search

ShadowsocksR-Live / shadowsocksr-native

翻墙 从容穿越党国敏感日 ShadowsocksR (SSRoT) native implementation for all platforms, GFW terminator
https://github.com/ShadowsocksR-Live/shadowsocksr-native/wiki
GNU General Public License v3.0
2.74k stars 763 forks source link

Windows 10, SSR-Client "error junk in handshake" #102

Closed amanjuman closed 4 years ago

amanjuman commented 4 years ago

Please answer these questions before submitting your issue. Thanks!

What version of shadowsocks-native are you using?

Latest

What operating system are you using?

Server on Ubuntu 18.04 x64 Client Windows 10 x64

What did you do?

Modified config file everything else ok.

What did you expect to see?

Should working fine.

What did you see instead?

ssr-client 2020/01/14 1:15 error junk in handshake

What is your config in detail (with all sensitive info masked)?

Server and client config file,

{
    "password": "goodpassword",
    "method": "chacha20",
    "protocol": "auth_sha1_v4",
    "protocol_param": "",
    "obfs": "http_simple",
    "obfs_param": "",
    "udp": false,
    "timeout": 300,
    "server_settings": {
        "listen_address": "0.0.0.0",
        "listen_port": 3636
    },
    "client_settings": {
        "server": "1.2.3.4",
        "server_port": 443,
        "listen_address": "0.0.0.0",
        "listen_port": 1080
    },
    "over_tls_settings": {
        "enable": true,
        "server_domain": "subdomain.domain.tld",
        "path": "/50854b49-319d-4388-8977-d520bdd1ff16/",
        "root_cert_file": ""
    }
}

Nginx Config

server
{
    # Listen
    listen 80;
    listen [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl;

    # Directory & Server Naming
    root /var/www/subdomain.domain.tld;
    index index.php index.html;
    server_name subdomain.domain.tld www.subdomain.domain.tld;

    # HTTP to HTTPS redirection
    if ($scheme != "https")
    {
        return 301 https://$host$request_uri;
    }

    # SSL
    ssl_certificate /etc/letsencrypt/live/subdomain.domain.tld/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.tld/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/subdomain.domain.tld/fullchain.pem;

    # Disable Hidden FIle Access Except Lets Encrypt Verification
    location ~ /\.well-known 
    { 
        allow all;
    }

    # Nginx Logging
    access_log /var/log/nginx/subdomain.domain.tld-access.log;
    error_log /var/log/nginx/subdomain.domain.tld-error.log warn;

    # Max Upload Size
    client_max_body_size 100M;

    # Permalink Support
    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    # PHP Upsteam
    location ~ \.php$ 
    {
        include snippets/fastcgi-php.conf;
        ## For PHP 7.2
        fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    # Robot Text Logging Off
    location = /robots.txt
    {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Fav ICON Disable
    location = /favicon.ico 
    {
        log_not_found off;
        access_log off;
    }

    if ($request_method !~ ^(GET|HEAD|POST)$ )
    {
        return 405;
    }

    location /50854b49-319d-4388-8977-d520bdd1ff16/ 
    {
        proxy_redirect off;
        proxy_pass http://127.0.0.1:3636;
        proxy_http_version 1.1;
        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host \$http_host;
    }
}

In Windows 10, I tried .\ssr-client.exe -c config.json Got this,

ssr-client 2020/01/14  1:14  info  remote server    1.2********:443
ssr-client 2020/01/14  1:14  info  method           chacha20
ssr-client 2020/01/14  1:14  info  password         go******
ssr-client 2020/01/14  1:14  info  protocol         auth_sha1_v4
ssr-client 2020/01/14  1:14  info  obfs             http_simple
ssr-client 2020/01/14  1:14  info
ssr-client 2020/01/14  1:14  warn  over TLS         yes
ssr-client 2020/01/14  1:14  info  over TLS domain  subdomain.domain.tld
ssr-client 2020/01/14  1:14  info  over TLS path    /50854b49-319d-4388-8977-d520bdd1ff16/
ssr-client 2020/01/14  1:14  info
ssr-client 2020/01/14  1:14  info  udp relay        no

ssr-client 2020/01/14  1:14  info  listening on     0.0.0.0:1080

ssr-client 2020/01/14  1:15 error  junk in handshake
ssr-client 2020/01/14  1:15 error  junk in handshake
ssr-client 2020/01/14  1:15 error  junk in handshake
ssr-client 2020/01/14  1:15 error  junk in handshake
ssrlive commented 4 years ago

To test connectivity, use the following command.

curl -x socks5h://localhost:1080 https://www.google.com/

amanjuman commented 4 years ago

To test connectivity, use the following command. curl -x socks5h://localhost:1080 https://www.google.com/ Issued this command in Server and got this error - curl: (7) Failed to connect to localhost port 1080: Connection refused as you haven't mentioned from where to try, I tried from Windows Client as well and got this.

Invoke-WebRequest : A parameter cannot be found that matches parameter name 'x'.
At line:1 char:6
+ curl -x socks5h://localhost:1080 https://www.google.com/
+      ~~
    + CategoryInfo          : InvalidArgument: (:) [Invoke-WebRequest], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
amanjuman commented 4 years ago

Also here are listening ports - sudo netstat -tulpn | grep LISTEN


tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1241/nginx: master  
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      812/systemd-resolve 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1239/sshd           
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      1241/nginx: master  
tcp        0      0 0.0.0.0:3636            0.0.0.0:*               LISTEN      1004/ssr-server     
tcp6       0      0 :::80                   :::*                    LISTEN      1241/nginx: master  
tcp6       0      0 :::22                   :::*                    LISTEN      1239/sshd           
tcp6       0      0 :::443                  :::*                    LISTEN      1241/nginx: master

SSR is runing, if there is an option to check ssr log, I would attach it.

ssrlive commented 4 years ago

https://github.com/ShadowsocksR-Live/shadowsocksr-native/wiki/%E5%AE%A2%E6%88%B7%E7%AB%AF%E7%94%A8%E6%B3%95

https://curl.haxx.se/download.html

image

amanjuman commented 4 years ago

Seems it work with Firefox FoxyProxy but didn't work in by default network settings. I was thinking to use it as Global Proxy in Windows 10.

ssrlive commented 4 years ago

you can use Privoxy to help you.