Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Openvpn udp through ss not working #2979

Open
wiryonolau opened this issue Sep 12, 2023 · 2 comments
Open

Openvpn udp through ss not working #2979

wiryonolau opened this issue Sep 12, 2023 · 2 comments

Comments

@wiryonolau
Copy link

What version of shadowsocks-libev are you using?

shadowsocks-libev/oldstable,now 3.3.5+ds-4

What operating system are you using?

latest debian 11

What did you do?

tunneling openvpn udp through ss not working
openvpn client -> local ss -> remote ss -> openvpn server

What did you expect to see?

openvpn connection established

What did you see instead?

2023-09-13 05:59:48 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1080
2023-09-13 05:59:48 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1080 [nonblock]
2023-09-13 05:59:48 TCP connection established with [AF_INET]127.0.0.1:1080
2023-09-13 05:59:48 SOCKS proxy wants us to send UDP to [AF_INET]127.0.0.1:1080
2023-09-13 05:59:48 UDPv4 link local (bound): [AF_INET][undef]:0
2023-09-13 05:59:48 UDPv4 link remote: [AF_INET]REMOTE_VPN_IP:1194
2023-09-13 06:00:48 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2023-09-13 06:00:48 TLS Error: TLS handshake failed
2023-09-13 06:00:48 SIGUSR1[soft,tls-error] received, process restarting

What is your config in detail (with all sensitive info masked)?

ss-client

{
    "server":["REMOTE_SS_IP"],
    "mode":"tcp_and_udp",
    "server_port":8388,
    "local_address":"127.0.0.1",
    "local_port":1080,
    "password":"SS_PASSWORD",
    "timeout":86400,
    "method":"aes-256-gcm"
}

ss-server

{
    "server":["0.0.0.0"],
    "mode":"tcp_and_udp",
    "server_port":8388,
    "local_port":1080,
    "password":"SS_PASSWORD",
    "timeout":86400,
    "method":"aes-256-gcm"
}

ss-server sysctl

net.ipv4.ip_forward=1

ss-server iptables

*nat
:PREROUTING ACCEPT
:POSTROUTING ACCEPT
:OUTPUT ACCEPT

-F POSTROUTING
-A POSTROUTING -o eth0 -j MASQUERADE

COMMIT

*filter
:INPUT DROP
:FORWARD DROP
:OUTPUT ACCEPT
:USER-INPUT -

-F INPUT
-F FORWARD
-F USER-INPUT

-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 17 -j DROP
-A INPUT -p icmp -m icmp --icmp-type 13 -j DROP
-A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT

-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -j USER-INPUT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "DROPINPUT: " --log-level 7
-A INPUT -j DROP

-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -j USER-INPUT
-A FORWARD -m limit --limit 5/min -j LOG --log-prefix "DROPFORWARD: " --log-level 7
-A FORWARD -j DROP

-A USER-INPUT -p tcp -m tcp --dport 8388 -m conntrack --ctstate NEW -j ACCEPT

COMMIT

openvpn client

dev tun
persist-tun
persist-key
data-ciphers-fallback AES-256-CBC
auth SHA256
client
resolv-retry infinite
remote REMOTE_VPN_IP 1194
lport 0
remote-cert-tls server
auth-user-pass
auth-nocache
comp-lzo adaptive
socks-proxy 127.0.0.1 1080
route REMOTE_SS_IP 255.255.255.255 net_gateway

openvpn direct connection working
openvpn client -> openvpn server

chrome over ss working
chrome -> local ss -> remote ss -> WAN
@Kobwar
Copy link

Kobwar commented Sep 23, 2023

{
"server":["REMOTE_SS_IP"],
"mode":"tcp_and_udp",
"server_port":8388,
"local_address":"127.0.0.1",
"local_port":1080,
"password":"SS_PASSWORD",
"timeout":86400,
"method":"aes-256-gcm"
}

@Kobwar Kobwar mentioned this issue Sep 23, 2023
Open
@wiryonolau
Copy link
Author

If I change ovpn connection using tcp it working
But the routing somehow is not directed inside ss

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wiryonolau @Kobwar