search

cbeuw / Cloak

A censorship circumvention tool to evade detection by authoritarian state adversaries
GNU General Public License v3.0
3.42k stars 303 forks source link

RedirAddr behaves quite odd when BindAddr is changed to "non-default" ports ... #235

Open Cebeerre opened 1 year ago

Cebeerre commented 1 year ago

Hi !

First of all let me thank @cbeuw and the rest of contributors for this nice piece of sofware ... really awesome !

I'm happily running a setup where traffic goes through Caddy2 running on Docker to be proxied to a Cloak instance running on top of an OpenWRT router where my Wireguard instances live. This setup is working fine without isues using the CDN Transport.

The thing is that ck-server is running on port 1081 on the OpenWRT and even though the plugable thing works perfectly, if I try to connect with a browser to the caddy2 vhost that proxies to the 1081 cloack instance, ck-server actually tries to redirect to the RedirAddr but forcing/using the 1081 port as per the logs:

Wed Oct 18 15:37:36 2023 daemon.err ck-server[13685]: time="2023-10-18T13:37:36Z" level=error msg="Making connection to redirection server: dial tcp 142.250.200.99:1081: connect: connection timed out"

Is this something really expected ?

My server.json looks like this:

{
    "ProxyBook": {
        "wireguard": [
            "udp",
            "127.0.0.1:3478"
        ]
    },
    "BindAddr": [
        ":1081"
    ],
    "BypassUID": [
        "xxxxxxx"
    ],
    "RedirAddr": "google.es",
    "PrivateKey": "xxxxxxx"
}

Many thanks !!

zestysoft commented 2 months ago

I ran into this too. The solution is to provide the port with the address:

"RedirAddr": "google.es", to "RedirAddr": "google.es:443",