shadowsocks-windows UDP问题
使用SuperSocks5Cap搭配shadowsocks-windows版本是4.0.10,测试NAT类型(所有开启UDP转发的节点),得到的结果是UdpBlocked,而使用shadowsocksR版本是4.7(使用同样节点)得到的结果是PortRestrictedCone
@celeron533 @madeye
Bluemiaocat
All 31 comments
我有经过游戏(GTA5)测试,NAT类型是UDP被屏蔽,并不能正常游戏,使用SSR客户端来使用SS则一切正常
Bluemiaocat
on 10 Jun 2018
感谢报告,测试了一下,的确有问题,服务器端开启UDP支持的情况下,客户端不会发送UDP请求到服务器,感觉SS客户端什么地方有问题。
如果你用于游戏,个人建议使用SSTap: https://www.sockscap64.com/zh-hans/sstap/
请注意:SSTap不是 Shadowsocks for Windows 的一部分。
chenshaoju
on 10 Jun 2018
@chenshaoju 使用SSTap会导致游戏的nat类型是nat3,根本没办法游戏,所以希望能尽快修复这个BUG
Bluemiaocat
on 10 Jun 2018
我直接安装anyconnect上游戏,完全没问题,SS的UDP支持还是不太好,
Rem1x-2019
on 10 Jun 2018
了解了, @xyj1999
服务端用的是libev还是python?
celeron533
on 12 Jun 2018
@celeron533 服务端用的是libev
Bluemiaocat
on 12 Jun 2018
Hi @wongsyrone , I noticed in UDPRelay.cs:
https://github.com/shadowsocks/shadowsocks-windows/blob/79f33bc326f92921133b433a1fcd597fe64e7f75/shadowsocks-csharp/Controller/Service/UDPRelay.cs#L83
https://github.com/shadowsocks/shadowsocks-windows/blob/79f33bc326f92921133b433a1fcd597fe64e7f75/shadowsocks-csharp/Controller/Service/UDPRelay.cs#L86
public void Send(byte[] data, int length)
{
IEncryptor encryptor = EncryptorFactory.GetEncryptor(_server.method, _server.password);
byte[] dataIn = new byte[length - 3];
Array.Copy(data, 3, dataIn, 0, length - 3);
byte[] dataOut = new byte[65536]; // enough space for AEAD ciphers
int outlen;
encryptor.EncryptUDP(dataIn, length - 3, dataOut, out outlen);
Logging.Debug(_localEndPoint, _remoteEndPoint, outlen, "UDP Relay");
_remote?.SendTo(dataOut, outlen, SocketFlags.None, _remoteEndPoint);
}
But I am not sure why there is a 3 byte offset?
celeron533
on 12 Jun 2018
忽略两字节rsv和一字节frag
wongsyrone
on 13 Jun 2018
忽略两字节rsv和一字节frag
Thx
# SOCKS5 UDP Request
# +----+------+------+----------+----------+----------+
# |RSV | FRAG | ATYP | DST.ADDR | DST.PORT | DATA |
# +----+------+------+----------+----------+----------+
# | 2 | 1 | 1 | Variable | 2 | Variable |
# +----+------+------+----------+----------+----------+
# SOCKS5 UDP Response
# +----+------+------+----------+----------+----------+
# |RSV | FRAG | ATYP | DST.ADDR | DST.PORT | DATA |
# +----+------+------+----------+----------+----------+
# | 2 | 1 | 1 | Variable | 2 | Variable |
# +----+------+------+----------+----------+----------+
# shadowsocks UDP Request (before encrypted)
# +------+----------+----------+----------+
# | ATYP | DST.ADDR | DST.PORT | DATA |
# +------+----------+----------+----------+
# | 1 | Variable | 2 | Variable |
# +------+----------+----------+----------+
# shadowsocks UDP Response (before encrypted)
# +------+----------+----------+----------+
# | ATYP | DST.ADDR | DST.PORT | DATA |
# +------+----------+----------+----------+
# | 1 | Variable | 2 | Variable |
# +------+----------+----------+----------+
# shadowsocks UDP Request and Response (after encrypted)
# +-------+--------------+
# | IV | PAYLOAD |
# +-------+--------------+
# | Fixed | Variable |
# +-------+--------------+
@celeron533 不好意思再次打扰,这个问题有望在下个版本解决吗?也非常感谢你们能抽空开发shadowsocks,让我们这些小白能愉快的墙外冲浪
Bluemiaocat
on 18 Jul 2018
@xyj1999 最近一直在外出。。。抱歉
celeron533
on 18 Jul 2018
https://github.com/shadowsocks/shadowsocks-windows/issues/1106#issuecomment-292711020 不知道GTA是不是带了FRAG?
