Discussion:
Keep an eye out for how Windows update repeatedly messes with adb & stunnel ports
(too old to reply)
Wally J
2023-12-21 02:01:53 UTC
Permalink
I don't understand it - nor how best to prevent it - but keep an eye out
for it as it happens frequently to "adb" & "stunnel" after Windows update.

Two PC utilities I use every day are "adb" & "stunnel" where frequently
(not always, but often enough to be a pattern) after a Windows update, the
arbitrary ports stunnel uses & the static ports for adb are messed up.

I don't use a newsreader, per say... just a bunch of telent scripts... so I
have to use stunnel for encryption... and changing the ports "fixes" it.

It's harder to fix it for adb because the ports are the defaults, but I use
adb with scripts to mirror a six-inch phone to almost two feet on a screen.

Both seem to act up with odd port-related complaints after Windows update.
Just FYI... as I don't know what's really happening so I can't prevent it.
--
Usenet is a team of intelligent experienced people who help each other out.
VanguardLH
2023-12-21 04:36:46 UTC
Permalink
Post by Wally J
I don't understand it - nor how best to prevent it - but keep an eye out
for it as it happens frequently to "adb" & "stunnel" after Windows update.
Two PC utilities I use every day are "adb" & "stunnel" where frequently
(not always, but often enough to be a pattern) after a Windows update, the
arbitrary ports stunnel uses & the static ports for adb are messed up.
I don't use a newsreader, per say... just a bunch of telent scripts... so I
have to use stunnel for encryption... and changing the ports "fixes" it.
It's harder to fix it for adb because the ports are the defaults, but I use
adb with scripts to mirror a six-inch phone to almost two feet on a screen.
Both seem to act up with odd port-related complaints after Windows update.
Just FYI... as I don't know what's really happening so I can't prevent it.
Doesn't stunnel having its on config file were you define the client-
and server-side ports? Or are you using command-line arguments to
specify in/out ports?

If using a config file, you might want to run SysInternals Procmon, or
other file monitor, to see what touches stunnel's config file. The
monitor would have to monitor both before a reboot and afterward if the
Windows update needed a reboot.

I've only ADB once (for seeing files on the Android phone on my desktop
PC), so I cannot address how port(s) are assigned to the USB port on the
desktop PC that is connected via USB cable to the phone.
Wally J
2023-12-21 07:12:53 UTC
Permalink
Post by VanguardLH
Doesn't stunnel having its on config file were you define the client-
and server-side ports? Or are you using command-line arguments to
specify in/out ports?
Thanks for asking as I was mostly warning people as a helpful PSA/FYI.
I don't really know WHY Windows Update screws up the stunnel ports.

All I know is two things.
a. It happens repeatedly after a Windows Update
b. Changing the ports fixes it

However, to try to answer your question, stunnel uses a config file which
is pretty much boilerplate. The only thing you "decide" is the port to use.

Each news server has its own stunnel setup which you get from the admin.
An example is this stunnel setup for the Eternal September news server.
[raybanana]
client = yes
accept = 127.0.0.1:12345
connect = news.eternal-september.org:563
verifyChain = yes
CAfile = ca-certs.pem
checkHost = news.eternal-september.org
OCSPaia = yes

The only thing you change in the config is the port ("12345" in this case).
After a Windows Update, I have to change it to "something else".
What that "something else" is, doesn't really seem to matter.
So, for example, I changed it to "54321" and then stunnel worked again.
Until the next Windows Update that is.

Of course, in the newsreader telnet scripts I have to change the port too:
%hostname% = 127.0.0.1
%port% = 12345 (which has to be changed to 54321)
%username% = myusername
%password% = mypassword
Post by VanguardLH
If using a config file, you might want to run SysInternals Procmon, or
other file monitor, to see what touches stunnel's config file. The
monitor would have to monitor both before a reboot and afterward if the
Windows update needed a reboot.
Thanks. The fact both stunnel & adb act up, coupled with the fact it
happens after Tuesdays, kind of tells me it's Windows Update reserving
ports that are already being reserved but Windows Update doesn't care.

Of course, I have no way of knowing if that's really what's happening.

