Closed A2116 closed 4 years ago
Hello
OpenVPN uses TCP I want to test UDP after success with TCP yes, is it have any incompatibility or conflict between these two?
Also Make sure that you have correctly configured the server and client using this guide: https://github.com/cbeuw/Cloak/wiki/Underlying-proxy-configuration-guides#openvpn
yes I configure them from that doc
No I think that there is no incompatibility. TBH, I've never tested openvpn with cloak. I will try it out later to if the problem is with the script, or is it with the cloak itself.
can it be because of cloak problem in iran?
I'm not sure, because you said that the shadowsocks is working + your error messages are different from #24
no, I did not say shadowsocks is working, I said shadowsocks is installed as I am new to shadowsocks, i not know why it's not working because of my wrong config or censorship but openvpn work fine without cloak
Oh!
My bad sorry. The config that the scripts gives you must work. If not it might be because of the Iran censorship.
If you want to check, you can use nc
to setup a TCP server on your server and a TCP client on your own machine then use cloak to connect them. (I can explain the details later if you want to test this)
If you think this is because of censorship, please close this issue and refer to #24
I test ovpn but this time with cloak and without shadowsocks again it prompts like before I should note that mtproto is working on my DSL connection so I think it's not because of fake-tls problem but please explain me the process of testing cloak separately using nc
how can I increase timeout? it seems all errors is because of i/o timeout
/etc/cloak/ckserver.json
.ok, I wait for nc tutorial
Here is the small tutorial: https://github.com/HirbodBehnam/Shadowsocks-Cloak-Installer/wiki/Test-The-Cloak-With-NetCat
I build a test VM on my pc and install OpenVPN and cloak on it I test OpenVPN directly and it works fine also, I test cloak using NC and it works fine too but with the same setup for NC and different proxy rule for it not connect behind the cloak in server-side, I add local 127.0.0.1 to the server config file and restart OpenVPN service in client-side, I change the target from 192.168.2.124 to 127.0.0.1 also, I stop ck-server service and run it manually to see it's log
INFO[0084] Terminating active user UID="arxn/uSbVkeg+eD6xgwI7Q==" reason="no session left" INFO[0084] Session closed UID="arxn/uSbVkeg+eD6xgwI7Q==" reason="Failed to connect to proxy server" sessionID=1279337380 INFO[0084] Terminating active user UID="arxn/uSbVkeg+eD6xgwI7Q==" reason="no session left" INFO[0096] New session UID="arxn/uSbVkeg+eD6xgwI7Q==" sessionID=3716463871 INFO[0120] Session closed UID="arxn/uSbVkeg+eD6xgwI7Q==" reason="a connection has dropped unexpectedly" sessionID=3716463871 INFO[0120] Terminating active user UID="arxn/uSbVkeg+eD6xgwI7Q==" reason="no session left" WARN[0201] invalid proxy method UID="arxn/uSbVkeg+eD6xgwI7Q==" encryptionMethod=1 proxyMethod=cloakovpnloc remoteAddr="192.168.2.123:60022" sessionId=3936174049 WARN[0201] invalid proxy method UID="arxn/uSbVkeg+eD6xgwI7Q==" encryptionMethod=1 proxyMethod=cloakovpnloc remoteAddr="192.168.2.123:60023" sessionId=3936174049 WARN[0201] invalid proxy method UID="arxn/uSbVkeg+eD6xgwI7Q==" encryptionMethod=1 proxyMethod=cloakovpnloc remoteAddr="192.168.2.123:60025" sessionId=3936174049 WARN[0201] invalid proxy method UID="arxn/uSbVkeg+eD6xgwI7Q==" encryptionMethod=1 proxyMethod=cloakovpnloc remoteAddr="192.168.2.123:60024" sessionId=3936174049
time="2020-07-22T23:27:11+04:30" level=info msg="Starting standalone mode" time="2020-07-22T23:27:11+04:30" level=info msg="Listening on TCP 127.0.0.1:48443 for cloakovpnlocal client" time="2020-07-22T23:27:15+04:30" level=info msg="Attempting to start a new session"
