settings for caonima using ss-local

[zcaudate]

Hey Daniel,

I'm in China now and am setting up shadowsocks. I'm also not sure if there is a place for issues with caonima so I'm pinging here.

I followed the instructions for https://caonima.io/ and the instructions are not clear on how to setup the config for the library, especially for obfs-local.

In the end, I followed: /usr/local/Cellar/shadowsocks-libev/3.1.3_1/share/doc/shadowsocks-libev/shadowsocks-libev.html

chris on chapterhouse in ~
14:49:56 λ  ss-local -c Desktop/shadowsocks.json
 2018-03-21 14:51:21 INFO: plugin "obfs-local" enabled
 2018-03-21 14:51:21 INFO: initializing ciphers... chacha20-ietf-poly1305
 2018-03-21 14:51:21 INFO: listening at 127.0.0.1:1080
 2018-03-21 14:51:21 ERROR: bind: Address already in use
 2018-03-21 14:51:21 ERROR: bind() error

simple-obfs 0.0.5

  maintained by Max Lv <max.c.lv@gmail.com>

  usage:

    obfs-local

       -s <server_host>           Host name or IP address of your remote server.
       -p <server_port>           Port number of your remote server.
       -l <local_port>            Port number of your local server.
       --obfs <http|tls>          Enable obfuscating: HTTP or TLS (Experimental).
       --obfs-host <host_name>    Hostname for obfuscating (Experimental).

       [-a <user>]                Run as another user.
       [-f <pid_file>]            The file path to store pid.
       [-t <timeout>]             Socket timeout in seconds.
       [-c <config_file>]         The path to config file.
       [-n <number>]              Max number of open files.
       [-b <local_address>]       Local address to bind.

       [--fast-open]              Enable TCP fast open.
                                  with Linux kernel > 3.7.0.

       [-v]                       Verbose mode.
       [-h, --help]               Print this message.

it did not work and I changed the port to 2080 and got this:

chris on chapterhouse in ~
14:52:00 λ  ss-local -c Desktop/shadowsocks.json
 2018-03-21 14:52:09 INFO: plugin "obfs-local" enabled
 2018-03-21 14:52:09 INFO: initializing ciphers... chacha20-ietf-poly1305
 2018-03-21 14:52:09 INFO: listening at 127.0.0.1:2080

simple-obfs 0.0.5

  maintained by Max Lv <max.c.lv@gmail.com>

  usage:

    obfs-local

       -s <server_host>           Host name or IP address of your remote server.
       -p <server_port>           Port number of your remote server.
       -l <local_port>            Port number of your local server.
       --obfs <http|tls>          Enable obfuscating: HTTP or TLS (Experimental).
       --obfs-host <host_name>    Hostname for obfuscating (Experimental).

       [-a <user>]                Run as another user.
       [-f <pid_file>]            The file path to store pid.
       [-t <timeout>]             Socket timeout in seconds.
       [-c <config_file>]         The path to config file.
       [-n <number>]              Max number of open files.
       [-b <local_address>]       Local address to bind.

       [--fast-open]              Enable TCP fast open.
                                  with Linux kernel > 3.7.0.

       [-v]                       Verbose mode.
       [-h, --help]               Print this message.

 2018-03-21 14:52:09 ERROR: plugin service exit unexpectedly

[zcaudate]

I added the config to /usr/local/etc/shadowsocks-libev.json and did:

16:55:02 λ  brew services restart shadowsocks-libev
Stopping `shadowsocks-libev`... (might take a while)
==> Successfully stopped `shadowsocks-libev` (label: homebrew.mxcl.shadowsocks-l
==> Successfully started `shadowsocks-libev` (label: homebrew.mxcl.shadowsocks-l

but it's not working

[danielsz]

Sure, no problem.

You'll be happier sticking with 1080 as your local port, as it is the standard port for socks. On your machine, that port seems to be taken since you get a bind: Address already in use error. Please find out what process that is and kill it. Then try running again.

Here's my tip, I like to first test the config on the command line.

ss-local -s 139.162.113.100 -p 8013 -m chacha20-ietf-poly1305 -k your-password -l 1080 --plugin obfs-local --plugin-opts "obfs=http;obfs-host=www.bing.com" -v

Please let me know how that works out.

