Comments (9)
Hello @shakibamoshiri,
I had a similar issue with the DNS resolver. I was using Shadowsocks as the proxy server, which uses TCP by default. However, the DNS resolver on my system was using UDP, which was causing the problem.
If your proxy server doesn't support UDP connections, I highly suggest changing the DNS resolver configuration.
For Linux users, a workaround is to add the following line to the /etc/resolv.conf
file:
options use-vc
https://man7.org/linux/man-pages/man5/resolv.conf.5.html
Please let me know if this helped you.
from tun2socks.
Hello @shakibamoshiri,
I had a similar issue with the DNS resolver. I was using Shadowsocks as the proxy server, which uses TCP by default. However, the DNS resolver on my system was using UDP, which was causing the problem.
If your proxy server doesn't support UDP connections, I highly suggest changing the DNS resolver configuration.
For Linux users, a workaround is to add the following line to the
/etc/resolv.conf
file:options use-vc
https://man7.org/linux/man-pages/man5/resolv.conf.5.html
Please let me know if this helped you.
Hi , actually I found that the main issue is the socks5 (implemented by openssh) not tun2socks
Also it is not just the DNS request , opening YouTube for example would cause many errors
The right solution is to use a socks5 server that support TCP and UDP.
Testing these tools showed no errors
- xray socks5 inbound
- hysteria2 socks5 inbound
- sing-box socks5 inbound
Thank you for the reply
from tun2socks.
Reading the WiKi tells that we should setup our own DNS servers on linux
https://github.com/xjasonlyu/tun2socks/wiki/DNS-Configuration
but the provided link
https://www.cyberciti.biz/faq/howto-linux-bsd-unix-set-dns-nameserver/
is not about DNS server , it is about setting nameservers
I am wrong or right?
if namserver is needed, all Linux servers already do, if local DNS server is needed , the link/doc is incorrect ?
from tun2socks.
it seems the main issue is UDP traffic is being forwarded to the socks5 server which is SSH -D and it does not support that .
trying to separate UDP traffic from TCP seems be the solution. I will update the result here.
from tun2socks.
yeah, SSH is not an ideal proxy server especially if you want to also forward UDP traffic.
from tun2socks.
@xjasonlyu with iproute2
I somehow separated UDP traffic from TCP and could make work but opening sites like YouTube caused errors since there were many mixed UDP and TCP requests seeing some
- connection refused
- timeout
errors
On the other hand I am curious Android applications like
- SSH injector
- HTTP injector
- Open Tunnel
how do they make it work reliably and correcting? They use SSH and a local socks5 proxy and mange to forward the full traffic even on non-root devices, But cannot making it work on Linux with root privilege is frustrating
from tun2socks.
@shakibamoshiri I am not familiar with the applications you mentioned, but there are some approaches like UDP over TCP to solve this kind of problem. Also, most of the UDP traffic comes from DNS queries, so it can also be solved by using DOH or DOT for example.
from tun2socks.
They are Android applications that act like a VPN . They forward full traffic via a local socks5 proxy by the help of tun2socks libraries. The authentication is based on SSH -- thus I thought and wanted to test this setup on a Linux server. The only issue is unsupported UDP forwarding of openssh-client .
A new test with wstunnel that forwards UDP with the same setup works correctly . No UDP WARN
i saw
INFO[0003] [UDP] 192.168.77.2:32999 <-> 8.8.8.8:53
INFO[0003] [UDP] 192.168.77.2:33984 <-> 8.8.8.8:53
INFO[0003] [TCP] 192.168.77.2:57392 <-> 66.102.1.188:5228
INFO[0004] [UDP] 192.168.77.2:57970 <-> 1.1.1.2:53
INFO[0004] [UDP] 192.168.77.2:55235 <-> 1.1.1.2:53
INFO[0004] [UDP] 192.168.77.2:51407 <-> 1.1.1.2:53
INFO[0004] [UDP] 192.168.77.2:35074 <-> 1.1.1.2:53
INFO[0004] [UDP] 192.168.77.2:51001 <-> 1.1.1.2:53
INFO[0004] [UDP] 192.168.77.2:34543 <-> 1.1.1.2:53
INFO[0005] [UDP] 192.168.77.2:33333 <-> 1.1.1.2:53
INFO[0005] [UDP] 192.168.77.2:37457 <-> 1.1.1.2:53
INFO[0005] [UDP] 192.168.77.2:42162 <-> 1.1.1.2:53
INFO[0005] [UDP] 192.168.77.2:59906 <-> 1.1.1.2:53
INFO[0005] [UDP] 192.168.77.2:40178 <-> 1.1.1.2:53
INFO[0008] [UDP] 192.168.77.2:42124 <-> 1.1.1.2:53
INFO[0008] [UDP] 192.168.77.2:55277 <-> 1.1.1.2:53
INFO[0008] [UDP] 192.168.77.2:39736 <-> 1.1.1.2:53
INFO[0008] [UDP] 192.168.77.2:42508 <-> 1.1.1.2:53
INFO[0008] [UDP] 192.168.77.2:60137 <-> 1.1.1.2:53
INFO[0008] [UDP] 192.168.77.2:50307 <-> 1.1.1.2:53
Hope i find some time , update your WiKi/tutorial and give a full setup so no others blame tun2socks
as the source of the issue.
Thanks
from tun2socks.
@xjasonlyu
how can I update the WiKI or add some real setup ? At the moment I am testing
[ wg-client ] =====> [ hop-1 wg-server + tun2socks + ws-tunnel ] <===== [ hop-2 ws-tunnel ] =====> Free Internet
I works even it is slow, but give the point of a full setup
ws-tunnel is slow
from tun2socks.
Related Issues (20)
- 如何实现路由规则的匹配?
- [Feature] Install tun2socks as a Windows service HOT 1
- telnet connection issue HOT 1
- [Feature] 安卓开发中调用 tun2socks 的问题
- [Document] TUN interface needs DNS server configuration on Windows HOT 4
- [Bug] cannot ssh to remote server HOT 3
- [Bug] -tcp-sndBuf does not appear to change the send buffer size on Linux HOT 2
- [Bug] param -tun-post-up not work HOT 5
- [Doc Bug] setup should mention that host can not be localhost and nameserver should be changed HOT 8
- [Bug] The tun2socks always to use a new port to connect to tcp server HOT 1
- [Bug] Warning "status 7" was reported when access DNS server occasionally(DNS traffic was set to send via physical interface in route table) HOT 1
- [Feature] Does the wireguard-go package not provide an API for sending layer 3 packets? I've been looking for a long time and haven't seen it.
- [Bug] error compile HOT 3
- \core\device\iobased\endpoint.go:78 Read latency is high HOT 2
- [Bug] can not proxy telegram or line apps text data.
- [Feature] missing "--tun-post-down" option HOT 2
- [Feature] 关于windows 系统下的benchmarks
- [Feature] Add username/password support in `-proxy` parameter HOT 2
- [Bug] ICMP packets escapes proxy HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tun2socks.