KCP not working in proxy mode

Closed Issue created 4 months ago by Pea Nut

Hey,

what I test is introducer-curl (https://0xacab.org/leap/bitmask-core-cli/-/blob/main/cmd/introducer-curl/main.go?ref_type=heads) with the obs4 proxy (https://0xacab.org/leap/obfsvpn/-/blob/fix-66/README.md?ref_type=heads#testing-introducerinvite-token). I'm using latest main for all repos.

It works when I'm not using kcp:

pea@peabox: go run ./cmd/server --addr 127.0.0.1 --port 4430 --remote 127.0.0.1:8443 --state $(pwd)/state -v --persist
2024/12/16 12:09:44 Using obfs4 config file: /home/pea/projects/leap/obfsvpn/state/obfs4_state.json
DEBUG 2024/12/16 12:09:44 kcp: false, hop: false, udp: false, quic: false
2024/12/16 12:09:44 Listening on 127.0.0.1:4430…
DEBUG 2024/12/16 12:12:07 accepted connection from 127.0.0.1:39906
2024/12/16 12:12:07 Dialing: 127.0.0.1:8443
2024/12/16 12:12:07 Obfs4 client: 127.0.0.1:39906
--> Entering copy loop.

go run ./main.go \
    -introducer-ip 127.0.0.1 \
    -introducer-port 4430 \
    -menshen-url "http://localhost:8443/api/5/service" \
    -obfs4-cert "sAaLYTa6kzJp+/LNY6Zqk8uj5DKpmMx1ROzUHOAOuZxLSEAkLk7WoC1BK86sTOTIzvEaMg"
...
12:12PM INF Getting URL http://localhost:8443/api/5/service
12:12PM WRN Could not update lastUsed timestamp for introducer error="introducer not found"
12:12PM INF Body of response:
{"serial":0,"version":0,"auth":"","locations":{"amsterdam":{"country_code":"NL","display_name":"Amsterdam","has_bridges":true,"healthy":true,"hemisphere":"N","label":"amsterdam","lat":"52.37","lon":"4.90","region":"","timezone":"+2"},"miami":{"country_code":"US","display_name":"Miami","has_bridges":true,"healthy":true,"hemisphere":"S","label":"miami","lat":"25.77","lon":"-80.19","region":"","timezone":"-4"},"montreal":{"country_code":"CA","display_name":"Montreal","has_bridges":true,"healthy":true,"hemisphere":"N","label":"montreal","lat":"45.52","lon":"-73.65","region":"","timezone":"-4"},"newyorkcity":{"country_code":"US","display_name":"New York","has_bridges":true,"healthy":true,"hemisphere":"N","label":"newyorkcity","lat":"40.71","lon":"-74.01","region":"","timezone":"-4"},"paris":{"country_code":"FR","display_name":"Paris","has_bridges":true,"healthy":true,"hemisphere":"N","label":"paris","lat":"48.85","lon":"2.35","region":"","timezone":"+2"},"seattle":{"country_code":"US","display_name":"Seattle","has_bridges":true,"healthy":true,"hemisphere":"N","label":"seattle","lat":"47.61","lon":"-122.33","region":"","timezone":"-7"}},"openvpn_configuration":{"auth":"SHA512","cipher":"AES-256-GCM","data-ciphers":"AES-256-GCM","dev":"tun","float":"","keepalive":"10 30","key-direction":"1","nobind":true,"persist-key":true,"rcvbuf":"0","sndbuf":"0","tls-cipher":"TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384","tls-version-min":"1.2","verb":"3"}}

But it does not work with kcp enabled:

pea@peabox: go run ./cmd/server --addr 127.0.0.1 --port 4430 --remote 127.0.0.1:8443 --state $(pwd)/state -v --persist --kcp
2024/12/16 12:15:53 Using obfs4 config file: /home/pea/projects/leap/obfsvpn/state/obfs4_state.json
DEBUG 2024/12/16 12:15:53 kcp: true, hop: false, udp: false, quic: false
2024/12/16 12:15:53 kcp listen on 127.0.0.1:4430
2024/12/16 12:15:53 Listening on 127.0.0.1:4430…

go run ./main.go \
    -introducer-ip 127.0.0.1 \
    -introducer-port 4430 \
    -menshen-url "http://localhost:8443/api/5/service" \
    -obfs4-cert "sAaLYTa6kzJp+/LNY6Zqk8uj5DKpmMx1ROzUHOAOuZxLSEAkLk7WoC1BK86sTOTIzvEaMg" \
    -kcp
12:16PM INF Getting URL http://localhost:8443/api/5/service
12:16PM DBG dialing kcp://127.0.0.1:4430
12:16PM FTL Error GET-ing url: Get "http://localhost:8443/api/5/service": context deadline exceeded
exit status 1

pea@peabox: sudo tcpdump -ni lo port 4430
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on lo, link-type EN10MB (Ethernet), snapshot length 262144 bytes
12:16:50.782428 IP 127.0.0.1.48814 > 127.0.0.1.4430: UDP, length 1305
12:16:50.782691 IP 127.0.0.1.4430 > 127.0.0.1.48814: UDP, length 32
12:16:50.983705 IP 127.0.0.1.48814 > 127.0.0.1.4430: UDP, length 1305
12:16:50.984035 IP 127.0.0.1.4430 > 127.0.0.1.48814: UDP, length 32
12:16:51.384191 IP 127.0.0.1.48814 > 127.0.0.1.4430: UDP, length 1305
12:16:51.389015 IP 127.0.0.1.4430 > 127.0.0.1.48814: UDP, length 32
12:16:51.984555 IP 127.0.0.1.48814 > 127.0.0.1.4430: UDP, length 1305
12:16:51.996577 IP 127.0.0.1.4430 > 127.0.0.1.48814: UDP, length 32
12:16:52.784942 IP 127.0.0.1.48814 > 127.0.0.1.4430: UDP, length 1305
12:16:52.806232 IP 127.0.0.1.4430 > 127.0.0.1.48814: UDP, length 32
12:16:53.785128 IP 127.0.0.1.48814 > 127.0.0.1.4430: UDP, length 1305
12:16:53.817179 IP 127.0.0.1.4430 > 127.0.0.1.48814: UDP, length 32
12:16:54.985332 IP 127.0.0.1.48814 > 127.0.0.1.4430: UDP, length 1305
12:16:55.035008 IP 127.0.0.1.4430 > 127.0.0.1.48814: UDP, length 32

So there is communication with UDP on port 4430, but it does not work. The cli just uses:

intro := &introducer.Introducer{
    Type: "obfsvpnintro",
    Addr: fmt.Sprintf("%s:%s", *introducerIP, *introducerPort),
    Cert: *obfs4Cert,
    FQDN: menshenURL.Hostname(),
    KCP:  *kcp,
}

client, err := introducer.NewHTTPClientFromIntroducer(intro)
if err != nil {
    log.Fatal().Msgf("Error getting http client from introducer: %v", err)
}

I also updated both components with go get -u 0xacab.org/leap/obfsvpn and go get -u 0xacab.org/leap/bitmask-core

KCP not working in proxy mode

Linked items ... 0

Activity