search

Jigsaw-Code / outline-server

Outline Server, developed by Jigsaw. The Outline Server is a proxy server that runs a Shadowsocks instance and provides a REST API for access key management.
https://getoutline.org/
Apache License 2.0
5.84k stars 789 forks source link

Outline server pinging, but doesn't work #1588

Open sollosollo4 opened 3 months ago

sollosollo4 commented 3 months ago

Just yesterday, VPN server stopped working. Connection and control are fine. ReInstallation - hangs on Starting Shadowbox. The connection line is not present in access.txt /opt/outline. my uninstall: I removed all docker containers, run docker builder prune command and rm -rf /opt/outline remove this folder. After I stop docker-daemon by sudo systemctl stop docker.service After I use manager helper command: sudo bash -c "$(wget -qO- https://raw.githubusercontent.com/Jigsaw-Code/outline-apps/master/server_manager/install_scripts/install_server.sh)" And hang up on Starting Shadowbox.......... Re run install command hang up on Verifying that Docker daemon is running ..... line I don’t know which logs I can provide, tell me - I’ll do it.

sollosollo4 commented 3 months ago

I was able to install outline server by running all commands as administrator. but it still just doesn't work. Internet disappears as soon as I connect to the Outline server

sbruens commented 2 months ago

Can you check your firewall and also check the firewall settings from your cloud provider.

sollosollo4 commented 2 months ago

@sbruens Debian GNU/Linux 11 (bullseye) Release: 11 At the time of the answer, ufw or another firewall are not installed on my VPS. There are no special settings on the cloud provider, everything is by default

sbruens commented 2 months ago

Many VPS providers block most inbound traffic by default to enhance security. This can sometimes be the source of these issues.

Some more troubleshooting steps:

  1. Check iptables:

    • If you haven't already, install iptables: sudo apt install iptables (or the equivalent command for your Linux distribution).
    • Then, run sudo iptables -L to view the current firewall rules.

  2. Check server logs:

    • Run docker logs shadowbox to view the server logs.
    • Look for any error messages or clues about what might be causing the problem.

  3. Try another VPS (if possible):

    • Try running the installation on a different VPS to see if you get different results. This can help determine if the problem is specific to your current VPS environment.
sollosollo4 commented 2 months ago

iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:openvpn
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     udp  --  anywhere             anywhere             udp dpt:openvpn
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (4 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (4 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere
sbruens commented 2 months ago

Thanks. Are you able to establish a TCP connection at all? Try curl <IP> -v to see if a TCP connection can be established.

sollosollo4 commented 2 months ago

Thanks. Are you able to establish a TCP connection at all? Try curl <IP> -v to see if a TCP connection can be established.

curl 142.251.39.110 -v

*   Trying 142.251.39.110:80...
* Connected to 142.251.39.110 (142.251.39.110) port 80 (#0)
> GET / HTTP/1.1
> Host: 142.251.39.110
> User-Agent: curl/7.74.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Location: http://www.google.com/
< Content-Type: text/html; charset=UTF-8
< Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-LCgLvFa2RDNSC6FnClFV6w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
< Date: Wed, 11 Sep 2024 11:55:41 GMT
< Expires: Fri, 11 Oct 2024 11:55:41 GMT
< Cache-Control: public, max-age=2592000
< Server: gws
< Content-Length: 219
< X-XSS-Protection: 0
< X-Frame-Options: SAMEORIGIN
< 
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
* Connection #0 to host 142.251.39.110 left intact
sbruens commented 2 months ago

It looks like the IP is redirecting traffic to google.com. Are you serving a web server at this IP?

sollosollo4 commented 2 months ago

No, I just ping'ed 142.251.39.110, this is google.com IP I'm not using web server

sbruens commented 2 months ago

My apologies for the confusion; I meant establishing a connection from client->server, not from server->target.

So send a curl request from your client device to the that is in your key (you can find it after the @ sign). This will tell us if you are able to establish any TCP connection with your Outline server. It should look something like this:

$ curl 123.456.789.1:1111 -v
*   Trying 123.456.789.1:1111...                                                                      
* Connected to 123.456.789.1 (123.456.789.1) port 1111                                                
> GET / HTTP/1.1                                                                                       
> Host: 123.456.789.1:1111                                                                            
> User-Agent: curl/8.8.0                                                                               
> Accept: */*                                                                                          
>                                                                                                      
* Request completely sent off

Note the "Connected to 123.456.789.1 (123.456.789.1) port 1111"

sbruens commented 2 months ago

Another way you could check is with netcat:

# TCP
nc -v -z -w 3 123.456.789.1 1111

# UDP
nc -v -u -z -w 3 123.456.789.1 1111
thirstyone commented 1 month ago

sorry for hijacking this thread (but it could at least be of use) curl: (56) Recv failure: Connection reset by peer red@red-MacBookPro:~$ nc -v -z -w 3 142.251.39.110 1111 Connection to 142.251.39.110 1111 port [tcp/*] succeeded! red@red-MacBookPro:~$ nc -v -u -z -w 3 142.251.39.110 1111 Connection to 142.251.39.110 1111 port [udp/*] succeeded! but: `curl 142.251.39.110 -v

; <<>> DiG 9.18.28-0ubuntu0.24.04.1-Ubuntu <<>> ya.ru ;; global options: +cmd ;; no servers could be reached ` (i had to change 9.9.9.9 in /etc/resolv.conf to 8.8.8.8, and at least with my previous setup it resolved domain names, unlike the 9.9.9.9 server) these are using the Russian cellular networks, right now I can't try it with other providers.