Closed amirhmk closed 3 years ago
Could you provide the information required in the Bug Report issue template?
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Actual behavior
A clear and concise description of what actually happened.
Logs
If applicable, add full logs of errors and outputs to help explain your problem. Preferabbly, you can also increase the verbosity, for example to enable debug logs for the localproxy, you can use the cli option -v 6
Environment (please complete the following information):
Additional context
Add any other context about the problem here.
Yes for sure. Let me know if you'd like any more information. @KareemAliAWS
Describe the bug
Unable to establish source connection: Could not perform SSL handshake with proxy server: stream truncated
After successfully pulling the docker imaging and running the container, I am unable to start the SSH tunnel on my local computer.
I tried explicitly passing the certificate location too with the -c
flag as well, but got the same error.
I followed this video to open a tunnel for SSH access.
Steps to reproduce the behavior:
./docker-build.sh
./docker-run.sh
./localproxy -r us-west-2 -s 5555 -t <SOURCE_TOKEN>
Expected behavior
Tunnel should be connected.
Actual behavior
Could not perform SSL handshake with proxy server: stream truncated
Logs
If applicable, add full logs of errors and outputs to help explain your problem. Preferabbly, you can also increase the verbosity, for example to enable debug logs for the localproxy, you can use the cli option -v 6
./docker-run.sh
root@c6c07f99b45d:/home/aws-iot-securetunneling-localproxy# ls
certs localproxy localproxytest
root@c6c07f99b45d:/home/aws-iot-securetunneling-localproxy# ./localproxy -r us-west-2 -s 5555 -t <TOKEN> -v 6
[2021-05-14T17:05:50.937674]{15}[warning] Found access token supplied via CLI arg. Consider using environment variable AWSIOT_TUNNEL_ACCESS_TOKEN instead
[2021-05-14T17:05:50.937810]{15}[debug] v2 local proxy starts with v1 local proxy format
[2021-05-14T17:05:50.937858]{15}[debug] /home/aws-iot-securetunneling-localproxy/config does not exist!
[2021-05-14T17:05:50.937893]{15}[info] Starting proxy in source mode
[2021-05-14T17:05:50.939769]{15}[trace] Setting up web socket...
[2021-05-14T17:05:50.939959]{15}[info] Attempting to establish web socket connection with endpoint wss://data.tunneling.iot.us-west-2.amazonaws.com:443
[2021-05-14T17:05:50.939988]{15}[trace] Resolving proxy host: data.tunneling.iot.us-west-2.amazonaws.com
[2021-05-14T17:05:50.951827]{15}[debug] Resolved proxy server IP: XXXXXXX
[2021-05-14T17:05:50.952138]{15}[debug] Connected successfully with proxy server
[2021-05-14T17:05:50.952177]{15}[trace] Performing SSL handshake with proxy server
[2021-05-14T17:05:50.953944]{15}[error] Could not perform SSL handshake with proxy server: stream truncated
[2021-05-14T17:05:53.457001]{15}[info] Attempting to establish web socket connection with endpoint wss://data.tunneling.iot.us-west-2.amazonaws.com:443
[2021-05-14T17:05:53.457194]{15}[trace] Resolving proxy host: data.tunneling.iot.us-west-2.amazonaws.com
...
Environment (please complete the following information):
Additional context
I have the V2 version of IoT Core installed on my remote machine, a Raspberry Pi 4. I have also installed Nucleus
and SecureTunneling
components successfully, with a Healthy
status.
Hi, I encountered a similar issue.
In Jetson nano side, I have a running aws-iot-device-client. The port 22 is opening for ssh connection. In AWS console, I got a tunnel and its Destination connection state is open. It is connecting with the aws-iot-device-client.
In my mac side, the docker-run.sh
is docker run --name localproxy -expose=5555 -p 5555:5555 --rm -it aws-iot-securetunneling-localproxy:latest bash
and I could get into the container.
However, when I run $ export AWS_ACCESS_KEY_ID= <source_client_access_token>
and $ ./localproxy -s 5555 -b 0.0.0.0 -r ca-central-1
in the container, it shows as follows:
[2021-05-20T21:45:28.020447]{1567}[info] Starting proxy in source mode
[2021-05-20T21:45:28.022043]{1567}[info] Attempting to establish web socket connection with endpoint wss://data.tunneling.iot.ca-central-1.amazonaws.com:443
[2021-05-20T21:45:28.070154]{1567}[error] Could not perform SSL handshake with proxy server: stream truncated
Could you give me some suggestions to solve this issue? @KareemAliAWS
@KareemAliAWS is that enough to pinpoint the issue? Let me know if you need anything else. I was able to run the tunnel with the same method on a iMac on x86
@amirhmk I can't reproduce the issue on my mac as well, it's a mac with the Intel x86-64 chip, not the new M1 chip, so I'm guessing this could possibly be a docker issue since some of the earlier versions had problems working the M1 chip, which docker version are using? Could you also send me the rest of the logs?(the ones in the previous comments are truncated).
Generally speaking the "stream truncated" error means that the connection was abruptly closed by something external.
I will try it on an arm64 machine and see if I can reproduce it.
