Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Shadowsocks: reading target address: unexpected EOF #2311

Closed
blixten85 opened this issue Jun 6, 2024 · 7 comments
Closed

Bug: Shadowsocks: reading target address: unexpected EOF #2311

blixten85 opened this issue Jun 6, 2024 · 7 comments
Labels
Category: Shadowsocks 🔁 Category: User error 🤦 Priority: 💤 Low priority Status: 🗯️ Waiting for feedback

Comments

@blixten85
Copy link

blixten85 commented Jun 6, 2024
edited
Loading

Is this urgent?

Somewhat urgent

Host OS

LibreELEC (official): 12.0.0

CPU arch

aarch64

VPN service provider

Custom

What are you using to run the container

docker run

What is the version of Gluetun

Running version latest built on 2024-05-18T18:08:57.405Z (commit 4218dba)

What's the problem 🤔

Shadowsocks does not work for any client, i have tried qbittorrent, mIRC, TheLounge (web irc client) and some windows socks client i have downloaded from this page https://shadowsocks.org/doc/getting-started.html#getting-started

All i am getting in respons is 2024-06-06T15:52:19+02:00 ERROR [shadowsocks] connection from 172.18.0.1:54862: reading target address: unexpected EOF

The HTTPPROXY works very well though.

Share your logs (at least 10 lines)

