vpnkit icon indicating copy to clipboard operation
vpnkit copied to clipboard

Published 20 hours ago verified publisher icon moby

Connection refused: The proxy could not connect ot

Open abhinavsingh opened this issue 6 years ago • 4 comments

While debugging issue https://github.com/abhinavsingh/proxy.py/issues/43 I ran into the following error page:

screen shot 2019-02-21 at 9 46 04 pm

which hinted towards a certain bug during communicating between vpnkit and proxy.py container. For some reason, client connections to proxy.py are closed soon after proxy.py has received the client request, resulting in a tight retry request loop. See my https://github.com/abhinavsingh/proxy.py/issues/43#issuecomment-465841635 for more debugging details.

Any ideas where things might be going wrong here?

abhinavsingh avatar Feb 22 '19 05:02 abhinavsingh

I'm not sure but I recommend running the following to capture a packet trace from the VM:

docker run -it -v /tmp:/out --net=host djs55/tcpdump -n -i eth0 -s 0 -w /out/output.pcap

then trigger the problem, then take a look at the /tmp/output.pcap file with "wireshark". Or attach to this ticket and I'll take a look.

djs55 avatar Feb 22 '19 17:02 djs55

@djs55 apologies, it took some time. Got back to it now that proxy.py users are asking for a stable docker container. I can verify via tcpdump that for container goes into an infinite loop. All these CONNECT requests are coming from user-agent: ocaml-cohttp/1.1.0. Please see screenshots below for request and corresponding response packet:

Request Screen Shot 2019-09-16 at 5 38 36 PM

Response Screen Shot 2019-09-16 at 5 38 46 PM

There was no way for me to attach pcap file. But you can try it locally too:

docker run -it -p 8899:8899 --rm abhinavsingh/proxy.py:latest

Simply curl requests doesn't trigger this behavior. Change your browser / system proxy settings to use localhost:8899 and within seconds you should see the request flood. Alternately, you can also try sending tons of requests via ab or other similar tools.

abhinavsingh avatar Sep 17 '19 00:09 abhinavsingh

I managed to workaround this. I think somehow the --hostname=0.0.0.0 params defined in the Dockerfile CMD is not respected. I've removed the CMD entirely and now I'm running (on MacOS 10.15.7 Catalina) with the following cmd (I have a custom plugin so I had to rewrite the rest of the Dockerfile - hopefully a PR would follow):

docker run --rm -ti -p 8899:8899 proxy.py --plugins proxy.plugin.SSORestApiPlugin --hostname 0.0.0.0

amimimor avatar Jan 18 '21 13:01 amimimor

I managed to workaround this.

Wow lovely. I simply missed your reply. Are you able to successfully run it it on MacOS now? I'll take a look myself later this week. Hopefully we can resolve this.

abhinavsingh avatar Dec 01 '21 04:12 abhinavsingh