search

ginuerzh / gost

GO Simple Tunnel - a simple tunnel written in golang
MIT License
15.48k stars 2.43k forks source link

rtcp转发异常 #839

Closed xxxsen closed 6 months ago

xxxsen commented 2 years ago

问题描述

在客户端A发起rtcp到服务端后, 通过客户端C连接服务端对应的端口(10022)来访问客户端A的ssh服务器, 在创建后第一次发起连接能正常转发, 在客户端C结束该连接后再第二次发起连接, 此时连接必定被断开(第三次正常, 第四次异常, 这样子, 1次成功连接后的下一次必定异常断开)。目前在我这边必现。

# 客户端C发起连接连接的时候的出错信息

abc@server:~$ ssh -p 10022 {这里是服务端ip}
kex_exchange_identification: Connection closed by remote host
Connection closed by {这里是服务端ip} port 10022

相关配置

CLIENT A 配置:

version: "3.0"
services:
  gost_cli:
    image: ginuerzh/gost
    restart: always
    network_mode: "host"    
    volumes:
      - ./secrets.txt:/secrets.txt      
    command:
      ["-L=rtcp://:10022/127.0.0.1:22","-F","ssh://example.com:7733?secrets=/secrets.txt"]

SERVER 配置:

version: "3.0"
services:
  gost_svr:
    image: ginuerzh/gost
    restart: always
    network_mode: "host"    
    volumes:
      - ./secrets.txt:/secrets.txt      
    command:
      ["-L=ssh://:7733?secrets=/secrets.txt"]

相关日志

客户端A内网IP:1.0.0.100 客户端A公网IP:1.0.0.200

服务端内网IP: 2.0.0.100 服务端公网IP: 2.0.0.200

客户端A日志

这部分日志是客户端C发起ssh连接的时候在客户端A产生的日志

# 客户端C发起ssh连接到服务端
gost_cli_1  | 2022/05/19 16:23:07 forward.go:575: [rtcp] PEER 127.0.0.1:47260 CONNECTED
gost_cli_1  | 2022/05/19 16:23:07 forward.go:279: [rtcp] 1.0.0.100:53440 <-> 127.0.0.1:22
gost_cli_1  | 2022/05/19 16:23:07 forward.go:562: [rtcp] BIND ON 2.0.0.100:10022 OK
# 客户端C主动断开ssh连接
gost_cli_1  | 2022/05/19 16:23:14 forward.go:281: [rtcp] 1.0.0.100:53440 >-< 127.0.0.1:22
# 客户端C第二次发起连接, 此时必定断开
gost_cli_1  | 2022/05/19 16:23:20 forward.go:575: [rtcp] PEER 127.0.0.1:47302 CONNECTED
gost_cli_1  | 2022/05/19 16:23:20 forward.go:279: [rtcp] 1.0.0.100:53440 <-> 127.0.0.1:22
gost_cli_1  | 2022/05/19 16:23:20 forward.go:281: [rtcp] 1.0.0.100:53440 >-< 127.0.0.1:22
gost_cli_1  | 2022/05/19 16:23:20 forward.go:416: [rtcp] accept error: write tcp 1.0.0.100:53440->2.0.0.200:7733: i/o timeout; retrying in 1s
gost_cli_1  | 2022/05/19 16:23:21 forward.go:562: [rtcp] BIND ON 2.0.0.100:10022 OK

服务端日志

这部分日志是客户端C发起ssh连接的时候在服务端产生的日志

# 第一次连接
server-gost_svr-1  | 2022/05/19 16:23:07 socks.go:1097: [socks5-bind] 1.0.0.200:17551 <- 2.0.0.100:10022 PEER 127.0.0.1:47260 ACCEPTED
server-gost_svr-1  | 2022/05/19 16:23:07 socks.go:1099: [socks5-bind] 1.0.0.200:17551 <-> 127.0.0.1:47260
server-gost_svr-1  | 2022/05/19 16:23:07 socks.go:983: [socks5-bind] 1.0.0.200:17551 -> ssh://:7733 -> 0.0.0.0:10022
server-gost_svr-1  | 2022/05/19 16:23:07 socks.go:1043: [socks5-bind] 1.0.0.200:17551 - 2.0.0.100:7733 BIND ON 2.0.0.100:10022 OK
# 主动断开连接
server-gost_svr-1  | 2022/05/19 16:23:14 socks.go:1103: [socks5-bind] 1.0.0.200:17551 >-< 127.0.0.1:47260
# 第二次连接
server-gost_svr-1  | 2022/05/19 16:23:20 socks.go:1097: [socks5-bind] 1.0.0.200:17551 <- 2.0.0.100:10022 PEER 127.0.0.1:47302 ACCEPTED
server-gost_svr-1  | 2022/05/19 16:23:20 socks.go:1099: [socks5-bind] 1.0.0.200:17551 <-> 127.0.0.1:47302
server-gost_svr-1  | 2022/05/19 16:23:20 ssh.go:830: [ssh] 1.0.0.200:17551 >-< 2.0.0.100:7733
server-gost_svr-1  | 2022/05/19 16:23:20 socks.go:1103: [socks5-bind] 1.0.0.200:17551 >-< 127.0.0.1:47302
server-gost_svr-1  | 2022/05/19 16:23:21 ssh.go:828: [ssh] 1.0.0.200:17661 <-> 2.0.0.100:7733
server-gost_svr-1  | 2022/05/19 16:23:22 socks.go:983: [socks5-bind] 1.0.0.200:17661 -> ssh://:7733 -> 0.0.0.0:10022
server-gost_svr-1  | 2022/05/19 16:23:22 socks.go:1043: [socks5-bind] 1.0.0.200:17661 - 2.0.0.100:7733 BIND ON 2.0.0.100:10022 OK
xxxsen commented 2 years ago

补充下版本号: gost 2.11.2 (go1.18.1 linux/amd64)

ginuerzh commented 1 year ago

是有这个问题,目前可以通过以下方法来规避:

  1. 开启mbind: gost -L rtcp://:10022/:22 -F ssh://:7733?mbind=true
  2. 使用标准SSH转发: gost -L rtcp://:10022/:22 -F forward+ssh://:7733 gost -L forward+ssh://:7733