[Windows] TLS handshake error when using Desktop app

[murchu27]

I had previously set up my tablet with the automagic script, which generated cert and key, and set up the proxy service on my tablet. I can see that the service runs on my tablet, and it works fine:

● proxy.service - reverse proxy
     Loaded: loaded (/etc/systemd/system/proxy.service; enabled; vendor preset: disabled)
     Active: active (running) since Sat 2021-12-11 15:40:43 UTC; 1 day 19h ago
   Main PID: 190 (rmfake-proxy)
     CGroup: /system.slice/proxy.service
             └─190 /home/root/rmfakecloud/rmfake-proxy -cert /home/root/rmfakecloud/proxy.bundle.crt
 -key /home/root/rmfakecloud/proxy.key https://my.server

I can see in the exec line that the cert is proxy.bundle.crt, and the key is proxy.key. So, I copied the two of these to my Windows PC, which also has the necessary lines added to C:\Windows\system32\drivers\etc\hosts:

# rmfake_start
127.0.0.1 hwr-production-dot-remarkable-production.appspot.com
127.0.0.1 service-manager-production-dot-remarkable-production.appspot.com
127.0.0.1 local.appspot.com
127.0.0.1 my.remarkable.com
127.0.0.1 internal.cloud.remarkable.com
127.0.0.1 ping.remarkable.com
# rmfake_end

I run the proxy on the PC using a config file, and it starts without issue:

PS C:\Users\mmurphy\Downloads\rmfake-proxy> .\rmfake-proxy.exe -c .\config.yml
2021/12/13 11:09:33 cert-file=proxy.bundle.crt key-file=proxy.key listen-addr=:443 upstream-url=https://my.server

I then generated a one-time code from the web UI, and punched that into the Desktop app. But it gets stuck on "Verifing one-time code. Please wait...", while the proxy just repeatedly outputs "TLS handshake error" from different ports that the Desktop app is trying to connect to.

PS C:\Users\mmurphy\Downloads\rmfake-proxy> .\rmfake-proxy.exe -c .\config.yml
2021/12/13 11:09:33 cert-file=proxy.bundle.crt key-file=proxy.key listen-addr=:443 upstream-url=https://my.server
2021/12/13 11:09:36 http: TLS handshake error from 127.0.0.1:65215: EOF
2021/12/13 11:09:36 http: TLS handshake error from 127.0.0.1:65216: EOF
2021/12/13 11:09:37 http: TLS handshake error from 127.0.0.1:65217: EOF
2021/12/13 11:09:40 http: TLS handshake error from 127.0.0.1:65218: EOF
2021/12/13 11:09:43 http: TLS handshake error from 127.0.0.1:65219: EOF
2021/12/13 11:09:50 http: TLS handshake error from 127.0.0.1:65220: EOF
2021/12/13 11:09:59 http: TLS handshake error from 127.0.0.1:65221: EOF
2021/12/13 11:10:14 http: TLS handshake error from 127.0.0.1:65223: EOF

If I specify a port for addr (e.g., 8080 as in the README), then I don't see any output while trying to connect, but the app still doesn't get past the "Verifying one-time code" message.

PS C:\Users\mmurphy\Downloads\rmfake-proxy> .\rmfake-proxy.exe -c .\config.yml
2021/12/13 11:13:58 cert-file=proxy.bundle.crt key-file=proxy.key listen-addr=:8080 upstream-url=https://murchu27.zapto.org:3000
{no more output when trying to connect}

Any idea what I might be missing here?

[ddvk]

i havent figured it out yet. something with the ciphers qt and proxy are using on windows

[murchu27]

Cool, no worries. Do you use the desktop app at all? What do you use for reverse proxy?

[ddvk]

I usually don't use the desktop app (mostly rmapi)

So I just tested the rmfake-proxy.exe from the releases and it works on Windows 11 (21H2). But I remember I had the tls problem on a Windows 10 VM that I have.

The listen address has to be :443 (can be omitted as that's the default), I corrected that in the readme.

[murchu27]

Yeah I was seeing the issue using 443, whenever I used other ports I didn't see any output from rmfake-proxy.exe at all

[murchu27]

Fixed this by trusting the ca.crt file that gets generated by the installer script on the tablet.

I just pulled the file from the tablet via sftp, and then followed this section of Microsoft's article to install it. I didn't need to follow the certificate snap-in section.

After trusting it, then I can run the proxy, and the Desktop app connects successfully

PS C:\Users\mmurphy\Downloads\rmfake-proxy> .\rmfake-proxy.exe -c .\config.yml
2021/12/13 11:09:33 cert-file=proxy.bundle.crt key-file=proxy.key listen-addr=:443 upstream-url=https://my.server