Jigsaw-Code
Outline server pinging, but doesn't work
Just yesterday, VPN server stopped working. Connection and control are fine. ReInstallation - hangs on Starting Shadowbox. The connection line is not present in access.txt /opt/outline.
my uninstall: I removed all docker containers, run docker builder prune command and rm -rf /opt/outline remove this folder.
After I stop docker-daemon by sudo systemctl stop docker.service
After I use manager helper command:
sudo bash -c "$(wget -qO- https://raw.githubusercontent.com/Jigsaw-Code/outline-apps/master/server_manager/install_scripts/install_server.sh)"
And hang up on Starting Shadowbox..........
Re run install command hang up on Verifying that Docker daemon is running ..... line
I don’t know which logs I can provide, tell me - I’ll do it.
I was able to install outline server by running all commands as administrator. but it still just doesn't work. Internet disappears as soon as I connect to the Outline server
Can you check your firewall and also check the firewall settings from your cloud provider.
@sbruens
Debian GNU/Linux 11 (bullseye) Release: 11
At the time of the answer, ufw or another firewall are not installed on my VPS. There are no special settings on the cloud provider, everything is by default
Many VPS providers block most inbound traffic by default to enhance security. This can sometimes be the source of these issues.
Some more troubleshooting steps:
-
Check iptables:
- If you haven't already, install iptables:
sudo apt install iptables(or the equivalent command for your Linux distribution). - Then, run
sudo iptables -Lto view the current firewall rules.
- If you haven't already, install iptables:
-
Check server logs:
- Run
docker logs shadowboxto view the server logs. - Look for any error messages or clues about what might be causing the problem.
- Run
-
Try another VPS (if possible):
- Try running the installation on a different VPS to see if you get different results. This can help determine if the problem is specific to your current VPS environment.
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:openvpn
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:openvpn
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (4 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (4 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Thanks. Are you able to establish a TCP connection at all? Try curl <IP> -v to see if a TCP connection can be established.
Thanks. Are you able to establish a TCP connection at all? Try
curl <IP> -vto see if a TCP connection can be established.
curl 142.251.39.110 -v
* Trying 142.251.39.110:80...
* Connected to 142.251.39.110 (142.251.39.110) port 80 (#0)
> GET / HTTP/1.1
> Host: 142.251.39.110
> User-Agent: curl/7.74.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Location: http://www.google.com/
< Content-Type: text/html; charset=UTF-8
< Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-LCgLvFa2RDNSC6FnClFV6w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
< Date: Wed, 11 Sep 2024 11:55:41 GMT
< Expires: Fri, 11 Oct 2024 11:55:41 GMT
< Cache-Control: public, max-age=2592000
< Server: gws
< Content-Length: 219
< X-XSS-Protection: 0
< X-Frame-Options: SAMEORIGIN
<
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
* Connection #0 to host 142.251.39.110 left intact
It looks like the IP is redirecting traffic to google.com. Are you serving a web server at this IP?
No, I just ping'ed 142.251.39.110, this is google.com IP I'm not using web server
My apologies for the confusion; I meant establishing a connection from client->server, not from server->target.
So send a curl request from your client device to the ip:port that is in your key (you can find it after the @ sign). This will tell us if you are able to establish any TCP connection with your Outline server. It should look something like this:
$ curl 123.456.789.1:1111 -v
* Trying 123.456.789.1:1111...
* Connected to 123.456.789.1 (123.456.789.1) port 1111
> GET / HTTP/1.1
> Host: 123.456.789.1:1111
> User-Agent: curl/8.8.0
> Accept: */*
>
* Request completely sent off
Note the "Connected to 123.456.789.1 (123.456.789.1) port 1111"
Another way you could check is with netcat:
# TCP
nc -v -z -w 3 123.456.789.1 1111
# UDP
nc -v -u -z -w 3 123.456.789.1 1111
sorry for hijacking this thread (but it could at least be of use)
curl: (56) Recv failure: Connection reset by peer red@red-MacBookPro:~$ nc -v -z -w 3 142.251.39.110 1111 Connection to 142.251.39.110 1111 port [tcp/*] succeeded! red@red-MacBookPro:~$ nc -v -u -z -w 3 142.251.39.110 1111 Connection to 142.251.39.110 1111 port [udp/*] succeeded!
but:
`curl 142.251.39.110 -v
- Trying 142.251.39.110:80...
- Connected to 142.251.39.110 (142.251.39.110) port 80
GET / HTTP/1.1 Host: 142.251.39.110 User-Agent: curl/8.5.0 Accept: /
- Recv failure: Connection reset by peer
- Closing connection
curl: (56) Recv failure: Connection reset by peer
andnslookup ya.ru ;; Got bad packet: unexpected end of input 23 bytes 79 25 83 00 00 01 00 01 00 00 00 00 02 79 61 02 y%...........ya. 72 75 00 00 01 00 01 ru.....ordig ya.ru ;; Warning: Message parser reports malformed message packet. ;; Truncated, retrying in TCP mode. ;; communications error to 8.8.8.8#53: connection reset ;; communications error to 8.8.8.8#53: connection reset ;; communications error to 8.8.8.8#53: connection reset
; <<>> DiG 9.18.28-0ubuntu0.24.04.1-Ubuntu <<>> ya.ru ;; global options: +cmd ;; no servers could be reached ` (i had to change 9.9.9.9 in /etc/resolv.conf to 8.8.8.8, and at least with my previous setup it resolved domain names, unlike the 9.9.9.9 server) these are using the Russian cellular networks, right now I can't try it with other providers.
