No Internet Access: Unable to resolve host "cp.cloudflare.com"

[randef1ned]

Describe the bug When I test the connection, I get "No Internet access. Unable to resolve host 'cp.cloudflare.com', No address associated with hostname". It errors most of the time, but my laptop and my iPad works normally. DNS server works properly. The server works well. Settings are all correct. No block. Several other WiFi networks are tried, but it stills. Network settings are cleared.

To Reproduce Steps to reproduce the behavior:

1. Connect to Shadowsocks server
2. Test the connection
3. Failed and reported error

Expected behavior A clear and concise description of what you expected to happen. Connect to Shadowsocks server

Screenshots If applicable, add screenshots to help explain your problem.

Smartphone (please complete the following information):

• Device: iQOO z1x
• Version: Android 10.0; Shadowsocks 5.1.4 & 5.0.6 from play store
• Last version that did not exhibit the issue: No

Configuration Put an x inside the [ ] that applies.

• [x] IPv4 server address
• [ ] IPv6 server address
• [x] Client IPv4 availability
• [ ] Client IPv6 availability
• Encrypt method: chacha20-ietf-poly1305
• Route
  • [ ] All
  • [ ] Bypass LAN
  • [ ] Bypass China
  • [x] Bypass LAN & China
  • [ ] GFW List
  • [ ] China List
  • [ ] Custom rules
• [x] IPv6 route
• [ ] Apps VPN mode
  • [ ] Bypass mode
• Remote DNS: 8.8.8.8
• [ ] DNS over UDP
• Plugin configuration (if applicable):
• [ ] Auto Connect
• [ ] TCP Fast Open
• If you're not using VPN mode, please supply more details here:

Additional context It reproduces on my two vivo phone but fails to reproduce on my xiaomi phone. My xiaomi 6 (Android 9.0) works pretty well.

[randef1ned]

In addition, none of the route works in my vivo phones.

[Celthi]

I met the same error.

[xygwfxu]

A simple way to reproduce: Run server on Windows 10 : gost.exe -L=ss://aes-256-cfb:test1234@:8388 Download binary here: https://github.com/ginuerzh/gost/releases/tag/v2.11.1

Run android and configure the same（change only host,port,password, all other keeps default) , do test. You will see "Unable to resolve host "cp.cloudflare.com".

It works before and v5.0.6, failed on all new versions.

[madeye]

1. It looks a VIVO specific issue to me.
2. Check the private DNS settings on your phone. Make sure it's disabled.

[Celthi]

1. It looks a VIVO specific issue to me.
2. Check the private DNS settings on your phone. Make sure it's disabled.

I'm using Xiaomi phone. So it should not be VIVO specific issues.

[xygwfxu]

I Tried all new versions on xiaomi6x and xiaomi10, all of them do not work. any other info can offer to help reproduce?

[dev4u]

某些运营商会对个别域名直接返回127.0.0.1，不再是返回国外的ip了。希望对分析问题有帮助。

[xygwfxu]

@dev4u 终端下解析这个cp.cloudflare.com域名没有问题， 是特指的某些还是个别的域名嘛？

[dev4u]

@dev4u 终端下解析这个cp.cloudflare.com域名没有问题， 是特指的某些还是个别的域名嘛？

先确认关闭了私人dns设置！！！

因为这个仅仅是我单次的观察结果，说不上[某些]还是[个别]，仅供参考。当时请求google的页面发生异常，抓包发现返回的地址是127的。 切换用gfw模式路由能正常访问，用国内外ip模式访问异常。 如果使用gfw模式，需自行改写工程的acl文件更新类，并且使用自己维护的，或者第三方维护的acl。否则有部分站点没办法访问！！

[xygwfxu]

@dev4u 不好意思， 才知道有“私人dns”设置这个选项， 刚才查看并确认默认是关闭的。

[xygwfxu]

@madeye “private DNS” is disabled by default. This may explain that why v5.0.6 works on same phone instead of v5.1.x.

Since the error is related to DNS (test is to "cp.cloudflare.com", however all DNS from Browser are not working as well while in VPN mode).

