TLS obf-method does not work.

[testcaoy7]

Please answer these questions before submitting your issue. Thanks!

What version of shadowsocks-libev are you using?

v2.6.0 for both server and client

What operating system are you using?

On Server: Ubuntu 14.04 On Client: Windows 10 + Cygwin

What did you do?

Test functionality of obf methods

What did you expect to see?

Working TLS obf method

What did you see instead?

TLS obf-method does not work. The server gives me this: ERROR: failed to handshake with ... HTTP obf-method works fine.

What is your config in detail (with all sensitive info masked)?

On Server: ss-server -s 0.0.0.0 -p 443 -k pswd -m aes-128-ctr -t 20 -u -A -d 45.124.66.200 --fast-open --obfs tls On Client: ss-local -s server-ip -p 443 -l 1984 -k pswd -m aes-128-ctr -t 20 -u -A --obfs tls

[debiansid]

Maybe you need certificate to make tls work?

[madeye]

Try to remove --fast-open in your server command line.

[madeye]

I tried your command line with the commit 47b3406. Everything works well. Could you double check your command line?

Also if you behind a ss-redir router, tls-obfs may not work for you. A workaround is to bypass your server IP on your router.

[Sherlock-Holo]

client maybe need to use --obfs-host

John notifications@github.com于2016年12月29日周四 10:47写道：

Please answer these questions before submitting your issue. Thanks! What version of shadowsocks-libev are you using?

v2.6.0 for both server and client What operating system are you using?

On Server: Ubuntu 14.04 On Client: Windows 10 + Cygwin What did you do?

Test functionality of obf methods What did you expect to see?

Working TLS obf method What did you see instead?

TLS obf-method does not work. The server gives me this: ERROR: failed to handshake with ... HTTP obf-method works fine. What is your config in detail (with all sensitive info masked)?

On Server: ss-server -s 0.0.0.0 -p 443 -k pswd -m aes-128-ctr -t 20 -u -A -d 45.124.66.200 --fast-open --obfs tls On Client: ss-local -s server-ip -p 443 -l 1984 -k sibs1234 -m aes-128-ctr -t 20 -u -A --obfs tls

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/shadowsocks/shadowsocks-libev/issues/1019, or mute the thread https://github.com/notifications/unsubscribe-auth/AJoPKUtyEVfESdDAopCLMPC3l1z4kXsSks5rMx9YgaJpZM4LXUMl .

[testcaoy7]

I tried the commands below: Server: ss-server -s 0.0.0.0 -p 443 -k pswd -m aes-128-ctr -t 20 -A -d 45.124.66.200 --obfs tls Client: ss-local -s server_ip -p 443 -l 1984 -k pswd -m aes-128-ctr -t 20 -A --obfs tls --obfs-host world.taobao.com

And it's not working. HTTP obf works fine.

Server error: ERROR: failed to handshake with client_ip Client error: ERROR: remote_recv_cb_recv: 远程主机强迫关闭了一个现有的连接。

Could this problem relate to ISP or Cygwin ?

[madeye]

@testcaoy7 Are you using shadowsocks on your router?

[madeye]

@testcaoy7 Any warning message when you build shadowsocks on Cygwin?

[wongsyrone]

Could this related to endianness check in obfs_tls?

[madeye]

@wongsyrone Nope, it looks related to #pragma pack(1). It may have issues on very old cygwin.

[madeye]

Could you try this commit? b47d289

[testcaoy7]

I have tested commit b47d289 and error remains. This problem is related to Cygwin. I have compiled the same code under Ubuntu on Windows and TLS obf works fine.

Also, I don't use router.

[wongsyrone]

How about 60cdaf98df9e57cb37820afbc4b37792cdf08f98

[testcaoy7]

@wongsyrone The problem remains with 60cdaf9.

[bigtan]

@testcaoy7 try to compile with msys2.

[sadoneli]

works fine on ASUS merlin xiaobao firmware ss 3.1.4

[debiansid]

surge on iOS can not work either. Dec 29 11:41:36 virmach /usr/bin/ss-server[29542]: message repeated 8 times: [ failed to handshake with 171.210.35.172] Dec 29 11:41:36 virmach /usr/bin/ss-server[29542]: block all requests from 171.210.35.172

[debiansid]

ignore my input there, I did not update my server side into newest git version. obfs http works for surge

[testcaoy7]

@bigtan I tried and msys2 version of ss-local also has the same problem.

[madeye]

It looks like an issue related to ms_struct https://sourceforge.net/p/mingw-w64/bugs/275

[madeye]

Could you try this 6ecbf8e?

[testcaoy7]

I am sorry and problem remains with commit 6ecbf8e.

[madeye]

Could you post your full building log? Do it with

make V=99

[testcaoy7]

make.txt

The Cygwin building log.

[madeye]

What about 79c722c?

[testcaoy7]

I cannot compile commit 79c722c on Ubuntu Server. System gives me errors. (See attached file) Error.txt

I also compiled this commit under Cygwin and it passed.

I use 79c722c version of ss-local and the problem remains.

PS: The ss-server came from earlier commit because I cannot compile 79c722c under Ubuntu.

[madeye]

Thanks! I'm installing a virtual machine to verify this issue....

[madeye]

I tried the latest version on Cygwin (Babun) + Windows 10. Everything works well.

Could you double check your config? Make sure no typos there. Also, you may try to update your Cygwin first.

[testcaoy7]

@madeye I tried Babun with the latest commit and the problem solved! Thank you for your hard work and patience.

[testcaoy7]

While using TLS obfs, I got a lot of ERROR: getpeername: Transport endpoint is not connected and a lot of connection reset. This appears to be a random phenomenon.

[cokebar]

@madeye I'm using a router with LEDE, and have the similar problem. I use @aa65535 's precompiled ipk. Please refer to https://github.com/shadowsocks/luci-app-shadowsocks/issues/73

---

Maybe I should try your lastest commit first. I'll try to build ipk with the lastest source and let's see if it works fine or not.