search

shadowsocks / shadowsocks-libev

Bug-fix-only libev port of shadowsocks. Future development moved to shadowsocks-rust
https://github.com/shadowsocks/shadowsocks-rust
GNU General Public License v3.0
15.81k stars 5.69k forks source link

redir mode error: NET::ERR_CERT_COMMON_NAME_INVALID #2435

Closed lkebin closed 5 years ago

lkebin commented 5 years ago

What version of shadowsocks-libev are you using?

3.2.5

What operating system are you using?

Linux home 2.6.36.4brcmarm #1 SMP PREEMPT Sat Dec 8 13:25:47 EST 2018 armv7l ASUSWRT-Merlin

What did you do?

Just run ss-redir -c shadowsocks.json, and do the iptables rules refer to Transparent proxy

What did you expect to see?

Normally access website from LAN clients.

What did you see instead?

I can access some other website, and they are show me the IP from my shadowsocks server. But when I access google.com, I got NET::ERR_CERT_COMMON_NAME_INVALID. The SSL certificate so strange: WechatIMG1752

What is your config in detail (with all sensitive info masked)?

{
    "server":"*****",
    "server_port":443,
    "local_port":12345,
    "local_address":"0.0.0.0",
    "timeout":600,
    "password":"*****",
    "method":"aes-128-cfb"
}
madeye commented 5 years ago

Solve your DNS pollution first.

lkebin commented 5 years ago

Yes, when I using DNS over TLS, the problem disappeared

Thanks!