cbeuw / cloak Goto Github PK

is installing google bbr recommended?
since we are running TCP only via port 443 the speed would be much faster if we used google bbr.

cd /
wget --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh && chmod +x bbr.sh && ./bbr.sh
sudo uname -r
sudo sysctl net.ipv4.tcp_available_congestion_control
sudo sysctl net.ipv4.tcp_congestion_control
sudo sysctl net.core.default_qdisc
sudo lsmod | grep bbr

rm bbr.sh 
rm install_bbr.log 

[0021] Failed to prepare connection to remote: cipher: message authentication failed ERRO[0021] Failed to prepare connection to remote: cipher: message authentication failed

sometime when connection through vpn dc,
become like this
ERRO[0284] Failed to write to stream: the switchboard is broken ERRO[0284] Failed to write to stream: the switchboard is broken ERRO[0284] Failed to write to stream: the switchboard is broken

Hei. I just want to ask. I running it with double server with different port. After 2 hours testing one of server shutdown. now I running only one server. How many concurrent that ckserver handle?
NB: I set user 100concurrrent.

My SS-Server OS : Ubuntu 18.04 LTS (GNU/Linux 4.15.0-20-generic x86_64)
My Local OS : Windows 7 Home
My applications version : Shaowsocks-libev server 3.3.0 with Cloak plugin
Shadowsocks Windows client 4.1.6 with Cloak plugin

The problem is that the proxy speed drops dramatically(can't load web pages at all) every few minutes or just time out.
Sometimes the proxy wouldn't work when i open the browser even i never turn off the ss client.

Two workaround i found are :
A. Switch my SS client proxy mode from Global to Pac then switch back. Sometimes i have to switch'em back and forth until it works lol .
B. Restart Shadowsocks client, but it doesn't work every time.

If i leave it be and do nothing about it, it sometimes it goes back to normal in few minutes, sometime it just stay dead until i perform CPR(the workround lol) to it.
Besides, i found out that when the SS proxy goes extremely slow or failed, so does the SSH connection to my remote server. However, the connectivity testing result of my remote server is all good.
PS. i have set the Timeout on ss server and client into 5 sec, it's better than before a little bit, but the problem's still there.

What distro are u using to test it out?

Running this in ubuntu and it's not working anymore , not sure if it's the OS or what but I am assuming it's the OS

Also can u please take a look at this...
The connment...

https://gist.github.com/cbeuw/dd34bf577db85d857ae2f8bb960733e3

Any idea how I can get this running as a plugin for shadowsocks on my router?

root@OpenWrt:/tmp# opkg print-architecture | awk '{print $2}'
all
noarch
mips_24kc

I've tried a few mips64 ones from the release page and just get a syntax error if I try to run them, so I'm guessing not those.

Really looking forward to using this.

Hello,
The just released 2.0.1 version fails to communicate with fallback https server, nginx reports:

2019/08/14 10:01:42 [crit] 1118#1118: *19087 SSL_do_handshake() failed (SSL: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low) while SSL handshaking, client: 127.0.0.1, server: 0.0.0.0:10443

nginx config:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

2.0 was working fine.

Such as title

I set up everything according to the guide (master branch).

However, when I try to connect, the server errors out:

WARN[0011] +1 unauthorised UID    UID="..............=="
error="UID does not correspond to a user" remoteAddr="..........:11175"

I'm positive the AdminUID is correct.

First of all, many and many thanks for such stuff. @cbeuw
If you don't mind, I'm gonna request some features.

Here's the list:
*Ability to change hard coded User-Agent
*Replay/Record request template (MITM record a genuine HTTP/HTTPS request and use it with server/client configuration.)
*Custom Handshake, Fake Session Tickets for TLS (https://github.com/refraction-networking/utls)
*Rework concurrency (Single channel connection multiplexing)
(Like this one; https://github.com/xtaci/smux)
*Keep-alive for UDP mode (Like this one: https://github.com/xtaci/kcptun)
*Daemon mode for crash prevention restart/monitor
*Alternate tunneling transports for standalone usage (HTTP/HTTPS/SOCKS/KCP etc. SOCKS would be great. Good one to use as lib; https://github.com/shadowsocks/go-shadowsocks2/blob/master/socks/socks.go)

Thanks again.

Quick question, I think I know the answer.

Would it be better to use a domain for the OBFS that resolves to the same IP used for the SS server ?

The default in the config is bing, but this wouldn't work as well as a domain resolving to SS IP ?

Or doesn't it matter with Cloak ?

