Can't get to work in lxd ubuntu container

[MikeAlinov]

Hi!

I've compiled and installed everything correctly. The utility seems to be working just fine and I have created a service for it.

But when I try to IP route all of the traffic to tun0 there is no network connection.

When I run "curl ifconfig.me," it prints out "curl: (56) Recv failure: Connection reset by peer."

I am trying to connect to the working, paid remote socks5 server that is pinging perfectly fine.

Can you please help me out here?

Thanks in advance.

[heiher]

Did you bypass the socks server?

# Bypass upstream socks5 server
sudo ip route add SOCKS5_SERVER dev DEFAULT_IFACE metric 10
sudo ip -6 route add SOCKS5_SERVER dev DEFAULT_IFACE metric 10

# Route others
sudo ip route add default dev tun0 metric 20
sudo ip -6 route add default dev tun0 metric 20

[hosseinkhojany]

how to find this bro DEFAULT_IFACE @heiher

[hosseinkhojany]

ifconfig -a enp1s0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 ether txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1000 (Local Loopback) RX packets 40090 bytes 3398078 (3.3 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 40090 bytes 3398078 (3.3 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

wlp0s20f3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet netmask broadcast inet6 prefixlen 64 scopeid 0x20 ether txqueuelen 1000 (Ethernet) RX packets 75332 bytes 98686805 (98.6 MB) RX errors 0 dropped 39 overruns 0 frame 0 TX packets 41455 bytes 6475535 (6.4 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[heiher]

$ ip route
default via 192.168.0.1 dev enp2s0 proto dhcp src 192.168.0.36 metric 100 <--- This is default iface: enp2s0
192.168.0.0/24 dev enp2s0 proto kernel scope link src 192.168.0.36 metric 100 

[hosseinkhojany]

[2023-07-29 05:06:07] [D] socks5 tunnel init [2023-07-29 05:06:07] [D] socks5 tunnel run [2023-07-29 05:06:07] [D] socks5 tunnel lwip task run [2023-07-29 05:06:07] [D] socks5 tunnel timer task run [2023-07-29 05:06:07] [D] socks5 tunnel event task run [2023-07-29 05:06:35] [D] 0x5598870b90d0 socks5 construct [2023-07-29 05:06:35] [D] 0x5598870b90d0 socks5 client construct [2023-07-29 05:06:35] [I] 0x5598870b90d0 socks5 client udp construct [2023-07-29 05:06:35] [D] 0x5598870b90d0 socks5 session udp construct [2023-07-29 05:06:35] [D] 0x5598870b90d0 socks5 session udp new [2023-07-29 05:06:35] [D] 0x5598870b90d0 socks5 session run

[2023-07-29 05:06:35] [D] 0x5598870b90d0 socks5 client connect server [2023-07-29 05:06:35] [D] 0x5598870b90d0 socks5 client connect server fd 10 [2023-07-29 05:06:35] [D] 0x5598870b90d0 socks5 client handshake [2023-07-29 05:06:35] [D] 0x5598870b90d0 socks5 client write request [2023-07-29 05:06:35] [D] 0x5598870b90d0 socks5 client read response [2023-07-29 05:06:35] [E] 0x5598870b90d0 socks5 client res.rep 7 [2023-07-29 05:06:35] [E] 0x5598870b90d0 socks5 session handshake [2023-07-29 05:06:35] [D] 0x5598870b90d0 socks5 session udp destruct [2023-07-29 05:06:35] [D] 0x5598870b90d0 socks5 client udp destruct [2023-07-29 05:06:35] [D] 0x5598870b90d0 socks5 client destruct [2023-07-29 05:06:35] [D] 0x5598870b90d0 socks5 destruct

I received this log when add sudo ip route add default dev tun888 metric 20 my socks started with this config

