agate icon indicating copy to clipboard operation
agate copied to clipboard
verified publisher icon mbrubeck

SNI issue with I2P

Open oooo-ps opened this issue 2 months ago • 2 comments

Trying to setup access to host I2P, and got SNI/router issue, described here:

  • https://github.com/mbrubeck/agate/issues/165#issuecomment-1081148646
  • gemini://bbs.geminispace.org/s/Geminispace/33453

Peer sent fatal TLS alert: Access was denied

Tunnel configuration:

[ps]
type = server
host = 302:68d0:f0d5:b88d::b
port = 1965
keys = ps.dat

Log says request passed empty domain request:

[INFO  agate] [302:68d0:f0d5:b88d::b]:1965 - "gemini://ps.ygg/" 20 "text/gemini"
[WARN  agate] [302:68d0:f0d5:b88d::b]:1965 - "" 00 "TLS error" error:unexpected error: no server certificate chain resolved
  • second one is i2p request, I'll try to fix that by the default option
  • gmid server provides more flexible settings, but I will try to make up this one later

So what about the Nginx-like default (host) option for Agate?

UPD. it works anyhow if I set xxx.b32.i2p as the hostname and link it to the host = 127.0.0.1 in tun.

oooo-ps avatar Oct 09 '25 14:10 oooo-ps

Have you tried placing the key and certificate file directly in the certificates directory?

These should be used by default. From the README section on certificate configuration:

The certificates directory may directly contain a key and certificate pair, this is the default pair used if no other matching keys are present.

Johann150 avatar Oct 18 '25 16:10 Johann150

FS looks like that:

Image
  1. certificates was auto-generated by Agate
  2. ps.ygg and xx.i2p - alias to single ./public
  3. I'm using --hostname ps.ygg --hostname xx.i2p - maybe incorrect multiple argument syntax?

oooo-ps avatar Oct 18 '25 17:10 oooo-ps