Closed ghost closed 2 years ago
@vogelfreiheit you may want to look at the firewall log first if your traffic isn't blocked there meaning it requires a rule to support it.
Negative, also this should fall under the "allow traffic originating from the firewall" configuration. There is nothing blocked per se, I checked before submitting the report. Feel free to suggest other possible places to verify.
I don't have any further ideas for this, sorry. Hopefully someone else wants to chime in.
Cheers, Franco
Did a quick test with ss-local configured to listen at localhost:8989:
2021-12-09T13:54:30 | openvpn[30113] | TCP: connect to [AF_INET]127.0.0.1:8989 failed: Can't assign requested address |
-- | -- | -- | --
2021-12-09T13:54:30 | openvpn[30113] | Attempting to establish TCP connection with [AF_INET]127.0.0.1:8989 [nonblock] |
2021-12-09T13:54:30 | openvpn[30113] | Socket Buffers: R=[65228->524288] S=[65228->524288] |
2021-12-09T13:54:30 | openvpn[30113] | TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:8989
Instead of a time out, it fails with Can't assign requested address
.
I thought that the --socks-proxy
option was used to connect through the socks5. The proxy parameter in the gui defines the --http-proxy
option
I thought that the
--socks-proxy
option was used to connect through the socks5. The proxy parameter in the gui defines the--http-proxy
option
I have tested both. UI setting and socks-proxy in the custom directives.
with socks-proxy option in gui "Advanced configuration". Shadowsocks server and local enabled. TCP openvpn from one OPNSense to another (certs not trusted. so connection fail):
..
2021-12-09T16:28:31 | Error | openvpn | OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2021-12-09T16:28:31 | Error | openvpn | VERIFY ERROR: depth=1, error=* sanitized* |
2021-12-09T16:28:31 | Notice | openvpn | TLS: Initial packet from [AF_INET]127.0.0.1:1080, sid=186f7700 f9a7ab3d |
2021-12-09T16:28:31 | Notice | openvpn | TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:1080 |
2021-12-09T16:28:31 | Notice | openvpn | TCPv4_CLIENT link local: (not bound) |
2021-12-09T16:28:31 | Notice | openvpn | TCP connection established with [AF_INET]127.0.0.1:1080 |
2021-12-09T16:28:31 | Notice | openvpn | Attempting to establish TCP connection with [AF_INET]127.0.0.1:1080 [nonblock]
..
all the states created are visible in Firewall: Diagnostics: States looks like it should work
Could you provide screenshots from the ss-local config? This is interesting. What version are you running?
all settings are default os-shadowsocks (installed) | 1.0_2 OPNsense 21.7.6-amd64
Revisiting this: we had to configure it to listen on ANY/0.0.0.0, otherwise it would not work. I'm not sure why you are using a local SS server though (not the SOCKS client, the server itself). The whole point of SS is to serve as a remote encrypted tunnel. Whatever you are using is routing out the normal WAN, for no added benefit.
I'm not sure why you are using a local SS server
im not ). it was just interesting to add it and try to understand the issue (and help if possible) if everything works for you now, then I'm happy :wink:
This issue has been automatically timed-out (after 180 days of inactivity).
For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.
If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.
I've just stumbled upon this ticket while trying for hours to solve a problem quite similar to this. In my case it's not a shadowsocks but v2ray daemon + socks-proxy 127.0.0.1 1080 option in openvpn page.
I solved the issue changing openvpn's interface to Localhost. V2Ray daemon is bound to 127.0.0.1 and if openvpn is bound to localhost too, everything works without additional fiddling.
Just in case somebody's search lands here.
@burbilog Please excuse me for late tagging but what does "changing openvpn's interface to Localhost" mean in this context ? Could you post your client conf ?
@burbilog Please excuse me for late tagging but what does "changing openvpn's interface to Localhost" mean in this context ? Could you post your client conf ?
plus this line in "advanced" field:
socks-proxy 127.0.0.1 1082
This way OpenVPN connects to v2ray daemon, bound to localhost.
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
Configuring a client in the OpenVPN service to use a SOCKS proxy does not work. This has been tested with Shadowsocks-local, assigning a listening IP for one of the local interfaces (or localhost too) and then configuring the VPN client to use the proxy for its connections.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The OpenVPN client connection is established through the SOCKS proxy successfully.
Describe alternatives you considered
Also tested with the custom directives for socks in the client configuration.
Relevant log files
Sanitized PROXY_IP:PROXY_PORT for the local interface IP address and the port where SS-local is listening.
Environment
Latest stable OPNsense as of today.