Click To Expand

``` { "inbounds": [ { "listen": "[::1]", "port": 10801, "protocol": "socks", "settings": { "auth": "noauth", "udp": true, "allowTransparent": true }, "sniffing": { "destOverride": [ "http", "tls" ], "enabled": true, "metadataOnly": null, "routeOnly": false }, "tag": "socks" }, { "listen": "[::1]", "port": 10802, "protocol": "http", "settings": { "auth": "noauth", "udp": true, "allowTransparent": true }, "sniffing": { "destOverride": [ "http", "tls" ], "enabled": true, "metadataOnly": null, "routeOnly": false }, "tag": "http" } ], "outbounds": [ { "tag": "proxy", "sendThrough": "0.0.0.0", "protocol": "vless", "settings": { "vnext": [ { "address": "", "port": 21, "users": [ { "id": "", "alterId": 0, "security": "auto", "encryption": "none", "flow": "" } ] } ] }, "streamSettings": { "tcpSettings": { "header": { "type": "none" } }, "realitySettings": { "fingerprint": "firefox", "show": false, "publicKey": "", "serverName": "discord.com" }, "network": "tcp", "security": "reality" } }, { "tag" : "direct", "protocol": "freedom", "settings": {} } ] } ```

tun config

Click To Expand

``` tunnel: name: tun888 mtu: 1500 socks5: port: 10801 address: ::1 udp: 'tcp' misc: task-stack-size: 20480 connect-timeout: 5000 read-write-timeout: 60000 log-file: stderr log-level: debug limit-nofile: 65535 ```

After start tun and socks (xraycore) I ran this commands sudo ip route add 168.119.61.1 dev enp1s0 metric 10 && sudo ip route add default dev tun888 metric 20

[heiher]

Set socks5.udp = 'udp':

tunnel:
  name: tun888
  mtu: 1500
socks5:
  port: 10801
  address: ::1
  udp: 'udp'
misc:
  task-stack-size: 20480
  connect-timeout: 5000
  read-write-timeout: 60000
  log-file: stderr
  log-level: debug
  limit-nofile: 65535

[heiher]

168.119.61.1 Is this your upstream server? If yes, I think it is ok:

sudo ip route add 168.119.61.1 dev enp1s0 metric 10 # keep the metric value less than tunnel's route rule

[hosseinkhojany]

Yes I set upstream metric to 10 and tunnel to 20 and I changing tcp to udp in tunnel config but still it not working ): are you test it before with xray core ?

[heiher]

Yes, I can confirm it works with xray core. Have you tested TCP only without DNS (any UDP)?

curl -i 1.1.1.1

[hosseinkhojany]

https://github.com/heiher/hev-socks5-tunnel/assets/37432839/0d2f5a19-3881-4659-88af-52fa398111cc

XrayCore 1.8.3

[heiher]

curl -i 1.1.1.1

Test TCP first

[hosseinkhojany]

curl -i 1.1.1.1 curl: (52) Empty reply from server

[hosseinkhojany]

IMO this issue is from xray config routing I removed routing element from config maybe I should define a routing rule to it work correct with hev-tun

[MikeAlinov]

@heiher

Yeh, I didn't quite understand what this "upstream proxy" is for

My IP route is: default via 198.18.0.1 dev tun0 metric 20 default via 10.13.137.1 dev eth0 proto dhcp src 10.13.137.151 metric 100 10.13.137.0/24 dev eth0 proto kernel scope link src 10.13.137.151 metric 100 10.13.137.1 dev eth0 proto dhcp scope link src 10.13.137.151 metric 100

I ran ip route add 10.13.137.1 dev eth0 metric 10

but still get curl: (56) Recv failure: Connection reset by peer

My new IP route is: default via 198.18.0.1 dev tun0 metric 20 default via 10.13.137.1 dev eth0 proto dhcp src 10.13.137.151 metric 100 10.13.137.0/24 dev eth0 proto kernel scope link src 10.13.137.151 metric 100 10.13.137.1 dev eth0 scope link metric 10 10.13.137.1 dev eth0 proto dhcp scope link src 10.13.137.151 metric 100

I'm sorry I'm a bit slow)

But what am I doing wrong?

