search

nneonneo / iOS-SOCKS-Server

iOS HTTP/SOCKS proxy server for fake-tethering
268 stars 33 forks source link

Unable to stream spotify #3

Closed Snowmander closed 4 years ago

Snowmander commented 4 years ago

First off, thanks for the amazing script. Almost everything seems to work. However, Spotify doesn't seem to work, both in Chrome and desktop app (Mac). I found a relevant discussion here.

Also, trying to tunnel OpenVPN connection over the proxy also seems to fail with the error message command 3 unsupported.

nneonneo commented 4 years ago

I can't do anything about Spotify; that's their bug, not mine, and there's no clean way to force all traffic on a computer to go through a SOCKS proxy (there are various VPN-esque hacks such as FlowerWrong/tun2socks; this seems to be a good list: https://ntc.party/t/convert-socks5-to-tun-tap-proxy-as-vpn/107).

However, UDP support ("command 3") I can do - I just pushed a couple commits that implement UDP support (as well as performing some long-necessary house cleaning on the code). Give it a shot and let me know if it works.

nneonneo commented 4 years ago

@Snowmander Let me know if the new changes make OpenVPN work. I have very few applications that are able to tunnel UDP over SOCKS, so I'd be curious to know if my implementation of UDP SOCKS works with OpenVPN.

Snowmander commented 4 years ago

@nneonneo Sorry for not getting back to you earlier. I was a bit busy and had trouble transferring the log from my phone. I wasn't able to get OpenVPN working under the proxy. 

2020-05-08 17:36:39.278617 Socket Buffers: R=[786896->524288] S=[9216->524288]
2020-05-08 17:36:39.278636 Attempting to establish TCP connection with [AF_INET]169.254.146.160:9876 [nonblock]
2020-05-08 17:36:39.278652 MANAGEMENT: >STATE:1588926999,TCP_CONNECT,,,,,,
2020-05-08 17:36:39.278849 MANAGEMENT: CMD 'hold release'
2020-05-08 17:36:40.349912 TCP connection established with [AF_INET]169.254.146.160:9876
2020-05-08 17:36:40.374974 recv_socks_reply: Socks proxy returned bad reply
2020-05-08 17:36:40.375171 SIGUSR1[soft,init_instance] received, process restarting
2020-05-08 17:36:40.375210 MANAGEMENT: >STATE:1588927000,RECONNECTING,init_instance,,,,,
2020-05-08 17:36:40.380799 MANAGEMENT: CMD 'hold release'
2020-05-08 17:36:40.380862 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
2020-05-08 17:36:40.380877 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-05-08 17:36:40.380983 TCP/UDP: Preserving recently used remote address: [AF_INET]169.254.146.160:9876
2020-05-08 17:36:40.381054 Socket Buffers: R=[786896->524288] S=[9216->524288]
2020-05-08 17:36:40.381071 Attempting to establish TCP connection with [AF_INET]169.254.146.160:9876 [nonblock]
2020-05-08 17:36:40.381087 MANAGEMENT: >STATE:1588927000,TCP_CONNECT,,,,,,
2020-05-08 17:36:40.381243 MANAGEMENT: CMD 'hold release'
2020-05-08 17:36:41.449332 TCP connection established with [AF_INET]169.254.146.160:9876
2020-05-08 17:36:41.464472 recv_socks_reply: Socks proxy returned bad reply
2020-05-08 17:36:41.464716 SIGUSR1[soft,init_instance] received, process restarting
2020-05-08 17:36:41.464750 MANAGEMENT: >STATE:1588927001,RECONNECTING,init_instance,,,,,
INFO:root:169.254.25.9:59158: new connection
ERROR:root:169.254.25.9:59158: connect error [Errno 49] Can't assign requested address
INFO:root:169.254.25.9:59158: shutting down
INFO:root:169.254.25.9:59159: new connection
ERROR:root:169.254.25.9:59159: connect error [Errno 49] Can't assign requested address
INFO:root:169.254.25.9:59159: shutting down
INFO:root:169.254.25.9:59160: new connection
INFO:root:169.254.25.9:59161: new connection
INFO:root:169.254.25.9:59161: connected to p43-caldav.icloud.com:443
ERROR:root:169.254.25.9:59160: connect error [Errno 49] Can't assign requested address
INFO:root:169.254.25.9:59160: shutting down
INFO:root:169.254.25.9:59162: new connection
ERROR:root:169.254.25.9:59162: connect error [Errno 49] Can't assign requested address
INFO:root:169.254.25.9:59162: shutting down
INFO:root:169.254.25.9:59163: new connection
ERROR:root:169.254.25.9:59163: connect error [Errno 49] Can't assign requested address
INFO:root:169.254.25.9:59163: shutting down

