🐛failed to dial to edge with quic: INTERNAL_ERROR (local): tls: CurvePreferences includes unsupported curve"
alex9434 opened this issue · comments
Describe the bug
Cloudflared Version 2024.3.0 does not connect with quic only with http2 on OpenWrt
To Reproduce
Steps to reproduce the behavior:
- Build Cloudflared on OpenWrt using the makefile from Github https://github.com/openwrt/packages/blob/master/net/cloudflared/Makefile
- Run service cloudflared start
- See error log
{"level":"info","tunnelID":"*deleted*","time":"2024-04-05T15:16:57Z","message":"Starting tunnel"}
{"level":"info","time":"2024-04-05T15:16:57Z","message":"Version 2024.3.0"}
{"level":"info","time":"2024-04-05T15:16:57Z","message":"GOOS: linux, GOVersion: go1.21.6, GoArch: arm64"}
{"level":"info","time":"2024-04-05T15:16:57Z","message":"Settings: map[config:/etc/cloudflared/config.yml cred-file:/etc/cloudflared/<Tunnel-UUID>.json credentials-file:/etc/cloudflared/<Tunnel-UUID>.json logfile:/var/log/cloudflared.log loglevel:info no-autoupdate:true origincert:/etc/cloudflared/cert.pem token:***** url:http://localhost:8000]"}
{"level":"info","time":"2024-04-05T15:16:57Z","message":"Generated Connector ID: deleted"}
{"level":"info","time":"2024-04-05T15:16:57Z","message":"Initial protocol quic"}
{"level":"info","time":"2024-04-05T15:16:58Z","message":"ICMP proxy will use *deleted* as source for IPv4"}
{"level":"info","time":"2024-04-05T15:16:58Z","message":"ICMP proxy will use *deleted* in zone br-lan as source for IPv6"}
{"level":"warn","error":"Group ID 0 is not between ping group 1 to 0","time":"2024-04-05T15:16:58Z","message":"The user running cloudflared process has a GID (group ID) that is not within ping_group_range. You might need to add that user to a group within that range, or instead update the range to encompass a group the user is already in by modifying /proc/sys/net/ipv4/ping_group_range. Otherwise cloudflared will not be able to ping this network"}
{"level":"warn","error":"cannot create ICMPv4 proxy: Group ID 0 is not between ping group 1 to 0 nor ICMPv6 proxy: socket: permission denied","time":"2024-04-05T15:16:58Z","message":"ICMP proxy feature is disabled"}
{"level":"info","time":"2024-04-05T15:16:58Z","message":"Starting metrics server on 127.0.0.1:44091/metrics"}
{"level":"error","event":0,"ip":"198.41.200.13","connIndex":0,"error":"failed to dial to edge with quic: INTERNAL_ERROR (local): tls: CurvePreferences includes unsupported curve","time":"2024-04-05T15:16:58Z","message":"Failed to create new quic connection"}
{"level":"info","event":0,"ip":"198.41.200.13","connIndex":0,"time":"2024-04-05T15:16:58Z","message":"Retrying connection in up to 2s"}
{"level":"error","event":0,"ip":"198.41.200.33","connIndex":0,"error":"failed to dial to edge with quic: INTERNAL_ERROR (local): tls: CurvePreferences includes unsupported curve","time":"2024-04-05T15:16:58Z","message":"Failed to create new quic connection"}
{"level":"info","event":0,"ip":"198.41.200.33","connIndex":0,"time":"2024-04-05T15:16:58Z","message":"Retrying connection in up to 4s"}
{"level":"error","event":0,"ip":"198.41.200.43","connIndex":0,"error":"failed to dial to edge with quic: INTERNAL_ERROR (local): tls: CurvePreferences includes unsupported curve","time":"2024-04-05T15:17:00Z","message":"Failed to create new quic connection"}
{"level":"info","event":0,"ip":"198.41.200.43","connIndex":0,"time":"2024-04-05T15:17:00Z","message":"Retrying connection in up to 8s"}
{"level":"error","event":0,"ip":"198.41.200.23","connIndex":0,"error":"failed to dial to edge with quic: INTERNAL_ERROR (local): tls: CurvePreferences includes unsupported curve","time":"2024-04-05T15:17:03Z","message":"Failed to create new quic connection"}
{"level":"info","event":0,"ip":"198.41.200.23","connIndex":0,"time":"2024-04-05T15:17:03Z","message":"Retrying connection in up to 16s"}
