Works but not stable, randomly weird lost connection even with WAN IP remain but ssh login keep refused, only choice, reboot.

[lobstergy]

The script is working that’s amazing, It even supports DoT! I can say the author, whoever you are, are paying great efforts, hard workings to make this working, based on the original trusty Asuswrt-merlin, thanks a lot!!! I can’t appreciate it more. Problems are: 1.- Randomly lost connection, mostly happened at night, visiting shift from CN sites to outsides or family members' devices added in. Don’t know for sure. When these happened, have no idea which triggered, I either lost wan connection or even with obtaining wan IP but router shows disconnected in the network map, as well as lost ssh connection, both Mac & Android 10 phones. If I'd already login router, every commands resulted in “Segmentation fault”, if not the ssh login attempts would be refused by the router. Thus I cannot try to restart the script manually, only reboot. And I noticed almost every time, logs in the WebUI always contain these notices:

* “plugin service exit unexpectedly” 
* "error, plugin service exit unexpectedly”
* "nat: apply nat rules (/tmp/nat_rules_ppp0_eth0) error!”

2.- I was enabled router schedule reboot, but often doesn't work, the more reliable working procedures are manually shut fiber modern, reboot router, wait for all devices connected to the router then turn on modern to obtain WAN IP. 3.- Even in normal connections, the logs always show these abnormal notices:

"server recv: Connection reset by peer; "
"WLCEVENTD: eth2: Disassoc 70:E7:2C:……..; "

SOMETIMES:

"unbound: [10637:0] notice: init module 0: validator
May  5 13:15:00 unbound: [10637:0] notice: init module 1: iterator"

These wired things above, in my guessing, are proofs of this script that can be detected or what? What’s triggered router disconnection to devices and even ssh login to the router? Or is this my router firmware’s problems? I’d searched the WLCEVENTD: eth2: Assoc / Disassoc mean connecting / disconnecting device, but don’t know why these keep happening when no devices turn on and off at the time.

BTW: My condition is, rt-ac88u (fm: 384.13) PPPoE to China Mobile fiber modem, server use “quick” mode [once tried tls, server docker logs show tls failed]; client: TCP-Only, bypass mode; WAN DNS point to router/gateway, and LAN DNS as well, so all clients DNS query can be done by unbound listening port instead of DHCP server force pushed 114 along with router's IP.

Regarding DoT, I think maybe unbound isn't that stable for Entware? Can you consider supporting stubby that comes with the official firmware of Merlin? It’s listening to 127.0.1.1: 53; Or 3rd party stubby script by Xentrk which supports custom designated ports. I’d tried to point stubby listening 15253, but most of time only UDP can be activated but TCP failed.

P.S. Is there any possibility to consider to support v2&ray runs on the router? V2ray seemed more stable and more future promising, only need client support, for its too hard to support vary protocols combinations, I’ve established a working v2 + ws + tls + Nginx + CDN server, just can’t figure out how to deploy onto original merlin. (384.13). For the koolshare’s modified firmware, I won’t comment, but I don’t use it even if I have to give up router's bypass GXX capability and manually setup clients for each platform. So if you can do that it’ll be something big! Thanks and hoping...

[Acris]

1. I am looking at the connection loss problem.

2. I think unbound is stable enough, and stubby has a bug on asuswrt-merlin, see: https://github.com/getdnsapi/stubby/issues/127 for more details.

3. shadowsocks + v2ray-plugin can also work with websocket + tls +Nginx/Caddy + CDN mode, and the server-side is easier to deploy, so I have no plan to work with a v2ray version.

[Acris]

Can you upgrade shadowsocks-asuswrt-merlin to the latest version with ss-merlin upgrade command and see if that happens again?

[lobstergy]

Hi, Acris, Sorry for reply late, kind of busy lately and thanks for your response...

Two cases:

1. Update client only;
2. Open a new GCP VM, install the latest SS+V2 docker, quick mode, only change client ss configuration.

Case ONE, it seemed it's improved a bit, only once since this morning encounter FC (force crash), plus, ssh Segmentation fault. [Are there any watchdog for the script to monitor?] Don’t get me wrong, when it works, it’s awesome, DoT enabled and speed test reached 35/30 Mbps, Y2b 20+ Kbps!

……
May  5 14:15:48 ss-redir[5870]: remote recv: Connection reset by peer
May  5 14:15:48 ss-redir[5870]: **plugin service exit unexpectedly**
May  5 14:15:48 ss-redir[5870]: **error on terminating the plugin.**    

Case TWO, Very slow / failed outside connection, DoT failed, almost unusable. Is it caused by the updated server docker image? Please check and let me know, thanks.

Some logs and comparisons:

gcpw1b [NEW SERVER]

docker top shadowsocks-libev
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                547                 525                 0                   Oct22               ?                   00:00:00            ss-server -s 0.0.0.0 -p 8388 -k PASSWORD -m chacha20-ietf-poly1305 -t **86400** -d 1.1.1.1,1.0.0.1 --reuse-port --no-delay --plugin v2ray-plugin --plugin-opts server;quick;host=*********;path=/***;cert=/root/.acme.sh/*********/fullchain.cer;key=/root/.acme.sh/*********/*********.key -u
root                607                 547                 0                   Oct22               ?                   00:00:01            v2ray-plugin

gcpw2a [OLD SERVER]