2024-06-06T15:51:30+02:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.3 and family v4
2024-06-06T15:51:30+02:00 INFO [routing] local ethernet link found: eth0
2024-06-06T15:51:30+02:00 INFO [routing] local ipnet found: 172.18.0.0/16
2024-06-06T15:51:30+02:00 INFO [firewall] enabling...
2024-06-06T15:51:30+02:00 INFO [firewall] enabled successfully
2024-06-06T15:51:31+02:00 INFO [storage] merging by most recent 19425 hardcoded servers and 19425 servers read from /gluetun/servers.json
2024-06-06T15:51:31+02:00 INFO Alpine version: 3.19.1
2024-06-06T15:51:31+02:00 INFO OpenVPN 2.5 version: 2.5.8
2024-06-06T15:51:31+02:00 INFO OpenVPN 2.6 version: 2.6.8
2024-06-06T15:51:31+02:00 INFO Unbound version: 1.20.0
2024-06-06T15:51:31+02:00 INFO IPtables version: v1.8.10
2024-06-06T15:51:31+02:00 INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: custom
|   |   └── Server selection settings:
|   |       ├── VPN type: wireguard
|   |       ├── Target IP address: 98.128.186.98
|   |       └── Wireguard selection settings:
|   |           ├── Endpoint IP address: 98.128.186.98
|   |           ├── Endpoint port: 48575
|   |           └── Server public key: 5QZl+0+C8oyx/pHYGsNks01dZQbigPFdDeWC6xyD6Bg=
|   └── Wireguard settings:
|       ├── Private key: WP+...W4=
|       ├── Interface addresses:
|       |   └── 10.0.209.89/24
|       ├── Allowed IPs:
|       |   ├── 0.0.0.0/0
|       |   └── ::/0
|       ├── Persistent keepalive interval: 25s
|       └── Network interface: tun0
|           └── MTU: 1400
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 1h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: yes
|           ├── Block surveillance: yes
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   ├── Enabled: yes
|   └── Outbound subnets:
|       ├── 192.168.50.0/24
|       ├── 192.168.100.0/24
|       └── 172.18.0.0/24
├── Log settings:
|   └── Log level: info
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   ├── Enabled: yes
|   ├── Listening address: :8388
|   ├── Cipher: chacha20-ietf-poly1305
|   ├── Password: [set]
|   └── Log addresses: no
├── HTTP proxy settings:
|   ├── Enabled: yes
|   ├── Listening address: :8888
|   ├── User:
|   ├── Password: [not set]
|   ├── Stealth mode: yes
|   ├── Log: no
|   ├── Read header timeout: 1s
|   └── Read timeout: 3s
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   ├── Process GID: 1000
|   └── Timezone: Europe/Stockholm
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   ├── IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
└── Version settings:
    └── Enabled: yes
2024-06-06T15:51:31+02:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.3 and family v4
2024-06-06T15:51:31+02:00 INFO [routing] adding route for 0.0.0.0/0
2024-06-06T15:51:31+02:00 INFO [firewall] setting allowed subnets...
2024-06-06T15:51:31+02:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.3 and family v4
2024-06-06T15:51:31+02:00 INFO [routing] adding route for 192.168.50.0/24
2024-06-06T15:51:31+02:00 INFO [routing] adding route for 192.168.100.0/24
2024-06-06T15:51:31+02:00 INFO [routing] adding route for 172.18.0.0/24
2024-06-06T15:51:31+02:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-06-06T15:51:31+02:00 INFO [http server] http server listening on [::]:8000
2024-06-06T15:51:31+02:00 INFO [http proxy] listening on :8888
2024-06-06T15:51:31+02:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-06-06T15:51:31+02:00 INFO [firewall] allowing VPN connection...
2024-06-06T15:51:31+02:00 INFO [shadowsocks] listening UDP on [::]:8388
2024-06-06T15:51:31+02:00 INFO [shadowsocks] listening TCP on [::]:8388
2024-06-06T15:51:31+02:00 INFO [wireguard] Using available kernelspace implementation
2024-06-06T15:51:31+02:00 INFO [wireguard] Connecting to 98.128.186.98:48575
2024-06-06T15:51:31+02:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-06-06T15:51:31+02:00 INFO [healthcheck] healthy!
2024-06-06T15:51:31+02:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-06-06T15:51:32+02:00 INFO [dns] downloading hostnames and IP block lists
2024-06-06T15:51:44+02:00 INFO [dns] init module 0: validator
2024-06-06T15:51:44+02:00 INFO [dns] init module 1: iterator
2024-06-06T15:51:44+02:00 INFO [dns] start of service (unbound 1.20.0).
2024-06-06T15:51:44+02:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-06-06T15:51:44+02:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-06-06T15:51:44+02:00 INFO [dns] ready
2024-06-06T15:51:44+02:00 INFO [healthcheck] healthy!
2024-06-06T15:51:44+02:00 INFO [ip getter] Public IP address is 98.128.186.98 (Sweden, Stockholm, Stockholm)
2024-06-06T15:51:44+02:00 INFO [vpn] You are running on the bleeding edge of latest!
2024-06-06T15:52:19+02:00 ERROR [shadowsocks] connection from 172.18.0.1:54862: reading target address: unexpected EOF
2024-06-06T15:52:19+02:00 ERROR [shadowsocks] connection from 172.18.0.1:54744: reading target address: unexpected EOF
2024-06-06T15:52:19+02:00 ERROR [shadowsocks] connection from 172.18.0.1:54842: reading target address: unexpected EOF
2024-06-06T15:52:19+02:00 ERROR [shadowsocks] connection from 172.18.0.1:54910: reading target address: unexpected EOF
2024-06-06T15:52:19+02:00 ERROR [shadowsocks] connection from 172.18.0.1:54700: reading target address: unexpected EOF

Share your configuration

docker run -d \
    --name=gluetun \
    --network=lsio \
    --sysctl net.ipv6.conf.all.disable_ipv6=1 \
    --cap-add=NET_ADMIN \
    --device=/dev/net/tun:/dev/net/tun \
    -p 8888:8888/tcp \
    -p 8388:8388/tcp \
    -p 8388:8388/udp \
    -v /storage/.config/dockers/gluetun/config:/gluetun \
    -v /storage/.config/dockers/gluetun/config/wireguard/wg0.conf:/gluetun/wireguard/wg0.conf:ro \
    -e HTTPPROXY=on \
    -e HTTPPROXY_LISTENING_ADDRESS=:8888 \
    -e HTTPPROXY_STEALTH=on \
    -e SHADOWSOCKS=on \
    -e SHADOWSOCKS_LISTENING_ADDRESS=:8388 \
    -e SHADOWSOCKS_PASSWORD=password \
    -e SHADOWSOCKS_LOG=off \
    -e DOT_IPV6=false \
    -e DOT=on \
    -e BLOCK_MALICIOUS=on \
    -e BLOCK_SURVEILLANCE=on \
    -e BLOCK_ADS=on \
    -e VPN_SERVICE_PROVIDER=custom \
    -e VPN_TYPE=wireguard \
    -e FIREWALL_OUTBOUND_SUBNETS=192.168.50.0/24,192.168.100.0/24,172.18.0.0/24 \
    -e WIREGUARD_PERSISTENT_KEEPALIVE_INTERVAL=25s \
    -e TZ=Europe/Stockholm \
    -e DNS_UPDATE_PERIOD=1h \
    --restart unless-stopped \
    qmcgaw/gluetun
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jun 6, 2024

