Bind to specific ip won't work

[hamidrezakp]

Hi, i am using shadowsocks-rust 1.8.23 with v2ray-plugin and nginx. recently i added another ip to my VPS so now i have two ip.

The problem is shadowsocks (or v2ray) is using the first ip address and i can't cahnge it!

Here is my nginx config:

server {
        listen 168.119.xx.xx:443 ssl http2;
        server_name example.com;

        ssl_certificate "/etc/letsencrypt/live/example.com/fullchain.pem";
        ssl_certificate_key "/etc/letsencrypt/live/example.com/privkey.pem";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

        location /api/v2 {
                access_log          off;
                proxy_redirect      off;
                proxy_pass          http://127.0.0.1:4443;
                proxy_http_version  1.1;
                proxy_set_header    Upgrade $http_upgrade;
                proxy_set_header    Connection "upgrade";
                proxy_set_header    Host $http_host;
        }
}

My shadowsocks config:

{
    "server":"127.0.0.1",
    "server_port":4443,
    "password":"********",
    "timeout":300,
    "method":"aes-256-gcm",
    "plugin":"v2ray-plugin",
    "dns":"cloudflare",
    "plugin_opts":"server;host=example.com;path=/api/v2;loglevel=none",
    "fast_open": true
}

Output of ip a:

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 96:00:00:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 95.217.xx.xx/32 scope global eth0
       valid_lft forever preferred_lft forever
    inet 168.119.xx.xx/32 scope global dynamic eth0
       valid_lft 65023sec preferred_lft 65023sec
    inet6 2a01:4f8:xxxx:xxxx::1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::9400:xxxx:xxxx:xxxx/64 scope link
       valid_lft forever preferred_lft forever

Now clients public ip is 95.217.xx.xx not 168.119.xx.xx.

I also tried local_address seting to 168.119.xx.xx ip and local_port to 0 but it won't have any effect on this problem.

[zonyitoo]

If I understand your question correctly, you want to set ssserver's outbound socket to bind to 168.119.xx.xx?

[hamidrezakp]

Correct.

[zonyitoo]

I am currently busy working on refactoring the whole project. I will try to solve this issue after I finish refactoring.

[hamidrezakp]

No problem, btw thank you for your time and effort on this project, i love it.

[zonyitoo]

You may try with the latest master branch.

1. Run ssserver with -b YOUR_IP, or set local_address in configuration file with your IP
2. Run ssserver with --outbound-bind-interface on Linux-like systems

Looking forward for your feedback. :)

Oh, btw, your eth0 interface has two different IP? So solution 2 may not be helpful then..

[hamidrezakp]

Thanks, i compiled the latest commit and run it with this comamnd: ./ssserver -c /etc/shadowsocks/config.json -b 168.119.xx.xx

2020-12-20T20:22:12.900677762+01:00 INFO  shadowsocks 1.9.0
2020-12-20T20:22:12.907436839+01:00 INFO  shadowsocks tcp server listening on 127.0.0.1:30787, inbound address 127.0.0.1:4443
2020/12/20 20:22:13 V2Ray 4.23.2 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.14.3 linux/amd64)
2020/12/20 20:22:13 A unified platform for anti-censorship.

But it didn't change the public ip of clients. However, i tried setting --outbound-bind-interface but shadowsocks stops working and nothing sends or receives.

This my be a problem with my system because i tested shadowsocks-go and it was the same with binding.

[zonyitoo]

However, i tried setting --outbound-bind-interface but shadowsocks stops working and nothing sends or receives.

That's strange. This option only works for outbound sockets.

[myocytebd]

You may try with the latest master branch.

1. Run `ssserver` with `-b YOUR_IP`, or set `local_address` in configuration file with your IP

2. Run `ssserver` with `--outbound-bind-interface` on Linux-like systems

Looking forward for your feedback. :)

Oh, btw, your eth0 interface has two different IP? So solution 2 may not be helpful then..

I have the same problem on a NIC with multiple IPs. (v1.15.0-alpha.5.x86_64)

    inet .../29 brd ... scope global eth1
       valid_lft forever preferred_lft forever
    inet .../29 brd ... scope global secondary eth1:0
       valid_lft forever preferred_lft forever
    inet .../29 brd ... scope global secondary eth1:1
       valid_lft forever preferred_lft forever

eth1 IP is always used for outbound traffic.

Set local_address seems to have no effect. Use --outbound-bind-interface on virtual interface results in setsockopt SO_BINDTODEVICE error "No such device".

[zonyitoo]

No idea how to handle that situation. Please submit a PR if anyone knows how to handle it properly.

[aseaday]

No idea how to handle that situation. Please submit a PR if anyone knows how to handle it properly.

I want to solve this problem. But Could you show me the code of outbound socket (not the direction to the ss-client) . It is something like:

local.sin_family = AF_INET;
local.sin_addr.s_addr = inet_addr("THE USER WANT TO SPECIFY");
local.sin_port = 0;

[aseaday]

Sorry I found OUTBOUND_BIND_ADDR solve this problem. https://github.com/shadowsocks/shadowsocks-rust/blob/b382920c811edec5bd13d8cc8cca3e294fc012ab/src/service/server.rs#L43 I think this issue could solved.

[hamidrezakp]

hmm, Nice, i can not test this cause i don't have two ip right now.

If others can confirm this. we can close this issue.