search

fatedier / frp

A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
Apache License 2.0
86.6k stars 13.38k forks source link

suddenly connect to server error: connection write timeout #4125

Closed solo7773 closed 6 months ago

solo7773 commented 7 months ago

Bug Description

I used version 0.51.0 and it worked as expected. But since Jan 2024, frpc cannot connect to frps.

I then tried the newest 0.56.0, the error is the same as that of 0.51.0

frpc Version

0.56.0

frps Version

0.56.0

System Architecture

linux/amd64, darwin/amd64

Configurations

Server, ubuntu 22.04

# frps.toml bindPort = 7000

Client, macOS and cent os

# frpc.toml serverAddr = "x.x.x.x" serverPort = 7000

[[proxies]] name = "ssh" type = "tcp" localIP = "127.0.0.1" localPort = 22 remotePort = 6000

Logs

frps and frpc were run by non-root user

./frps -c ./frps.toml

./frpc -c ./frpc.toml

frps logging

2024-04-03 11:50:08.582 [I] [frps/root.go:105] frps uses config file: frps.toml

2024-04-03 11:50:09.044 [I] [server/service.go:237] frps tcp listen on 0.0.0.0:7000

2024-04-03 11:50:09.044 [I] [frps/root.go:114] frps started successfully

frpc logging

2024-04-03 11:56:46.489 [I] [sub/root.go:142] start frpc service for config file [frpc.toml]

2024-04-03 11:56:46.490 [I] [client/service.go:294] try to connect to server...

2024-04-03 11:56:56.604 [W] [client/service.go:297] connect to server error: connection write timeout

2024-04-03 11:56:56.605 [I] [sub/root.go:160] frpc service for config file [frpc.toml] stopped

login to the server failed: connection write timeout. With loginFailExit enabled, no additional retries will be attempted

follow up

I then checked server logging, but there is no in-connection from the client.

client to server connection is ok

nc -z x.x.x.x 7000

Connection to x.x.x.x port 7000 [tcp/*] succeeded!

Steps to reproduce

no

Affected area

xqzr commented 7 months ago 
openssl s_client -connect x.x.x.x:7000
solo7773 commented 7 months ago 
openssl s_client -connect x.x.x.x:7000

Hi @xqzr ,

Thanks! I run your command and get the output. Please see below and help me to solve the problem.

CONNECTED(00000003)
depth=0 
verify error:num=18:self signed certificate
verify return:1
depth=0 
verify error:num=13:format error in certificate's notBefore field
notBefore=Jan  1 00:00:00 1 GMT
verify return:1
depth=0 
verify error:num=14:format error in certificate's notAfter field
notAfter=Jan  1 00:00:00 1 GMT
verify return:1
depth=0 
notAfter=Jan  1 00:00:00 1 GMT
verify return:1
---
Certificate chain
 0 s:
   i:
---
Server certificate
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
subject=
issuer=
---
No client certificate CA names sent
Server Temp Key: ECDH, X25519, 253 bits
---
SSL handshake has read 1221 bytes and written 289 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    ....
    Start Time: 1712218494
    Timeout   : 7200 (sec)
    Verify return code: 14 (format error in certificate's notAfter field)
---
solo7773 commented 7 months ago

Add the following setting to frpc solve the error

transport.tls.enable = false

xqzr commented 7 months ago 
openssl s_client -connect x.x.x.x:7000

Hi @xqzr ,

Thanks! I run your command and get the output. Please see below and help me to solve the problem.

CONNECTED(00000003)
depth=0 
verify error:num=18:self signed certificate
verify return:1
depth=0 
verify error:num=13:format error in certificate's notBefore field
notBefore=Jan  1 00:00:00 1 GMT
verify return:1
depth=0 
verify error:num=14:format error in certificate's notAfter field
notAfter=Jan  1 00:00:00 1 GMT
verify return:1
depth=0 
notAfter=Jan  1 00:00:00 1 GMT
verify return:1
---
Certificate chain
 0 s:
   i:
---
Server certificate
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
subject=
issuer=
---
No client certificate CA names sent
Server Temp Key: ECDH, X25519, 253 bits
---
SSL handshake has read 1221 bytes and written 289 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    ....
    Start Time: 1712218494
    Timeout   : 7200 (sec)
    Verify return code: 14 (format error in certificate's notAfter field)
---

连接没有问题。 可能是 你所在的网络,对 TLS 存在过滤

github-actions[bot] commented 6 months ago

Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.