gost
gost copied to clipboard
Published
20 hours ago •
ginuerzh
ginuerzh
rtcp转发异常
问题描述
在客户端A发起rtcp到服务端后, 通过客户端C连接服务端对应的端口(10022)来访问客户端A的ssh服务器, 在创建后第一次发起连接能正常转发, 在客户端C结束该连接后再第二次发起连接, 此时连接必定被断开(第三次正常, 第四次异常, 这样子, 1次成功连接后的下一次必定异常断开)。目前在我这边必现。
# 客户端C发起连接连接的时候的出错信息
abc@server:~$ ssh -p 10022 {这里是服务端ip}
kex_exchange_identification: Connection closed by remote host
Connection closed by {这里是服务端ip} port 10022
相关配置
CLIENT A 配置:
version: "3.0"
services:
gost_cli:
image: ginuerzh/gost
restart: always
network_mode: "host"
volumes:
- ./secrets.txt:/secrets.txt
command:
["-L=rtcp://:10022/127.0.0.1:22","-F","ssh://example.com:7733?secrets=/secrets.txt"]
SERVER 配置:
version: "3.0"
services:
gost_svr:
image: ginuerzh/gost
restart: always
network_mode: "host"
volumes:
- ./secrets.txt:/secrets.txt
command:
["-L=ssh://:7733?secrets=/secrets.txt"]
相关日志
客户端A内网IP:1.0.0.100 客户端A公网IP:1.0.0.200
服务端内网IP: 2.0.0.100 服务端公网IP: 2.0.0.200
客户端A日志
这部分日志是客户端C发起ssh连接的时候在客户端A产生的日志
# 客户端C发起ssh连接到服务端
gost_cli_1 | 2022/05/19 16:23:07 forward.go:575: [rtcp] PEER 127.0.0.1:47260 CONNECTED
gost_cli_1 | 2022/05/19 16:23:07 forward.go:279: [rtcp] 1.0.0.100:53440 <-> 127.0.0.1:22
gost_cli_1 | 2022/05/19 16:23:07 forward.go:562: [rtcp] BIND ON 2.0.0.100:10022 OK
# 客户端C主动断开ssh连接
gost_cli_1 | 2022/05/19 16:23:14 forward.go:281: [rtcp] 1.0.0.100:53440 >-< 127.0.0.1:22
# 客户端C第二次发起连接, 此时必定断开
gost_cli_1 | 2022/05/19 16:23:20 forward.go:575: [rtcp] PEER 127.0.0.1:47302 CONNECTED
gost_cli_1 | 2022/05/19 16:23:20 forward.go:279: [rtcp] 1.0.0.100:53440 <-> 127.0.0.1:22
gost_cli_1 | 2022/05/19 16:23:20 forward.go:281: [rtcp] 1.0.0.100:53440 >-< 127.0.0.1:22
gost_cli_1 | 2022/05/19 16:23:20 forward.go:416: [rtcp] accept error: write tcp 1.0.0.100:53440->2.0.0.200:7733: i/o timeout; retrying in 1s
gost_cli_1 | 2022/05/19 16:23:21 forward.go:562: [rtcp] BIND ON 2.0.0.100:10022 OK
服务端日志
这部分日志是客户端C发起ssh连接的时候在服务端产生的日志
# 第一次连接
server-gost_svr-1 | 2022/05/19 16:23:07 socks.go:1097: [socks5-bind] 1.0.0.200:17551 <- 2.0.0.100:10022 PEER 127.0.0.1:47260 ACCEPTED
server-gost_svr-1 | 2022/05/19 16:23:07 socks.go:1099: [socks5-bind] 1.0.0.200:17551 <-> 127.0.0.1:47260
server-gost_svr-1 | 2022/05/19 16:23:07 socks.go:983: [socks5-bind] 1.0.0.200:17551 -> ssh://:7733 -> 0.0.0.0:10022
server-gost_svr-1 | 2022/05/19 16:23:07 socks.go:1043: [socks5-bind] 1.0.0.200:17551 - 2.0.0.100:7733 BIND ON 2.0.0.100:10022 OK
# 主动断开连接
server-gost_svr-1 | 2022/05/19 16:23:14 socks.go:1103: [socks5-bind] 1.0.0.200:17551 >-< 127.0.0.1:47260
# 第二次连接
server-gost_svr-1 | 2022/05/19 16:23:20 socks.go:1097: [socks5-bind] 1.0.0.200:17551 <- 2.0.0.100:10022 PEER 127.0.0.1:47302 ACCEPTED
server-gost_svr-1 | 2022/05/19 16:23:20 socks.go:1099: [socks5-bind] 1.0.0.200:17551 <-> 127.0.0.1:47302
server-gost_svr-1 | 2022/05/19 16:23:20 ssh.go:830: [ssh] 1.0.0.200:17551 >-< 2.0.0.100:7733
server-gost_svr-1 | 2022/05/19 16:23:20 socks.go:1103: [socks5-bind] 1.0.0.200:17551 >-< 127.0.0.1:47302
server-gost_svr-1 | 2022/05/19 16:23:21 ssh.go:828: [ssh] 1.0.0.200:17661 <-> 2.0.0.100:7733
server-gost_svr-1 | 2022/05/19 16:23:22 socks.go:983: [socks5-bind] 1.0.0.200:17661 -> ssh://:7733 -> 0.0.0.0:10022
server-gost_svr-1 | 2022/05/19 16:23:22 socks.go:1043: [socks5-bind] 1.0.0.200:17661 - 2.0.0.100:7733 BIND ON 2.0.0.100:10022 OK
是有这个问题,目前可以通过以下方法来规避:
- 开启mbind:
gost -L rtcp://:10022/:22 -F ssh://:7733?mbind=true - 使用标准SSH转发:
gost -L rtcp://:10022/:22 -F forward+ssh://:7733gost -L forward+ssh://:7733
