Streisand: Shadowsocks server can only be started manually

Created on 30 Mar 2018  ·  5Comments  ·  Source: StreisandEffect/streisand

I couldn't connect to my Streisand host after a fresh install.
I noticed that server doesn't seem to be started since

ps aux | grep ss-server

doesn't return anything.
I then tried to restart it via initd:

/etc/init.d/shadowsocks-libev start

But that didn't work either.

Lastly I juts manually started the server from the host console:

# ss-server 
 2018-03-30 08:55:07 INFO: using tcp fast open
 2018-03-30 08:55:07 INFO: plugin "obfs-server" enabled
 2018-03-30 08:55:07 INFO: initializing ciphers... chacha20-ietf-poly1305
 2018-03-30 08:55:07 INFO: tcp server listening at 127.0.0.1:33860
 2018-03-30 08:55:07 INFO: running from root user
 2018-03-30 08:55:07 [simple-obfs] INFO: obfuscating enabled
 2018-03-30 08:55:07 [simple-obfs] INFO: tcp port reuse enabled
 2018-03-30 08:55:07 [simple-obfs] INFO: listening at 195.XXX.YYY.ZZZ:8530
 2018-03-30 08:55:07 [simple-obfs] INFO: running from root user


And it worked.

There seems to be a bug related to this specific service.

streisand-diagnostics.md

### Ansible Information

* Ansible version: 2.5.0
* Ansible system: Linux
* Host OS: Archlinux
* Host OS version:  NA
* Python interpreter: python
* Python version: 3.6.4

### Streisand Information

* Streisand Git revision: bae2cb531330d69e2a2e307c09a7e17770ff8881
* Streisand Git clone has untracked changes: no
* Genesis role: existing-server
* Custom SSH key: True

### Enabled Roles

* Shadowsocks enabled:  True
* Wireguard enabled: True
* OpenVPN enabled: True
* stunnel enabled: True
* Tor enabled: True
* Openconnect enabled: True
* TinyProxy enabled: True
* SSH forward user enabled: True
* L2TP enabled: False
* Configured number of VPN clients: 10

Additional Details:

Log output from Ansible or other relevant services (link to Gist for longer output):

Target Cloud Provider:
Operating System of target host:
Operating System of client:
Version of Ansible, using ansible --version :
Output from git rev-parse HEAD in your Streisand directory :
areshadowsocks kinquestion provideunsupported

Most helpful comment

Same thing, Digitalocean fresh install with default settings except certificates count.
It works only if i launch ss-server -c /etc/shadowsocks-libev/config.json manually.
Ubuntu 16.04 latest update, streisand from today's master branch. Client Android 8.0 Shadowsocks 4.5.5.
UPD: I noticed that service is disabled

root@tuna:~# sudo service shadowsocks-libev status
● shadowsocks-libev.service - Shadowsocks-libev Default Server Service
   Loaded: loaded (/lib/systemd/system/shadowsocks-libev.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:shadowsocks-libev(8)

Tried to enable service manually.
This one didn't worked:

root@tuna:~# service shadowsocks-libev enable
root@tuna:~# service shadowsocks-libev start

This one worked:

root@tuna:~# systemctl enable shadowsocks-libev
root@tuna:~# service shadowsocks-libev start

It is working! :) OpenVPN and Tor still working too

All 5 comments

Same thing, Digitalocean fresh install with default settings except certificates count.
It works only if i launch ss-server -c /etc/shadowsocks-libev/config.json manually.
Ubuntu 16.04 latest update, streisand from today's master branch. Client Android 8.0 Shadowsocks 4.5.5.
UPD: I noticed that service is disabled

root@tuna:~# sudo service shadowsocks-libev status
● shadowsocks-libev.service - Shadowsocks-libev Default Server Service
   Loaded: loaded (/lib/systemd/system/shadowsocks-libev.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:shadowsocks-libev(8)

Tried to enable service manually.
This one didn't worked:

root@tuna:~# service shadowsocks-libev enable
root@tuna:~# service shadowsocks-libev start

This one worked:

root@tuna:~# systemctl enable shadowsocks-libev
root@tuna:~# service shadowsocks-libev start

It is working! :) OpenVPN and Tor still working too

This bug is pretty mysterious! It seems to be affecting multiple people lately (e.g. #1293) so I've pulled it into my immediate TODO list.

Anecdotally, I ran a localhost provision of server with only shadowsocks enabled yesterday for something unrelated and the ss-server process was running at the end and the shadowsocks-libev service was both up and enabled. This makes me think its either related to the default service configuration or perhaps is something provider specific. I will try to reproduce using the default service list and DigitalOcean this evening after work.

@alimakki Noticed we were missing daemon_reload: yes in the shadowsocks systemd task:
https://github.com/StreisandEffect/streisand/blob/65173b02470c8a7373a72cfd1b7a5733cb68da8b/playbooks/roles/shadowsocks/tasks/main.yml#L68-L72

That would explain the shadowsocks-libev service not being enabled and ss-server not starting after a reboot.

Anecdotally, I ran a localhost provision of server with only shadowsocks enabled yesterday for something unrelated and the ss-server process was running at the end and the shadowsocks-libev service was both up and enabled.

I went back to this instance and ss-server did come up after first provisioning but I misread the output of systemctl status shadowsocks-libev when I concluded it was enabled. It was not, and so after a reboot ss-server would not have started again.

@alphazo @diman94 Is it possible that when you created your Streisand instance ss-server _did_ start up successfully, but that the server was rebooted (perhaps due to the automatic updates configuration scheduling a reboot) and upon booting again ss-server did not start?

This would make sense since we also explicitly check that a process is listening on the ss-server port before provisioning will continue: https://github.com/StreisandEffect/streisand/blob/65173b02470c8a7373a72cfd1b7a5733cb68da8b/playbooks/roles/shadowsocks/tasks/main.yml#L79-L93

@cpu yes, I rebooted server after installing to check that everthing is working.

@diman94 great, thanks for confirming! this is now fixed in master thanks to @alimakki and #1297

Thanks for reporting the problem everyone!

Was this page helpful?
0 / 5 - 0 ratings

Related issues

ape364 picture ape364  ·  5Comments

damko picture damko  ·  5Comments

NightMachinary picture NightMachinary  ·  5Comments

tomchiverton picture tomchiverton  ·  6Comments

markwyner picture markwyner  ·  3Comments