tbridge and tclient handshake fail
liyiwu opened this issue · comments
tbridge and tclient handshake fail. bridge is running on aliyun ECS. client is runing on home pc that behind of huawei 4G moblie router.
Expected Behavior
Current Behavior
Possible Solution
Steps to Reproduce
Context (Environment)
- proxy version is : free_12.3
- full command is :
proxy tbridge -p :11080 -C /etc/proxy/proxy.crt -K /etc/proxy/proxy.key --forever
proxy tclient -P a.a.a.a :11080 -C /etc/proxy/proxy.crt -K /etc/proxy/proxy.key --forever
(a.a.a.a is public ip of ECS ) - system is : debian 11
- full log is:
server : (b.b.b.b is local ip of ECS. )
INFO forever /usr/bin/proxy [PID] 1931091 running...
INFO worker /usr/bin/proxy [PID] 1931098 running...
INFO proxy on tunnel bridge mode [::]:11080
WARN tls handshake fail from 112.96.225.123:32296, write tcp b.b.b.b:11080->112.96.225.123:32296: write: connection reset by peer
WARN attacking access 112.96.225.123:32296 <--> b.b.b.b:11080
WARN tls handshake fail from 112.96.225.123:32297, read tcp b.b.b.b:11080->112.96.225.123:32297: read: connection reset by peer
WARN attacking access 112.96.225.123:32297 <--> b.b.b.b:11080
WARN tls handshake fail from 112.96.225.123:32298, read tcp b.b.b.b:11080->112.96.225.123:32298: read: connection reset by peer
WARN attacking access 112.96.225.123:32298 <--> b.b.b.b:11080
WARN tls handshake fail from 112.96.225.123:60764, read tcp b.b.b.b:11080->112.96.225.123:60764: read: connection reset by peer
WARN attacking access 112.96.225.123:60764 <--> b.b.b.b:11080
INFO server connection, key: default , id: 81e3cb030533b80badbab1d8adaa71cf9a87d81d tcp:127.0.0.1:443 e1f4db72e51960715f2324d3da5ac0e72ec4471f
WARN client default control conn not exists
WARN tls handshake fail from 112.96.225.123:60765, write tcp b.b.b.b:11080->112.96.225.123:60765: write: connection reset by peer
WARN attacking access 112.96.225.123:60765 <--> b.b.b.b:11080
WARN client default control conn not exists
client: (c.c.c.c is local ip of home pc)
NFO forever /usr/bin/proxy [PID] 63507 running...
INFO worker /usr/bin/proxy [PID] 63516 running...
INFO use tls parent a.a.a.a:11080
INFO proxy on tunnel client mode
WARN control connection err: connection err: read tcp c.c.c.c:58496->a.a.a.a:11080: read: connection reset by peer, retrying...
WARN control connection err: connection err: read tcp c.c.c.c:41298->a.a.a.a:11080: read: connection reset by peer, retrying...
WARN control connection err: connection err: read tcp c.c.c.c:41308->a.a.a.a:11080: read: connection reset by peer, retrying...
WARN control connection err: connection err: read tcp c.c.c.c:41324->a.a.a.a:11080: read: connection reset by peer, retrying...
Detailed Description
Possible Implementation
112.96.225.123 is NOT the wan ip of router
it's aliyun issue, it resets the tls connection which is not in it's whitelist.
I think it may be the reason for ipv6.
The proxy tbridge and server only listen ipv6 address. How can I make proxy listen ipv4?
tcp6 0 0 :::11080 :::* LISTEN 1000/proxy
tbridge log
WARN attacking access 112.96.225.123:27300 <--> 172.16.3.127:11080
WARN tls handshake fail from 112.96.225.123:27300, read tcp 172.16.3.127:11080->112.96.225.123:27300: read: connection reset by peer