OpenVPN configuration: socks-proxy 169.254.146.160 9876

nneonneo commented 4 years ago

That doesn't look like the newest version of the code; try updating and see if that fixes anything. (Also - the top of the Pythonista log is very helpful, since it will tell me whether it's locating the right libraries and interfaces)

Snowmander commented 4 years ago

You're right, that was not the latest version of the code. The issue seems to be the same though.

Assuming proxy will be accessed over WiFi (en0) at 169.254.146.160
Will connect to servers over interface pdp_ip0 at 10.48.78.163
Warning: dnspython not available; falling back to system DNS
PAC URL: http://169.254.146.160:80/wpad.dat
SOCKS Address: 169.254.146.160:9876
INFO:root:169.254.25.9:59431: new connection
INFO:root:169.254.25.9:59431 -> 15-courier.push.apple.com:5223: connected

(…)

INFO:root:169.254.25.9:59450 -> tunnelblick.net:443: connected
INFO:root:169.254.25.9:59452: new connection
ERROR:root:169.254.25.9:59452 -> 169.254.25.9:0: udp association error [Errno 49] Can't assign requested address
INFO:root:169.254.25.9:59453: new connection
ERROR:root:169.254.25.9:59453 -> 169.254.25.9:0: udp association error [Errno 49] Can't assign requested address
INFO:root:169.254.25.9:59454: new connection
ERROR:root:169.254.25.9:59454 -> 169.254.25.9:0: udp association error [Errno 49] Can't assign requested address
INFO:root:169.254.25.9:59455: new connection
ERROR:root:169.254.25.9:59455 -> 169.254.25.9:0: udp association error [Errno 49] Can't assign requested address
INFO:root:169.254.25.9:59456: new connection
ERROR:root:169.254.25.9:59456 -> 169.254.25.9:0: udp association error [Errno 49] Can't assign requested address
INFO:root:169.254.25.9:59457: new connection
ERROR:root:169.254.25.9:59457 -> 169.254.25.9:0: udp association error [Errno 49] Can't assign requested address
INFO:root:169.254.25.9:59458: new connection
ERROR:root:169.254.25.9:59458 -> 169.254.25.9:0: udp association error [Errno 49] Can't assign requested address
INFO:root:169.254.25.9:59459: new connection
ERROR:root:169.254.25.9:59459 -> 169.254.25.9:0: udp association error [Errno 49] Can't assign requested address
INFO:root:169.254.25.9:59460: new connection
ERROR:root:169.254.25.9:59460 -> 169.254.25.9:0: udp association error [Errno 49] Can't assign requested address
INFO:root:169.254.25.9:59461: new connection
ERROR:root:169.254.25.9:59461 -> 169.254.25.9:0: udp association error [Errno 49] Can't assign requested address
Shutting down.
Exception in thread Thread-11:
Traceback (most recent call last):
  File "/var/containers/Bundle/Application/A787A1C4-AD5A-481F-BE57-90B0D58B11BB/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/threading.py", line 917, in _bootstrap_inner
    self.run()
  File "/var/containers/Bundle/Application/A787A1C4-AD5A-481F-BE57-90B0D58B11BB/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/threading.py", line 865, in run
    self._target(*self._args, **self._kwargs)
  File "/var/containers/Bundle/Application/A787A1C4-AD5A-481F-BE57-90B0D58B11BB/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/socketserver.py", line 640, in process_request_thread
    self.finish_request(request, client_address)
  File "/var/containers/Bundle/Application/A787A1C4-AD5A-481F-BE57-90B0D58B11BB/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/socketserver.py", line 362, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/var/containers/Bundle/Application/A787A1C4-AD5A-481F-BE57-90B0D58B11BB/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/socketserver.py", line 697, in __init__
    self.handle()
  File "/private/var/mobile/Library/Mobile Documents/iCloud~com~omz-software~Pythonista3/Documents/socks5.py", line 189, in handle
    self.handle_connect(address, port)
  File "/private/var/mobile/Library/Mobile Documents/iCloud~com~omz-software~Pythonista3/Documents/socks5.py", line 238, in handle_connect
    self.tcp_loop(self.connection, remote)
  File "/private/var/mobile/Library/Mobile Documents/iCloud~com~omz-software~Pythonista3/Documents/socks5.py", line 255, in tcp_loop
    r, _, _ = select([sock1, sock2], [], [], IDLE_TIMEOUT)
KeyboardInterrupt

