Establishing a connection to DUKASCOPY using stunnel

Asked 2/10, 2018 at 22:39 Answered 16/11, 2018 at 8:51

looking for some help in establishing a connection with my broker DUKASCOPY using stunnel and quickfix python over FIX4.4 protocol.

Here is my stunnel config:

client = yes
cert = /etc/stunnel/stunnel.pem

[OKSERVER]
accept = 9443
connect = demo-api.dukascopy.com:10443

My quickfix cfg file:

[DEFAULT]
ConnectionType=initiator
LogonTimeout=30
ReconnectInterval=30
ResetOnLogon=Y
FileLogPath=./Logs/

[SESSION]
BeginString=FIX.4.4
SenderCompID=SENDER_ID # replaced with anonymous value for this post
TargetCompID=TARGET_ID # replaced with anonymous value for this post
StartTime=00:00:00
EndTime=00:00:00
HeartBtInt=30
CheckLatency=N
MaxLatency=240
SocketConnectPort=10443
SocketConnectHost=demo-api.dukascopy.com
UseDataDictionary=Y
DataDictionary=/home/jaspal/qfsample/quickfix/spec/FIX44.xml
FileStorePath=./Sessions/

When I try to logon I get:

20181002-22:26:23.972817000 : Created session
20181002-22:26:23.978505000 : Connecting to demo-api.dukascopy.com on port 10443 (Source :0)
20181002-22:26:24.023770000 : Initiated logon request
20181002-22:26:24.065703000 : Socket Error: Connection reset by peer.
20181002-22:26:24.065799000 : Disconnecting

I can confirm I am listening in on incoming port:

~/qfsample/quickfix-python-sample$ netstat -an | grep 9443
    tcp        0      0 0.0.0.0:9443            0.0.0.0:*               LISTEN

I have also configured 9443 on my router to port forward to client machine.

here are the messages I am getting from the application:

onCreate(self=<__main__.Application; proxy of <Swig Object of type 'FIX::Application *' at 0x7f87db719030> >, sessionID=<quickfix.SessionID; proxy of <Swig Object of type 'FIX::SessionID *' at 0x7f87db6674e0> >)
toAdmin(self=<__main__.Application; proxy of <Swig Object of type 'FIX::Application *' at 0x7f87db719030> >, sessionID=<quickfix.Message; proxy of <Swig Object of type 'FIX::Message *' at 0x7f87db667e70> >, message=<quickfix.SessionID; proxy of <Swig Object of type 'FIX::SessionID *' at 0x7f87db667d20> >)

Any help at all on finding the issue here will be more than welcome!!

Vertievertiginous answered 2/10, 2018 at 22:39 Comment(1)

also consider using verify + checkHost + CAfile options in stunnel, to check certificate chain of trust back to a CA... – Staats 5/4, 2019 at 11:9

OK. So I guess it was inevitable that I would either get some help from this great forum or figure it out myself! It was the latter in this case!

Here is where I was going wrong:

When you create tunnel with stunnel you have to setup your target to your local machine at the port you have created for "accept" in stunnel config and NOT the address of your broker. Obvious now! Here is what my cfg file now looks like:

SocketConnectPort=9443
SocketConnectHost=localhost

Vertievertiginous answered 4/10, 2018 at 0:31 Comment(2)

Thanks for posting your answer. So, would I be correct in saying that you point your Initiator to stunnel, and then within your stunnel config you use the IP and port for the trading venue? – Failing 18/1, 2021 at 18:6

@p.luck: Correct: FIX -> Stunnel -> Trading venue – Mil 22/4, 2021 at 14:52

Thanks @Jaspal for posting your Q&A! I initially had the same question and found this image helpful conceptually (ignore the firewall for now), i.e. point the FIX engine at stunnel on localhost: As an aside (it's a feature request not a question, but might be a solution one day, fingers crossed) there's an issue on github/quickfix to add SSL/TLS to python (it's already in C++) which would avoid needing stunnel.

Orthotropic answered 16/11, 2018 at 8:51 Comment(0)

Recommended topics

Hot tags