search

Gowee / noisy-shuttle

Secure proxy service indistinguishable from whitelisted TLS website
146 stars 16 forks source link

When running as a client, can the value of the remote_addr field be an IP address? #4

Closed aa51513 closed 1 year ago

aa51513 commented 1 year ago

I read the document: # client listen_addr remote_addr sni password ./noisy-shuttle client 127.0.0.1:1080 server.addr.example:443 www.example.com Teap0taa -v

The command I am executing on the client is ./noisy-shuttle client 0.0.0.0:1080 131.205.189.100:443 www.bing.com TYhdJS8u -v

There is no errors occur on startup

But when I make a http request via the socks5 proxy 127.0.0.1:1080 on the client curl --socks5 127.0.0.1:1080 www.google.com

It tell me the request is failed

client logs: failed to establish snowy tunnel: Not or invalid Server Hello

server logs INFO serve{peer=54.45.88.4:57742}: fallback relay (unauthenticated)

Gowee commented 1 year ago

Yes. The remote_addr (shuttle server address) doesn't have to be a domain name. The server log proves that field are set correctly.

The cause of "Not or invalid Server Hello" might be a misconfiguration otherwhere or some compatibility issues to be resolved in a future release of this project.

Which release or build is running on your local/server environment? And what are the command line args used on the server side?

aa51513 commented 1 year ago

Yes. The remote_addr (shuttle server address) doesn't have to be a domain name. The server log proves that field are set correctly.

The cause of "Not or invalid Server Hello" might be a misconfiguration otherwhere or some compatibility issues to be resolved in a future release of this project.

Which release or build is running on your local/server environment? And what are the command line args used on the server side?

The command line args used on the server side is as follows: ./noisy-shuttle server 0.0.0.0:443 www.bing.com:443 TYhdJS8u -v I don't think it's possible to have a place where I can make a mistake,lol

In order to get more useful information, as an addition, I run the client on the server side, connect to the server through 127.0.0.1:443, the command is as follows: ./noisy-shuttle client 0.0.0.0:10800 127.0.0.1:443 www.bing.com TYhdJS8u -v

Another shell window was opened for testing: curl --socks5 127.0.0.1:10800 ip.sb

The test results are as follows: curl: (56) Recv failure: Connection reset by peer

logs on client side: 2023-02-20T04:30:50.464456Z WARN client listens at 0.0.0.0:10800 with remote: 127.0.0.1:443, sni: www.bing.com, preflight: 0-0 2023-02-20T04:31:09.336067Z INFO socks5_proxy{client=127.0.0.1:44770}: accepting request command=Connect dest_addr="172.67.75.172:80" 2023-02-20T04:31:09.388635Z WARN failed to serve 127.0.0.1:44770 error=failed to establish snowy tunnel: Not or invalid Server Hello

logs on server side: invalid server hello received remote=204.79.197.200:443

aa51513 commented 1 year ago

Runtime Infomation:

noisy-shuttle server version :

noisy-shuttle -v noisy-shuttle 0.2.1

The original filename of the download noisy-shuttle-x86_64-unknown-linux-gnu

os version:

uname -a Linux vm212783.cloudsilk.io 5.4.164-1.el8.elrepo.x86_64 #1 SMP Mon Dec 6 12:28:41 EST 2021 x86_64 x86_64 x86_64 GNU/Linux

cat /etc/centos-release CentOS Stream release 8

noisy-shuttle client version :

noisy-shuttle -v noisy-shuttle 0.2.1

The original filename of the download noisy-shuttle-x86_64-unknown-linux-gnu

os version:

uname -a Linux 172-10-24-2.lightspeed.rlghnc.sbcglobal.net 5.14.0-162.6.1.el9_1.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Nov 18 02:06:38 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

cat /etc/rocky-release Rocky Linux release 9.1 (Blue Onyx)

aa51513 commented 1 year ago

Yes. The remote_addr (shuttle server address) doesn't have to be a domain name. The server log proves that field are set correctly.

The cause of "Not or invalid Server Hello" might be a misconfiguration otherwhere or some compatibility issues to be resolved in a future release of this project.

Which release or build is running on your local/server environment? And what are the command line args used on the server side?

It's really unbelievable, I changed the domain name and the error disappeared: other parameters remain unchanged, just replace www.bing.com with www.apple.com

Gowee commented 1 year ago

Thanks for your feedback.

It owes to some compatibility issues to be resolved. For simplicity, the current implementation does not consider some fields in TLS handshake messages. Once unrecognized TLS parameters are negotiated, such errors would be thrown out. Fixes should come with the next release.