Exception in thread Thread-23:
Traceback (most recent call last):
  File "/var/containers/Bundle/Application/A787A1C4-AD5A-481F-BE57-90B0D58B11BB/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/threading.py", line 917, in _bootstrap_inner
    self.run()
  File "/var/containers/Bundle/Application/A787A1C4-AD5A-481F-BE57-90B0D58B11BB/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/threading.py", line 865, in run
    self._target(*self._args, **self._kwargs)
  File "/var/containers/Bundle/Application/A787A1C4-AD5A-481F-BE57-90B0D58B11BB/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/socketserver.py", line 640, in process_request_thread
    self.finish_request(request, client_address)
  File "/var/containers/Bundle/Application/A787A1C4-AD5A-481F-BE57-90B0D58B11BB/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/socketserver.py", line 362, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/var/containers/Bundle/Application/A787A1C4-AD5A-481F-BE57-90B0D58B11BB/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/socketserver.py", line 697, in __init__
    self.handle()
  File "/private/var/mobile/Library/Mobile Documents/iCloud~com~omz-software~Pythonista3/Documents/socks5.py", line 189, in handle
    self.handle_connect(address, port)
  File "/private/var/mobile/Library/Mobile Documents/iCloud~com~omz-software~Pythonista3/Documents/socks5.py", line 238, in handle_connect
    self.tcp_loop(self.connection, remote)
  File "/private/var/mobile/Library/Mobile Documents/iCloud~com~omz-software~Pythonista3/Documents/socks5.py", line 255, in tcp_loop
    r, _, _ = select([sock1, sock2], [], [], IDLE_TIMEOUT)
KeyboardInterrupt
nneonneo commented 4 years ago

@Snowmander Thanks very much for the log. I was able to reproduce the problem with a private OpenVPN server, and I put in a patch that made OpenVPN work for me locally. Give it a try now :)

Snowmander commented 4 years ago

@nneonneo Unfortunately, it doesn't seem to be quite working, although it succeeds in making a UDP connection. I suspect that's because of domain resolution failure, which would explain why you could presumably connect to a private server by the ip. I tested that the VPN address successfully resolves on a normal connection, and it does.

I'm out of the situation that required me a hotspot last week, so I'm not in a hurry right now. Again, thanks for all the work you're putting in this project!