[zcaudate]

the command looks like it's doing something, but facebook and google are still not loading:

chris on chapterhouse in ~
16:55:15 λ  ss-local -s 139.162.113.100 -p 8013 -m chacha20-ietf-poly1305 -k your-password -l 1080 --plugin obfs-local --plugin-opts "obfs=http;obfs-host=www.bing.com" -v
 2018-03-21 17:00:03 INFO: plugin "obfs-local" enabled
 2018-03-21 17:00:03 INFO: initializing ciphers... chacha20-ietf-poly1305
 2018-03-21 17:00:03 INFO: listening at 127.0.0.1:1080
 2018-03-21 17:00:03 [simple-obfs] INFO: obfuscating enabled
 2018-03-21 17:00:03 [simple-obfs] INFO: obfuscating hostname: www.bing.com
 2018-03-21 17:00:03 [simple-obfs] INFO: tcp port reuse enabled
 2018-03-21 17:00:03 [simple-obfs] INFO: listening at 127.0.0.1:56140
 2018-03-21 17:01:08 INFO: connect to ssl.gstatic.com:443
 2018-03-21 17:01:08 INFO: connect to p48-caldav.icloud.com:443
 2018-03-21 17:01:11 INFO: connect to ssl.gstatic.com:443
 2018-03-21 17:01:12 INFO: connect to p48-caldav.icloud.com:443
 2018-03-21 17:01:12 INFO: connect to p48-caldav.icloud.com:443
 2018-03-21 17:01:12 INFO: connect to p48-caldav.icloud.com:443
 2018-03-21 17:01:13 INFO: connect to p48-caldav.icloud.com:443
 2018-03-21 17:01:13 INFO: connect to www.facebook.com:443
 2018-03-21 17:01:13 INFO: connect to p48-caldav.icloud.com:443
 2018-03-21 17:01:13 INFO: connect to www.facebook.com:443
 2018-03-21 17:01:15 INFO: connect to www.facebook.com:443
 2018-03-21 17:01:16 INFO: connect to www.facebook.com:443
 2018-03-21 17:01:16 INFO: connect to docs.google.com:443
 2018-03-21 17:01:17 INFO: connect to docs.google.com:443
 2018-03-21 17:01:17 INFO: connect to docs.google.com:443
 2018-03-21 17:01:18 INFO: connect to docs.google.com:443
 2018-03-21 17:01:21 INFO: connect to api.github.com:443
 2018-03-21 17:01:21 INFO: connect to api.github.com:443
 2018-03-21 17:01:22 INFO: connect to ssl.gstatic.com:443
 2018-03-21 17:01:22 INFO: connect to docs.google.com:443
 2018-03-21 17:01:22 INFO: connect to assets-cdn.github.com:443
 2018-03-21 17:01:22 INFO: connect to assets-cdn.github.com:443
 2018-03-21 17:01:22 INFO: connect to assets-cdn.github.com:443
 2018-03-21 17:01:22 INFO: connect to assets-cdn.github.com:443
 2018-03-21 17:01:22 INFO: connect to avatars0.githubusercontent.com:443
 2018-03-21 17:01:22 INFO: connect to avatars0.githubusercontent.com:443
 2018-03-21 17:01:22 INFO: connect to avatars1.githubusercontent.com:443
 2018-03-21 17:01:22 INFO: connect to avatars1.githubusercontent.com:443
 2018-03-21 17:01:22 INFO: connect to avatars2.githubusercontent.com:443
 2018-03-21 17:01:22 INFO: connect to avatars2.githubusercontent.com:443
 2018-03-21 17:01:22 INFO: connect to avatars3.githubusercontent.com:443
 2018-03-21 17:01:22 INFO: connect to avatars3.githubusercontent.com:443
 2018-03-21 17:01:22 INFO: connect to collector.githubapp.com:443
 2018-03-21 17:01:22 INFO: connect to github.com:443
 2018-03-21 17:01:22 INFO: connect to assets-cdn.github.com:443
 2018-03-21 17:01:22 INFO: connect to assets-cdn.github.com:443
 2018-03-21 17:01:22 INFO: connect to avatars0.githubusercontent.com:443
 2018-03-21 17:01:22 INFO: connect to avatars1.githubusercontent.com:443
 2018-03-21 17:01:22 INFO: connect to avatars0.githubusercontent.com:443
 2018-03-21 17:01:22 INFO: connect to avatars1.githubusercontent.com:443
 2018-03-21 17:01:22 INFO: connect to avatars2.githubusercontent.com:443
 2018-03-21 17:01:22 INFO: connect to github.com:443
 2018-03-21 17:01:22 INFO: connect to avatars2.githubusercontent.com:443
 2018-03-21 17:01:22 INFO: connect to assets-cdn.github.com:443
 2018-03-21 17:01:22 INFO: connect to avatars3.githubusercontent.com:443
 2018-03-21 17:01:22 INFO: connect to avatars3.githubusercontent.com:443
 2018-03-21 17:01:22 INFO: connect to collector.githubapp.com:443
 2018-03-21 17:01:22 INFO: connect to assets-cdn.github.com:443
 2018-03-21 17:01:22 INFO: connect to assets-cdn.github.com:443
 2018-03-21 17:01:22 INFO: connect to avatars1.githubusercontent.com:443
 2018-03-21 17:01:22 INFO: connect to github.com:443
 2018-03-21 17:01:23 INFO: connect to assets-cdn.github.com:443
 2018-03-21 17:01:23 INFO: connect to avatars1.githubusercontent.com:443
 2018-03-21 17:01:23 INFO: connect to assets-cdn.github.com:443
 2018-03-21 17:01:23 INFO: connect to github.com:443
 2018-03-21 17:01:23 INFO: connect to ssl.gstatic.com:443
 2018-03-21 17:01:23 INFO: connect to assets-cdn.github.com:443
 2018-03-21 17:01:24 INFO: connect to docs.google.com:443
 2018-03-21 17:01:27 INFO: connect to clients1.google.com:443
 2018-03-21 17:01:27 INFO: connect to clients1.google.com:443
 2018-03-21 17:01:29 INFO: connect to assets-cdn.github.com:443
 2018-03-21 17:01:29 INFO: connect to assets-cdn.github.com:443
 2018-03-21 17:01:29 INFO: connect to github.com:443
 2018-03-21 17:01:29 INFO: connect to assets-cdn.github.com:443
 2018-03-21 17:01:29 INFO: connect to github.com:443
 2018-03-21 17:01:29 INFO: connect to assets-cdn.github.com:443
 2018-03-21 17:01:33 INFO: connect to ssl.gstatic.com:443
 2018-03-21 17:01:34 INFO: connect to ssl.gstatic.com:443
 2018-03-21 17:01:50 INFO: connect to www.google.com.np:443
 2018-03-21 17:01:51 INFO: connect to www.google.com.np:443
 2018-03-21 17:01:53 INFO: connect to github.com:443
 2018-03-21 17:01:54 INFO: connect to github.com:443
 2018-03-21 17:01:54 INFO: connect to api.github.com:443
 2018-03-21 17:01:54 INFO: connect to api.github.com:443
 2018-03-21 17:01:54 INFO: connect to api.github.com:443
 2018-03-21 17:01:54 INFO: connect to api.github.com:443
 2018-03-21 17:01:57 INFO: connect to google.com:80
 2018-03-21 17:01:58 INFO: connect to clients1.google.com:443
 2018-03-21 17:01:58 INFO: connect to clients1.google.com:443
 2018-03-21 17:02:13 INFO: connect to www.facebook.com:443
 2018-03-21 17:02:13 INFO: connect to www.facebook.com:443

