search

erebe / wstunnel

Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available
Other
3.17k stars 287 forks source link

Websocket ping not working #259

Closed chibbert closed 1 week ago

chibbert commented 2 weeks ago

Describe the bug Thanks for a great project :-)

I'm not seeing the "pings" between client and server, even if I add in the command line options and set them to 10s.

This means that when going through nginx which has a 60s idle timeout the tunnel connection is broken every 60s when idle.

Changing from ws to wss makes no difference to the pings. Removing the parameter websocket-ping-frequency-sec makes no difference to the pings. Upgrading to 9.2.5 makes no difference to the pings.

To Reproduce 1) Start server: wstunnel server ws://[::]:10000 --websocket-ping-frequency-sec 10

2) Start client: wstunnel client -R tcp://[::]:10001:localhost:80 ws://127.0.0.1:10000 --websocket-ping-frequency-sec 10

3) Run tcpdump to analyse traffic: sudo tcpdump -i lo port 10000 or port 10001 -nnnn -w ~/tmp/tunnel_http_10s_ping.pcap

4) Wait 2 mintues then stop client and server

5) See in wireshark that there is no traffic after initial tunnel establishment at 08:51:22 and client exit at 08:53:25 image

Expected behavior Pings to be sent between client/server

Screenshots

Desktop (please complete the following information):

Additional context N/A

chibbert commented 2 weeks ago

Upload of the pcap taken tunnel_http_10s_ping.zip

erebe commented 2 weeks ago

Hello, It is not really a bug, but maybe an un-expected behavior. For reverse tunneling, when you start the client, it does an http upgrade request to the server and wait for an incoming connection server side in order to do the upgrade in websocket. It is only when the upgrade is done (that the connection is fully in websocket mode), that the ping frequency quick in.

The upgrade is not done immediatly because the response of the upgrade is needed for the client to establish the reverse tunnel/connect to the remote end. This behavior is only there for reverse tunneling and there is no way to send ping between the beginning and end of the upgrade request (as this is something that should happen quickly, as it is supposed to be an handshake)

Nonetheless it should not cause you any issues, beside seeing logs that the remote tunnel has been closed, and re-open just after