Cant connect to server

[aboka2k]

hi, hv tried to install SS with Cloak v.1 using your example here -

curl -o Shadowsocks-Cloak-Installer.sh -L https://git.io/fjECg && bash Shadowsocks-Cloak-Installer.sh

installation completes with no error. but couldn't make connection to the server. here is the error on the client side:
truncate... 2020-08-23 18:29:47.7409|INFO|Shadowsocks.Controller.ShadowsocksController|Started SIP003 plugin for 173.82.104.152:443 on 127.0.0.1:54398 - PID: 5212 2020-08-23 18:29:47.9550|DEBUG|Shadowsocks.Controller.TCPHandler|connect to s.yimg.com:443 2020-08-23 18:29:47.9760|INFO|Shadowsocks.Controller.ShadowsocksController|Started SIP003 plugin for 173.82.104.152:443 on 127.0.0.1:54403 - PID: 6460 2020-08-23 18:29:48.7980|WARN|Shadowsocks.Controller.TCPHandler|System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it at Shadowsocks.Util.Sockets.WrappedSocket.EndConnect(IAsyncResult asyncResult) at Shadowsocks.Proxy.DirectConnect.EndConnectDest(IAsyncResult asyncResult) at Shadowsocks.Controller.TCPHandler.ConnectCallback(IAsyncResult ar) 2020-08-23 18:29:48.9780|WARN|Shadowsocks.Controller.TCPHandler|System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it ... truncate

dont know where is the server log, so couldn't attach here. one thing i notice is there no ipv4. the ck-server only listen on ipv6 and not on ipv4. i try to disable ipv6 with the code below, but still no ipv4. please advice. thank you.

root@v2ray:~# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:41157 0.0.0.0:* LISTEN 721/ss-server
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 687/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 746/sshd: /usr/sbin
tcp6 0 0 :::22 :::* LISTEN 746/sshd: /usr/sbin
tcp6 0 0 :::443 :::* LISTEN 723/ck-server
udp 0 0 127.0.0.53:53 0.0.0.0:* 687/systemd-resolve

/etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv4.ip_forward = 1

p/s - after installation, i just scan the qr code on the client side and change the plugin path and connect

[HirbodBehnam]

Hello
Can you send me the server logs with systemctl status shadowsocks-server -l?

[aboka2k]

Hello
Can you send me the server logs with systemctl status shadowsocks-server -l?

root@v2ray:~# systemctl status shadowsocks-server -l
● shadowsocks-server.service - Shadowsocks-libev Server Service
Loaded: loaded (/etc/systemd/system/shadowsocks-server.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-08-23 21:41:04 +08; 1min 43s ago
Docs: man:shadowsocks-libev(8)
Main PID: 722 (ss-server)
Tasks: 6 (limit: 1062)
Memory: 5.5M
CGroup: /system.slice/shadowsocks-server.service
├─722 /usr/bin/ss-server
└─724 ck-server

Aug 23 21:41:04 v2ray systemd[1]: Started Shadowsocks-libev Server Service.
Aug 23 21:41:04 v2ray ss-server[722]: 2020-08-23 21:41:04 INFO: plugin "ck-server" enabled
Aug 23 21:41:04 v2ray ss-server[722]: 2020-08-23 21:41:04 INFO: initializing ciphers... chacha20-ietf-poly1305
Aug 23 21:41:04 v2ray ss-server[722]: 2020-08-23 21:41:04 INFO: using nameserver: 8.8.8.8
Aug 23 21:41:04 v2ray ss-server[722]: 2020-08-23 21:41:04 INFO: tcp server listening at 127.0.0.1:51135
Aug 23 21:41:04 v2ray ss-server[722]: 2020-08-23 21:41:04 INFO: running from root user
Aug 23 21:41:04 v2ray ss-server[724]: 2020/08/23 21:41:04 ck-server.go:265: Listening on 0.0.0.0:443

/etc/shadowsocks-libev/config.json
"server":"0.0.0.0",
"server_port":443,
"password":"xxxxxxxxxx",
"timeout":60,
"method":"chacha20-ietf-poly1305",
"nameserver":"8.8.8.8",
"plugin":"ck-server",
"plugin_opts":"/etc/shadowsocks-libev/ckconfig.json"

/etc/shadowsocks-libev/ckconfig.json
"WebServerAddr":"204.79.197.200:443",
"PrivateKey":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"AdminUID":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"DatabasePath":"/etc/shadowsocks-libev/userinfo.db"

the WebServerAddr is the default @msn. Thank you,

p/s - im on a Ubuntu 20.04 LTS vps

[HirbodBehnam]

From the client log, it looks like that the server is refusing the connection. Have you checked your firewall?

