Double connection needed #14
Comments
|
In the tests I have done, the client connects on the first try. I suspect something went wrong in the configuration of the firewall. The trick to avoid double connection necessity is that after a puzzle has been verified you send a GET-COOKIE request to the SERVER. In essense the firewall spoofs this get cookie request in the name of the client. The server will then send back a set-cookie to the client (if the firewall does not intercept it). It is of course important that at this stage, the firewall does not alter any more packets. In the simple example this is done by For teamspeak 3.1 clients you can also use the TS3INIT_RESET target. This works a bit differently. Instead of spoofing a get-cookie request to the SERVER, the reset packet will send a "reset" packet back to the client. It will start connecting all over again. If this did not help you, I need the configuration of iptables to help you further |
|
Than you for your reply. On a local machine it works, but I'm using a separate machine as a firewall. With tcpdump it seems that the spoofed cookie is not generated. I just noticed that today 3.1 has been released, with TS3INIT_RESET it works so it makes sense to just switch to TS3INIT_RESET |
|
3.1 is being rolled out over the coming days. Not everyone is updated yet. Thank you for the report. We will look at it |
|
The issue with TS3INIT_GET_COOKIE should be fixed now |
Hi,
When client tries to connect for the first, the IP succesfully added to ts3_authorized, but then the connection fails. If the client tries a second time, of course it works because the ip is already authorized.
EDIT: with the complex script, the IP remains in ts3_authorizing
The text was updated successfully, but these errors were encountered: