SOCKS5: "EFATAL: Error: socket hang up"

[FabrizioRomanoGenovese]

As the title says, telegrambot is not able to connect to my bot in polling mode using a SOCKS5 proxy. The error I get is:

"EFATAL: Error: socket hang up" 
"Unknown error. Trying again."

I am using the following SOCKS5 proxy, which is installed on a raspberry pi: https://github.com/serjs/socks5-server

The proxy is reachable from node-red. Giving

curl -x socks5://user:pass@address:port https://web.telegram.org

returns the expected output. I have tried different SOCKS5 proxies on my raspberry and the outcome is always the same: They work with CURL, but telegrambot cannot seem to connect to them.

Any help is appreciated! Fab

[windkh]

Have you tried socks5 support with a public server which is available in the internet?

[FabrizioRomanoGenovese]

No. Do you have any reference I can try?

[windkh]

You can google it: socks5 proxy free

[FabrizioRomanoGenovese]

Ok, I used this one: 135.181.218.111:10013, I tested that it works using curl, and I can confirm I get the same error on telegrambot.

[windkh]

I get the same error however this was implemented long time ago and I remember that testing the implementation was not done by me but someone else see https://github.com/windkh/node-red-contrib-telegrambot/issues/43

BTW what user name and password did you use for 135.181.218.111:10013.

[windkh]

And after thinking a little bit longer... maybe it only works together with https see https://github.com/mattcg/socks5-https-client

[FabrizioRomanoGenovese]

Oh. This may be a problem for many people that do not associate a domain to their server, as a domain is needed for generating the HTTPS certificates...

[windkh]

You can also work with self signed certificates as described in the webhook documentation. Maybe socks5 was tested with webhook and https but never with pure polling mode. I guess it is time to investigate this further and write a proper documentation...

[FabrizioRomanoGenovese]

After further checking I don't think this is the problem. As I said above, I try to see if the proxy works by giving:

curl -x socks5://user:pass@address:port https://web.telegram.org

And I receive a positive response. The proxy can deal with HTTPS requests fine.

[windkh]

You are right, I tried to replace socks5-https-client with socks5-http-client and failed completely.

I will install your https://github.com/serjs/socks5-server to be able to find out what is going on...

[windkh]

Ok I did some testing by installing https://github.com/serjs/socks5-server into a docker container. The socks5 proxy is available under 192.168.178.200:1080 however the response the socks5 server gives me returns the IP address inside the container which is 10.0.3.6

So connection to the socks5 was established, at least from the data in the reply. After that the real request is issued.... which fails. I will keep on debugging through the request code

[windkh]

[FabrizioRomanoGenovese]

Given that curl works, may it be a problem with the node module telegrambot is using to handle socks5 proxies?

[windkh]

I think it is a problem in the underlying socks-client maybe the same like https://github.com/nodejs/node/issues/37510

@FabrizioRomanoGenovese What node version do you have?

[FabrizioRomanoGenovese]

node-red should be using 14.18.2.

[windkh]

no I do not mean node-red, but nodejs

[FabrizioRomanoGenovese]

Yeah, sorry I was being ambiguous. What I mean is that the nodejs version whose node-red is a module is 14.18.2 (that is, calling the command in the screenshot gives the reply I wrote above :) )

[windkh]

Maybe I will try to integrate https://www.npmjs.com/package/socks-proxy-agent but that does not support the deprecated request library out of the box....

[FabrizioRomanoGenovese]

Unfortunately not being a javascript programmer myself (aside of the basics) I can help very little. But I am more than happy to so some testing!

[windkh]

I will sleep a night over it and gather my thoughts ... maybe I will have an idea... stay tuned

[windkh]

please test version 11.2.0

[windkh]

solution: migrate to https://www.npmjs.com/package/socks-proxy-agent

[FabrizioRomanoGenovese]

I confirm it now works! Thanks!

[FabrizioRomanoGenovese]

Just a final question: Which ports does this package use? Because I am using 1080 as socks5 port and I have it open on the firewall, but as soon as I turn my firewall on the communication with telegram is broken. I checked already that curl -x socks5://user:pass@address:1080 https://web.telegram.org works also behind firewall, so I don't understand what's happening...

[windkh]

Hm … between node-red and the socks server 1080 is relevant, nothing else. The socks server will issue a https POST to api.telegram.org 443. So only outgoing traffic as long as polling is used.

[FabrizioRomanoGenovese]

That's strange... In any case this seems to shed some light also on #97. As soon as the link between node-red and the proxy was down for more than a few minutes (essentially as long as I kept the firewall on), it broke forever. I had to restart nodered to resume polling, and when I did a ton of messages came through telegram all at once, like they piled up or something!

[FabrizioRomanoGenovese]

At this point I suspect that issue #97 materializes as soon as the link between proxy and nodered is kept broken long enough!

[windkh]

Interessting… this seems to provide the chance to debug the problem. Where did you activate the firewall? In your router between the socks server and the internet?

[FabrizioRomanoGenovese]

No. So my setup is like this: I have LAN1 that is where I do the usual stuff, and LAN2 where all my domotic appliances live. Those are controlled by nodered and totally firewalled for obvious reasons by the router managing both LAN1 and 2. To be able to issue commands via telegram, I have a proxy server on LAN1. So I have two firewall rules:

nodered -> proxy allow from any port to 1080 proxy -> nodered allow from 1080 to any port

(I wasn't including the second rule before which is why communication was failing. The SOCKS5 server wasn't able to reply to nodered on the port from which communicaton originated.) This allows nodered to poll from the SOCKS5 server in a reasonably secure way for my situation!

[FabrizioRomanoGenovese]

To reproduce the problem, set up SOCKS5 on telegrambot, maybe using a public SOCKS5 service, on a fixed port. Then try to set up a rule in your firewall that blocks node-red from accessing WAN through that port and check that polling doesn't work. Keep it on for a few minutes and then deactivate the rule. You should be able to reproduce the error, polling won't restart until you restart nodered.