My goal is to force the whole system through the socks5 remote proxy server (as if it was wireguard VPN) If its possible at all

[heiher]

@hosseinkhojany Try to run xray on other hosts in the LAN to rule out the presence of unknown upstream servers that are not included in high-priority routing rules.

[heiher]

@MikeAlinov The upstream server is a remote proxy service, such as the upstream connected by xray.

[hosseinkhojany]

I finally succeeded with this shell to by pass upstream: parameter 1: is your socks5 domain or ip parameter 2: current directory or directory which place hev_tun parameter 3: xray config you can remote it

#!/bin/bash

#variables
host_name=$1 # It should be a domin or ip
xray_ip=$(dig +short $host_name) 
def_gate=$(ip r | grep 'default' | awk '{print$3}') # This will output your default gateway ip address . if command fails try finding the deault gateway ip by using 'ip r' command

ip tuntap del dev tun0 mode tun user $USER
ip route del $xray_ip via $def_gate

ip tuntap add dev tun0 mode tun user $USER
ip addr add 10.0.0.1/24 dev tun0
ip addr add fdfe:dcba:9876::1/125 dev tun0
ip route add $xray_ip via $def_gate
ip link set tun0 up
ip -6 link set tun0 up
ip route add default dev tun0
ip -6 route add default dev tun0

chmod +x hev_tun
chmod +x xray

$2/xray -c $3 > /dev/null &
# sleep 2

# insert/update hosts entry
ip_address=$xray_ip
# find existing instances in the host file and save the line numbers
suffix="XrayTun.linux"
matches_in_hosts="$(grep -n "$suffix" /etc/hosts | cut -f1 -d:)"

host_entry="${ip_address} ${host_name} ${suffix}"

echo "Please enter your password if requested."

if [ ! -z "$matches_in_hosts" ]
then
    echo "Updating existing hosts entry."
    # iterate over the line numbers on which matches were found
    while read -r line_number; do
        # replace the text of each line with the desired host entry
        sudo sed -i "${line_number}s/.*/${host_entry} /" /etc/hosts
    done <<< "$matches_in_hosts"
else
    echo "Adding new hosts entry."
    echo "$host_entry" | sudo tee -a /etc/hosts > /dev/null
fi

$2/hev_tun config.yml‍‍

[MikeAlinov]

@heiher

Should I install the xray (because I don,t have it)?

I want to connect my whole system to connect to a remote socks5 proxy server as if it was aVPN

So far I was doing these steps to achieve this (with no luck):

sudo apt update sudo apt install build-essential

apt install resolvconf

git clone --recursive https://github.com/heiher/hev-socks5-tunnel cd hev-socks5-tunnel make

sudo nano /usr/local/bin/proxyty.yml

tunnel: name: tun0 mtu: 8500 multi-queue: true ipv4: 198.18.0.1 ipv6: fc00::1

socks5: port: 14600 address: 202.182.69.181 udp: 'udp' username: 'xxxxxxxxx' password: 'xxxxxxxxxx'

sudo nano /etc/systemd/system/proxyty.service

[Unit] Description=proxyty service After=network.target

[Service] ExecStart=/root/hev-socks5-tunnel/bin/hev-socks5-tunnel /usr/local/bin/proxyty.yml Restart=always RestartSec=5

[Install] WantedBy=multi-user.target

systemctl daemon-reload

sudo systemctl enable proxyty.service

sudo systemctl start proxyty.service

sudo systemctl status proxyty.service

sudo ip route add default dev tun0 metric 20

Could you please tell me, what am I doing wrong? What stems should I add? Why? And how?

