Closed AnorBanantje closed 2 months ago
erebe
commented
2 months ago Hello,
Have you tried to set the --websocket-ping-frequency ? Even if it is http2 it should enable http2 keep_alive. https://github.com/erebe/wstunnel/blob/main/src/tunnel/transport/http2.rs#L153
For windows issue, I don't know, I never used much wstunnel on wdinows. I will try to look into it, as I have another issue to check for it
AnorBanantje
commented
2 months ago --websocker-ping-frequency works it sends packets but my HAProxy further drop connection like is written in default config after 50 sec.
363 52.245.333 CLIENTIP SERVERIP TCP 54 4367 → 443 [ACK] Seq=6068 Ack=9514 Win=130304 Len=0 364 53.204.827 CLIENTIP SERVERIP TLSv1.3 93 Application Data 365 53.209.965 SERVERIP CLIENTIP TLSv1.3 93 Application Data 366 53.252.075 CLIENTIP SERVERIP TCP 54 4367 → 443 [ACK] Seq=6107 Ack=9553 Win=130304 Len=0 367 54.224.185 CLIENTIP SERVERIP TLSv1.3 93 Application Data 368 54.227.583 SERVERIP CLIENTIP TLSv1.3 93 Application Data 369 54.269.972 CLIENTIP SERVERIP TCP 54 4367 → 443 [ACK] Seq=6146 Ack=9592 Win=130304 Len=0 370 54.409.888 SERVERIP CLIENTIP TLSv1.3 98 Application Data 371 54.410.342 CLIENTIP SERVERIP TLSv1.3 93 Application Data 372 54.410.531 CLIENTIP SERVERIP TLSv1.3 78 Application Data 373 54.410.639 CLIENTIP SERVERIP TCP 54 4367 → 443 [FIN, ACK] Seq=6209 Ack=9636 Win=130304 Len=0 374 54.412.308 SERVERIP CLIENTIP TCP 54 443 → 4367 [ACK] Seq=9636 Ack=6209 Win=64128 Len=0 375 54.414.665 SERVERIP CLIENTIP TLSv1.3 78 Application Data 376 54.414.879 CLIENTIP SERVERIP TCP 54 4367 → 443 [RST, ACK] Seq=6210 Ack=9660 Win=0 Len=0 377 54.416.618 SERVERIP CLIENTIP TCP 54 443 → 4367 [FIN, ACK] Seq=9660 Ack=6210 Win=64128 Len=0 378 54.416.749 CLIENTIP SERVERIP TCP 54 4367 → 443 [RST] Seq=6210 Win=0 Len=0
Weird is when i do something like executing commands in SSH inside this tunnel then timeout is reseted to 50 sec after execution same when i make sockproxy inside ssh when i use it to go to websites counter looks too reseted.
only setting in haproxy timeout help for this problem but i can't set it only for this tunnel i need set it for frontend which is for all websites too. timeout client 1h
AnorBanantje
commented
2 months ago Found nice workaround. --tls-sni-override www.example.com and in frontend with ssl termination: acl is_wstunnel ssl_fc_sni www.example.com use_backend wstunnel if is_wstunnel
Is your feature request related to a problem? Please describe. Hey, i'm configuring ssh over wstunnel through http2, it actually works but only 50 sec when here is no traffic. In HAproxy i configured 50 sec for timeout client and server.
Describe the solution you'd like http2-ping-frequency-sec like websocket-ping-frequency-sec
Describe alternatives you've considered When i set HAProxy in tcp mode i haven't that problem but then i can't use detection with domain name in that mode. My HAProxy hosts more services. I can't use SNI here because TLS termination is made through HAProxy my wstunnel works in http mode in backend and for detection i use domain name from --http-headers Host:www.example.com.
Not related to main feature request: (Not Important) Is it normal for windows wstunnel that when connection is not successfully started / ended or something wrong in command but command is valid to start process is not possible to kill wstunnel with CTRL +C / CTRL + Z? Only cmd, powershell window close help here.