search

pufferffish / wireproxy

Wireguard client that exposes itself as a socks5 proxy
ISC License
4.1k stars 235 forks source link

Can't use Socks5 Proxy: "SOCKS: Failed receiving initial SOCKS5 response: Failure when receiving data from the peer" #99

Closed Wesselinator closed 4 months ago

Wesselinator commented 4 months ago

Issue

Trying to setup socks5 through the container.

A little difficult to debug because it's distroless.

Config

/etc/wireproxy/config

[Interface]
PrivateKey = REDACT
Address = R.D.C.T/32
DNS = 1.1.1.1

[Peer]
PublicKey = REDACT
AllowedIPs = R.D.C.T/0
Endpoint = R.D.C.T:51820
PersistentKeepalive = 25

[Socks5]
BindAddress=127.0.0.1:8888

Command:

podman run -v /etc/wireproxy:/etc/wireproxy --rm -p 8888:8888 -it ghcr.io/pufferffish/wireproxy:latest

Output:

Looks like the tunnel works fine, but I don't see any output from the proxy component. I will assume it's all working fine.

from the code-base, doesn't look like the proxy server outputs any logs unless there is an issue

DEBUG: 2024/02/03 01:00:00 UAPI: Updating private key
DEBUG: 2024/02/03 01:00:00 Routine: handshake worker 3 - started
DEBUG: 2024/02/03 01:00:00 Routine: decryption worker 2 - started
DEBUG: 2024/02/03 01:00:00 Routine: handshake worker 2 - started
DEBUG: 2024/02/03 01:00:00 Routine: encryption worker 3 - started
DEBUG: 2024/02/03 01:00:00 Routine: decryption worker 3 - started
DEBUG: 2024/02/03 01:00:00 Routine: decryption worker 4 - started
DEBUG: 2024/02/03 01:00:00 Routine: encryption worker 4 - started
DEBUG: 2024/02/03 01:00:00 Routine: encryption worker 1 - started
DEBUG: 2024/02/03 01:00:00 Routine: handshake worker 4 - started
DEBUG: 2024/02/03 01:00:00 Routine: decryption worker 1 - started
DEBUG: 2024/02/03 01:00:00 Routine: TUN reader - started
DEBUG: 2024/02/03 01:00:00 peer(REDACT) - UAPI: Created
DEBUG: 2024/02/03 01:00:00 peer(REDACT) - UAPI: Updating persistent keepalive interval
DEBUG: 2024/02/03 01:00:00 peer(REDACT) - UAPI: Updating preshared key
DEBUG: 2024/02/03 01:00:00 peer(REDACT) - UAPI: Updating endpoint
DEBUG: 2024/02/03 01:00:00 peer(REDACT) - UAPI: Adding allowedip
DEBUG: 2024/02/03 01:00:00 Routine: encryption worker 2 - started
DEBUG: 2024/02/03 01:00:00 Routine: handshake worker 1 - started
DEBUG: 2024/02/03 01:00:00 UDP bind has been updated
DEBUG: 2024/02/03 01:00:00 peer(REDACT) - Starting
DEBUG: 2024/02/03 01:00:00 peer(REDACT) - Routine: sequential receiver - started
DEBUG: 2024/02/03 01:00:00 Routine: receive incoming v6 - started
DEBUG: 2024/02/03 01:00:00 peer(REDACT) - Routine: sequential sender - started
DEBUG: 2024/02/03 01:00:00 Routine: event worker - started
DEBUG: 2024/02/03 01:00:00 peer(REDACT) - Sending keepalive packet
DEBUG: 2024/02/03 01:00:00 peer(REDACT) - Sending handshake initiation
DEBUG: 2024/02/03 01:00:00 Routine: receive incoming v4 - started
DEBUG: 2024/02/03 01:00:00 Interface up requested
DEBUG: 2024/02/03 01:00:00 Interface state was Down, requested Up, now Up
DEBUG: 2024/02/03 01:00:01 peer(REDACT) - Received handshake response

Testing

Testing with curl 8.6.0 from the host

ipv4 stuff was to narrow the issue, I am experiencing some unrelated ipv6 issues

curl --ipv4 -v --socks5 127.0.0.1:8888 http://example.com/

This is the output I get.

curl --ipv4 -v --socks5 127.0.0.1:8888 http://example.com/
*   Trying 127.0.0.1:8888...
* Connected to 127.0.0.1 (127.0.0.1) port 8888
* Recv failure: Connection reset by peer
* SOCKS: Failed receiving initial SOCKS5 response: Failure when receiving data from the peer
* Closing connection
curl: (97) Recv failure: Connection reset by peer

Version

ghcr.io/pufferffish/wireproxy:latest -v

wireproxy, version af97322
Wesselinator commented 4 months ago

This was painful.

Fix is:

[Socks5]
BindAddress=0.0.0.0:8888