Bug: Shadowsocks: reading target address: unexpected EOF
blixten85 opened this issue Β· comments
Is this urgent?
Somewhat urgent
Host OS
LibreELEC (official): 12.0.0
CPU arch
aarch64
VPN service provider
Custom
What are you using to run the container
docker run
What is the version of Gluetun
Running version latest built on 2024-05-18T18:08:57.405Z (commit 4218dba)
What's the problem π€
Shadowsocks does not work for any client, i have tried qbittorrent, mIRC, TheLounge (web irc client) and some windows socks client i have downloaded from this page https://shadowsocks.org/doc/getting-started.html#getting-started
All i am getting in respons is 2024-06-06T15:52:19+02:00 ERROR [shadowsocks] connection from 172.18.0.1:54862: reading target address: unexpected EOF
The HTTPPROXY works very well though.
Share your logs (at least 10 lines)
2024-06-06T15:51:30+02:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.3 and family v4
2024-06-06T15:51:30+02:00 INFO [routing] local ethernet link found: eth0
2024-06-06T15:51:30+02:00 INFO [routing] local ipnet found: 172.18.0.0/16
2024-06-06T15:51:30+02:00 INFO [firewall] enabling...
2024-06-06T15:51:30+02:00 INFO [firewall] enabled successfully
2024-06-06T15:51:31+02:00 INFO [storage] merging by most recent 19425 hardcoded servers and 19425 servers read from /gluetun/servers.json
2024-06-06T15:51:31+02:00 INFO Alpine version: 3.19.1
2024-06-06T15:51:31+02:00 INFO OpenVPN 2.5 version: 2.5.8
2024-06-06T15:51:31+02:00 INFO OpenVPN 2.6 version: 2.6.8
2024-06-06T15:51:31+02:00 INFO Unbound version: 1.20.0
2024-06-06T15:51:31+02:00 INFO IPtables version: v1.8.10
2024-06-06T15:51:31+02:00 INFO Settings summary:
βββ VPN settings:
| βββ VPN provider settings:
| | βββ Name: custom
| | βββ Server selection settings:
| | βββ VPN type: wireguard
| | βββ Target IP address: 98.128.186.98
| | βββ Wireguard selection settings:
| | βββ Endpoint IP address: 98.128.186.98
| | βββ Endpoint port: 48575
| | βββ Server public key: 5QZl+0+C8oyx/pHYGsNks01dZQbigPFdDeWC6xyD6Bg=
| βββ Wireguard settings:
| βββ Private key: WP+...W4=
| βββ Interface addresses:
| | βββ 10.0.209.89/24
| βββ Allowed IPs:
| | βββ 0.0.0.0/0
| | βββ ::/0
| βββ Persistent keepalive interval: 25s
| βββ Network interface: tun0
| βββ MTU: 1400
βββ DNS settings:
| βββ Keep existing nameserver(s): no
| βββ DNS server address to use: 127.0.0.1
| βββ DNS over TLS settings:
| βββ Enabled: yes
| βββ Update period: every 1h0m0s
| βββ Unbound settings:
| | βββ Authoritative servers:
| | | βββ cloudflare
| | βββ Caching: yes
| | βββ IPv6: no
| | βββ Verbosity level: 1
| | βββ Verbosity details level: 0
| | βββ Validation log level: 0
| | βββ System user: root
| | βββ Allowed networks:
| | βββ 0.0.0.0/0
| | βββ ::/0
| βββ DNS filtering settings:
| βββ Block malicious: yes
| βββ Block ads: yes
| βββ Block surveillance: yes
| βββ Blocked IP networks:
| βββ 127.0.0.1/8
| βββ 10.0.0.0/8
| βββ 172.16.0.0/12
| βββ 192.168.0.0/16
| βββ 169.254.0.0/16
| βββ ::1/128
| βββ fc00::/7
| βββ fe80::/10
| βββ ::ffff:127.0.0.1/104
| βββ ::ffff:10.0.0.0/104
| βββ ::ffff:169.254.0.0/112
| βββ ::ffff:172.16.0.0/108
| βββ ::ffff:192.168.0.0/112
βββ Firewall settings:
| βββ Enabled: yes
| βββ Outbound subnets:
| βββ 192.168.50.0/24
| βββ 192.168.100.0/24
| βββ 172.18.0.0/24
βββ Log settings:
| βββ Log level: info
βββ Health settings:
| βββ Server listening address: 127.0.0.1:9999
| βββ Target address: cloudflare.com:443
| βββ Duration to wait after success: 5s
| βββ Read header timeout: 100ms
| βββ Read timeout: 500ms
| βββ VPN wait durations:
| βββ Initial duration: 6s
| βββ Additional duration: 5s
βββ Shadowsocks server settings:
| βββ Enabled: yes
| βββ Listening address: :8388
| βββ Cipher: chacha20-ietf-poly1305
| βββ Password: [set]
| βββ Log addresses: no
βββ HTTP proxy settings:
| βββ Enabled: yes
| βββ Listening address: :8888
| βββ User:
| βββ Password: [not set]
| βββ Stealth mode: yes
| βββ Log: no
| βββ Read header timeout: 1s
| βββ Read timeout: 3s
βββ Control server settings:
| βββ Listening address: :8000
| βββ Logging: yes
βββ OS Alpine settings:
| βββ Process UID: 1000
| βββ Process GID: 1000
| βββ Timezone: Europe/Stockholm
βββ Public IP settings:
| βββ Fetching: every 12h0m0s
| βββ IP file path: /tmp/gluetun/ip
| βββ Public IP data API: ipinfo
βββ Version settings:
βββ Enabled: yes
2024-06-06T15:51:31+02:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.3 and family v4
2024-06-06T15:51:31+02:00 INFO [routing] adding route for 0.0.0.0/0
2024-06-06T15:51:31+02:00 INFO [firewall] setting allowed subnets...
2024-06-06T15:51:31+02:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.3 and family v4
2024-06-06T15:51:31+02:00 INFO [routing] adding route for 192.168.50.0/24
2024-06-06T15:51:31+02:00 INFO [routing] adding route for 192.168.100.0/24
2024-06-06T15:51:31+02:00 INFO [routing] adding route for 172.18.0.0/24
2024-06-06T15:51:31+02:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-06-06T15:51:31+02:00 INFO [http server] http server listening on [::]:8000
2024-06-06T15:51:31+02:00 INFO [http proxy] listening on :8888
2024-06-06T15:51:31+02:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-06-06T15:51:31+02:00 INFO [firewall] allowing VPN connection...
2024-06-06T15:51:31+02:00 INFO [shadowsocks] listening UDP on [::]:8388
2024-06-06T15:51:31+02:00 INFO [shadowsocks] listening TCP on [::]:8388
2024-06-06T15:51:31+02:00 INFO [wireguard] Using available kernelspace implementation
2024-06-06T15:51:31+02:00 INFO [wireguard] Connecting to 98.128.186.98:48575
2024-06-06T15:51:31+02:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-06-06T15:51:31+02:00 INFO [healthcheck] healthy!
2024-06-06T15:51:31+02:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-06-06T15:51:32+02:00 INFO [dns] downloading hostnames and IP block lists
2024-06-06T15:51:44+02:00 INFO [dns] init module 0: validator
2024-06-06T15:51:44+02:00 INFO [dns] init module 1: iterator
2024-06-06T15:51:44+02:00 INFO [dns] start of service (unbound 1.20.0).
2024-06-06T15:51:44+02:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-06-06T15:51:44+02:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-06-06T15:51:44+02:00 INFO [dns] ready
2024-06-06T15:51:44+02:00 INFO [healthcheck] healthy!
2024-06-06T15:51:44+02:00 INFO [ip getter] Public IP address is 98.128.186.98 (Sweden, Stockholm, Stockholm)
2024-06-06T15:51:44+02:00 INFO [vpn] You are running on the bleeding edge of latest!