I downloaded Ck-server-linux-amd64-1.1.1 on Ubuntu 18.04 and was trying to set the server up, but i couldn't find the ckserver.json file. Do i creat the json file locally or do i download it from somewhere or i'm just too dumb to find it lol ?

first shadowsocks+cloak port 7878 using IPs yotube family was work then i am trying to run second shadowsocks cloak port 8989 using ips facebook but only cloak port 7878 which running perfectly, its not like obfs we can run multiple shadowsoks obfs same time

I used the shadowsocks-ck-release.sh script to install on a CentOS 7 Minimal server with Apache. The script finished with a success message and displayed the install info. However, the redirect web page is no longer served and I get the following error in a Firefox browser:

An error occurred during a connection to mysite.com. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

I get the same error even when I change the redirect web page to: WebServerAddr=204.79.197.200:443.

Also, connections from the Shadowsocks client are unsuccessful.

Below is what I get if I use ss-server -c /etc/shadowsocks-libev/config.json

2019-05-21 11:26:55 INFO: plugin "ck-server" enabled
2019-05-21 11:26:55 INFO: initializing ciphers... aes-256-gcm
2019-05-21 11:26:55 INFO: using nameserver: 8.8.8.8
2019-05-21 11:26:55 INFO: tcp server listening at 127.0.0.1:54768
2019/05/21 11:26:55 ck-server.go:265: Listening on 0.0.0.0:443
2019/05/21 11:26:55 ck-server.go:267: listen tcp 0.0.0.0:443: bind: address already in use
2019-05-21 11:26:55 ERROR: plugin service exit unexpectedly

I don't know where to begin troubleshooting. Please help.

I do have my Apache vhost listening on port 444.

Below is my \etc\shadowsocks-libev\config.json

{
    "server":"0.0.0.0",
    "server_port":443,
    "password":"gjxuLfgght$jN",
    "timeout":300,
    "user":"nobody",
    "method":"aes-256-gcm",
    "fast_open":false,
    "nameserver":"8.8.8.8",
    "plugin":"ck-server",
    "plugin_opts":"WebServerAddr=127.0.0.1:444;PrivateKey=mOgNzBsdg19xDt+rdffgLZ/VAadffgRlg3strty=;AdminUID=6YoiyuorttypTtruOrW9Ns45ytbIC12/3bI=;DatabasePath=/root/userinfo.db;BackupDirPath=/root"
}

Below is my ck-client.json:

{
	"ServerName":"www.mysite.com",
	"Key":"Jk4faPMsdfCt/svxbjNl352dghyHWW7Khjjk68WLzkc=",
	"TicketTimeHint":3600,
	"Browser":"chrome"
}

The shadowsocks and cloak running on both PCs are using identical configs. The only difference is that I haven't used or updated my second PC for half a month because its graphics card was RMA'd.
Shadowsocks says connection was closed by my server. sessionId of my second PC is 0 for some reason:

Sep 08 14:47:09 *** ss-server[691]: time="2019-09-08T14:47:09Z" level=warning msg="TLS but non-Cloak ClientHello" UID="***" encryptionMethod=0 proxyMethod=shadowsocks remoteAddr="117.:" sessionId=0
Sep 08 14:48:03 *** ss-server[691]: time="2019-09-08T14:48:03Z" level=info msg="New session" UID="***" sessionID=228962224

Hi,
I downloaded the file, and tried in step 2: run ck-server -k, however it seems this can't be executed, even though I chmod already. The alert message is:
flag provided but not defined: -k
Usage of ck-server:
-a Admin mode
-c string
pluginOpts: path to ckclient.json or options seperated with semicolons (default "ckclient.json")
-h Print this message
-l string
localPort: same as server_port in ss config, the plugin listens to SS using this
-p string
remotePort: proxy port, should be 443 (default "443")
-s string
remoteHost: IP of your proxy server
-v Print the version number

What can I do?
Thank you.

I tested openvpn+ck
In one mobile it is normally worked, however in two mobile it can not work simultaneously.

the installation stopped by this
2019/04/22 05:54:47 ck-server.go:244: Must specify localAddr

root@vultr:~# uname -a
Linux vultr.guest 3.13.0-168-generic #218-Ubuntu SMP Thu Mar 14 16:56:08 UTC 201
9 x86_64 x86_64 x86_64 GNU/Linux

the pakage i download is
./ck-server-linux-amd64-1.1.1

i keep getting
2019-05-15 16:06:38 INFO: plugin "/usr/local/bin/ck-client-darwin-amd64-1.1.1" enabled
2019-05-15 16:06:38 INFO: initializing ciphers... chacha20-ietf-poly1305
2019-05-15 16:06:38 INFO: listening at 127.0.0.1:1080
2019-05-15 16:06:38 INFO: running from root user
2019/05/15 16:06:38 ck-client.go:168: Listening for ss on 127.0.0.1:51709
2019/05/15 16:06:38 ck-client.go:174: Attemtping to start a new session
2019/05/15 16:06:38 ck-client.go:204: Session 2395684801 established
2019/05/15 16:06:45 ck-client.go:231: The optimal connection is nil
2019/05/15 16:06:46 ck-client.go:231: The optimal connection is nil
2019/05/15 16:06:46 ck-client.go:231: The optimal connection is nil
2019/05/15 16:06:46 ck-client.go:231: The optimal connection is nil

