yuan-thomas
commented
3 months ago Looks like localhost:1234 isn't reachable on your server.
Closed TerraMaster85 closed 2 months ago
yuan-thomas
commented
3 months ago Looks like localhost:1234 isn't reachable on your server.
TerraMaster85
commented
2 months ago SOLVED - 443 is a low port, so I had to either run the server as root or set the low port bind cap on wstunnel with setcap(8).
Applying for my dumbass certificate tomorrow :laughing:
Apologies for the vague title. I've not been able to identify any characteristic differences in my setup.
Anyway, here's the form.
Describe the goal
I'm trying to route a TCP audio stream through a wss tunnel. The stream originates from the application-server and is transmitted to the application-client. Application-client shall connect to 1234/tcp and application-server shall listen on 1235/tcp. Thus the wstunnel-client should bind hosta:1234 and the wstunnel-server should bind hostb:1235.
In a bid to try to make my test setup work, I've simplified everything as much as possible. Both hosts are local, but hosta is 127.0.0.1 and hostb is 127.0.0.2.
Describe what does not work
All attempts to establish the tunnel stall or time out. If traffic is sent over the tunnel before the timeout, the wstunnel-client's request is reported as malformed (400) and thrown out by the wstunnel-server
Describe your wstunnel setup
Between these lines, in another terminal I run
nc -vz 127.0.0.1 1235If I do not do this, instead the lines prefixed with # will be printed every 30 seconds or so forever.
2024-08-22T21:31:00.631451Z INFO wstunnel::tunnel::server::server: Accepting connection
2024-08-22T21:31:00.631552Z INFO tunnel{peer="127.0.0.1:56200"}: wstunnel::tunnel::server::server: Doing TLS handshake
2024-08-22T21:31:00.631634Z DEBUG tunnel{peer="127.0.0.1:56200"}: rustls::server::hs: decided upon suite TLS13_AES_256_GCM_SHA384
2024-08-22T21:31:00.631788Z DEBUG tunnel{peer="127.0.0.1:56200"}: rustls::server::hs: Chosen ALPN protocol [104, 116, 116, 112, 47, 49, 46, 49]
2024-08-22T21:31:10.634165Z ERROR tunnel{peer="127.0.0.1:56200"}: wstunnel::tunnel::server::server: Error while upgrading cnx: hyper::Error(HeaderTimeout)
Otherwise, these lines follow:
2024-08-22T21:31:27.469858Z DEBUG tunnel{id="01917c00-696d-7732-9c73-a339bdef3072" remote="localhost:1234"}: wstunnel::tunnel::transport::websocket: with HTTP upgrade request Request { method: GET, uri: /v1/events, version: HTTP/1.1, headers: {"host": "127.0.0.2", "upgrade": "websocket", "connection": "upgrade", "sec-websocket-key": "VBJ2CTicJ/WaM9fk6hFzsQ==", "sec-websocket-version": "13", "sec-websocket-protocol": "v1, authorization.bearer.eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6IjAxOTE3YzAwLTY5NmQtNzczMi05YzczLWEzMzliZGVmMzA3MiIsInAiOnsiVGNwIjp7InByb3h5X3Byb3RvY29sIjpmYWxzZX19LCJyIjoibG9jYWxob3N0IiwicnAiOjEyMzR9.5ByF3M3ycSMde-TZW7BfLImJNlZjwWqHJOfYWteTihI"}, body: Empty } 2024-08-22T21:31:27.469935Z INFO wstunnel::tcp: Opening TCP connection to 127.0.0.2:443 2024-08-22T21:31:27.469961Z DEBUG wstunnel::tcp: Connecting to 127.0.0.2:443 2024-08-22T21:31:27.470061Z DEBUG wstunnel::tcp: Connected to tcp endpoint 127.0.0.2:443, aborted all other connection attempts 2024-08-22T21:31:27.470082Z INFO wstunnel::tls: Doing TLS handshake using SNI IpAddress(V4(Ipv4Addr([127, 0, 0, 2]))) with the server 127.0.0.2:443 2024-08-22T21:31:27.470082Z ERROR tunnel{id="01917c00-696d-7732-9c73-a339bdef3072" remote="localhost:1234"}: wstunnel::tunnel::client: failed to do websocket handshake with the server wss://127.0.0.2:443
Caused by: 0: operation was canceled 1: connection error 2: peer closed connection without sending TLS close_notify: https://docs.rs/rustls/latest/rustls/manual/_03_howto/index.html#unexpected-eof 2024-08-22T21:31:27.470190Z DEBUG rustls::client::hs: Resuming session 2024-08-22T21:31:27.470715Z DEBUG rustls::client::hs: Using ciphersuite TLS13_AES_256_GCM_SHA384 2024-08-22T21:31:27.470732Z DEBUG rustls::client::tls13: Resuming using PSK 2024-08-22T21:31:27.470844Z DEBUG rustls::client::tls13: TLS1.3 encrypted extensions: [Protocols([ProtocolName(687474702f312e31)])] 2024-08-22T21:31:27.470854Z DEBUG rustls::client::hs: ALPN protocol is Some(b"http/1.1")
