0 OK err=10048 0.016/1 (1426 1427) 0/0 (WIN) 07:36:39.763 [2400] spawn() = 564 [2036], children(alive=2/3) 0.047s 09/05 08:36:39.76 [2400] 3+0: spawn() = 564 [2036], children(alive=2/3) 0.047s (WIN) 06:36:39.763 [2036] Path-Normalized<<< /DeleGate/ (WIN) 06:36:39.763 [2036] Path-Normalized>>> /DeleGate 09/05 08:36:39.76 [2036] 0+0: {R} confid(RESOLV)[95c4b2abee89c01321ca019d478ea2d5]<-[] 09/05 08:36:39.76 [2036] 3+0: MAXIMA=delegated:64 for small mem=1330M 09/05 08:36:39.76 [2036] 3+0: Stay open PIDFILE for accept() lock[fd=25] 09/05 08:36:39.76 [2036] 3+1: FILTER[sslway]: sslway -cert lib/cert.crt -key lib/cert.key 09/05 08:36:39.76 [2036] 3+1: STLS -> CMAP="sslway -cert lib/cert.crt -key lib/cert.key:FSV:starttls" 09/05 08:36:39.76 [2036] 3+1: STLS -> CMAP="sslway -cert lib/cert.crt -key lib/cert.key:FCL:starttls" 09/05 08:36:39.99 [2036] 3+1: ## SSLway ## 0.188000 sescache[0] HIT=0 sR=0 cR=2 09/05 08:36:39.99 [2036] 3+1: ## SSLway initialized ctx #-99577434 0 0 09/05 08:36:40.01 [2036] 3+1: (1) accepted [63] -@[56.38.217.136]ip76de87.speed.planet.com:34192 (0.250s)(1) 09/05 08:36:40.01 [2036] 3+1: PATH: https://-:443!rd-was19-v:443!ip76de87.speed.planet.com:34192!anonymous@i p76de87.speed.planet.com;1220596600 09/05 08:36:40.01 [2036] 3+1: # SSL record head[16 3 1 0 61] SSL3 8?/102 09/05 08:36:40.01 [2036] 3+1: gethostbyname(-) unknown[0.00s] 09/05 08:36:40.01 [2036] 3+1: ## SSLway 9BC loadSession 0.000000 (0 1) / 1 09/05 08:36:40.04 [2036] 3+1: ## SSLway ## 0.032000 sescache[1] HIT=1 sR=0 cR=1 09/05 08:36:40.06 [2036] 3+1: ## STLS ## IMPLICIT SSL ON 63,63,-1,36 09/05 08:36:40.06 [2036] 3+1: OK: SSL/cl 1220596600.01 0.00/6.00 0.00 0.05 = 1220596600.06 09/05 08:36:40.06 [2036] 3+1: 0.047 CFI_SYNC ready=2 [57/W] 09/05 08:36:40.06 [2036] 3+1: 0.047 CFI_SYNC ready=1 [A] 09/05 08:36:40.06 [2036] 3+1: Proxy: host=ip76de87.speed.planet.com; User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; InfoPath.1; .NET CLR 2.0.50727); DIRECT 09/05 08:36:40.06 [2036] 3+1: HCKA:[0] Keep-Alive; host=ip76de87.speed.planet.com; (User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; InfoPath.1; .NET CLR 2.0.50727)) 09/05 08:36:40.08 [2036] 3+1: REQUEST - GET / HTTP/1.1^M 09/05 08:36:40.08 [2036] 3+1: *** / => https://192.168.4.24/ *** 09/05 08:36:40.08 [2036] 3+1: REQUEST +M https://192.168.4.24/ HTTP/1.1^M 09/05 08:36:40.08 [2036] 3+1: ----NTHT accept 0 MO=1 UT=0 09/05 08:36:40.08 [2036] 3+1: ----NTHT_accept(0,63,63) ss=0 09/05 08:36:40.08 [2036] 3+1: ####cred name=NT AUTHORITY\SYSTEM 09/05 08:36:40.08 [2036] 3+1: ====NTLM Start 09/05 08:36:40.08 [2036] 3+1: SOCKET recv(41)=0 error=0 [0.000] TCP AF_INET :1435 << :1434 09/05 08:36:40.08 [2036] 3+1: ## SSLway FCL S-C:64/1 C-S:713/1 (WIN) 07:36:40.091 [2036] send(356) = -1+0 errno=10058 [1688] 09/05 08:36:40.09 [2036] 3+1: ## got SIGPIPE [1] in HTTP: (WIN) 07:36:40.091 [2036] +++EPIPE[63] fflushTIMEOUT() for EOF 09/05 08:36:40.09 [2036] 3+1: ClientEOF: request-EOF-7 [63 63] 330 8000 1 09/05 08:36:40.09 [2036] 3+1: HCKA:[0] closed -- d:by client(request EOF-7) 09/05 08:36:40.09 [2036] 3+1: disconnected [63] -@[56.38.217.136]ip76de87.speed.planet.com:34192 (0.328s)(0) 09/05 08:36:40.09 [2036] 3+1: CFI-wait 1/1 0/1 as=0 xpid=-1,-1 0.00 09/05 08:36:40.09 [2036] 3+1: StickyServer done [nonStickyProtocol(https:https:https)] 1 req / 1+0/3 conn / 1 sec (WIN) 07:36:40.107 [2400] wait3(N) = 476 [1872] 0, children(alive=1/3) 0.00s 09/05 08:36:40.11 [2400] 3+0: wait3(N) = 476 [1872] 0, children(alive=1/3) 0.00s (WIN) 07:36:54.904 [2400] wait3(N) = 564 [2036] 0, children(alive=0/3) 0.00s 09/05 08:36:54.90 [2400] 3+0: wait3(N) = 564 [2036] 0, children(alive=0/3) 0.00s 09/05 08:38:47.75 [3532] 0+0: --- [ssl] 0 dglibssl.dll 09/05 08:38:47.75 [3532] 0+0: --- [ssl] 0 ssl.dll 09/05 08:38:47.75 [3532] 0+0: --- [ssl] 0 ssl 09/05 08:38:47.75 [3532] 0+0: ## cannot load ssl 09/05 08:38:47.75 [3532] 0+0: --- [libeay32] 0 dgliblibeay32.dll 09/05 08:38:47.75 [3532] 0+0: --- [/DeleGate/lib\libeay32.dll] 09/05 08:38:47.75 [3532] 0+0: --- [libeay32] 10000000 /DeleGate/lib\libeay32.dll 09/05 08:38:47.75 [3532] 0+0: --- [libeay32] optional: SSL_set_SSL_CTX 09/05 08:38:47.75 [3532] 0+0: --- [libeay32] optional: SSL_get_servername 09/05 08:38:47.75 [3532] 0+0: --- [libeay32] optional: SSL_get_servername_type 09/05 08:38:47.75 [3532] 0+0: --- [libeay32] optional: SSL_CTX_callback_ctrl 09/05 08:38:47.75 [3532] 0+0: --- [libeay32] optional: SSL_CTX_use_certificate_chain_file 09/05 08:38:47.75 [3532] 0+0: --- [libeay32] optional: SSL_CTX_set_session_id_context 09/05 08:38:47.75 [3532] 0+0: --- [libeay32] optional: SSL_CTX_set_generate_session_id 09/05 08:38:47.75 [3532] 0+0: ---- [libeay32] loaded 102 syms, unknown=47+7, already=0 09/05 08:38:47.75 [3532] 0+0: --- [ssleay32] 0 dglibssleay32.dll 09/05 08:38:47.75 [3532] 0+0: --- [/DeleGate/lib\ssleay32.dll] 09/05 08:38:47.75 [3532] 0+0: --- [ssleay32] F00000 /DeleGate/lib\ssleay32.dll 09/05 08:38:47.75 [3532] 0+0: ---- [ssleay32] loaded 102 syms, unknown=0+0, already=47 09/05 08:38:47.75 [3532] 0+0: ---- unknown = 0+0, already = 47 / 102 09/05 08:38:47.75 [3532] 0+0: +++ loaded OpenSSL 0.9.8g 19 Oct 2007 09/05 08:38:47.75 [3532] 0+0: ... testing resolver[SYS] with 'WWW.DeleGate.ORG' 09/05 08:38:47.75 [3532] 0+0: ... you can suppress this test by RES_WAIT=0 09/05 08:38:47.76 [3532] 0+0: ... gethostname(rd-was19-v) 09/05 08:38:47.76 [3532] 0+0: configuring default RESOLV ... 09/05 08:38:47.76 [3532] 0+0: ... gethostname()='rd-was19-v' 09/05 08:38:47.76 [3532] 0+0: ... SYS: rd-was19-v -> 192.168.1.60 09/05 08:38:47.76 [3532] 0+0: ... DNS: 192.168.1.60 -> certinternal.test.nl 09/05 08:38:47.76 [3532] 0+0: ... DNS available 09/05 08:38:47.76 [3532] 0+0: ... NIS not available (no default domain) 09/05 08:38:47.76 [3532] 0+0: ... export RES_ORDER=CFD 09/05 08:38:47.76 [3532] 0+0: {R} confid(detected)[9e444c56c82dc1bc55a42ac40c686088]<-[] 09/05 08:38:47.76 [3532] 0+0: export RESOLV=cache,file,dns (set by