The stunnel ports are usually reserved at startup so it's surprising to me
that Windows Update interferes with those stunnel-startup assigned ports.
Post by VanguardLH
I've only ADB once (for seeing files on the Android phone on my desktop
PC), so I cannot address how port(s) are assigned to the USB port on the
desktop PC that is connected via USB cable to the phone.
The Android adb tools are fantastic for mirroring your phone onto your PC.
This is great to make 6 inches of phone about two feet in height onscreen.]
Plus I can use the mouse and keyboard and clipboard with the phone.

The adb connections are pretty reliable most of the time, just like stunnel
is pretty reliable most of the time. It's just messy after Windows Update.

If I were to guess (which isn't something I like to do), I'll guess that
Windows Update (for whatever reason) requires a huge list of ports AFTER
the update (for whatever reason) and it does NOT check to see if they're
being used (otherwise the stunnel-assigned ports would not be affected).

I don't run adb at startup, so it could affect those ports, but I never
have to mess with adb ports as they're usually set by default if I connect
the phone by USB cable or they're determined by the phone if I use Wi-Fi.

So I don't get a choice of adb ports but I do get a choice for stunnel.
Mostly I was just letting others know Windows Update is doing funny stuff.

I do not really understand what's going on, but it has been happening for
quite a long time (maybe a year or so) so I think it's Windows Update.
VanguardLH
2023-12-21 09:04:28 UTC
Permalink
Post by Wally J
The only thing you change in the config is the port ("12345" in this case).
After a Windows Update, I have to change it to "something else".
What that "something else" is, doesn't really seem to matter.
So, for example, I changed it to "54321" and then stunnel worked again.
Until the next Windows Update that is.
I'd check the rules in Windows Firewall to ensure the prior stunnel
ports (from client, or to server) weren't blocked after the update.
Post by Wally J
Thanks. The fact both stunnel & adb act up, coupled with the fact it
happens after Tuesdays, kind of tells me it's Windows Update reserving
ports that are already being reserved but Windows Update doesn't care.
Don't use port numbers already assigned by IANA for common usage. Port
12345 is for TCP/UDP for Warehouse Monitoring System. You might trying
to bias your port assignments by 60000. That is, port 563 become 60563.
If you have another client using port 563, but to a different server,
use 61563, and so one by 1000 count intervals to keep the traffic using
different ports.

Ports 0 to 1023 are assigned. Ports 1024 to 49151 are not assigned or
controlled, but might be registered to prevent duplicating a port number
used by other software. You could start with a bias of 50000, but I
usually start near the top of the range (65535), like 60000 which lets
me assign the same port to different clients at 1000 intervals.

Windows Firewall can be edited via registry edits to allow/block some
port numbers. That's how installers or programs add rules to Windows
Firewall. Since you're editing a config file, a program using it won't
first get permission from Windows Firewall to allow the connection.
Check if after the update the firewall rules for stunnel have changed,
or aren't even defined.
Wally J
2023-12-21 09:45:11 UTC
Permalink
Post by VanguardLH
I'd check the rules in Windows Firewall to ensure the prior stunnel
ports (from client, or to server) weren't blocked after the update.
I don't use any custom rules in Windows Firewall so it's whatever the
default is set to (which I don't even know what those rules are set to).

For adb, the port isn't grabbed until I run the scripts that Herbert
Kleebauer kindly wrote for scrcpy mirroring to not come up with a console.

But I'm wondering if Windows Update is inserting something into the boot
process such that it grabs the Stunnel port _before_ Stunnel grabs it.

Somewhere I have a program that lists the boot startup order... but after
my recent spate of operations, I don't remember what the name might be.
<Loading Image...> Need to organize menus
Post by VanguardLH
Post by Wally J
Thanks. The fact both stunnel & adb act up, coupled with the fact it
happens after Tuesdays, kind of tells me it's Windows Update reserving
ports that are already being reserved but Windows Update doesn't care.
Don't use port numbers already assigned by IANA for common usage.
I have to openly admit, I've never understood port assignents.
I only deal with them when I absolutely have to deal with them, in fact.
Post by VanguardLH
Port 12345 is for TCP/UDP for Warehouse Monitoring System.
I didn't know that. Luckily I can change it to anything available.
Post by VanguardLH
You might trying
to bias your port assignments by 60000. That is, port 563 become 60563.
If you have another client using port 563, but to a different server,
use 61563, and so one by 1000 count intervals to keep the traffic using
different ports.
That's a great idea. I would have thought, without looking it up, that 65K
would be the highest number but you bring up a good point on the 61563.