celeron533
on 22 Jul 2018
GTA带不带FRAG这个要怎么进行测试?现在表示看91的时候视频也不能正常加载,,,,
Bluemiaocat
on 22 Jul 2018
91的是我自身设置问题,不好意思
Bluemiaocat
on 27 Jul 2018
@celeron533 很感谢更新,但是问题还是依旧,我这个问题不是一个BUG吗?
Bluemiaocat
on 5 Aug 2018
现在还不确定,试过ProxyCap和SocksCap吗
celeron533
on 5 Aug 2018
问题复现~ @celeron533
Bluemiaocat
on 5 Aug 2018
我这边重现了一样问题。有空看看
celeron533
on 8 Aug 2018
加密后的UDP包送去了服务器就没有任何UDP返回。。。很有可能是服务器直接判断加密方法不符,然后就没有然后了
celeron533
on 13 Dec 2018
@Bluemiaocat 加密是不是用了AEAD相关?
可能是缺失socks5.bind导致UDP服务器发起连接打洞失败
celeron533
on 13 Dec 2018
是的,加密使用的AEAD @celeron533
Bluemiaocat
on 20 Dec 2018
@Bluemiaocat sockscap64 自带的测试结果是什么呢
celeron533
on 23 Dec 2018
@celeron533
没有问题
Bluemiaocat
on 23 Dec 2018
这个问题后来解决了吗?
superdollar
on 11 Jun 2019
@superdollar please try https://ci.appveyor.com/project/celeron533/shadowsocks-windows/builds/25078158/job/ku65g6pncm2yseud/artifacts
celeron533
on 12 Jun 2019
试了一下还不行,目前还不确定是什么问题
target : openvpn over ss
openvpn : 2.3.2, udp (direct connection without ss is OK), turned on socks-proxy
server : shadowsocks-libev 3.1.3 (UDP relay enabled observed in log)(ubuntu 18.04 apt install)
client : shadowsocks-windows 4.1.6.8 & 4.1.6.18 (openvpn over TCP works)
method : aes-256-cfb
client log : Socket connected to ss server : ** : 443 (repeated 5 times, then)
connect to 0.0.0.0:0
server log : nothing
我没有打开server端防火墙的UDP input 443,打开后server log就有数据了,虽然openvpn连接还是authentication出错,但因该不是ss的问题了
superdollar
on 12 Jun 2019
如果你希望使用OpenVPN over SS,你应该考虑使用OpenVPN的TCP模式。
chenshaoju
on 12 Jun 2019
TCP模式是可以工作的,就是怕TCP over TCP的问题想试试能不能UDP over TCP
顺便问一下,如果是ss是UDP relay方式,ss server 和 client 之间因该还是tcp数据流吧?
superdollar
on 12 Jun 2019
UDP relay WORKS! i.e. OpenVPN over SS works in udp over udp mode.
- SS server : shadowsocks-libev v3.1.3 (ubuntu 18.04) with UDP relay
- SS client : v4.1.7.1
- openvpn v2.2.3 UDP mode with socks-proxy option to SS
Thanks for fixing udp problem.
superdollar
on 28 Jul 2019
2387, maybe we can close it now?
ghost
on 5 Jan 2020
I personally believe that this ticket can be closed. Thanks.
superdollar
on 6 Jan 2020
Related issues
spectereye
·
4Comments
wenjiping
·
3Comments
xmha97
·
3Comments
LisonFan
·
3Comments
Galaxy0419
·
3Comments
Most helpful comment
我这边重现了一样问题。有空看看