{"level":"error","event":0,"ip":"198.41.200.43","connIndex":0,"error":"failed to dial to edge with quic: INTERNAL_ERROR (local): tls: CurvePreferences includes unsupported curve","time":"2024-04-05T15:17:03Z","message":"Failed to create new quic connection"}
{"level":"info","event":0,"ip":"198.41.200.43","connIndex":0,"time":"2024-04-05T15:17:03Z","message":"Retrying connection in up to 32s"}
{"level":"error","event":0,"ip":"198.41.200.193","connIndex":0,"error":"failed to dial to edge with quic: INTERNAL_ERROR (local): tls: CurvePreferences includes unsupported curve","time":"2024-04-05T15:17:17Z","message":"Failed to create new quic connection"}
{"level":"info","event":0,"ip":"198.41.200.193","connIndex":0,"time":"2024-04-05T15:17:17Z","message":"Retrying connection in up to 1m4s"}
{"level":"error","event":0,"ip":"198.41.200.13","connIndex":0,"error":"failed to dial to edge with quic: INTERNAL_ERROR (local): tls: CurvePreferences includes unsupported curve","time":"2024-04-05T15:17:27Z","message":"Failed to create new quic connection"}
{"level":"info","event":0,"ip":"198.41.200.13","connIndex":0,"time":"2024-04-05T15:17:27Z","message":"Retrying connection in up to 1m4s"}
{"level":"error","event":0,"ip":"198.41.192.57","connIndex":0,"error":"failed to dial to edge with quic: INTERNAL_ERROR (local): tls: CurvePreferences includes unsupported curve","time":"2024-04-05T15:17:59Z","message":"Failed to create new quic connection"}
{"level":"info","event":0,"ip":"198.41.192.57","connIndex":0,"time":"2024-04-05T15:17:59Z","message":"Retrying connection in up to 1m4s"}
{"level":"error","event":0,"ip":"198.41.192.107","connIndex":0,"error":"failed to dial to edge with quic: INTERNAL_ERROR (local): tls: CurvePreferences includes unsupported curve","time":"2024-04-05T15:18:28Z","message":"Failed to create new quic connection"}
{"level":"info","event":0,"ip":"198.41.192.107","connIndex":0,"time":"2024-04-05T15:18:28Z","message":"Retrying connection in up to 1m4s"}
{"level":"info","event":0,"ip":"198.41.192.107","connIndex":0,"time":"2024-04-05T15:18:54Z","message":"Switching to fallback protocol http2"}
{"level":"info","event":0,"connection":"91edb2ac-5c20-4b0e-855a-023ab41f2a57","connIndex":0,"location":"ham01","ip":"198.41.192.67","protocol":"http2","time":"2024-04-05T15:18:55Z","message":"Registered tunnel connection"}
{"level":"info","event":0,"connection":"7b87644a-6f63-4776-b240-002be7e7e629","connIndex":1,"location":"ams01","ip":"198.41.200.233","protocol":"http2","time":"2024-04-05T15:18:55Z","message":"Registered tunnel connection"}
{"level":"info","event":0,"connection":"a9aec0e3-0373-4538-b4fb-2f13d29ae78a","connIndex":2,"location":"ham01","ip":"198.41.192.227","protocol":"http2","time":"2024-04-05T15:18:56Z","message":"Registered tunnel connection"}
{"level":"info","event":0,"connection":"47d3d61b-201b-4cb4-a140-b8ab39acf35b","connIndex":3,"location":"ams06","ip":"198.41.200.43","protocol":"http2","time":"2024-04-05T15:18:57Z","message":"Registered tunnel connection"}
{"level":"info","version":11,"config":"{\"ingress\":[{\"hostname\":\"*deleted*\", \"originRequest\":{}, \"service\":\"http://localhost:80\"}, {\"hostname\":\"*deleted*\", \"originRequest\":{}, \"service\":\"ssh://localhost:22\"}, {\"service\":\"http_status:404\"}], \"warp-routing\":{\"enabled\":false}}","time":"2024-04-05T15:18:58Z","message":"Updated to new configuration"}
Environment and versions
- OS: OpenWrt Snapshot
- Architecture: ARM64 (Raspberry Pi 4B)
- Version: 2024.3.0
Logs and errors
see above
This seems to be similar to #1158. However it is the new version 2024.3.0. Does this mean there is also an error with the build dependencies?
Cloudflared needs to be built with cloudflare go toolchain due to the post-quantum cryptography. From what you are sharing it seems to me you didn't compile it with the right go-toolchain. Try to use the make install command in the latest version, it should generate the proper binary.