I'll change it to that, and the next to 61564, 61565, etc. for each NNTP
server that needs to have encryption set inside the stunnel.conf file.

Thanks for that advice as I've never really had much experience with
dealing with ports. Generally a program tells me what port it wants to use.
--
Usenet is a way to team up with intelligent people who care about others.
Char Jackson
2023-12-21 21:24:31 UTC
Permalink
On Thu, 21 Dec 2023 03:04:28 -0600, VanguardLH <***@nguard.LH> wrote:

<snip>
Post by VanguardLH
Windows Firewall can be edited via registry edits to allow/block some
port numbers.
Up through at least Windows 10, you can allow/block by port number via the
Advanced settings page of the Windows Firewall GUI. Use the Inbound Rules or
Outbound Rules section, as appropriate. This is for people who prefer to use a
GUI, of course. Programmatically, what you say below still applies.
Post by VanguardLH
That's how installers or programs add rules to Windows
Firewall. Since you're editing a config file, a program using it won't
first get permission from Windows Firewall to allow the connection.
Check if after the update the firewall rules for stunnel have changed,
or aren't even defined.
John Hall
2023-12-21 10:27:48 UTC
Permalink
In message <5stb2pdd6thi$***@v.nguard.lh>, VanguardLH <***@nguard.LH>
writes
Post by VanguardLH
Post by Wally J
I don't understand it - nor how best to prevent it - but keep an eye out
for it as it happens frequently to "adb" & "stunnel" after Windows update.
Two PC utilities I use every day are "adb" & "stunnel" where frequently
(not always, but often enough to be a pattern) after a Windows update, the
arbitrary ports stunnel uses & the static ports for adb are messed up.
I don't use a newsreader, per say... just a bunch of telent scripts... so I
have to use stunnel for encryption... and changing the ports "fixes" it.
It's harder to fix it for adb because the ports are the defaults, but I use
adb with scripts to mirror a six-inch phone to almost two feet on a screen.
Both seem to act up with odd port-related complaints after Windows update.
Just FYI... as I don't know what's really happening so I can't prevent it.
Doesn't stunnel having its on config file were you define the client-
and server-side ports?
<snip>

It does. I use stunnel between my email client and my email service
provider's server. I specify the ports in my config file, have never
needed to change them, and have never experienced any problems following
a Windows 10 update.
--
John Hall
"Acting is merely the art of keeping a large group of people
from coughing."
Sir Ralph Richardson (1902-83)
Wally J
2023-12-21 21:00:15 UTC
Permalink
Post by John Hall
I specify the ports in my config file, have never
needed to change them, and have never experienced any problems following
a Windows 10 update.
Thanks for confirming your stunnel.conf doesn't conflict with Windows
Update (even as the pattern for mine has been so for quite a while now).

The issue depends on the ports used, particularly those that Windows Update
reserves, right?

What ports do you use in your stunnel.conf?
I'll try those next.

Thanks in advance!
--
Usenet is a way to find what works from others so that you can try it out.
John Hall
2023-12-22 16:53:16 UTC
Permalink
Post by Wally J
Post by John Hall
I specify the ports in my config file, have never
needed to change them, and have never experienced any problems following
a Windows 10 update.
Thanks for confirming your stunnel.conf doesn't conflict with Windows
Update (even as the pattern for mine has been so for quite a while now).
The issue depends on the ports used, particularly those that Windows Update
reserves, right?
Never having needed to investigate that, I couldn't say.
Post by Wally J
What ports do you use in your stunnel.conf?
I'll try those next.
Thanks in advance!
For pop3 receiving of email:

accept = 127.0.0.1:110 (with my email program configured to match)
connect = <my email supplier's server>:995

For smtp sending of email:

accept = 127.0.0.1:25 (again with my email program configured to match)
connect = <my email supplier's server>:465

I don't have any choice regarding the ports 995 and 465, of course.
--
John Hall
"Acting is merely the art of keeping a large group of people
from coughing."
Sir Ralph Richardson (1902-83)
Loading...