[zcaudate]

I also tried checking and unchecking the socks proxy, but it doesn't work:

[danielsz]

The output of the command looks like what we want. Did you point your browser to the local proxy on port 1080?

[zcaudate]

hmmm. what do you mean by pointing the browser to the proxy?

I thought setting the socks proxy in the network tab was enough.

[danielsz]

Maybe, but you need to make sure your browser uses the proxy. Try running from the command line.

opera-developer --proxy-server="socks5://localhost:1080"                                                                                                                           

Even better, to minimize DNS leaks:

chromium --proxy-server="socks5://localhost:1080" --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE localhost"

[danielsz]

For debugging purposes, you can also check that the output of ss-local responds to tcp requests made with netcat:

nc -X 5 -x 127.0.0.1:1080 google.com 443

[zcaudate]

I tried again with the following options:

And opening chrome with proxy server specified:

It looks like there is output:

However, there is still issues accessing facebook:

the netcat request does not return:

[zcaudate]

I'm not sure if it's a SOCKS5 proxy for OSX

[danielsz]

It all looks good. I suspect DNS leakage is preventing you from connecting. Even if browsers are configured to use a proxy, they will still occasionally leak DNS requests. But there's a fix. First thing to do is try to run Chrome with the host-resolver-rules settings (see above). If that doesn't help, try installing DNScrypt.

[zcaudate]

Hi Daniel.

I'm gunna close this as I'm currently running shadowsocks and it's working pretty well.