Closed MatejKovacic closed 5 years ago
On a server I said:
chisel server --port 8080 socks5
OpenVPN config on server has line:
socks-proxy 127.0.0.1 1080
On a client side I run:
chisel client http://myserver.org:8080 socks
And then run OpenVPN client, which has:
socks-proxy 127.0.0.1 1080
in its config.
However, chisel on a client side says:
2017/10/26 14:35:28 client: Connected (Latency 2.21344ms)
2017/10/26 14:36:24 client: tunnel#1 127.0.0.1:1080=>socks: conn#1: Stream error: ssh: rejected: administratively prohibited (SOCKS5 is not enabled on the server)
What am I doing wrong?
--socks5, forgot the dashes
On Thu, 26 Oct 2017 at 11:40 pm Matej Kovacic notifications@github.com wrote:
On a server I said: chisel server --port 8080 socks5
OpenVPN config on server has line: socks-proxy 127.0.0.1 1080
On a client side I run: chisel client http://myserver.org:8080 socks
And then run OpenVPN client, which has: socks-proxy 127.0.0.1 1080 in its config.
However, chisel on a client side says:
2017/10/26 14:35:28 client: Connected (Latency 2.21344ms) 2017/10/26 14:36:24 client: tunnel#1 127.0.0.1:1080=>socks: conn#1: Stream error: ssh: rejected: administratively prohibited (SOCKS5 is not enabled on the server)
What am I doing wrong?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/jpillora/chisel/issues/46#issuecomment-339652549, or mute the thread https://github.com/notifications/unsubscribe-auth/AAmr8ya5JWZEcHc2XeCx98KlIKtT-wLQks5swH3FgaJpZM4QHd4m .
Thanks.
Anyway, another question... I noticed that every time I run chisel server I get different fingerprint. This is not handy if you plan to autostart chisel in server mode on remote server.
Is there any option to make fingerprint persistent?
OK, here is my setup now...
On the server (Debian 9):
sudo systemctl start openvpn@MyVPN_WS.service
MyVPN_WS.conf has:
...
local XX.XX.XX.XXX
port 8081
...
chisel server --port 8080 --auth me:mypasswd --socks5 &
[1] 30289
root@vpn:/etc/openvpn# 2017/10/26 22:00:14 server: SOCKS5 Enabled
2017/10/26 22:00:14 server: Fingerprint b8:ad:8e:15:60:8f:f7:e0:f6:e8:ce:56:e4:85:d3:c5
2017/10/26 22:00:14 server: User authenication enabled
2017/10/26 22:00:14 server: Listening on 8080...
On the client (Ubuntu 17.04):
chisel client --auth me:mypasswd http://myvpnserver.com:8080 socks
2017/10/26 22:01:48 client: Connecting to ws://myvpnserver.com:8080
2017/10/26 22:01:48 client: tunnel#1 127.0.0.1:1080=>socks: Listening
2017/10/26 22:01:58 client: Retrying in 100ms...
2017/10/26 22:02:09 client: Retrying in 200ms...
2017/10/26 22:02:19 client: Fingerprint b8:ad:8e:15:60:8f:f7:e0:f6:e8:ce:56:e4:85:d3:c5
2017/10/26 22:02:19 client: Connected (Latency 37.582275ms)
openvpn --config MyVPN.conf
MyVPN_WS.conf has:
...
remote XX.XX.XX.XXX 8081
socks-proxy 127.0.0.1 1080
...
OpenVPN connection seems successful. If I type ifconfig
into the terminal, I can see tun0
device with correct "local" (VPN) IP.
However, I cannot ping my VPN server and IP forwarding does not work (but it is enabled and routing is done correctly with iptables).
Any idea what could be wrong?
Is there any option to make fingerprint persistent?
chisel server --help
....
--key, An optional string to seed the generation of a ECDSA public
and private key pair. All commications will be secured using this
key pair. Share the subsequent fingerprint with clients to enable detection
of man-in-the-middle attacks (defaults to the CHISEL_KEY environment
variable, otherwise a new key is generate each run).
Sorry, I'm not very familiar with OpenVPN
OK, here is my setup now...
On the server (Debian 9):
- First I run OpenVPN server:
sudo systemctl start openvpn@MyVPN_WS.service
MyVPN_WS.conf has:
... local XX.XX.XX.XXX port 8081 ...
- Then I run Chisel:
chisel server --port 8080 --auth me:mypasswd --socks5 &
[1] 30289 root@vpn:/etc/openvpn# 2017/10/26 22:00:14 server: SOCKS5 Enabled 2017/10/26 22:00:14 server: Fingerprint b8:ad:8e:15:60:8f:f7:e0:f6:e8:ce:56:e4:85:d3:c5 2017/10/26 22:00:14 server: User authenication enabled 2017/10/26 22:00:14 server: Listening on 8080...
On the client (Ubuntu 17.04):
- First I run Chisel:
chisel client --auth me:mypasswd http://myvpnserver.com:8080 socks
2017/10/26 22:01:48 client: Connecting to ws://myvpnserver.com:8080 2017/10/26 22:01:48 client: tunnel#1 127.0.0.1:1080=>socks: Listening 2017/10/26 22:01:58 client: Retrying in 100ms... 2017/10/26 22:02:09 client: Retrying in 200ms... 2017/10/26 22:02:19 client: Fingerprint b8:ad:8e:15:60:8f:f7:e0:f6:e8:ce:56:e4:85:d3:c5 2017/10/26 22:02:19 client: Connected (Latency 37.582275ms)
- Then I run my OpenVPN client:
openvpn --config MyVPN.conf
MyVPN_WS.conf has:
... remote XX.XX.XX.XXX 8081 socks-proxy 127.0.0.1 1080 ...
OpenVPN connection seems successful. If I type
ifconfig
into the terminal, I can seetun0
device with correct "local" (VPN) IP.However, I cannot ping my VPN server and IP forwarding does not work (but it is enabled and routing is done correctly with iptables).
Any idea what could be wrong?
Did you solve the issue?
Yes.
Yes.
👍
I have OpenVPN server running on TCP/443. Is it possible to run it over chisel?
If yes, what commands should be issued on server and what on client?
Any help would be much appreciated.