gsnova icon indicating copy to clipboard operation
gsnova copied to clipboard

Published 20 hours ago verified publisher icon yinqiwen

Is the sniproxy function for PaaS deprecated in version 0.28.0?

Open Alexeieva opened this issue 7 years ago • 17 comments

Looks like this project still keeps the string 'SNIProxy' ,however I cannot estabish websocket connection through a sni proxy via configuring client.json as follows, which works well for version 0.26.3:

"Channel":[ { "Enable":true, "Name":"heroku-websocket", //Allowed server url with schema 'http/http2/https/ws/wss/tcp/tls/quic/kcp/ssh' //"ServerList":["quic://1.1.1.1:48101"], "ServerList":[ "wss://example.herokuapp.com" ], "SNI": ["herokuapp.com"], "SNIProxy" : "cn_sni_proxy", //"ServerList":["tcp://127.0.0.1:18080"], //"ServerList":["ssh://[email protected]:22?key=./PPP"], //if u are behind a HTTP proxy "Proxy":"", "ConnsPerServer":3, //Unit: second "DialTimeout":6, //Unit: second "ReadTimeout":15, //Reconnect after 120s "ReconnectPeriod": 300, //ReconnectPeriod rand adjustment, the real reconnect period is random value between [P - adjust, P + adjust] "RCPRandomAdjustment" : 10, //Send heartbeat msg to keep alive "HeartBeatPeriod": 30, "Compressor":"none" },

Although sniproxy is specified in client.json & hosts.json respectively, the client in version 0.28.0 ignore that and still connect wss server directly. Is the sniproxy function for PaaS deprecated in version 0.28.0?

Alexeieva avatar Oct 18 '17 06:10 Alexeieva

Here is the output for the client in version 0.26.3:

2017/10/17 08:24:40 Proxy channel(DIRECT):Direct init success 2017/10/17 08:24:40 Proxy channel(REJECT):Reject init success 2017/10/17 08:24:40 [Proxy]Connect 172.0.0.1:443 2017/10/17 08:24:42 Connect wss://example.herokuapp.com success. 2017/10/17 08:24:42 Channel[0] connect wss://example.herokuapp.com success. 2017/10/17 08:24:42 Server:wss://example.herokuapp.com authed success. 2017/10/17 08:24:42 Proxy channel(PAAS):heroku init success 2017/10/17 08:24:42 proxy.go:106: Starting GSnova r8.

And the output in version 0.28.0 with almost same configuration goes as:

2017/10/17 21:06:23 proxy.go:385: Allowed proxy channel with schema:[http http2 https kcp quic ssh tcp tls ws wss] 2017/10/17 21:06:23 proxy.go:281: Proxy channel:direct init success 2017/10/17 21:06:23 dial.go:100: Connect tcp://example.herokuapp.com:443 success. 2017/10/17 21:06:24 ws.go:37: Connect wss://example.herokuapp.com success. 2017/10/17 21:06:25 proxy.go:196: Mux session woulde expired after 402 seconds. 2017/10/17 21:06:25 proxy.go:281: Proxy channel:heroku-websocket init success 2017/10/17 21:06:25 proxy.go:409: Started GSnova r11.

Alexeieva avatar Oct 18 '17 06:10 Alexeieva

fixed in v0.29.0

yinqiwen avatar Oct 18 '17 09:10 yinqiwen

the problem still occurs in v0.29.0:

2017/10/18 18:40:50 proxy.go:372: Allowed proxy channel with schema:[http http2 https kcp quic ssh tcp tls ws wss] 2017/10/18 18:40:50 proxy.go:282: Proxy channel:direct init success 2017/10/18 18:40:50 dial.go:101: Connect wss://example.herokuapp.com:443 success. 2017/10/18 18:40:52 ws.go:37: Connect wss://example.herokuapp.com success. 2017/10/18 18:40:53 proxy.go:197: Mux session woulde expired after 310 seconds. 2017/10/18 18:40:53 proxy.go:282: Proxy channel:heroku-websocket init success 2017/10/18 18:40:53 proxy.go:396: Started GSnova r13. 2017/10/18 18:40:53 local_server.go:260: Listen on address :48100 2017/10/18 18:40:53 local_server.go:260: Listen on address :48101 2017/10/18 18:40:53 local_server.go:260: Listen on address :48102

As seen the sni proxy specified in client.json doesn't work in v0.29.0 .

