search

snail007 / goproxy

🔥 Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port forwarding, SSH forwarding.Proxy是golang实现的高性能http,https,websocket,tcp,socks5代理服务器,支持内网穿透,链式代理,通讯加密,智能HTTP,SOCKS5代理,黑白名单,限速,限流量,限连接数,跨平台,KCP支持,认证API。
https://snail007.host900.com/goproxy/manual/zh/
GNU General Public License v3.0
15.86k stars 3.02k forks source link

tbridge and tclient handshake fail #511

Open liyiwu opened 2 years ago

liyiwu commented 2 years ago

tbridge and tclient handshake fail. bridge is running on aliyun ECS. client is runing on home pc that behind of huawei 4G moblie router.

Expected Behavior

Current Behavior

Possible Solution

Steps to Reproduce

1. 1. 1. 1.

Context (Environment)

  1. proxy version is : free_12.3
  2. full command is : proxy tbridge -p :11080 -C /etc/proxy/proxy.crt -K /etc/proxy/proxy.key --forever proxy tclient -P a.a.a.a :11080 -C /etc/proxy/proxy.crt -K /etc/proxy/proxy.key --forever (a.a.a.a is public ip of ECS )
  3. system is : debian 11
  4. full log is: server : (b.b.b.b is local ip of ECS. ) INFO forever /usr/bin/proxy [PID] 1931091 running... INFO worker /usr/bin/proxy [PID] 1931098 running... INFO proxy on tunnel bridge mode [::]:11080 WARN tls handshake fail from 112.96.225.123:32296, write tcp b.b.b.b:11080->112.96.225.123:32296: write: connection reset by peer WARN attacking access 112.96.225.123:32296 <--> b.b.b.b:11080 WARN tls handshake fail from 112.96.225.123:32297, read tcp b.b.b.b:11080->112.96.225.123:32297: read: connection reset by peer WARN attacking access 112.96.225.123:32297 <--> b.b.b.b:11080 WARN tls handshake fail from 112.96.225.123:32298, read tcp b.b.b.b:11080->112.96.225.123:32298: read: connection reset by peer WARN attacking access 112.96.225.123:32298 <--> b.b.b.b:11080 WARN tls handshake fail from 112.96.225.123:60764, read tcp b.b.b.b:11080->112.96.225.123:60764: read: connection reset by peer WARN attacking access 112.96.225.123:60764 <--> b.b.b.b:11080 INFO server connection, key: default , id: 81e3cb030533b80badbab1d8adaa71cf9a87d81d tcp:127.0.0.1:443 e1f4db72e51960715f2324d3da5ac0e72ec4471f WARN client default control conn not exists WARN tls handshake fail from 112.96.225.123:60765, write tcp b.b.b.b:11080->112.96.225.123:60765: write: connection reset by peer WARN attacking access 112.96.225.123:60765 <--> b.b.b.b:11080 WARN client default control conn not exists

client: (c.c.c.c is local ip of home pc) NFO forever /usr/bin/proxy [PID] 63507 running... INFO worker /usr/bin/proxy [PID] 63516 running... INFO use tls parent a.a.a.a:11080 INFO proxy on tunnel client mode WARN control connection err: connection err: read tcp c.c.c.c:58496->a.a.a.a:11080: read: connection reset by peer, retrying... WARN control connection err: connection err: read tcp c.c.c.c:41298->a.a.a.a:11080: read: connection reset by peer, retrying... WARN control connection err: connection err: read tcp c.c.c.c:41308->a.a.a.a:11080: read: connection reset by peer, retrying... WARN control connection err: connection err: read tcp c.c.c.c:41324->a.a.a.a:11080: read: connection reset by peer, retrying...

Detailed Description

Possible Implementation

liyiwu commented 2 years ago

112.96.225.123 is NOT the wan ip of router

snail007 commented 2 years ago

it's aliyun issue, it resets the tls connection which is not in it's whitelist.

liyiwu commented 2 years ago

I think it may be the reason for ipv6. The proxy tbridge and server only listen ipv6 address. How can I make proxy listen ipv4?

tcp6 0 0 :::11080 :::* LISTEN 1000/proxy

liyiwu commented 2 years ago

tbridge log

WARN attacking access 112.96.225.123:27300 <--> 172.16.3.127:11080 WARN tls handshake fail from 112.96.225.123:27300, read tcp 172.16.3.127:11080->112.96.225.123:27300: read: connection reset by peer