search

9seconds / mtg

Highly opinionated MTPROTO proxy for Telegram
MIT License
1.86k stars 242 forks source link

Add option to prefer IPv6 Telegram IPs or at least to not ignore them #125

Closed KonishchevDmitry closed 4 years ago

KonishchevDmitry commented 4 years ago

I have an IPv6 tunnel from Hurricane Electric on my home server. Despite the main reason to provide me IPv6 connectivity it's also a great free way to bypass RKN.

On previous version of MTG (before Fake TLS) I configured the firewall to reject all outgoing MTG IPv4 traffic to force it to use IPv6 which is guaranteed RKN-free which worked very well, but with the latest version it doesn't work.

If I understood properly, the new version forces using IPv4 if client connects via IPv4.

Could you add an option to control the behaviour? I believe that proxy server always should try IPv6 independently of client protocol. Or at least when it's bind to [::] instead of 0.0.0.0.

9seconds commented 4 years ago

Hey. It makes sense if we have a proxy that works without adtag: if we speak on adtag then such protocol information is crucial for Telegram because it is a part of a handshake (it allows only ipv4-ipv4 or ipv6-ipv6 connections, not mixed).

I will try to add this option but want to warn that it is going to work only for direct connections.

KonishchevDmitry commented 4 years ago

Thanks, it would be great! Just for clarification: does it mean that mtg won't work behind TCP balancer (HAProxy for example)? I considered this to use as workaround for the issue.

9seconds commented 4 years ago

It will work but you have to specify public IP address for the proxy. MTPROTO proxy protocol requires knowledge of correct remote address + public IP: https://github.com/9seconds/mtg/blob/master/wrappers/stream/mtproto_cipher.go#L52-L107 but this code is executed only if you have an adtag. Direct mode is enabled when you do not have any adtag and works like a classic proxy, just pumping data between sockets.

So, it could work but you have to specify public IPs with -4 and -6 flags. I've never tried such setup on my own though 🤷‍♂

KonishchevDmitry commented 4 years ago

It works! I confirm that your patch fixes the issue. Thanks a lot!

9seconds commented 4 years ago

Всегда рад, Дим. Приятно, что снова пересеклись :)

KonishchevDmitry commented 4 years ago

Взаимно. :) Шарик круглый.