SSLH Exposing port to TCP rather than UDP
bpyle02 opened this issue · comments
I am running a Minecraft Bedrock server on my home server on UDP port 19132. Because I want to add a little security to my home network, I have decided to use a cloud computer from Oracle as a kind of reverse proxy in an effort to hide my IP. So basically I want my domain to route to the IP of the cloud server running SSLH which then forwards the traffic to my home network which then forwards the traffic to my home server.
The issue I am having is when I try to set up the SSLH config to use UDP rather than TCP, it exposes the port from TCP anyway.
Here is the output of ss -tulpn:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 *:68 *:*
udp UNCONN 0 0 *:111 *:*
udp UNCONN 0 0 *:707 *:*
udp UNCONN 0 0 127.0.0.1:323 *:*
udp UNCONN 0 0 [::]:111 [::]:*
udp UNCONN 0 0 [::]:707 [::]:*
udp UNCONN 0 0 [::1]:323 [::]:*
tcp LISTEN 0 128 *:22 *:*
tcp LISTEN 0 100 127.0.0.1:25 *:*
tcp LISTEN 0 50 *:19132 *:*
tcp LISTEN 0 128 *:111 *:*
tcp LISTEN 0 128 [::]:22 [::]:*
tcp LISTEN 0 100 [::1]:25 [::]:*
tcp LISTEN 0 128 [::]:111 [::]:*
You can see here that it is listening to port 19132 on tcp, not udp.
Here is the `/etc/sslh.cfg' file:
# This is a basic configuration file that should provide
# sensible values for "standard" setup.
verbose: false;
foreground: true;
inetd: false;
numeric: false;
transparent: false;
timeout: 2;
user: "sslh";
# Change hostname with your external address name.
listen:
(
{ host: "0.0.0.0"; is_udp: true; port: "19132"; }
);
protocols:
(
{ name: "anyprot"; is_udp: true; host: "96.253.106.22"; port: "60001"; }
);
I have looked at a number of examples of how to set up udp on sslh and tried to follow them as best as I can, but still no luck. If anyone has any ideas of how to fix this, please let me know. Thanks!
I'd rather setup Wireguard on VPS and on Minecraft server directly.
I'd rather setup Wireguard on VPS and on Minecraft server directly.
This is a possible alternative, but doesn't answer my question. If my original idea of using SSLH doesn't work, maybe I will consider it.
What was the reason sslh was needed for Minecraft anyway?
/ps: one issue with Wireguard is that you can't do IP filtering as your Minecraft will only see "vps ip" when connecting.
What was the reason sslh was needed for Minecraft anyway?
/ps: one issue with Wireguard is that you can't do IP filtering as your Minecraft will only see "vps ip" when connecting.
I explained in my post, but I basically want to use it to route traffic connecting to my domain from the VPS to my home server so that when people connect to my Minecraft server they don't see my home IP address.
This issue with the players all having the same IP when using a VPN is one of the reasons I chose not to go that route.
You'll need transparent proxying for sslh anyway, to see IPs, right? Does that work fine for you?
You'll need transparent proxying for sslh anyway, to see IPs, right? Does that work fine for you?
Yes, that's correct
verbose: false;
There only was a very short window during which we had UDP support with the old log system, so my guess is you're running an old version of sslh (1.19 or older, I'd say) that does not support UDP and thus ignores all the UDP options.
(Complaining about unknown options is also in, but I'm ready to bet it was also added after the version you're using).
verbose: false;There only was a very short window during which we had UDP support with the old log system, so my guess is you're running an old version of sslh (1.19 or older, I'd say) that does not support UDP and thus ignores all the UDP options. (Complaining about unknown options is also in, but I'm ready to bet it was also added after the version you're using).
I tried updating sslh with yum install sslh and this was the result:
Package sslh-1.20-1.el7.x86_64 already installed and latest version
Looks like I have version 1.20, which should support UDP. When I run sslh -V, this is the result:
sslh-fork 4ae2e62d25b9faf984a303c4bdf2b7675f4988b9
What makes you think 1.20 supports UDP?
From ChangeLog:
v1.20: 20NOV2018
and further up:
v1.22: 17AUG2021
sslh-select now supports UDP protocols.
Looks like the most up-to-date version of SSLH for CentOS 8 is version 1.20. I tried to install SSLH locally by downloading the OpenSUSE file from here
Here is the output:
[root@instance-20230809-0902 opc]# yum localinstall sslh-1.22c-bp154.1.32.x86_64.rpm
Failed loading plugin "osmsplugin": No module named 'librepo'
Last metadata expiration check: 0:17:51 ago on Wed 09 Aug 2023 01:16:37 PM GMT.
Error:
Problem: conflicting requests
- nothing provides libconfig.so.11()(64bit) needed by sslh-1.22c-bp154.1.32.x86_64 from @commandline
- nothing provides group(nobody) needed by sslh-1.22c-bp154.1.32.x86_64 from @commandline
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)
As I am pretty new to Linux and CentOS, I am not sure how to fix these issues. Any help would be appreciated!
You might need no build from source.
I assume updating fixed the issue, or re-open an issue if you fail to build from source!