No internet on spoofed domains

[molaeiali]

I am using the default configuration, + some custom domains, ports 53, 80 and 443 are open and mapped in compose to 8443 8080 and 5300/udp

I have access to internet on non-spoofed domains but not on spoofed ones:

On my client (which it's ip is in ALLOWED_CLIENTS list):

• Spoofed:

  $ nslookup ifconfig.co
  Server:     VPS_IP

$ curl -v https://ifconfig.co
*   Trying VPS_IP:443...
* Connected to ifconfig.co (VPS_IP) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=ifconfig.co
*  start date: Jul  3 19:24:55 2024 GMT
*  expire date: Oct  1 19:24:54 2024 GMT
*  subjectAltName: host "ifconfig.co" matched cert's "ifconfig.co"
*  issuer: C=US; O=Google Trust Services; CN=WE1
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x562882cfde90)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: ifconfig.co
> user-agent: curl/7.81.0
> accept: */*
> 

It hangs here and time out.

Non-spoofed:

nslookup ident.me
Server:     VPS_IP

curl ident.me
CLIENT_IP

Here's my compose logs:

snidust  | [INFO] Dnsdist webserver password not set - generating one
snidust  | [INFO] Generated WebServer Password: PASSWORD
snidust  | [INFO] Dnsdist webserver api key not set - generating one
snidust  | [INFO] Generated WebServer API Key: API_KEY
snidust  | [INFO] Installing default domains...
snidust  | '/var/lib/snidust/domains.d/00-debug.lst' -> '/etc/snidust/domains.d/00-debug.lst'
snidust  | '/var/lib/snidust/domains.d/01-cdn_akamai.lst' -> '/etc/snidust/domains.d/01-cdn_akamai.lst'
snidust  | '/var/lib/snidust/domains.d/02-amazon.lst' -> '/etc/snidust/domains.d/02-amazon.lst'
snidust  | '/var/lib/snidust/domains.d/03-hbo.lst' -> '/etc/snidust/domains.d/03-hbo.lst'
snidust  | '/var/lib/snidust/domains.d/04-hulu.lst' -> '/etc/snidust/domains.d/04-hulu.lst'
snidust  | '/var/lib/snidust/domains.d/05-netflix.lst' -> '/etc/snidust/domains.d/05-netflix.lst'
snidust  | '/var/lib/snidust/domains.d/06-molotov_tv.lst' -> '/etc/snidust/domains.d/06-molotov_tv.lst'
snidust  | '/var/lib/snidust/domains.d/07-srf_ch.lst' -> '/etc/snidust/domains.d/07-srf_ch.lst'
snidust  | '/var/lib/snidust/domains.d/09-zattoo.lst' -> '/etc/snidust/domains.d/09-zattoo.lst'
snidust  | '/var/lib/snidust/domains.d/10-yallo.lst' -> '/etc/snidust/domains.d/10-yallo.lst'
snidust  | '/var/lib/snidust/domains.d/11-youtube.lst' -> '/etc/snidust/domains.d/11-youtube.lst'
snidust  | [INFO] Generating ACL...
snidust  | [INFO] Generating DNSDist Config...
snidust  | [INFO] Starting DNSDist...
snidust  | [INFO] Starting nginx..
snidust  | dnsdist 1.9.4 comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2
snidust  | [INFO] [SniDust] *** Loading Domain Lists... ***
snidust  | [INFO] [SniDust] *** Domain List: /etc/snidust/domains.d/00-debug.lst***
snidust  | [INFO] [SniDust] Adding domain ifconfig.co to list
snidust  | [INFO] [SniDust] *** End of Domain List ***
snidust  | [INFO] [SniDust] *** Domain List: /etc/snidust/domains.d/01-cdn_akamai.lst***
snidust  | [INFO] [SniDust] Adding domain akadns.net to list
snidust  | [INFO] [SniDust] Adding domain akam.net to list
snidust  | [INFO] [SniDust] Adding domain akamai.com to list
snidust  | [INFO] [SniDust] Adding domain akamai.net to list
snidust  | [INFO] [SniDust] Adding domain akamaiedge.net to list
snidust  | [INFO] [SniDust] Adding domain akamaihd.net to list
snidust  | [INFO] [SniDust] Adding domain akamaistream.net to list
snidust  | [INFO] [SniDust] Adding domain akamaitech.net to list
snidust  | [INFO] [SniDust] Adding domain akamaitechnologies.com to list
snidust  | [INFO] [SniDust] Adding domain akamaitechnologies.fr to list
snidust  | [INFO] [SniDust] Adding domain akamaized.net to list
snidust  | [INFO] [SniDust] *** End of Domain List ***
snidust  | [INFO] [SniDust] *** Domain List: /etc/snidust/domains.d/02-amazon.lst***
snidust  | [INFO] [SniDust] Adding domain amazon.com to list
snidust  | [INFO] [SniDust] Adding domain amazon.co.uk to list
snidust  | [INFO] [SniDust] Adding domain amazonvideo.com to list
snidust  | [INFO] [SniDust] *** End of Domain List ***
snidust  | [INFO] [SniDust] *** Domain List: /etc/snidust/domains.d/03-hbo.lst***
snidust  | [INFO] [SniDust] Adding domain hbonow.com to list
snidust  | [INFO] [SniDust] Adding domain hbogo.com to list
snidust  | [INFO] [SniDust] Adding domain hbo.com to list
snidust  | [INFO] [SniDust] *** End of Domain List ***
snidust  | [INFO] [SniDust] *** Domain List: /etc/snidust/domains.d/04-hulu.lst***
snidust  | [INFO] [SniDust] Adding domain hulu.com to list
snidust  | [INFO] [SniDust] Adding domain huluim.com to list