What could be reason that dns is failed for new version?

[madeye]

@lavi-xu I suggest reporting your problem to Xiaomi instead. We cannot reproduce it with any Pixel/AOSP device (even on a Huawei device).

[xygwfxu]

@madeye It could be more hard to explain such issue to a OS level corp, that for an 3rd app that works one version but failed for another version, which OS level functional API is involved it, right?

Let me try to UNDERSTAND how ss does DNS function when VPN is ON.

Thanks for such great sw made to www.

[wxdczd]

服务器端我用gost-linux-amd64-2.10.1可以,用2.11.1就出这个错误.

[dev4u]

新版本的dns必须是tcp的

[xygwfxu]

@dev4u @madeye I noticed that new version has changed udp option from -u to -U(upper case), is this the root cause that prevent dns working please ?

[xygwfxu]

@wxdczd 谢谢提醒，我来试一下这个版本的serve版本。

[xygwfxu]

@wxdczd 试过2.10 也不可以， 因为协议改了。

@dev4u 您说的是对的， 新版改tcp 协议了， 抓包发现全是rst在53口上。

[madeye]

Make sure the remote DNS in your profile support TCP queries.

[dev4u]

DNS over UDP 是不是可以把反馈表单的这项选择，直接改成[请确认DNS请求是通过tcp来发送]这样的描述？ @madeye

[xygwfxu]

@madeye I use wireshark to capture the dns (cp.cloudflare.com) and found that received records are going to ip6 link That makes problem for your test network function since our network does not support IP6.

And yes when you use tcp for dns on some sites, firewall simple drop all packets except whitelist sites link

In summary, could we have udp mode for dns option for end user?

[madeye]

@lavi-xu I don't think your problem has anything to do with TCP DNS queries. If your server doesn't support IPv6, make sure IPv6 route is disabled in your profile.

Given your issue looks very different to this one, please open another issue and provide all your config details there.

[xygwfxu]

@madeye okay okay, I notice that you use AAAA to query a domain, that asks an ip6 result, normally it should be A, am I right?

[madeye]

@lavi-xu The query comes from Android system. Shadowsocks never does a DNS query by itself, it's just a proxy.

AAAA queries are made by the system, if the system finds the underlying network supports IPv6, which is expected.

Again, please don't hijack other one's issue for your problem.

[randef1ned]

1. It looks a VIVO specific issue to me.
2. Check the private DNS settings on your phone. Make sure it's disabled.

Private DNS is off and DNS by default is changed to either 8.8.8.8 or 114.114.114.114. Shadowsocks doesn't produce any error or message. It only shows "Testing..." forever, and there is no internet connection at all.

[randef1ned]

@madeye The resolution of cp.cloudflare.com works well. All of the things work well, but the client reports the error.

[AxelRUS]

I have same issue on OnePlus 5t (Android 10) with this server https://github.com/shadowsocks/shadowsocks-go I change server to this version https://github.com/shadowsocks/go-shadowsocks2 and issue gone.

[xygwfxu]

@AxelRUS Yes, I confirmed that go-shadowsocks2 works on my devices as well. Thank you very much.

@madeye I retest with a root device, and see that DNS work for all cases. Before it pops error "No Internet access. Unable to resolve host 'cp.cloudflare.com'. I observer some detail steps:

1. Once enable VPN, the status shows "connection is established", and from wireshark, I see it has correct http to google (with tls1.2, it 's tls 1.3 on 5.0.6 version)
2. Then I click "test connection", and profile's traffic is showing in first line(both inbound/outbind) but it keeps 0 in 2nd line. However from wireshark, I only see DNS traffic to cp.cloudflare.com(yes, it has ip4 as well), there is NO https to cp.cloudflare.com at all.

With go-shadowsocks2 server, I see https to cp.cloudflare.com once DNS reached.

So conclusion is issue on shadowsocks-go.

[tianyutingxy]

i got the same error on 5.1.9 version.

[ixtisgit]

I guess that's because of encrypt method. I have shadowsocks server run as docker container with default settings. After I changed method to AES-256-GCM, the issue was resolved.