[aboka2k]

From the client log, it looks like that the server is refusing the connection. Have you checked your firewall?

hi, its more like nothing is listening/receiving the traffic on ipv4(443).

its a new vps and there is no iptables/firewall-

root@v2ray:~# sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

on another server running ss+v2ray, it is listening on both ipv4 and ipv6. its weird why there is no ipv4 for this one. as far i know, the vps doesn't has ipv6. any suggestions?

thank you,

[HirbodBehnam]

Hello again
Unfortunately I don't know what to do. It's kinda strange because in the shadowsocks config and log it says that it's listening on ipv4 (0.0.0.0) however as you pointed, netstat is showing that it's only listening on ipv6. It could be a script bug or it could be a bug from cloak.
I'll just label this issue as "Help Wanted" so maybe someone else could help you.
Also why you are not using cloak 2?

[aboka2k]

hi, i was thinking of using v2, but from my understanding from the guide, v2 is for tor or openvpn.

could we use v2 with ss? if yes, how do we do that? manually install ss then cloak v2 and setup the config etc + ssl? is there guide some where we could follow as im kinda noob on this

thank you,

[HirbodBehnam]

Hello
CloakV2 can be used with tor or openvpn. If you want to use it with shadowsocks, just use the my own script for Cloak2. You will be asked if you want to install shadowsocks or not.
Or just

curl -o Cloak-Installer.sh -L https://git.io/fj5mh && bash Cloak-Installer.sh

and follow the instructions.

[aboka2k]

hi, thanks a lot ~! will install and revert later :)

[HirbodBehnam]

@aboka2k I also forgot, please uninstall cloak 1 completely and then install cloak 2.

[aboka2k]

@aboka2k I also forgot, please uninstall cloak 1 completely and then install cloak 2.

no worry, i will reset the whole vps and do a update && upgrade then only install them :)

[aboka2k]

@HirbodBehnam V2 is working now :) but got some questions after installing and playing with them -

1. now i choose the default 'chacha20-ietf-poly1305' for the encryption, is there way to change this in future? thought of changing that inside 'shadowsocks.json' but it show 'plain' as its encryption method

2. what is "RedirAddr": "204.79.197.200" for and how it works? My understanding is when someone trying to access your server from the browser, they will be direct to this decoy IP. Now whenever i try to access my server using its IP, it will say

This site can’t be reached173.82.xxx.xxx refused to connect.

thank you,

[HirbodBehnam]

@aboka2k Hello

1. The encryption is server independent. That means that you just have to change the encryption from client and it will be automatically configured and used on client hello. Also as the main documents for cloak says, you can use plain for shadowsocks because it's encrypted and does not give any fingerprints.
2. You are right! If anyone tries to send a normal https request to cloak, they will be redirected to that IP. Also I realized that probably my script and the cloak's example configs have a problem. It looks like that the RedirAddr must contain a port number as well. I will fix this problem. Thanks for reporting!

And lastly, for cloak 1, I will go and check it's code to see how does it bind on IP address and check if the problem of ipv6 is because of my script or cloak itself.

[aboka2k]

@aboka2k Hello

1. The encryption is server independent. That means that you just have to change the encryption from client and it will be automatically configured and used on client hello. Also as the main documents for cloak says, you can use plain for shadowsocks because it's encrypted and does not give any fingerprints.
2. You are right! If anyone tries to send a normal https request to cloak, they will be redirected to that IP. Also I realized that probably my script and the cloak's example configs have a problem. It looks like that the RedirAddr must contain a port number as well. I will fix this problem. Thanks for reporting!

And lastly, for cloak 1, I will go and check it's code to see how does it bind on IP address and check if the problem of ipv6 is because of my script or cloak itself.

hi, thanks alot for all the help and info. interesting to know 'plain' is an encryption method, would try search for that as like to read the details. in the meantime, hv edit them like this "RedirAddr": "204.79.197.200:443", and its working now. It will divert to the IP after accepting the unsecure page warning

i hv got 2 more questions if you dont mind -

1. how do we change the server IP address to a domainname?

2. this is relate to the original question - wonder why there is no ipv4 shown on netstat. although it is working now.

root@v2ray:~# sudo netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:62643 0.0.0.0:* LISTEN 49803/ss-server
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 21521/systemd-resol
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 20408/sshd: /usr/sb
tcp6 0 0 :::22 :::* LISTEN 20408/sshd: /usr/sb
tcp6 0 0 :::443 :::* LISTEN 50179/ck-server
udp 0 0 127.0.0.53:53 0.0.0.0:* 21521/systemd-resol

[aboka2k]

'found' the ipv4 443 by using 'sudo ss -tulpn'

tcp LISTEN 0 4096 *:443 : users:(("ck-server",pid=710,fd=7))

not sure why its not shown on netstat, perhaps it is not consider as a server?

[HirbodBehnam]

No problem I'm just here to help :)

1. You have to either buy a domain name and set it's ip to your server or you can use ddns service like now-dns. Nothing must be done from your server.
2. Unfortunately I don't really know what is up to netstat and ss and why they are showing different results. I, myself use lsof -i -P -n | grep LISTEN.

[aboka2k]

@HirbodBehnam i already have a domain and pointing to the server now and im using the domainname on the client settings. i thought we need to change the IP to domain in the server settings as the proper way

thanks again and hv a nice day :)