snidust  | [INFO] [SniDust] *** End of Domain List ***
snidust  | [INFO] [SniDust] *** Domain List: /etc/snidust/domains.d/05-netflix.lst***
snidust  | [INFO] [SniDust] Adding domain netflix.com to list
snidust  | [INFO] [SniDust] Adding domain netflix.de to list
snidust  | [INFO] [SniDust] Adding domain nflximg.net to list
snidust  | [INFO] [SniDust] Adding domain nflximg.com to list
snidust  | [INFO] [SniDust] Adding domain nflxvideo.net to list
snidust  | [INFO] [SniDust] Adding domain netflix.net to list
snidust  | [INFO] [SniDust] Adding domain nflximg.net to list
snidust  | [INFO] [SniDust] Adding domain nflxvideo.net to list
snidust  | [INFO] [SniDust] Adding domain nflxso.net to list
snidust  | [INFO] [SniDust] Adding domain nflxext.com to list
snidust  | [INFO] [SniDust] *** End of Domain List ***
snidust  | [INFO] [SniDust] *** Domain List: /etc/snidust/domains.d/06-molotov_tv.lst***
snidust  | [INFO] [SniDust] Adding domain molotov.tv to list
snidust  | [INFO] [SniDust] *** End of Domain List ***
snidust  | [INFO] [SniDust] *** Domain List: /etc/snidust/domains.d/07-srf_ch.lst***
snidust  | [INFO] [SniDust] Adding domain srgssr.ch to list
snidust  | [INFO] [SniDust] Adding domain cdn.rts.ch to list
snidust  | [INFO] [SniDust] Adding domain srgsnitch.herokuapp.com to list
snidust  | [INFO] [SniDust] Adding domain srg.live.ott.irdeto.com to list
snidust  | [INFO] [SniDust] *** End of Domain List ***
snidust  | [INFO] [SniDust] *** Domain List: /etc/snidust/domains.d/09-zattoo.lst***
snidust  | [INFO] [SniDust] Adding domain zattoohds-a.akamaihd.net to list
snidust  | [INFO] [SniDust] Adding domain zathdslive-a.akamaihd.net to list
snidust  | [INFO] [SniDust] Adding domain zahs.tv to list
snidust  | [INFO] [SniDust] Adding domain zatsslive-a.akamaihd.net to list
snidust  | [INFO] [SniDust] Adding domain chromecast-receiver.zattoo.com to list
snidust  | [INFO] [SniDust] Adding domain box30030.wemfbox.ch to list
snidust  | [INFO] [SniDust] Adding domain zattoo.wemfbox.ch to list
snidust  | [INFO] [SniDust] Adding domain zatsslive-a.akamaihd.net to list
snidust  | [INFO] [SniDust] Adding domain zattoo.com to list
snidust  | [INFO] [SniDust] *** End of Domain List ***
snidust  | [INFO] [SniDust] *** Domain List: /etc/snidust/domains.d/10-yallo.lst***
snidust  | [INFO] [SniDust] Adding domain y3o.tv to list
snidust  | [INFO] [SniDust] Adding domain yallo.tv to list
snidust  | [INFO] [SniDust] *** End of Domain List ***
snidust  | [INFO] [SniDust] *** Domain List: /etc/snidust/domains.d/11-youtube.lst***
snidust  | [INFO] [SniDust] Adding domain youtube.com to list
snidust  | [INFO] [SniDust] Adding domain googlevideo.com to list
snidust  | [INFO] [SniDust] Adding domain youtubei.googleapis.com to list
snidust  | [INFO] [SniDust] Adding domain youtube.googleapis.com to list
snidust  | [INFO] [SniDust] Adding domain youtube-nocookie.com to list
snidust  | [INFO] [SniDust] Adding domain youtu.be to list
snidust  | [INFO] [SniDust] Adding domain s.ytimg.com to list
snidust  | [INFO] [SniDust] *** End of Domain List ***
snidust  | [INFO] [SniDust] *** Domain List: /etc/snidust/domains.d/99-custom.lst***
snidust  | [INFO] [SniDust] Adding domain docker.com to list
snidust  | [INFO] [SniDust] Adding domain docker.io to list
snidust  | [INFO] [SniDust] Adding domain gitlab.com to list
snidust  | [INFO] [SniDust] Adding domain gitlab.io to list
snidust  | [INFO] [SniDust] Adding domain github.com to list
snidust  | [INFO] [SniDust] Adding domain github.io to list
snidust  | [INFO] [SniDust] Adding domain githubusercontent.com to list
snidust  | [INFO] [SniDust] Adding domain npmjs.com to list
snidust  | [INFO] [SniDust] *** End of Domain List ***
snidust  | [INFO] [SniDust] *** Complete! ***
snidust  | Added downstream server 8.8.8.8:853
snidust  | Added downstream server 8.8.4.4:853
snidust  | Added downstream server 1.1.1.1:443
snidust  | Added downstream server 1.0.0.1:443
snidust  | Listening on 0.0.0.0:5300
snidust  | ACL allowing queries from: CLIENT_IP/32, 127.0.0.1/32
snidust  | Console ACL allowing connections from: 127.0.0.0/8, ::1/128
snidust  | Marking downstream cloudflare-dns (1.0.0.1:443) as 'up'
snidust  | Marking downstream cloudflare-dns (1.1.1.1:443) as 'up'
snidust  | Marking downstream dns.google (8.8.4.4:853) as 'up'
snidust  | Marking downstream dns.google (8.8.8.8:853) as 'up'
snidust  | ===================================================================
snidust  | [INFO] SniDust started => Using VPS_IP - Point your DNS settings to this address
snidust  | ===================================================================

