[Bug] WARN[0004] [UDP] dial 8.8.8.8:53: client handshake: EOF about tun2socks HOT 9 CLOSED

Hello @shakibamoshiri,

I had a similar issue with the DNS resolver. I was using Shadowsocks as the proxy server, which uses TCP by default. However, the DNS resolver on my system was using UDP, which was causing the problem.

If your proxy server doesn't support UDP connections, I highly suggest changing the DNS resolver configuration.

For Linux users, a workaround is to add the following line to the /etc/resolv.conf file:

options use-vc

https://man7.org/linux/man-pages/man5/resolv.conf.5.html

Please let me know if this helped you.

from tun2socks.

Hello @shakibamoshiri,

I had a similar issue with the DNS resolver. I was using Shadowsocks as the proxy server, which uses TCP by default. However, the DNS resolver on my system was using UDP, which was causing the problem.

If your proxy server doesn't support UDP connections, I highly suggest changing the DNS resolver configuration.

For Linux users, a workaround is to add the following line to the /etc/resolv.conf file:

options use-vc

https://man7.org/linux/man-pages/man5/resolv.conf.5.html

Please let me know if this helped you.

Hi , actually I found that the main issue is the socks5 (implemented by openssh) not tun2socks
Also it is not just the DNS request , opening YouTube for example would cause many errors
The right solution is to use a socks5 server that support TCP and UDP.
Testing these tools showed no errors

• xray socks5 inbound
• hysteria2 socks5 inbound
• sing-box socks5 inbound

Thank you for the reply

from tun2socks.

Reading the WiKi tells that we should setup our own DNS servers on linux
https://github.com/xjasonlyu/tun2socks/wiki/DNS-Configuration
but the provided link
https://www.cyberciti.biz/faq/howto-linux-bsd-unix-set-dns-nameserver/
is not about DNS server , it is about setting nameservers
I am wrong or right?
if namserver is needed, all Linux servers already do, if local DNS server is needed , the link/doc is incorrect ?

from tun2socks.

it seems the main issue is UDP traffic is being forwarded to the socks5 server which is SSH -D and it does not support that .
trying to separate UDP traffic from TCP seems be the solution. I will update the result here.

from tun2socks.

yeah, SSH is not an ideal proxy server especially if you want to also forward UDP traffic.

from tun2socks.

@xjasonlyu with iproute2 I somehow separated UDP traffic from TCP and could make work but opening sites like YouTube caused errors since there were many mixed UDP and TCP requests seeing some

• connection refused
• timeout

errors

On the other hand I am curious Android applications like

• SSH injector
• HTTP injector
• Open Tunnel

how do they make it work reliably and correcting? They use SSH and a local socks5 proxy and mange to forward the full traffic even on non-root devices, But cannot making it work on Linux with root privilege is frustrating

from tun2socks.

@shakibamoshiri I am not familiar with the applications you mentioned, but there are some approaches like UDP over TCP to solve this kind of problem. Also, most of the UDP traffic comes from DNS queries, so it can also be solved by using DOH or DOT for example.

from tun2socks.

They are Android applications that act like a VPN . They forward full traffic via a local socks5 proxy by the help of tun2socks libraries. The authentication is based on SSH -- thus I thought and wanted to test this setup on a Linux server. The only issue is unsupported UDP forwarding of openssh-client .

A new test with wstunnel that forwards UDP with the same setup works correctly . No UDP WARN i saw

INFO[0003] [UDP] 192.168.77.2:32999 <-> 8.8.8.8:53      
INFO[0003] [UDP] 192.168.77.2:33984 <-> 8.8.8.8:53      
INFO[0003] [TCP] 192.168.77.2:57392 <-> 66.102.1.188:5228 
INFO[0004] [UDP] 192.168.77.2:57970 <-> 1.1.1.2:53      
INFO[0004] [UDP] 192.168.77.2:55235 <-> 1.1.1.2:53      
INFO[0004] [UDP] 192.168.77.2:51407 <-> 1.1.1.2:53      
INFO[0004] [UDP] 192.168.77.2:35074 <-> 1.1.1.2:53      
INFO[0004] [UDP] 192.168.77.2:51001 <-> 1.1.1.2:53      
INFO[0004] [UDP] 192.168.77.2:34543 <-> 1.1.1.2:53      
INFO[0005] [UDP] 192.168.77.2:33333 <-> 1.1.1.2:53      
INFO[0005] [UDP] 192.168.77.2:37457 <-> 1.1.1.2:53      
INFO[0005] [UDP] 192.168.77.2:42162 <-> 1.1.1.2:53      
INFO[0005] [UDP] 192.168.77.2:59906 <-> 1.1.1.2:53      
INFO[0005] [UDP] 192.168.77.2:40178 <-> 1.1.1.2:53      
INFO[0008] [UDP] 192.168.77.2:42124 <-> 1.1.1.2:53      
INFO[0008] [UDP] 192.168.77.2:55277 <-> 1.1.1.2:53      
INFO[0008] [UDP] 192.168.77.2:39736 <-> 1.1.1.2:53      
INFO[0008] [UDP] 192.168.77.2:42508 <-> 1.1.1.2:53      
INFO[0008] [UDP] 192.168.77.2:60137 <-> 1.1.1.2:53      
INFO[0008] [UDP] 192.168.77.2:50307 <-> 1.1.1.2:53 

Hope i find some time , update your WiKi/tutorial and give a full setup so no others blame tun2socks as the source of the issue.

Thanks

from tun2socks.

@xjasonlyu
how can I update the WiKI or add some real setup ? At the moment I am testing

[ wg-client ] =====> [ hop-1 wg-server + tun2socks + ws-tunnel ] <===== [ hop-2 ws-tunnel ] =====> Free Internet 

I works even it is slow, but give the point of a full setup

ws-tunnel is slow

from tun2socks.