default) SRCSIGN=9.8.5-pre1:20080905105714+0900:be5143a3b56603e2:Author@DeleGate.. ORG:a9lNFuLHuNUEQU6ImScJCllhLSiOXDlY4v5ZBpFz/hVuOAZ3vijwh5yxPnPP/7tJg/BY mkOz6qviTtWeEI/VyPz4cWtrqfWWZw/NKu4erhMyygSXAlffy9O521+JZru/T+8GBdkyjblR sWsqIMV52pPE7keWmROAqZfN5tHUT3E= BLDSIGN=9.8.5-pre1:20080905105837+0900:be5143a3b56603e2::- 09/05 08:38:47.78 [3532] 0+0: --INITIALIZATION START-08090508+0100: 9.8.5-pre1 on WindowsNT-- 09/05 08:38:47.78 [3532] 0+0: BINSHELL=/bin/sh 09/05 08:38:47.78 [3532] 0+0: MAXIMA=delegated:64 for small mem=1332M 09/05 08:38:47.78 [3532] 0+0: scan STLS and FILTERS before beDaemon()... 09/05 08:38:47.78 [3532] 0+0: FILTER[sslway]: sslway -cert lib/cert.crt -key lib/cert.key 09/05 08:38:47.78 [3532] 0+0: STLS -> CMAP="sslway -cert lib/cert.crt -key lib/cert.key:FSV:starttls" 09/05 08:38:47.78 [3532] 0+0: STLS -> CMAP="sslway -cert lib/cert.crt -key lib/cert.key:FCL:starttls" 09/05 08:38:47.78 [3532] 0+0: --- [dgzlib1] 0 dglibdgzlib1.dll 09/05 08:38:47.78 [3532] 0+0: --- [C:\delegate\dgzlib1.dll] 09/05 08:38:47.78 [3532] 0+0: --- [dgzlib1] FC0000 C:\delegate\dgzlib1.dll 09/05 08:38:47.78 [3532] 0+0: ---- [dgzlib1] loaded 17 syms, unknown=0+0, already=0 09/05 08:38:47.78 [3532] 0+0: +++ loaded Zlib 1.2.3.f-DeleGate-v3 09/05 08:38:47.78 [3532] 0+0: #### gzip/gunzip = dynamically linked 09/05 08:38:47.98 [3532] 0+0: ## SSLway ## 0.203000 connected/accepted 09/05 08:38:47.98 [3532] 0+0: ## SSLway initialized ctx #-99577434 0 0 (WIN) 07:38:47.982 [3532] #### send_file (3532,1)[1768,7] -> 3532[1824,0] (0,Err=87) (WIN) 07:38:47.982 [3532] #### file to be sent fd=1 -> 0 DCC0000 231473152 09/05 08:38:47.98 [3532] 0+0: #### CACHE DISABLED #### Cache directory seems not exist: C:/Program Files/DeleGate/cache 09/05 08:38:47.98 [3532] 0+0: #### start a service... 09/05 08:38:47.99 [3532] 0+0: server_open(delegate,192.168.1.62:443,listen=20) 09/05 08:38:47.99 [3532] 0+0: server_open: 192.168.1.62:443 09/05 08:38:47.99 [3532] 0+0: server_open(delegate,192.168.1.62:443) BOUND (WIN) 07:38:50.873 [2400] [3896] svc Terminate... 09/05 08:38:50.87 [2400] 3+0: TERMINATE... 09/05 08:38:50.87 [2400] 3+0: CRC ERROR 0 FFFFFFB8 09/05 08:38:50.87 [2400] 3+0: StickyKill(15): 0/0 killed 09/05 08:38:50.87 [2400] 3+0: unlinked /DeleGate/work/192.168.1.62..443/2400 09/05 08:38:50.87 [2400] 3+0: removed /DeleGate/work/192.168.1.62..443/ 09/05 08:38:50.89 [2400] 3+0: TERMINATED. 09/05 08:38:50.89 [2400] 3+0: AcceptByMain: break on TERMINATE. 09/05 08:38:50.89 [2400] 3+0: main loop break on TERMINATE. 09/05 08:38:50.89 [2400] 3+0: _main() done 09/05 08:38:50.89 [2400] 3+0: SetStatus: STOPPED (WIN) 07:38:50.888 [2400] [1988] svc SetStatus: STOPPED 09/05 08:38:50.89 [2400] 3+0: SetStatus: STOP (WIN) 07:38:50.888 [2400] [3896] svc SetStatus: STOP (WIN) 07:38:50.888 [2400] [1988] svc ExitThread() from ServiceStart() (WIN) 07:38:50.920 [2400] [3896] svc start_service() done (1,1,0) (WIN) 07:38:50.920 [2400] [3896] svc DO_INITIALIZE -> DO_FINALIZE (WIN) 07:38:50.920 [2400] [3896] svc DO_FINALIZE 