with obfs plugin enabled the connection does not work on ss-libev 3.0.3 and ss-android 4.0.4/4.1.1

[LiR1cky]

Environment

• Android version: 6.0.1 (MIUI 8 Global 7.3.2)
• Device: RedMi Note3
• Shadowsocks version: shadowsocks-libev v3.0.3
• Last version that did not exhibit the issue (if applicable): first time trying the SIP003 plugin
• Shadowsocks-android version: 4.0.4/4.1.1 with simple-obfs-android plugin v0.0.5

Configuration

server:
{
"server":"0.0.0.0",
"server_port":1202,
"local_address":"127.0.0.1",
"local_port":1080,
"password":"xxxxxxxx",
"timeout":600,
"method":"chacha20",
"plugin":"obfs-server",
"plugin-opts":"obfs=http",
"fast_open":true
}

client: V4.0.4/4.1.1 (both have the same problem)
Plugin: Simple obfuscation v0.0.5
configuration:
obfuscation wrapper: http
obfuscation hostname: cn.bing.com

Put an x inside the [ ] that applies.

• IPv4 server address
• IPv6 server address
• Client IPv4 availability
• Client IPv6 availability
• Local port: 1080
• Encrypt method:chacha20
• One-time authentication
• Route
  • All
  • Bypass LAN
  • Bypass China
  • Bypass LAN & China
  • GFW List
  • China List
  • Custom rules
• IPv6 route
• Per-App Proxy
  • Bypass mode
• UDP Forwarding
• Plugin configuration (if applicable):
• Auto Connect
• TCP Fast Open
• NAT mode

Symptom:

• While connecting without obfs plugin, the connection works fine.
• While connecting with obfs plugin enabled, connection failed and I can see below error messages in syslog:

2017-03-08 04:59:48 INFO: using tcp fast open
2017-03-08 04:59:48 INFO: plugin "obfs-server" enabled
2017-03-08 04:59:48 INFO: UDP relay enabled
2017-03-08 04:59:48 INFO: initializing ciphers... chacha20
2017-03-08 04:59:48 INFO: tcp server listening at 127.0.0.1:53175
2017-03-08 04:59:48 INFO: udp server listening at 0.0.0.0:1202
2017-03-08 04:59:48 [simple-obfs] INFO: tcp port reuse enabled
2017-03-08 04:59:48 [simple-obfs] INFO: listening at 0.0.0.0:1202
2017-03-08 04:59:48 ERROR: failed to handshake with 127.0.0.1: invalid host name
2017-03-08 04:59:48 [simple-obfs] ERROR: remote recv: Connection reset by peer
2017-03-08 04:59:57 ERROR: failed to handshake with 127.0.0.1: invalid host name
2017-03-08 04:59:57 [simple-obfs] ERROR: remote recv: Connection reset by peer
2017-03-08 04:59:57 ERROR: failed to handshake with 127.0.0.1: invalid address type
2017-03-08 04:59:57 [simple-obfs] ERROR: remote recv: Connection reset by peer

What did you do / What did you see:

• I tried to change the obfs wrapper to tls on both server/client, still the same problem
• I tried to change the cipher from chacha20 to rc4-md5, still the same problem

Could you kindly suggest how to solve this issue?

Thanks and Regards,
Ricky

[madeye]

Could you try disabling tcp_fastopen?

[LiR1cky]

Disabled on server side, on android it is by default disabled as no Root permission.
But still the same issue.

[madeye]

I tried your configs but cannot reproduce your issue locally. What's the version of your obfs-server?

[LiR1cky]

simple-obfs 0.0.2

[madeye]

Please try the latest commit of simple-obfs first.