Any idea what's happening? It looks like the dns is working but it cannot get data from the VPS

[molaeiali]

When I spoof all I get this:

~$ curl https://ifconfig.com
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

http connections are OK, but https connections will timeout or end up with an error

[stream2me]

I am using the latest image and everything works as it should. Have you checked your firewall rules? If you try "dig" from the client, do you get the VPS-IP?

dig +short @VPS-IP yallo.tv VPS-IP

[Seji64]

ifconfig.com does indeed not have a valid ssl cert. So the curl error is correct

[molaeiali]

I am using the latest image and everything works as it should. Have you checked your firewall rules? If you try "dig" from the client, do you get the VPS-IP?

dig +short @VPS-IP yallo.tv VPS-IP

Yes I get VPS-IP

ifconfig.com does indeed not have a valid ssl cert. So the curl error is correct

On other https websites it just hangs, for example: HTTPS:

$ curl -v https://www.google.com
*   Trying VPS-IP:443...
* Connected to www.google.com (VPS-IP) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=www.google.com
*  start date: Jul  1 07:34:52 2024 GMT
*  expire date: Sep 23 07:34:51 2024 GMT
*  subjectAltName: host "www.google.com" matched cert's "www.google.com"
*  issuer: C=US; O=Google Trust Services; CN=WR2
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x555c28717e90)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: www.google.com
> user-agent: curl/7.81.0
> accept: */*
> 

HTTP:

$ curl -v http://www.google.com
*   Trying VPS-IP:80...
* Connected to www.google.com (VPS-IP) port 80 (#0)
> GET / HTTP/1.1
> Host: www.google.com
> User-Agent: curl/7.81.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.26.1
< Date: Wed, 24 Jul 2024 08:32:04 GMT
< Content-Type: text/html; charset=ISO-8859-1
< Transfer-Encoding: chunked
< Connection: keep-alive
< Expires: -1
< Cache-Control: private, max-age=0
< Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-VuzWcYyjsC0o6rxObhflCA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
< P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
< X-XSS-Protection: 0
< X-Frame-Options: SAMEORIGIN
< Set-Cookie: AEC=AVYB7cq9i6_7vCWs7ngGKIY7VeLR53yYR1Eqh6e_UY55njHnOarMWqQXLzU; expires=Mon, 20-Jan-2025 08:32:04 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
< Set-Cookie: NID=516=pWXai-sY1vgE7jxg44sw8ZXE1daDYFaJ5eGGGHKpjJxQTEsADggFj4LBKrmSijmPsSbbR5V4aKDXSeTHsPm9DvyyUNr47cuEzaLiZOv1nNPZzd1hazOky_hXkWm3ZxYY3bPfdgAL0EsxVJ0LsD0vjGX0-7EiOR1-4OGaoJdmxAY; expires=Thu, 23-Jan-2025 08:32:04 GMT; path=/; domain=.google.com; HttpOnly
< Accept-Ranges: none
< Vary: Accept-Encoding
< 
<!doctype html><html itemscope="" itemtype=  THE REST OF HTML PAGE

[Seji64]

Does the curl command work in the Container?

[molaeiali]

Does the curl command work in the Container?

Yes it works