ERROR: getpeername: Socket not connected，只有部分https正常使用

[mailshuxin]

What version of shadowsocks-libev are you using?

shadowsocks-libev-ss-server 3.1.3-2

What operating system are you using?

OpenWrt 18.06.1

What did you do?

使用ss-server安装在国外路由器上

What did you expect to see?

访问https网站

What did you see instead?

路由器ss-server日志错误，提示 ERROR: getpeername: Socket not connected

但是相当一部分的https网站可以正常使用，只有一部分提示错误

ERR_SSL_PROTOCOL_ERROR

What is your config in detail (with all sensitive info masked)?

{ "server":"0.0.0.0", "server_port":10001, "local_address": "0.0.0.0", "local_port":1081, "password":"***", "timeout":300, "method":"rc4-md5" }

[madeye]

Make sure you have setup DNS forwarding correctly.

[mailshuxin]

Make sure you have setup DNS forwarding correctly.

I don's set the DNS forwarding I am currently in the United States, so there is no problem with the resolution of dns, http access is normal, only part of https can not be accessed, prompt ERR_CONNECTION_CLOSED, and the ss-server log is "getpeername: Socket not connected" It is like ssl break.

[madeye]

"getpeername: Socket not connected" means the IP cannot be reached by your server.

Enable verbose log on your server to identify the IP that cannot be reached. Typically they would be LAN IPs that be forwarded to the server by mistake.

[mailshuxin]

2018-11-18 18:17:00 INFO: accept a connection 2018-11-18 18:17:00 INFO: connect to www..com:27904 2018-11-18 18:17:00 INFO: found address name v4 address www..com 2018-11-18 18:17:00 INFO: failed to lookup v6 address DNS server returned answer with no data 2018-11-18 18:17:00 INFO: successfully resolved www.****.com 2018-11-18 18:17:00 ERROR: getpeername: Socket not connected 2018-11-18 18:17:00 INFO: current remote connection: 8 2018-11-18 18:17:00 INFO: current server connection: 9 This is the error log, very weird problem

[madeye]

You tried to visit www.****.com:27904, and that IP and port cannot be connected from your server.

So, it has nothing to do with HTTPS.

[oakaigh]

@mailshuxin I suggest you run the following command on your server machine to confirm this issue:

curl -s -o /dev/null -w "%{http_code}" <domain>:<port>

or straightforwardly

curl <domain>:<port>

27904, this is not a common HTTP port. What service are you using then? Unmasking those domains may help if you will.

[mailshuxin]

CMD: curl www..com:27904 Result: curl: (7) Failed to connect to www..com port 27904: Connection refused

CMD: curl -s -o /dev/null -w "%{http_code}" www.***.com:27904 Result: 000

The drymt is my own website, and hostloc is the same problem. I use nginx reverse proxy on my server. When is change to another router (OS:PandoraBox) and it's normal, so i think my web server is fine. I use openwrt 18.06.1, this looks a bit like the ssl certificate is not working properly.

[madeye]

According to the output, you cannot access www.***.com:27904 from your server.

[oakaigh]

@mailshuxin and use netstat -l on your web server www.*.com to check if it is still listening on port 27904 for incoming** connections .

[mailshuxin]

Think you very much for your help, you are so generous. I don's know if it's a compatibility issue with ssl certificates. Some websites, such as google ,who.is and wikipedia are normal. Some websites, such as github, netflix can't be used. I changed to another router and it's work fine.