[LiR1cky]

Just tried but got a issue during make:
make[2]: Leaving directory '/root/shadowsocks-libev/simple-obfs/libcork'
Making all in src
make[2]: Entering directory '/root/shadowsocks-libev/simple-obfs/src'
CC obfs_local-utils.o
CC obfs_local-jconf.o
CC obfs_local-json.o
CC obfs_local-encrypt.o
encrypt.c:29:20: fatal error: sodium.h: No such file or directory
compilation terminated.
Makefile:550: recipe for target 'obfs_local-encrypt.o' failed
make[2]: *** [obfs_local-encrypt.o] Error 1
make[2]: Leaving directory '/root/shadowsocks-libev/simple-obfs/src'
Makefile:412: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/root/shadowsocks-libev/simple-obfs'
Makefile:344: recipe for target 'all' failed
make: *** [all] Error 2

Best Regards,
Ricky

[LiR1cky]

solved the dependency problem and compiled the simple-obfs 0.0.3
Unfortunately issue still persists.

[madeye]

What's your network environment? WiFi or 3G/4G?

[LiR1cky]

I tested with both WiFi (company wifi, direct internet access) and 4G, both the same situation.

[madeye]

If so, it looks a device bug. Could you connect to your server from a PC or other phone?

For example, you can start a ss-local on your remote server and verify if it works.

[LiR1cky]

Since there's no windows-based client available now, I will try this tonight at home, on my linux box / merlin router. Will update the result then. Thanks.

[LiR1cky]

I think I've found the problem:
I tested the standalone mode obfs-server and it worked perfectly.
However while using the plugin mode with shadowsocks-libev, I always meet the above issue.

Therefore I compared both mode:

• standalone mode:
  2017-03-09 00:16:57 [simple-obfs] INFO: obfuscating enabled
  2017-03-09 00:16:57 [simple-obfs] INFO: tcp port reuse enabled
  2017-03-09 00:16:57 [simple-obfs] INFO: listening at server_ip:port

• plugin mode:
  2017-03-09 00:04:12 INFO: plugin "obfs-server" enabled
  2017-03-09 00:04:12 INFO: UDP relay enabled
  2017-03-09 00:04:12 INFO: initializing ciphers... chacha20
  2017-03-09 00:04:12 INFO: tcp server listening at 127.0.0.1:42144
  2017-03-09 00:04:12 INFO: udp server listening at 0.0.0.0:8191
  2017-03-09 00:04:12 [simple-obfs] INFO: tcp port reuse enabled
  2017-03-09 00:04:12 [simple-obfs] INFO: listening at 0.0.0.0:8191

The problem is that in plugin mode it is always listening to 127.0.0.1 but not the server ip. Is there a parameter in JSON that could change the behavior? I tried "server","server_host","local_address" but no one could change this.

Thanks and Best Regards,
Ricky

[madeye]

According to your log, it's listening on 0.0.0.0:8191.

2017-03-09 00:04:12 [simple-obfs] INFO: listening at 0.0.0.0:8191

Also, if the plugin listened at local address. I don't think you would have any log like these

2017-03-08 04:59:48 ERROR: failed to handshake with 127.0.0.1: invalid host name
2017-03-08 04:59:48 [simple-obfs] ERROR: remote recv: Connection reset by peer
2017-03-08 04:59:57 ERROR: failed to handshake with 127.0.0.1: invalid host name
2017-03-08 04:59:57 [simple-obfs] ERROR: remote recv: Connection reset by peer
2017-03-08 04:59:57 ERROR: failed to handshake with 127.0.0.1: invalid address type
2017-03-08 04:59:57 [simple-obfs] ERROR: remote recv: Connection reset by peer

[LiR1cky]

Sorry for the carelessness. I saw 'INFO: tcp server listening at 127.0.0.1:42144' only but missed '[simple-obfs] INFO: listening at 0.0.0.0:8191'
I assume when the client connects to server_ip:8191 the simple-obfs would forward the traffic to 127.0.0.1:42144, but somehow in my case it just did not work as how the standalone mode did.

Anyway for now I would use the standalone mode as a temporary workaround.
BTW I did not get chance to test the ss-local on my linux box last night, I would update the result this evening.

Thanks and Regards.
Ricky

[Mygod]

Closed due to inactivity.