docker top shadowsocks-libev
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                14049               14029               0                   21:21               ?                   00:00:03            ss-server -s 0.0.0.0 -p 8388 -k PASSWORD -m chacha20-ietf-poly1305 -t **600** -d 1.1.1.1,1.0.0.1 --reuse-port --no-delay --plugin v2ray-plugin --plugin-opts server;quic;host=*********;path=/***;cert=/root/.acme.sh/*********/*********.cer;key=/root/.acme.sh/*********/*********.key
root                14086               14049               0                   21:21               ?                   00:00:06            v2ray-plugin

username@vmanual-outline:~$ docker logs shadowsocks-libev -f --tail 100   [NEW SERVER]
 2019-10-23 00:19:44 INFO: enable TCP no-delay
 2019-10-23 00:19:44 INFO: plugin "v2ray-plugin" enabled
 2019-10-23 00:19:44 INFO: UDP relay enabled
 2019-10-23 00:19:44 INFO: enable TCP no-delay
 2019-10-23 00:19:44 INFO: initializing ciphers... chacha20-ietf-poly1305
 2019-10-23 00:19:44 INFO: using nameserver: 1.1.1.1,1.0.0.1
 2019-10-23 00:19:44 INFO: tcp server listening at 127.0.0.1:36727
 2019-10-23 00:19:44 INFO: tcp port reuse enabled
 2019-10-23 00:19:44 INFO: udp server listening at 0.0.0.0:8388
 2019-10-23 00:19:44 INFO: udp port reuse enabled
 2019-10-23 00:19:44 INFO: running from root user
2019/10/23 00:19:45 **V2Ray 4.19.1** (Po) Custom
2019/10/23 00:19:45 A unified platform for anti-censorship.
2019/10/23 00:19:45 [Warning] v2ray.com/core: V2Ray 4.19.1 started
2019/10/23 00:19:49 [Warning] v2ray.com/core/transport/internet/websocket: failed to serve http for WebSocket > accept tcp [::]:8388: use of closed network connection
 2019-10-23 00:20:12 INFO: enable TCP no-delay
 2019-10-23 00:20:12 INFO: plugin "v2ray-plugin" enabled
 2019-10-23 00:20:12 INFO: UDP relay enabled
 2019-10-23 00:20:12 INFO: enable TCP no-delay
 2019-10-23 00:20:12 INFO: initializing ciphers... chacha20-ietf-poly1305
 2019-10-23 00:20:12 INFO: using nameserver: 1.1.1.1,1.0.0.1
 2019-10-23 00:20:12 INFO: tcp server listening at 127.0.0.1:47837
 2019-10-23 00:20:12 INFO: tcp port reuse enabled
 2019-10-23 00:20:12 INFO: udp server listening at 0.0.0.0:8388
 2019-10-23 00:20:12 INFO: udp port reuse enabled
 2019-10-23 00:20:12 INFO: running from root user
2019/10/23 00:20:12 V2Ray 4.19.1 (Po) Custom
2019/10/23 00:20:12 A unified platform for anti-censorship.
2019/10/23 00:20:13 [Warning] v2ray.com/core: V2Ray 4.19.1 started
2019/10/23 00:24:36 tcp:120.229.17.26:9079 accepted tcp:127.0.0.1:0

Cloudflare DoT check [NEW SERVER]

Connected to 1.1.1.1 
No 
Using DNS over HTTPS (DoH) 
No 
Using DNS over TLS (DoT) 
No 
AS Name 
**Shanghai Qiangxin Network Technology Co. [/ xTom Hong Kong Limited]**
AS Number 
58879 
Cloudflare Data Center
SEA 
Connectivity to Resolver IP Addresses
1.1.1.1 
Yes 
1.0.0.1 
Yes 
2606:4700:4700::1111 
No 
2606:4700:4700::1001 
No

username@v2raycentos:~$ docker logs shadowsocks-libev -f --tail 100 [OLD SERVER]
 2019-10-23 03:36:48 INFO: enable TCP no-delay
 2019-10-23 03:36:48 INFO: plugin "v2ray-plugin" enabled
 2019-10-23 03:36:48 INFO: enable TCP no-delay
 2019-10-23 03:36:48 INFO: initializing ciphers... chacha20-ietf-poly1305
 2019-10-23 03:36:48 INFO: using nameserver: 1.1.1.1,1.0.0.1
 2019-10-23 03:36:48 INFO: tcp server listening at 127.0.0.1:45947
 2019-10-23 03:36:48 INFO: tcp port reuse enabled
 2019-10-23 03:36:48 INFO: running from root user
2019/10/23 03:36:49 **V2Ray 4.16 (Po) Custom**
2019/10/23 03:36:49 A unified platform for anti-censorship.
2019/10/23 03:36:49 [Warning] v2ray.com/core: V2Ray 4.16 started
2019/10/23 03:36:49 tcp:120.229.17.39:10216 accepted tcp:127.0.0.1:0 
2019/10/23 03:36:49 tcp:120.229.17.39:10217 accepted tcp:127.0.0.1:0 

Cloudflare DoT check [OLD SERVER]

Connected to 1.1.1.1 
Yes 
Using DNS over HTTPS (DoH) 
No 
Using DNS over TLS (DoT) 
Yes 
AS Name 
Cloudflare 
AS Number 
13335 
Cloudflare Data Center
LAX 
Connectivity to Resolver IP Addresses

1.1.1.1 
Yes 
1.0.0.1 
Yes 
2606:4700:4700::1111 
No 
2606:4700:4700::1001 
No

[Acris]

Hello, there is one mistake in your v2ray-plugin configurations, it is quic mode, not quick mode, try correct your configurations and try again.

BTW, next time when you paste your configurations, be careful to hide sensitive information.

[Acris]

Issue closed, feel free to re-open it if needed.