Failing to connect after establishing reverse tunnel

[seyuboglu]

Thanks for the great work on this!

I've got sish running up on gcloud and have pointed my dns records to the external ip. Here's the configuration I used:

gcloud compute instances create-with-container sish \
    --zone="us-central1-a" \
    --tags="sish" \
    --container-mount-host-path="host-path=/mnt/stateful_partition/sish/ssl,mount-path=/ssl" \
    --container-mount-host-path="host-path=/mnt/stateful_partition/sish/keys,mount-path=/keys" \
    --container-mount-host-path="host-path=/mnt/stateful_partition/sish/pubkeys,mount-path=/pubkeys" \
    --container-image="antoniomika/sish:latest" \
    --machine-type="e2-micro" \
    --container-arg="--domain=meerkat.wiki" \
        --container-arg="--authentication=false" \
    --container-arg="--ssh-address=:2222" \
    --container-arg="--http-address=:80" \
    --container-arg="--https-address=:443" \
    --container-arg="--https=true" \
    --container-arg="--https-certificate-directory=/ssl" \
    --container-arg="--authentication-keys-directory=/pubkeys" \
    --container-arg="--private-keys-directory=/keys" \
    --container-arg="--bind-random-ports=false" \
    --container-arg="--bind-random-subdomains=false" \
    --container-arg="--bind-random-aliases=false" \
    --container-arg="--tcp-aliases=true" \
    --container-arg="--service-console=true" \
    --container-arg="--log-to-client=true" \
    --container-arg="--admin-console=true" \
    --container-arg="--verify-ssl=false" \
    --container-arg="--https-ondemand-certificate=false" \
    --container-arg="--https-ondemand-certificate-accept-terms=false" \
    --container-arg="--https-ondemand-certificate-email=certs@meerkat.wiki" \
    --container-arg="--idle-connection=false" \
    --container-arg="--ping-client-timeout=2m"

I'm able to setup the reverse tunnel with: ssh -p 2222 -R foo:80:httpbin.org:80 meerkat.wiki

However, when I try testing it with curl -vvv https://foo.meerkat.wiki/helloworld I get:

* Could not resolve host: foo.meerkat.wiki
* Closing connection 0
curl: (6) Could not resolve host: foo.meerkat.wiki

Any leads on what I may be missing in the setup?

[seyuboglu]

Interestingly, if I change the subdomain to ssh -p 2222 -R test:80:httpbin.org:80 meerkat.wiki, then I get:

*   Trying 23.217.138.110:443...
* connect to 23.217.138.110 port 443 failed: Operation timed out
* Failed to connect to test.meerkat.wiki port 443 after 75069 ms: Operation timed out
* Closing connection 0
curl: (28) Failed to connect to test.meerkat.wiki port 443 after 75069 ms: Operation timed out

[antoniomika]

Hey @seyuboglu

Sorry for the delay and missing you on IRC, next time you join feel free to give me a ping!

Your first issue (could not resolve host) makes me think that's a DNS resolution issue. If you had recently setup the wildcard/A record for your domain. That's possible for why that happened.

I'm wondering if the firewall settings aren't being set to allow connections over port 443. Does it work with port 80?

I.e. did you run this line or change it to allow those ports?

Best.

[antoniomika]

Actually just checked, might just be missing the wildcard record for the TLD.

~$ dig @1.1.1.1 meerkat.wiki

; <<>> DiG 9.10.6 <<>> @1.1.1.1 meerkat.wiki
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1887
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;meerkat.wiki.                  IN      A

;; ANSWER SECTION:
meerkat.wiki.           1799    IN      A       XX.XXX.XXX.XXX

;; Query time: 58 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Oct 18 11:59:37 EDT 2022
;; MSG SIZE  rcvd: 57

~$ dig @1.1.1.1 asdf.meerkat.wiki

; <<>> DiG 9.10.6 <<>> @1.1.1.1 asdf.meerkat.wiki
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16837
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;asdf.meerkat.wiki.             IN      A

;; AUTHORITY SECTION:
meerkat.wiki.           3601    IN      SOA     dns1.registrar-servers.com. hostmaster.registrar-servers.com. 1666034979 43200 3600 604800 3601

;; Query time: 61 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Oct 18 11:59:43 EDT 2022
;; MSG SIZE  rcvd: 119

[seyuboglu]

That was the fix! – I had improperly setup that record on namecheap. Thanks for the quick response.