local 127.0.0.1 port 48443 proto tcp dev tun user nobody group nobody persist-key persist-tun keepalive 10 120 topology subnet server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "dhcp-option DNS 192.168.2.110" push "redirect-gateway def1 bypass-dhcp" dh none ecdh-curve prime256v1 tls-crypt tls-crypt.key 0 crl-verify crl.pem ca ca.crt cert server_rdQZnfuKyj3kmvUB.crt key server_rdQZnfuKyj3kmvUB.key auth SHA256 cipher AES-128-GCM ncp-ciphers AES-128-GCM tls-server tls-version-min 1.2 tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 client-config-dir /etc/openvpn/ccd status /var/log/openvpn/status.log verb 3
client proto tcp-client remote 127.0.0.1 48443 dev tun resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server verify-x509-name server_rdQZnfuKyj3kmvUB name auth SHA256 auth-nocache cipher AES-128-GCM tls-client tls-version-min 1.2 tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 ignore-unknown-option block-outside-dns setenv opt block-outside-dns # Prevent Windows 10 DNS leak verb 3
{ "ProxyBook": { "cloakovpnlocal":["tcp","127.0.0.1:48443"] , "panel":["tcp","127.0.0.1:0"] , "nclocal":["tcp","127.0.0.1:12345"] }, "BypassUID": [ "ZU3pfZUc6OQ+vvZ0gEmA4A==", "arxn/uSbVkeg+eD6xgwI7Q==" ], "BindAddr":[":8443"], "RedirAddr": "204.79.197.200", "PrivateKey": "+GooAh1+lfmjTz4ppuCFmPDkdI8xSeS/skwwh7hr3lQ=", "AdminUID": "8mSgMtBc6hKuyuoIgcJrVg==", "DatabasePath": "userinfo.db", "StreamTimeout": 300 }
{ "ProxyMethod":"cloakovpnlocal", "EncryptionMethod":"aes-gcm", "UID":"arxn/uSbVkeg+eD6xgwI7Q==", "PublicKey":"ZSprHBRoo6RlkTKQ7UxswLF5yxrHUU4SF78vTTppiFY=", "ServerName":"204.79.197.200", "NumConn":4, "BrowserSig":"chrome", "StreamTimeout": 300 }
what is the problem and what should I do?
beside of Iran censorship, there is an incompatibility between cloak and OpenVPN I installed cloak and it enables firewalld then I add TCP and UDP port for OpenVPN to firewalld OpenVPN can connect but web browsing is impossible I think it's a problem about nameservers when cloak run on the server even if the client connect to OpenVPN directly there is a problem on DNS service that doesn't let websurfing I think the system can't resolve web addresses to IP so web surfing becomes impossible and I don't know why and what should I do
Ok now something catch my eye. If you read here you will see that the proxy method is 12 bytes. However your proxy method is 14 bytes. I suggest that you change your proxy name and try again. Also later I will add a limiter to the script to limit the proxy name to 12 characters. Also I tested my script to see if the new rules are added to server config and I haven't actually tested to see if you are able to connect through them or not! I will test that too. I don't know if your openvpn config is correct or not because 1. I'm a noob and 2. I haven't worked with openvpn alot. To ask more about openvpn, it is a good idea to continue this thread here
Update: I have tested the nc myself and it is working. However, I realized that I cannot use uppercase characters in my proxyMethod
. I will add a warning about this in my script.
by decreasing the proxy method length the problem in local server solved but in ovh it has the problem that perhaps is because of datacenter network limitations because it works fine on another server
the problem between OpenVPN and cloak is the firewall method, angristan script for OpenVPN use iptables, and your script for cloak use firewalld by restarting OpenVPN-iptables.service that adds VPN forwarding and routing rules the problem solved, and the funny thing is I should restart it twice because every time at first restart it exits with an error but if we want a fully automated server that does its job after boot without any manual command we should add service restart to the startup script
when I want to connect to ovpn behind of cloak it prompts me in client
time="2020-07-22T05:52:35+04:30" level=error msg="Failed to prepare connection to remote: EOF"
on server it prompt
INFO[0058] failed to read anything after connection is established: read tcp YYY.YYY.YYY.YYY:8443->XXX.XXX.XXX.XXX:65289: i/o timeout remoteAddr="XXX.XXX.XXX.XXX:65289"