rule management problems

[A2116]

how should I remove a rule? the script does not do it if I enter a UUID it starts installation script from start and after some question, it prompts that can't do anything and exit if I enter a number it prompts done and nothing will happen to config files also if I try to add rules it prompts some unknown output and erase server.conf file and exit I should note that the installer script has done the process fine and add manual rules correctly but after installation, I can't add or remove anything also I see that shadowsocks profile use plain encryption, how I can change it? when I change it it does not affect the server even after service restart or reboot, the JSON file showing, for example, aes-gcm but the server uses plain and when I add a new user it shows me plain on configurations where it loads the configurations?

[HirbodBehnam]

Hello I'm a bit confused. UIDs and rules are two different things. UIDs are for user management (that you add or remove them using options 1 or 2). Rules on the over hand are used to tell the cloak to forward what to where. Please note that if you have created a limited user, they are saved into the cloak's database not the json file. Also note that while removing or adding them, script tries to start cloak client on the server and fetch the results from database. As you mentioned in one of the previous issues, because of your ram it might fail to start cloak client. But I'll check it later anyway. Also for shadowsocks profiles, as the main cloak repository says, I have chosen the plain encryption as default because it does not give fingerprints. (Source) If you want, you have to just change it in the new config file that the script generates for you. Also if the script gives you an error before starting it over please tell me.

[HirbodBehnam]

I tested the script and I could not reproduce the things you said. (empty server config and starting from beginning) I tried these steps:

1. Added an non-restricted UID and connected to it. Added 3 more and tested one more of them.
2. Added a restricted UID and connected to it. I haven't tested the speed limit and quota limit. (Also note that you should enter all numbers correctly and do not use a big value.)
3. Added another non-restricted and tested it.
4. Used Show UIDs option to check if they have been added correctly.
5. While connected to a non-restricted UID, removed it and the shadowsocks got disconnected immediately.
6. While connected to a restricted UID, removed it and the shadowsocks got disconnected immediately.
7. Removed the shadowsocks rule and added it again. It worked fine.

[A2116]

Looks like you have installed Cloak. Choose an option below: 1) Add User 2) Remove User 3) Show UIDs 4) Show Connections for Shadowsocks Users 5) Change Forwarding Rules 6) Regenerate Firewall Rules 7) Uninstall Cloak Please enter a number: 5 What do you want to do? 1) Add a rule 2) Delete a rule Choose by number: 2 1) { 2) "ProxyBook": { 3) "clvpn": [ 4) "tcp", 5) "127.0.0.1:48443" 6) ], 7) "panel": [ 8) "tcp", 9) "127.0.0.1:0" 10) ], 11) "nclocal": [ 12) "tcp", 13) "127.0.0.1:12345" 14) ], 15) "": "" 16) }, 17) "BypassUID": [ 18) "lCOl+YH0ot/BJQA+TBOX5A==", 19) "jefUqHV6pIbSp0GcMm8GSg==" 20) ], 21) "BindAddr": [ 22) ":8443" 23) ], 24) "RedirAddr": "204.79.197.200", 25) "PrivateKey": "wLvbhd7UZBFgrmOJJUN/T7WGoyYLpSqKd18EPAQhYEQ=", 26) "AdminUID": "8FVIC9ODzuLPLkkCVjSjBg==", 27) "DatabasePath": "userinfo.db", 28) "StreamTimeout": 300 29) } Which UID you want to see it's link?(Choose by number) 3 Done [root@localvpn ~]#

nothing happen

[HirbodBehnam]

@A2116 Can you reinstall the cloak and Update the script? or is this a fresh install with the newest script?

[A2116]

it's new script i install it 2 day ago

[A2116]

Looks like you have installed Cloak. Choose an option below: 1) Add User 2) Remove User 3) Show UIDs 4) Show Connections for Shadowsocks Users 5) Change Forwarding Rules 6) Regenerate Firewall Rules 7) Uninstall Cloak Please enter a number: 5 What do you want to do? 1) Add a rule 2) Delete a rule Choose by number: 1 Where the traffic should be forwarded?(For example 127.0.0.1:6252) 127.0.0.1:54321 What should this be called? Clients must use this name as "ProxyMethod" on their computers: testprme jq: error: $k is not defined at , line 1: .ProxyBook += {$k} jq: 1 compile error Done [root@localvpn ~]#

nothing happen /etc/cloak/ckserver.conf completely cleared

[HirbodBehnam]

@A2116 So it's not new. Uninstall the cloak. Remove the script and install using the newest one. Edit: Using this command you can update the script: curl -o Cloak-Installer.sh -L https://git.io/fj5mh && bash Cloak-Installer.sh

[HirbodBehnam]

I'm closing this issue because you have reported this bug in #25 and it's fixed in this commit.

[HirbodBehnam]

If this issue still exists in the newest script tell me to re-open this issue.

[A2116]

it's solved by updating script if i edit shadowsocks.json file and change "EncryptionMethod":"plain", to "EncryptionMethod":"aes-gcm", is it change by restarting service? or not?

[HirbodBehnam]

Great news that it's now fixed! You can edit that file and use it without restarting the service. Also, if you are using a ss:// link to connect to your server, you have to change plain in the link to whatever encryption you like.

[A2116]

I edit shadowsocks.json but nothing happens also, I remove shadowsocks method and re-add it with the same name also, nothing happens in both situation when I select Show Connections for Shadowsocks Users it shows me plain as encryption also if I add new user

[HirbodBehnam]

You have to edit the link manually. The script always gives you a link with the plain method. Let me give you an example. Here is my ss:// link (Removed IP and password):

ss://abcd@1.1.1.1:53?plugin=ck-client%3BUID%3De38tNcVDdSW%2FZ8w30T1ORQ%5C%3D%5C%3D%3BPublicKey%3DzJx%2BO4O7RTnuabqkOOocojpBj0G3MqknvMrc2OjYMBU%5C%3D%3BServerName%3Dbing.com%3BBrowserSig%3Dchrome%3BNumConn%3D4%3BProxyMethod%3Dshadowsocks%3BEncryptionMethod%3Dplain%3BStreamTimeout%3D300

Note that the method is plain. The only thing you have to is to change it to aes-gcm. So here is the new link:

ss://abcd@1.1.1.1:53?plugin=ck-client%3BUID%3De38tNcVDdSW%2FZ8w30T1ORQ%5C%3D%5C%3D%3BPublicKey%3DzJx%2BO4O7RTnuabqkOOocojpBj0G3MqknvMrc2OjYMBU%5C%3D%3BServerName%3Dbing.com%3BBrowserSig%3Dchrome%3BNumConn%3D4%3BProxyMethod%3Dshadowsocks%3BEncryptionMethod%3Daes-gcm%3BStreamTimeout%3D300

[A2116]

before I change the link I should change shadowsocks.json or it's not needed?

[A2116]

if you can improve the script to generate QRcode and link correctly with the selected encryption method

[HirbodBehnam]

No there is no need to change the shadowsocks.json file. Also as I said before, the cloak repository says that you can use plain because shadowsocks does not give fingerprints. So I'll stick to the hardcoded plain method until that is changed.

[HirbodBehnam]

If you want you change this line yourself in your own sever in order to change the encryption method of the QR code and ss:\\ links.