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

@blixten85 blixten85 changed the title Bug: Bug: Shadowsocks does not work. reading target address: unexpected EOF Jun 6, 2024
@qdm12
Copy link
Owner

qdm12 commented Jun 12, 2024

Shadowsocks does not work for any client, i have tried qbittorrent, mIRC, TheLounge (web irc client) and some windows socks client i have downloaded from this page https://shadowsocks.org/doc/getting-started.html#getting-started

Shadowsocks is NOT a SOCKS protocol, it's a custom encrypted protocol based on SOCKS5. So socks(5) clients won't work with it. I use https://github.com/shadowsocks/shadowsocks-windows successfully, do you get errors with it??

@qdm12 qdm12 changed the title Bug: Shadowsocks does not work. reading target address: unexpected EOF Bug: Shadowsocks: reading target address: unexpected EOF Jun 12, 2024
@blixten85
Copy link
Author

Shadowsocks does not work for any client, i have tried qbittorrent, mIRC, TheLounge (web irc client) and some windows socks client i have downloaded from this page https://shadowsocks.org/doc/getting-started.html#getting-started

Shadowsocks is NOT a SOCKS protocol, it's a custom encrypted protocol based on SOCKS5. So socks(5) clients won't work with it. I use https://github.com/shadowsocks/shadowsocks-windows successfully, do you get errors with it??

Well, with that program i did manage to get some packages through, for my webbrowser, and for qbittorrent im getting a ton of these.

gluetun | 2024-06-13T13:26:05.035384521Z 2024-06-13T15:26:05+02:00 ERROR [shadowsocks] connection from 192.168.1.126:54218: reading target address: EOF

I have setup my ip and port in the server config in that windows shadowsocks program, and i am connecting to my windows computer on the standard 1080 port.

The http proxy works. But i wouldnt cry if this socks was some proper socks server that i could connect my torrent client directly to, or irc client.

@qdm12
Copy link
Owner

qdm12 commented Jun 16, 2024

for qbittorrent im getting a ton of these.

Yes because you configure it to talk to the shadowsocks servers (not a socks5 server) using the socks5 protocol, I don't think qbittorrent is aware of the shadowsocks protocol, that's why reading target address: EOF

But i wouldnt cry if this socks was some proper socks server that i could connect my torrent client directly to, or irc client.

Of course, what you can do for now is plug another container through Gluetun running a socks5 server. I have a local branch with an almost-finished socks5 server built-in Gluetun, but still work in progress. Subscribe to #234 for this 😉

@blixten85
Copy link
Author

for qbittorrent im getting a ton of these.

Yes because you configure it to talk to the shadowsocks servers (not a socks5 server) using the socks5 protocol, I don't think qbittorrent is aware of the shadowsocks protocol, that's why reading target address: EOF

But i wouldnt cry if this socks was some proper socks server that i could connect my torrent client directly to, or irc client.

Of course, what you can do for now is plug another container through Gluetun running a socks5 server. I have a local branch with an almost-finished socks5 server built-in Gluetun, but still work in progress. Subscribe to #234 for this 😉

Aha ok! Nice!
You are the man 😁

@qdm12
Copy link
Owner

qdm12 commented Jun 17, 2024

Aha ok! Nice!
You are the man 😁

Thanks! 😉
Closing this issue, but feel free to subscribe to issue #234

@qdm12 qdm12 closed this as not planned Won't fix, can't repro, duplicate, stale Jun 17, 2024
@github-actions GitHub Actions
Copy link
Contributor

Closed issues are NOT monitored, so commenting here is likely to be not seen.
If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project
which became too popular to monitor issues closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Category: Shadowsocks 🔁 Category: User error 🤦 Priority: 💤 Low priority Status: 🗯️ Waiting for feedback
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@qdm12 @blixten85