Assuming proxy will be accessed over WiFi (en0) at 169.254.6.101
Will connect to servers over interface pdp_ip0 at 10.114.138.176
PAC URL: http://169.254.6.101:80/wpad.dat
SOCKS Address: 169.254.6.101:9876
INFO:root:169.254.238.63:49812: new connection
DEBUG:root:169.254.238.63:49812: resolving address 50-courier.push.apple.com
INFO:root:169.254.238.63:49812 -> 17.57.145.68:5223: connected
INFO:root:169.254.238.63:49813: new connection
INFO:root:169.254.238.63:49814: new connection
DEBUG:root:169.254.238.63:49813: resolving address live.github.com
INFO:root:169.254.238.63:49815: new connection
DEBUG:root:169.254.238.63:49814: resolving address github.com
DEBUG:root:169.254.238.63:49815: resolving address github.com
INFO:root:169.254.238.63:49813 -> 140.82.114.25:443: connected
INFO:root:169.254.238.63:49814 -> 140.82.118.4:443: connected
INFO:root:169.254.238.63:49815 -> 140.82.118.4:443: connected
INFO:root:169.254.238.63:49816: new connection
DEBUG:root:169.254.238.63:49816: resolving address live.github.com
INFO:root:169.254.238.63:49817: new connection
DEBUG:root:169.254.238.63:49817: resolving address github.com
INFO:root:169.254.238.63:49816 -> 140.82.114.25:443: connected
INFO:root:169.254.238.63:49817 -> 140.82.118.4:443: connected
INFO:root:169.254.238.63:49818: new connection
DEBUG:root:169.254.238.63:49818: resolving address tunnelblick.net
INFO:root:169.254.238.63:49818 -> 104.26.8.14:443: connected
INFO:root:169.254.238.63:49820: new connection
INFO:root:169.254.238.63:49818 -> 104.26.8.14:443: shutting down
INFO:root:169.254.238.63:49820 [udp]: udp association established
INFO:root:169.254.238.63:49821: new connection
DEBUG:root:169.254.238.63:49821: resolving address tunnelblick.net
INFO:root:169.254.238.63:49821 -> 104.26.8.14:443: connected
INFO:root:169.254.238.63:49820 [udp]: shutting down
INFO:root:169.254.238.63:49822: new connection
INFO:root:169.254.238.63:49822 [udp]: udp association established
2020-05-11 13:46:26.374392 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
2020-05-11 13:46:26.374418 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-05-11 13:46:26.375734 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2020-05-11 13:46:26.375763 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2020-05-11 13:46:26.375924 TCP/UDP: Preserving recently used remote address: [AF_INET]169.254.6.101:9876
2020-05-11 13:46:26.375987 Socket Buffers: R=[786896->524288] S=[9216->524288]
2020-05-11 13:46:26.376001 Attempting to establish TCP connection with [AF_INET]169.254.6.101:9876 [nonblock]
2020-05-11 13:46:26.376010 MANAGEMENT: >STATE:1589172386,TCP_CONNECT,,,,,,
2020-05-11 13:46:27.450112 TCP connection established with [AF_INET]169.254.6.101:9876
2020-05-11 13:46:27.469336 SOCKS proxy wants us to send UDP to [AF_INET]169.254.6.101:63064
2020-05-11 13:46:27.469411 MANAGEMENT: >STATE:1589172387,RESOLVE,,,,,,
2020-05-11 13:46:57.476172 RESOLVE: Cannot resolve host address: [redacted].com:1111 (nodename nor servname provided, or not known)
2020-05-11 13:46:57.476452 SIGUSR1[soft,init_instance] received, process restarting
2020-05-11 13:46:57.476497 MANAGEMENT: >STATE:1589172417,RECONNECTING,init_instance,,,,,
2020-05-11 13:46:57.626949 MANAGEMENT: CMD 'hold release'
2020-05-11 13:46:57.627043 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
2020-05-11 13:46:57.627066 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-05-11 13:46:57.627362 TCP/UDP: Preserving recently used remote address: [AF_INET]169.254.6.101:9876
2020-05-11 13:46:57.627456 Socket Buffers: R=[786896->524288] S=[9216->524288]
2020-05-11 13:46:57.627483 Attempting to establish TCP connection with [AF_INET]169.254.6.101:9876 [nonblock]
2020-05-11 13:46:57.627502 MANAGEMENT: >STATE:1589172417,TCP_CONNECT,,,,,,
2020-05-11 13:46:57.627753 MANAGEMENT: CMD 'hold release'
2020-05-11 13:46:58.652104 TCP connection established with [AF_INET]169.254.6.101:9876
nneonneo commented 4 years ago

That would, unfortunately, be Tunnelblick trying to resolve hosts via your own network rather than the proxy. The easy fix would be to use some ping tool on your iPhone to resolve the IP, then edit the VPN configuration (or your /etc/hosts) to use that IP directly.

I am not sure if Tunnelblick/OpenVPN provide an option to push hostname resolution to the proxy. (cURL, for example, provides the “socks5h” protocol for this purpose). But, in any case, the failure of Tunnelblick to properly resolve the server should be considered a Tunnelblick bug.

On May 10, 2020, at 11:08 PM, Snowmander notifications@github.com wrote:

 @nneonneo Unfortunately, it doesn't seem to be quite working, although it succeeds in making a UDP connection. I suspect that's because of domain resolution failure, which would explain why you could presumably connect to a private server by the ip. I tested that the VPN address successfully resolves on a normal connection, and it does.

I'm out of the situation that required me a hotspot last week, so I'm not in a hurry right now. Again, thanks for all the work you're putting in this project!