I'm sorry for being for being a pain in the a**

[heiher]

@MikeAlinov

get default route device:

ip route | grep default

bypass upstream server:

ip route add 202.182.69.181 dev <default-iface> metric 10

[hosseinkhojany]

@MikeAlinov I don't khow what is the best option for your situation but yes you can also use xray socks protocol with hev tun https://xtls.github.io/en/config/outbounds/socks.html

[MikeAlinov]

@heiher

I ran: ip route add 202.182.69.181 dev eth0 metric 10 ip route add default dev tun0 metric 20

And I still get the curl: (56) Recv failure: Connection reset by peer when running "curl ifconfig.me"

IP route: default dev tun0 scope link metric 20 default via 10.13.137.1 dev eth0 proto dhcp src 10.13.137.151 metric 100 10.13.137.0/24 dev eth0 proto kernel scope link src 10.13.137.151 metric 100 10.13.137.1 dev eth0 proto dhcp scope link src 10.13.137.151 metric 100 202.182.69.181 dev eth0 scope link metric 10

sudo systemctl status proxyty.service ● proxyty.service - proxyty service Loaded: loaded (/etc/systemd/system/proxyty.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2023-08-01 18:42:48 UTC; 20min ago Main PID: 179 (hev-socks5-tunn) Tasks: 1 (limit: 1101) Memory: 1.6M CPU: 7ms CGroup: /system.slice/proxyty.service └─179 /root/hev-socks5-tunnel/bin/hev-socks5-tunnel /usr/local/bin/proxyty.yml

Aug 01 18:42:48 kozak systemd[1]: Started proxyty service. Aug 01 18:47:00 kozak hev-socks5-tunnel[179]: [2023-08-01 18:47:00] [E] 0x5588cbc7ae40 socks5 client connect Aug 01 18:47:00 kozak hev-socks5-tunnel[179]: [2023-08-01 18:47:00] [E] 0x5588cbc7ae40 socks5 client connect Aug 01 18:47:00 kozak hev-socks5-tunnel[179]: [2023-08-01 18:47:00] [E] 0x5588cbc7ae40 socks5 session connect

ip link show tun0 2: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 8500 qdisc mq state UNKNOWN mode DEFAULT group default qlen 500 link/none

the service is running, the tunnel is up

Can you please start Ubuntu 22.04 container and check whats what

I'll give you the credentials to my socks5 service that I purchased

port: 14600 address: 202.182.69.181 username: 'xxxxxxxxxxx' password: 'xxxxxxxxxxxx'

[heiher]

curl: (56) Recv failure: Connection reset by peer when running "curl ifconfig.me"

Hmm, I think it might be that your internet service provider is blocking plaintext socks5 access.

[MikeAlinov]

@heiher

I am using a digital ocean droplet and run lxd container inside of it.

But I ran it on my desktop and got the same result.

[MikeAlinov]

@heiher

Please help me out here.

I also connected to the Poxy on my Android using the same internet connection as my desktop and using ProxyDroid application, it connected just fine.

[MikeAlinov]

@heiher Have you tried running it inside of Ubuntu 22.04 lxd container?

[heiher]

resolved?

[MikeAlinov]

@heiher

No.

Have you tried replicating it a Ubuntu 22.04 container?

Please let me know, cos I need to know if it is me doing something wrong or not.

[heiher]

@MikeAlinov Hmm. Could you provide an environment (like a VPS) where I deploy an example. (Email to me)

[MikeAlinov]

@heiher Can't send anything to ckBoZXYuY2M= email address I have found on your site

What address should I send the SSH IP and password to the digital ocean droplet, as well as proxy credentials?

[MikeAlinov]

Can you give me some other email?

[hosseinkhojany]

it possible to start xray and hev-socks-tun without by pass upstream ? @heiher

[MikeAlinov]

@heiher Please, give me your email.

[heiher]

@heiher Can't send anything to ckBoZXYuY2M= email address I have found on your site

What address should I send the SSH IP and password to the digital ocean droplet, as well as proxy credentials?

ckBoZXYuY2M= Why? I can receive email from other.