Alexeieva avatar Oct 18 '17 09:10 Alexeieva

the log did not print actual IP for the domain now, u can use netstat -an to show the network status to see if it's not connect via sniproxy

yinqiwen avatar Oct 18 '17 10:10 yinqiwen

image

使用了.29的客户端出错了 不知道是啥回事 .28的能正常使用的

kirbyzhu avatar Oct 18 '17 14:10 kirbyzhu

@kirbyzhu dns 不通? 0.29中国外地址都用trusted dns解析了,需要保证client.json中的TrustedDNS是可用的(默认的时opendns地址)

yinqiwen avatar Oct 19 '17 01:10 yinqiwen

我用的也没有楼主的问题(commit 498f306)。

我想到的是,在用 SNI 时能不能支持 host 选项,理由是:

  1. 用 SNI 时,本地 DNS 这个貌似作用不大。
  2. 还能改善效率。

MeABc avatar Oct 19 '17 06:10 MeABc

看到最新的貌似强调 local dns 的作用了,我都没敢更新 ---- 由于一些原因,如果 dns 不通,走 SNI 时 gsnova 就不能用了?

MeABc avatar Oct 19 '17 06:10 MeABc

@MeABc DNS 解析是在SNI判断之后的,不存在上述问题 https://github.com/yinqiwen/gsnova/blob/master/local/proxy/dial.go#L74

local dns的作用主要在于用作dnsmasq的上游,兼顾gsnova内部域名解析之用,用在路由器上做透明代理比较有用;其它地方用处不大。

yinqiwen avatar Oct 19 '17 07:10 yinqiwen

@yinqiwen 谢谢解惑!

MeABc avatar Oct 19 '17 09:10 MeABc

@MeABc 借个地问你一个问题,你上次弄的集成 meek 的 gop 服务端能不能发我一份,或者给我说说集成的方法,另外,你说的计划用 go 来重新实现那个项目,进展怎么样了,目前我也需要这个东西,有进展的话,望分享一下,谢谢!

jzp820927 avatar Oct 19 '17 10:10 jzp820927

@jzp820927 还没有什么进展。。。整合的服务端代码等我整理好了会建一个仓库,(现在代码是脏乱差----没想过有人会要这个),到时会在这里回复你。

MeABc avatar Oct 19 '17 12:10 MeABc

@yinqiwen 你好, v0.29.0 按楼主这个份配置, SNI 好像不能加速 Heroku, 是不是去掉这个功能了

addsun avatar Oct 19 '17 14:10 addsun

@addsun 仍然保留,只是日志不显示,你可以用相关网络工具命令确认,例如netstat

yinqiwen avatar Oct 19 '17 14:10 yinqiwen

@yinqiwen 其他配置都不变,使用0.29就出现dns问题,可执行程序换回0.28可以正常连接。所以我觉得应该是0.29哪里的设置导致的。

kirbyzhu avatar Oct 19 '17 15:10 kirbyzhu

@kirbyzhu 区别在于0.28的内部DNS查询逻辑是如果不在gfwlist里的用FastDNS查询,0.29改成国外的用TrustedDNS查询

yinqiwen avatar Oct 20 '17 07:10 yinqiwen

@MeABc 好的,谢谢,只是个人需求罢了,好像目前没什么人研究 meek,应该不会有太大众化的需求吧, 因为我目前也在研究 meek 的实现技术,有什么进展望分享,那我就关注你的项目了,谢谢 话说,py 版那个代码太老旧 (2015 年的),实际使用效率太低,频繁报错,如果能 fork meek 的官方源码来实现 py 版的功能,应该非常完美。在 github 上搜了一下,除了 2015 年那个 py 版的,基本上找不到任何和那个 py 版相关的代码了。看 MeABc 兄,你有没有做这个项目的想法了?

jzp820927 avatar Oct 22 '17 11:10 jzp820927