0 0 Thanks. Kind regards, Willy Nagel. -----Original Message----- From: Yutaka Sato [mailto:feedback@delegate.org] Sent: Friday, September 05, 2008 4:13 AM To: feedback@delegate.org Cc: Nagel, Willy Subject: Re: [DeleGate-En] FW: [DeleGate-En] Windows Integrated Authentication Hi Willy, First of all, it seems that I disabled the ability to relay NTLM authentication with AUTHORIZER=-ntht or -Enh. It should be fixed as the enclosed patch. I uploaded the modified version as 9.8.5-pre1. Thank you for your notice. In message <_A4103@delegate-en.ML_> on 09/04/08(19:09:05) you "Nagel, Willy" <ptihqbdyi-rcweveeez7tr.ml@ml.delegate.org> wrote: |AUTHORIZER=-ntht ... |The setup is as follows: | |IIS (destination ip) - (other-ip-of-delegate-server) delegate |(ip-to-listen-on) - client | |In IIS windows integrated authentication (NTLM) is enabled. | |Still, when connecting to delegate, I'm unable to connect. The logfile |shows: | |09/04 09:59:33.97 [2444] 3+1: REQUEST - GET / HTTP/1.1^M |09/04 09:59:33.97 [2444] 3+1: *** / => destination_ip/ *** |09/04 09:59:33.97 [2444] 3+1: REQUEST +M destination_ip/ HTTP/1.1^M |09/04 09:59:33.98 [2444] 3+1: ----NTHT accept 0 MO=1 UT=0 |09/04 09:59:33.98 [2444] 3+1: ----NTHT_accept(0,53,53) ss=0 |09/04 09:59:33.98 [2444] 3+1: ####cred name=NT AUTHORITY\SYSTEM |09/04 09:59:33.98 [2444] 3+1: ====NTLM Start ... |09/04 09:59:33.98 [2444] 3+1: disconnected [53] -@[ip]hostname:31199 The NTLM authentication is achieved in two phases and this log shows only the first phase just to return a challenge response to the client. The problem was in the second phase to be followed right after this. |Is there something wrong in my setup / configuration or did I miss |anything? Any help would be appreciated. | |In your documentation I don't find anything about the -Enh option. It is not ducumented because It might be the default behavior in future version. Cheers, Yutaka -- 9 9 Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/ ( ~ ) National Institute of Advanced Industrial Science and Technology _< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan Do the more with the less -- B. Fuller *** dist/src/delegate9.8.4/src/http.c Wed Sep 3 05:11:24 2008 --- src/http.c Fri Sep 5 09:51:03 2008 *************** *** 11443,11450 **** --- 11443,11457 ---- if( lSECRET() ){ sv1log("----NTHT retryAuth: %s%sX\n",REQ,REQ_FIELDS); } + /* if( (withNTHT & NTHT_REQ) && (withNTHT & NTHT_RES) ){ + */ + if( withNTHT & NTHT_RES ){ + if( withNTHT & NTHT_CLAUTHOK ){ + sv1log("----NTHT with client's auth.\n"); + }else if( (HTTP_opts & HTTP_DOAUTHCONV) == 0 ){ + sv1log("----NTHT without auth. conv.\n"); flushRESP(Conn,ftc); return; } This message and attachment(s) are intended solely for use by the addressee and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law. If you are not the intended recipient or agent thereof responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by telephone and with a 'reply' message. Thank you for your co-operation.
V