./wstunnel server wss://127.0.0.2:443 --log-lvl=debug
2024-08-22T21:25:27.380712Z INFO wstunnel::embedded_certificate: Loading embedded tls certificate 2024-08-22T21:25:27.380741Z INFO wstunnel::embedded_certificate: Loading embedded tls private key 2024-08-22T21:25:27.381035Z INFO wstunnel: Starting wstunnel server v10.0.1 with config WsServerConfig { socket_so_mark: None, bind: 127.0.0.2:443, websocket_ping_frequency: Some(30s), timeout_connect: 10s, websocket_mask_frame: false, restriction_config: None, tls: true, mTLS: false } 2024-08-22T21:25:27.381044Z DEBUG wstunnel: Restriction rules: RestrictionsRules { restrictions: [ RestrictionConfig { name: "Allow All", match: [ Any, ], allow: [ Tunnel( AllowTunnelConfig { protocol: [], port: [], host: Regex( "^.*$", ), cidr: [ 0.0.0.0/0, ::/0, ], }, ), ReverseTunnel( AllowReverseTunnelConfig { protocol: [], port: [], port_mapping: {}, cidr: [ 0.0.0.0/0, ::/0, ], }, ), ], }, ], } 2024-08-22T21:25:27.381088Z INFO wstunnel::tunnel::server::server: Starting wstunnel server listening on 127.0.0.2:443 2024-08-22T21:25:30.427081Z INFO wstunnel::tunnel::server::server: Accepting connection 2024-08-22T21:25:30.427179Z INFO tunnel{peer="127.0.0.1:39556"}: wstunnel::tunnel::server::server: Doing TLS handshake 2024-08-22T21:25:30.427265Z DEBUG tunnel{peer="127.0.0.1:39556"}: rustls::server::hs: decided upon suite TLS13_AES_256_GCM_SHA384 2024-08-22T21:25:30.427419Z DEBUG tunnel{peer="127.0.0.1:39556"}: rustls::server::hs: Chosen ALPN protocol [104, 116, 116, 112, 47, 49, 46, 49] 2024-08-22T21:25:40.429466Z ERROR tunnel{peer="127.0.0.1:39556"}: wstunnel::tunnel::server::server: Error while upgrading cnx: hyper::Error(HeaderTimeout)
If I perform the
nctest I mentioned in the client log, then the following lines appear.The lines above always appear after some time.
2024-08-22T21:38:02.367069Z INFO tunnel{peer="127.0.0.1:40094" id="01917c06-6ffe-7600-ae73-1a5776c6c0aa" remote="localhost:1234"}: wstunnel::tunnel::server::server: Tunnel accepted due to matched restriction: Allow All 2024-08-22T21:38:02.367093Z INFO tunnel{peer="127.0.0.1:40094" id="01917c06-6ffe-7600-ae73-1a5776c6c0aa" remote="localhost:1234"}: wstunnel::protocols::tcp::server: Opening TCP connection to localhost:1234 2024-08-22T21:38:02.367168Z DEBUG wstunnel::protocols::tcp::server: Connecting to [::1]:1234 2024-08-22T21:38:02.367281Z INFO wstunnel::tunnel::server::server: Accepting connection 2024-08-22T21:38:02.367326Z INFO tunnel{peer="127.0.0.1:56058"}: wstunnel::tunnel::server::server: Doing TLS handshake 2024-08-22T21:38:02.367320Z DEBUG tunnel{peer="127.0.0.1:40094" id="01917c06-6ffe-7600-ae73-1a5776c6c0aa" remote="localhost:1234"}: wstunnel::protocols::tcp::server: Cannot connect to tcp endpoint [::1]:1234 reason Connection refused (os error 111) 2024-08-22T21:38:02.367376Z DEBUG tunnel{peer="127.0.0.1:56058"}: rustls::server::hs: decided upon suite TLS13_AES_256_GCM_SHA384 2024-08-22T21:38:02.367620Z DEBUG tunnel{peer="127.0.0.1:56058"}: rustls::server::hs: Chosen ALPN protocol [104, 116, 116, 112, 47, 49, 46, 49] 2024-08-22T21:38:02.618635Z DEBUG wstunnel::protocols::tcp::server: Connecting to 127.0.0.1:1234 2024-08-22T21:38:02.618749Z DEBUG tunnel{peer="127.0.0.1:40094" id="01917c06-6ffe-7600-ae73-1a5776c6c0aa" remote="localhost:1234"}: wstunnel::protocols::tcp::server: Cannot connect to tcp endpoint 127.0.0.1:1234 reason Connection refused (os error 111) 2024-08-22T21:38:02.618796Z WARN tunnel{peer="127.0.0.1:40094" id="01917c06-6ffe-7600-ae73-1a5776c6c0aa" remote="localhost:1234"}: wstunnel::tunnel::server::server: Rejecting connection with bad upgrade request: Cannot connect to tcp endpoint localhost:1234 reason Some(Os { code: 111, kind: ConnectionRefused, message: "Connection refused" }) /v1/events 2024-08-22T21:38:12.368983Z ERROR tunnel{peer="127.0.0.1:56058"}: wstunnel::tunnel::server::server: Error while upgrading cnx: hyper::Error(HeaderTimeout)