Can't reproduce it on my aarch64 linux machine as well. Could you try updating the Dockerfile on your machine so that line become
./Configure linux-aarch64 && \
instead of
./Configure linux-generic64 && \
And retry again, It didn't matter on aarch64 linux but maybe it's different for M1 chips. Also make sure you use docker image rm <IMAGE_ID>
to delete the existing docker images for localproxy, otherwise if you try re-building docker will use the cached image instead of re-building the image and the binaries on it.
@KareemAliAWS Thanks, this solved my problem!
Also would it be possible to pass a port number to docker-run.sh
so it can publish the port to the host for SSHing? There is no SSH client installed in the container.
@amirhmk Yes, you can do that. I will publish PRs for fixing the Dockerfile
and allowing the user to pass a port number to the docker-run.sh
, in the mean time, you can edit docker-run.sh
to add this --expose=5555 -p 5555:5555
, this will expose port 5555 from the container (Replace 5555
with the port that the localproxy is listening on in source mode.) to the host, so that you can ssh to that port from the host.
@amirhmk @YSUN-coder I have updated the instructions and the docker-run
script, to make the localproxy accessible from outside the container, you use
./docker-run.sh -p 5555
# And then from inside the container, make sure to use 0.0.0.0 for binding by using the -b option
./localproxy -s 5555 -b 0.0.0.0 -r <REGION> -t <TOKEN>
I also updated the docker-build
script to check for the OS architecture and choose the OpenSSL configuration accordingly
I'm facing the same issue on an Intel Mac running Big Sur (run in docker). I downloaded this repo (fresh, maybe 30 minutes before this comment), made the docker image, then ./docker-run.sh -p 5555
then export my source token, then ./localproxy -r us-west-2 -s 5555 -c ./certs -v 6
and get:
[2021-05-25T03:41:16.526788]{12}[debug] v2 local proxy starts with v1 local proxy format
[2021-05-25T03:41:16.526881]{12}[debug] /home/aws-iot-securetunneling-localproxy/config does not exist!
[2021-05-25T03:41:16.526923]{12}[info] Starting proxy in source mode
[2021-05-25T03:41:16.528710]{12}[trace] Setting up web socket...
[2021-05-25T03:41:16.528985]{12}[info] Attempting to establish web socket connection with endpoint wss://data.tunneling.iot.us-east-1.amazonaws.com:443
[2021-05-25T03:41:16.529154]{12}[trace] Resolving proxy host: data.tunneling.iot.us-east-1.amazonaws.com
[2021-05-25T03:41:16.552733]{12}[debug] Resolved proxy server IP: XXX
[2021-05-25T03:41:16.553032]{12}[debug] Connected successfully with proxy server
[2021-05-25T03:41:16.553135]{12}[trace] Performing SSL handshake with proxy server
[2021-05-25T03:41:16.553984]{12}[error] Could not perform SSL handshake with proxy server: stream truncated
Hi, I encountered a similar issue.
In Jetson nano side, I have a running aws-iot-device-client to listen Secure Tunnel Connection. I have tested the port 22 is ready for ssh connection with my Mac. In AWS console, I got a tunnel and its Destination connection state is open. It is connecting with the aws-iot-device-client.
In my Mac side, the
docker-run.sh
isdocker run --name localproxy -expose=5555 -p 5555:5555 --rm -it aws-iot-securetunneling-localproxy:latest bash
and I could get into the container.However, when I run
$ export AWS_ACCESS_KEY_ID= <source_client_access_token>
and$ ./localproxy -s 5555 -b 0.0.0.0 -r ca-central-1
in the container, it shows as follows: [2021-05-20T21:45:28.020447]{1567}[info] Starting proxy in source mode [2021-05-20T21:45:28.022043]{1567}[info] Attempting to establish web socket connection with endpoint wss://data.tunneling.iot.ca-central-1.amazonaws.com:443 [2021-05-20T21:45:28.070154]{1567}[error] Could not perform SSL handshake with proxy server: stream truncatedCould you give me some suggestions to solve this issue? @KareemAliAWS
The docker version in my Mac is 20.10.5 and macOS version is 10.15.7 . Right now, I updated the repo, removed the previous image and rebuild the container. But ./localproxy
is still not working for me by running ./localproxy -s 5555 -b 0.0.0.0 -r ca-central-1 -t AQGAA...(omit lots of letters in source access token)...3DM4iY=
. Is there any step above I missed or doing wrong? @kareali Thanks for your help.
@Lard4 @YSUN-coder I don't think that problems you're seeing are the same as the one in this issue since it was already fixed by adjusting the openssl configurations, Could you fill a bug report so that we can look at them separately? You can add in the information in this issue or you can create new issues and it will automatically prompt you to fill the report template.
@kareali opened #48
I've just started using AWS IoT and have setup IoT Core on my Raspberry Pi, and installed the local proxy on my Mac using Docker.
I have opened a tunnel via the AWS web interface (and can see that the destination is connected) and have followed the instructions for starting a tunnel in the docker container. I've ran the following command:
But I face the following error:
Could not perform SSL handshake with proxy server: stream truncated
. I've tried looking into SSL handshake errors but I haven't been able to successfully debug this. Any ideas?Using the V2 AWS Core SDK btw