Assuming proxy will be accessed over WiFi (en0) at 169.254.6.101 Will connect to servers over interface pdp_ip0 at 10.114.138.176 PAC URL: http://169.254.6.101:80/wpad.dat SOCKS Address: 169.254.6.101:9876 INFO:root:169.254.238.63:49812: new connection DEBUG:root:169.254.238.63:49812: resolving address 50-courier.push.apple.com INFO:root:169.254.238.63:49812 -> 17.57.145.68:5223: connected INFO:root:169.254.238.63:49813: new connection INFO:root:169.254.238.63:49814: new connection DEBUG:root:169.254.238.63:49813: resolving address live.github.com INFO:root:169.254.238.63:49815: new connection DEBUG:root:169.254.238.63:49814: resolving address github.com DEBUG:root:169.254.238.63:49815: resolving address github.com INFO:root:169.254.238.63:49813 -> 140.82.114.25:443: connected INFO:root:169.254.238.63:49814 -> 140.82.118.4:443: connected INFO:root:169.254.238.63:49815 -> 140.82.118.4:443: connected INFO:root:169.254.238.63:49816: new connection DEBUG:root:169.254.238.63:49816: resolving address live.github.com INFO:root:169.254.238.63:49817: new connection DEBUG:root:169.254.238.63:49817: resolving address github.com INFO:root:169.254.238.63:49816 -> 140.82.114.25:443: connected INFO:root:169.254.238.63:49817 -> 140.82.118.4:443: connected INFO:root:169.254.238.63:49818: new connection DEBUG:root:169.254.238.63:49818: resolving address tunnelblick.net INFO:root:169.254.238.63:49818 -> 104.26.8.14:443: connected INFO:root:169.254.238.63:49820: new connection INFO:root:169.254.238.63:49818 -> 104.26.8.14:443: shutting down INFO:root:169.254.238.63:49820 [udp]: udp association established INFO:root:169.254.238.63:49821: new connection DEBUG:root:169.254.238.63:49821: resolving address tunnelblick.net INFO:root:169.254.238.63:49821 -> 104.26.8.14:443: connected INFO:root:169.254.238.63:49820 [udp]: shutting down INFO:root:169.254.238.63:49822: new connection INFO:root:169.254.238.63:49822 [udp]: udp association established 2020-05-11 13:46:26.374392 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead. 2020-05-11 13:46:26.374418 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2020-05-11 13:46:26.375734 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2020-05-11 13:46:26.375763 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2020-05-11 13:46:26.375924 TCP/UDP: Preserving recently used remote address: [AF_INET]169.254.6.101:9876 2020-05-11 13:46:26.375987 Socket Buffers: R=[786896->524288] S=[9216->524288] 2020-05-11 13:46:26.376001 Attempting to establish TCP connection with [AF_INET]169.254.6.101:9876 [nonblock] 2020-05-11 13:46:26.376010 MANAGEMENT: >STATE:1589172386,TCP_CONNECT,,,,,, 2020-05-11 13:46:27.450112 TCP connection established with [AF_INET]169.254.6.101:9876 2020-05-11 13:46:27.469336 SOCKS proxy wants us to send UDP to [AF_INET]169.254.6.101:63064 2020-05-11 13:46:27.469411 MANAGEMENT: >STATE:1589172387,RESOLVE,,,,,, 2020-05-11 13:46:57.476172 RESOLVE: Cannot resolve host address: [redacted].com:1111 (nodename nor servname provided, or not known) 2020-05-11 13:46:57.476452 SIGUSR1[soft,init_instance] received, process restarting 2020-05-11 13:46:57.476497 MANAGEMENT: >STATE:1589172417,RECONNECTING,init_instance,,,,, 2020-05-11 13:46:57.626949 MANAGEMENT: CMD 'hold release' 2020-05-11 13:46:57.627043 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead. 2020-05-11 13:46:57.627066 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2020-05-11 13:46:57.627362 TCP/UDP: Preserving recently used remote address: [AF_INET]169.254.6.101:9876 2020-05-11 13:46:57.627456 Socket Buffers: R=[786896->524288] S=[9216->524288] 2020-05-11 13:46:57.627483 Attempting to establish TCP connection with [AF_INET]169.254.6.101:9876 [nonblock] 2020-05-11 13:46:57.627502 MANAGEMENT: >STATE:1589172417,TCP_CONNECT,,,,,, 2020-05-11 13:46:57.627753 MANAGEMENT: CMD 'hold release' 2020-05-11 13:46:58.652104 TCP connection established with [AF_INET]169.254.6.101:9876 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.