2024-06-06T15:52:19+02:00 ERROR [shadowsocks] connection from 172.18.0.1:54862: reading target address: unexpected EOF
2024-06-06T15:52:19+02:00 ERROR [shadowsocks] connection from 172.18.0.1:54744: reading target address: unexpected EOF
2024-06-06T15:52:19+02:00 ERROR [shadowsocks] connection from 172.18.0.1:54842: reading target address: unexpected EOF
2024-06-06T15:52:19+02:00 ERROR [shadowsocks] connection from 172.18.0.1:54910: reading target address: unexpected EOF
2024-06-06T15:52:19+02:00 ERROR [shadowsocks] connection from 172.18.0.1:54700: reading target address: unexpected EOF
Share your configuration
docker run -d \
--name=gluetun \
--network=lsio \
--sysctl net.ipv6.conf.all.disable_ipv6=1 \
--cap-add=NET_ADMIN \
--device=/dev/net/tun:/dev/net/tun \
-p 8888:8888/tcp \
-p 8388:8388/tcp \
-p 8388:8388/udp \
-v /storage/.config/dockers/gluetun/config:/gluetun \
-v /storage/.config/dockers/gluetun/config/wireguard/wg0.conf:/gluetun/wireguard/wg0.conf:ro \
-e HTTPPROXY=on \
-e HTTPPROXY_LISTENING_ADDRESS=:8888 \
-e HTTPPROXY_STEALTH=on \
-e SHADOWSOCKS=on \
-e SHADOWSOCKS_LISTENING_ADDRESS=:8388 \
-e SHADOWSOCKS_PASSWORD=password \
-e SHADOWSOCKS_LOG=off \
-e DOT_IPV6=false \
-e DOT=on \
-e BLOCK_MALICIOUS=on \
-e BLOCK_SURVEILLANCE=on \
-e BLOCK_ADS=on \
-e VPN_SERVICE_PROVIDER=custom \
-e VPN_TYPE=wireguard \
-e FIREWALL_OUTBOUND_SUBNETS=192.168.50.0/24,192.168.100.0/24,172.18.0.0/24 \
-e WIREGUARD_PERSISTENT_KEEPALIVE_INTERVAL=25s \
-e TZ=Europe/Stockholm \
-e DNS_UPDATE_PERIOD=1h \
--restart unless-stopped \
qmcgaw/gluetun
@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:
- do not ask for updates, be patient
- π the issue to show your support instead of commenting
@qdm12 usually checks issues at least once a week, if this is a new urgent bug,
revert to an older tagged container image
Shadowsocks does not work for any client, i have tried qbittorrent, mIRC, TheLounge (web irc client) and some windows socks client i have downloaded from this page https://shadowsocks.org/doc/getting-started.html#getting-started
Shadowsocks is NOT a SOCKS protocol, it's a custom encrypted protocol based on SOCKS5. So socks(5) clients won't work with it. I use https://github.com/shadowsocks/shadowsocks-windows successfully, do you get errors with it??
Shadowsocks does not work for any client, i have tried qbittorrent, mIRC, TheLounge (web irc client) and some windows socks client i have downloaded from this page https://shadowsocks.org/doc/getting-started.html#getting-started
Shadowsocks is NOT a SOCKS protocol, it's a custom encrypted protocol based on SOCKS5. So socks(5) clients won't work with it. I use https://github.com/shadowsocks/shadowsocks-windows successfully, do you get errors with it??
Well, with that program i did manage to get some packages through, for my webbrowser, and for qbittorrent im getting a ton of these.
gluetun | 2024-06-13T13:26:05.035384521Z 2024-06-13T15:26:05+02:00 ERROR [shadowsocks] connection from 192.168.1.126:54218: reading target address: EOF
I have setup my ip and port in the server config in that windows shadowsocks program, and i am connecting to my windows computer on the standard 1080 port.
The http proxy works. But i wouldnt cry if this socks was some proper socks server that i could connect my torrent client directly to, or irc client.
for qbittorrent im getting a ton of these.
Yes because you configure it to talk to the shadowsocks servers (not a socks5 server) using the socks5 protocol, I don't think qbittorrent is aware of the shadowsocks protocol, that's why reading target address: EOF
But i wouldnt cry if this socks was some proper socks server that i could connect my torrent client directly to, or irc client.
Of course, what you can do for now is plug another container through Gluetun running a socks5 server. I have a local branch with an almost-finished socks5 server built-in Gluetun, but still work in progress. Subscribe to #234 for this π
for qbittorrent im getting a ton of these.
Yes because you configure it to talk to the shadowsocks servers (not a socks5 server) using the socks5 protocol, I don't think qbittorrent is aware of the shadowsocks protocol, that's why
reading target address: EOF
But i wouldnt cry if this socks was some proper socks server that i could connect my torrent client directly to, or irc client.
Of course, what you can do for now is plug another container through Gluetun running a socks5 server. I have a local branch with an almost-finished socks5 server built-in Gluetun, but still work in progress. Subscribe to #234 for this π
Aha ok! Nice!
You are the man π
Aha ok! Nice!
You are the man π
Thanks! π
Closing this issue, but feel free to subscribe to issue #234
Closed issues are NOT monitored, so commenting here is likely to be not seen.
If you think this is still unresolved and have more information to bring, please create another issue.
This is an automated comment setup because @qdm12 is the sole maintainer of this project
which became too popular to monitor issues closed.