[zdfdreamfactory]

@AxelRUS Yes, I confirmed that go-shadowsocks2 works on my devices as well. Thank you very much.

@madeye I retest with a root device, and see that DNS work for all cases. Before it pops error "No Internet access. Unable to resolve host 'cp.cloudflare.com'. I observer some detail steps:

1. Once enable VPN, the status shows "connection is established", and from wireshark, I see it has correct http to google (with tls1.2, it 's tls 1.3 on 5.0.6 version)
2. Then I click "test connection", and profile's traffic is showing in first line(both inbound/outbind) but it keeps 0 in 2nd line. However from wireshark, I only see DNS traffic to cp.cloudflare.com(yes, it has ip4 as well), there is NO https to cp.cloudflare.com at all.

With go-shadowsocks2 server, I see https to cp.cloudflare.com once DNS reached.

So conclusion is issue on shadowsocks-go.

But I use shadowsocks-libev, and I have the same problem, I don't know why it's trying to connect cp.cloudflare.com ?

[AxelRUS]

@zdfdreamfactory This url is uses for testing connection through a shadowsocks server https://github.com/shadowsocks/shadowsocks-android/blob/master/core/src/main/java/com/github/shadowsocks/net/HttpsTest.kt#L85

If no connection - server is not working or misconfigurated or firewalled or other reasons.

[Abdipour]

I have the same problem only in android TV. I use shadowsocks-rust + v2ray-plugin. Android and windows clients works fine. I tried to import json config from both clients in android tv. Also I tried to connect another VPN service to test my internet. After VPN connection established, shadowsocks client successfully connected. Screenshot of test reachability to cp.cloudflare.com:

[truelv]

reproduce this issue on OPPO Reno，ColoreOS version v11.1，Android version11，shadowssocks for android version 5.2.6

[Martin91]

reproduce this issue on OPPO Reno 2, ColorOS v11

[feng1o]

reproduce this issue on HW mate 40

[strngtn]

Still reproduce this issue on Oneplus 8T from some SSA version of 5.0.x.

This issue lasts for over one year and wonder why is it closed?

In profile settings, I see something like UDP disabled, will it related to this issue?

Also confirm that the profile with v2ray plugin works well.

[luiguangguan]

你的服务器域名是不是又下划线“” 我遇到这个问题是因为我的ss服务器使用了域名，而域名中存在下划线“”, 似乎下划线在域名中的被允许性存在争议，反正不用_下划线的域名作为ss服务器域名就OK了

[m-ocean-it]

The error still persists. I fixed it for myself somehow in the past but I don't remember how...

[ewwhash]

Zenfone 8, stock android 11, have this problem with private dns enabled.

[vrzdrb]

It worked for me to change the server address to 0.0.0.0 in the server config. However, with the v2ray plugin the error is returned.

shadowsocks-libev Debian 11

[andruska]

The same error on Shadowsocks Android client. I am using nthLink server and on the next day the connection is established but without internet connection and test prompts: Fail to detect internet connection: Unable to resolve host "cp.cloudflare.com": No address associated with hostname

[HULIANGA]

加密方式换成AES-256-GCM可以了

[SZooo]

In 2022, The version 5.2.6 still have this issue, and it should not be closed

[amirhs712]

Same issue here on Huawei android 7, no issue on Xiaomi or Samsung

[m-ocean-it]

changing the cipher seemed to solve that for me

[dicecat]

Changing server port fixed it for me. Look like the original server port got disabled by service provider or blocked by gwf.

[MygithubTom]

我想那是因为加密方法。我让 shadowsocks 服务器以默认设置作为 docker 容器运行。在我将方法更改为 AES-256-GCM 后，问题就解决了。

没有加密方式的话呢，比如trojan://节点

[YipZong]

看一下服务器的防火墙设置。有没有允许那个端口的incoming流量。 Please check the firewall setting on your server, and allow incoming traffic for that port.

[liuqinh2s]

Upgrading to latest kcptun solve this problem.