Shadowsocks-libev: UDP forwarding does not work

Created on 15 Sep 2014 · 8Comments · Source: shadowsocks/shadowsocks-libev

shadowsocks-libev 1.4.6 running on Debian wheezy.

TCP works OK.

Use case is connecting to a OpenVPN server (with proto udp) using the socks-proxy option, through shadowsocks.

[ovpn@freebsd] -----[socks5]----> [ss-local@debian] ----[internet]-----> [ss-server@debian] ----> [dst ovpn]

NOTE!!!: One unusual (I guess) aspect of this setup is that shadowsocks ss-local is not running locally on the machine that I'm running OpenVPN from; this is simply due to the shadowsocks-libev FreeBSD port segfaulting as soon as I throw any UDP traffic it's way (the port is older at 1.4.0, perhaps it's a bug from that version)

openvpn stdout reads (ips redacted):
Attempting to establish TCP connection with AF_INET:10080 [nonblock]
TCP connection established with [AF_INET]ss-local:10080
UDPv4 link local: [undef]
UDPv4 link remote: [AF_INET]ovpn-server:ovpn-port

Meanwhile, at ss-local, I see:
"INFO: [udp] assc request accepted"
"INFO: [udp] server receive a packet"
"INFO: [udp] cache missed: ovpn-server:ovpn-port <-> freebsd-ip:$someport

At the same time, I am running tcpdump, and see no attempts whatsoever to contact the remote ss-server at all.

Therefore, the forwarding doesn't work.

This seems to be the same issue as #105.

Any ideas?

Source

bsdhsr

Most helpful comment

Ah yes, immortal classic - an issue from a decade ago that is relevant to my issue but has no resolution.

Kein on 25 Jan 2020

😄2

All 8 comments

Could you also post the log of ss-server?

madeye on 16 Sep 2014

Remember, ss-local never attempts to contact ss-server at all when using UDP -100% sure.

This is why I included no logs from it (and a small ascii description of the path the packeta travel, in the offchance that I misunderstood how to interconnect the parts).

Let me know if there is something that I am missing.

Could you post a working configuration for all parts (ss-*), the version running, and how they interconnect?

bsdhsr on 16 Sep 2014

FYI, I have also now tried to run OpenVPN in the Debian VM, and the same situation occurs (except that the IP in the "cache missed" message is now debian's IP).

bsdhsr on 16 Sep 2014

To me, it seems all your UDP traffic are filtered by firewall or something similar. Could you check that the UDP packets are able to reach your server's port used by shadowsocks?

madeye on 16 Sep 2014

You are correct. Since I saw OpenVPN connecting to shadowsocks using TCP, I never checked UDP traffic.

It's working now, thanks for the tip.

bsdhsr on 18 Sep 2014

Just a quick follow-up:

Say I am using shadowsocks on my mobile phone and enable UDP forwarding while my shadowsocks-libev is installed on my NAS functioning as my proxy server, which ports would I need to enable on my firewall for UDP forwarding to work?