socks5 client res.rep 7, socks5 session handshake

[anasfanani]

hev socks5 debug log

[2024-06-06 08:34:59] [E] 0x7135edee30 socks5 client res.rep 7
[2024-06-06 08:34:59] [E] 0x7135edee30 socks5 session handshake

I'm trying to route all tcp and udp except port 53

tailscale socks5 server output:

2024/06/06 08:35:57 socks5: client connection failed: unsupported command 3
2024/06/06 08:35:58 socks5: client connection failed: unsupported command 3
2024/06/06 08:35:58 socks5: client connection failed: unsupported command 3
2024/06/06 08:35:58 socks5: client connection failed: unsupported command 3
2024/06/06 08:35:59 socks5: client connection failed: unsupported command 3

also I want ask, can I use dns on socks server ? while using curl with socks, it can resolve the domain name

curl router-openwrt.xxx.ts.net -v -I -x 127.0.0.1:1099
*   Trying 127.0.0.1:1099...
* Connected to 127.0.0.1 (127.0.0.1) port 1099
> HEAD http://router-openwrt.xxx.ts.net/ HTTP/1.1
> Host: router-openwrt.xxx.ts.net
> User-Agent: curl/8.8.0
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
* Request completely sent off
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Content-Length: 780
Content-Length: 780
< Content-Type: text/html
Content-Type: text/html
< Date: Thu, 06 Jun 2024 08:41:49 GMT
Date: Thu, 06 Jun 2024 08:41:49 GMT
< Etag: "2db0-30c-6531a3aa"
Etag: "2db0-30c-6531a3aa"
< Last-Modified: Thu, 19 Oct 2023 21:46:18 GMT
Last-Modified: Thu, 19 Oct 2023 21:46:18 GMT
< 

* Connection #0 to host 127.0.0.1 left intact

after applying iptables rule on udp port 53

┌──(spesn@localhost)-[~]
└─$ curl router-openwrt.coin-tet.ts.net -v -I
* Could not resolve host: router-openwrt.coin-tet.ts.net
* Closing connection
curl: (6) Could not resolve host: router-openwrt.coin-tet.ts.net
┌──(spesn@localhost)-[~]
└─$ curl router-openwrt.coin-tet.ts.net -v -I --interface hevsocks0
* Could not resolve host: router-openwrt.coin-tet.ts.net
* Closing connection
curl: (6) Could not resolve host: router-openwrt.coin-tet.ts.net
┌──(spesn@localhost)-[~]
└─$ 

my socks5 server program run with gid net_bt_admin , ip tables rule

iptables -t mangle -N HEVSOCKS
iptables -t mangle -F HEVSOCKS
iptables -t mangle -I OUTPUT -j HEVSOCKS
iptables -t mangle -I HEVSOCKS -m owner --uid-owner "root" --gid-owner "net_bt_admin" -j RETURN # bypass 
iptables -t mangle -A HEVSOCKS -p udp --dport 53 -j RETURN
iptables -t mangle -A HEVSOCKS -j MARK --set-mark 1337
ip route add default dev hevsocks0 table 21 metric 1
ip rule add fwmark 1337 lookup 21 pref 10

config

tunnel:
  # Interface name
  name: hevsocks0
  # Interface MTU
  mtu: 8500
  # Multi-queue
  multi-queue: false
  # IPv4 address
  ipv4: 100.123.227.100
  # IPv6 address
  ipv6: fd7a:115c:a1e0::c5bb:e364

socks5:
  # Socks5 server port
  port: 1099
  # Socks5 server address (ipv4/ipv6)
  address: 127.0.0.1
  # Socks5 UDP relay mode (tcp|udp)
  udp: 'udp'
  # Socks5 handshake using pipeline mode
# pipeline: false
  # Socks5 server username
# username: 'username'
  # Socks5 server password
# password: 'password'
  # Socket mark
  # mark: 123

misc:
   # task stack size (bytes)
#  task-stack-size: 20480
   # connect timeout (ms)
#  connect-timeout: 5000
   # read-write timeout (ms)
#  read-write-timeout: 60000
   # stdout, stderr or file-path
   log-file: stdout
   # debug, info, warn or error
   log-level: debug
   # If present, run as a daemon with this pid file
   #pid-file: /data/adb/tailscale/run/hev-socks5-tunnel.pid
   # If present, set rlimit nofile; else use default value
#  limit-nofile: 65535

[heiher]

2024/06/06 08:35:57 socks5: client connection failed: unsupported command 3

It seems that the socks5 server you are using does not support udp associate, which will make all udp access including dns unavailable. hev-socks5-tunnel does not have a built-in fake ip feature, so it cannot support domain name resolution on the server side. However, it supports proxying local dns requests, of course, this requires the server side to support udp associate.