• Upon reboot: ERROR: [udp] bind: Cannot assign requested address
  • (root user systemctl restart shadowsock-libev temporarily resolves this)
• Does Enter the UID in your ckclient.json as the prompted UID mean the newly generated UID instead?
• What equals "unlimited" when entering UpRate:DownRate etc.?

System info: Ubuntu 19.04 amd64; Shadowsocks-libev 3.2.5; ipv4+ipv6

What I did:

1. Made shadowsocks startup daemon run as root: I copied shadowsocks-libev.service from /lib/systemd/system into /etc/systemd/system, changed both User and Group to root. I also added "user": "root" to /etc/shadowsocks-libev/config.json.
   ss-server says "INFO: running from root user" but fails to bind my ipv6 address to udp port 443. It works fine after systemctl restart shadowsock-libev as root user.
2. Add another user: ( I tried to use AdminUID for both of my pcs, but the second pc soon became unable to connect with status saying "session closed" ) I followed the instructions and entered UID in my ckclient.json at step 4 which is AdminUID, entered all 0 or 0:0:0 for those caps and credits assuming it means unlimited.
   The second pc couldn't connect so I entered the newly generated UID at step 4 instead.
   ...I remember it says something like "connection reset by peer" in the status, but after messing around for a while now it keeps crashing until I turn off shadowsocks on my second pc.
   I set Up/DownCredit for the second UID to 999999999999999 but it still crashes.

root@vultr:~# systemctl status shadowsocks-libev
● shadowsocks-libev.service - Shadowsocks-libev Default Server Service
   Loaded: loaded (/etc/systemd/system/shadowsocks-libev.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Fri 2019-03-22 17:53:03 UTC; 1s ago
     Docs: man:shadowsocks-libev(8)
  Process: 1660 ExecStart=/usr/bin/ss-server -c $CONFFILE $DAEMON_ARGS (code=exited, status=255/EXCEPTION)
 Main PID: 1660 (code=exited, status=255/EXCEPTION)

Mar 22 17:53:03 vultr.guest ss-server[1660]:         /home/andy/go/src/github.com/cbeuw/Cloak/internal/server/usermanager/user.go:40 +0x4e
Mar 22 17:53:03 vultr.guest ss-server[1660]: github.com/cbeuw/Cloak/internal/server/usermanager.(*Userpanel).GetAndActivateUser(0xc00004c100, 0xc0000165a0, 0x20, 0x24, 0x20, 0x21, 0xe0c28000)
Mar 22 17:53:03 vultr.guest ss-server[1660]:         /home/andy/go/src/github.com/cbeuw/Cloak/internal/server/usermanager/userpanel.go:158 +0x1cb
Mar 22 17:53:03 vultr.guest ss-server[1660]: main.dispatchConnection(0x5d8c00, 0xc00000e090, 0xc00008c000)
Mar 22 17:53:03 vultr.guest ss-server[1660]:         /home/andy/go/src/github.com/cbeuw/Cloak/cmd/ck-server/ck-server.go:133 +0xcdb
Mar 22 17:53:03 vultr.guest ss-server[1660]: created by main.main.func1
Mar 22 17:53:03 vultr.guest ss-server[1660]:         /home/andy/go/src/github.com/cbeuw/Cloak/cmd/ck-server/ck-server.go:271 +0x2dc
Mar 22 17:53:03 vultr.guest ss-server[1660]:  2019-03-22 17:53:03 ERROR: plugin service exit unexpectedly
Mar 22 17:53:03 vultr.guest systemd[1]: shadowsocks-libev.service: Main process exited, code=exited, status=255/EXCEPTION
Mar 22 17:53:03 vultr.guest systemd[1]: shadowsocks-libev.service: Failed with result 'exit-code'.

Thx

@cbeuw hello sir,
one of my team mate report some issue about deleting UID got error when the UID has / in text.
here some example: BCuD2N6o7o/LxzlJ02hoI54BRJRr4IWcze7cLvW0GXY=
i tried delete that UID but no luck, here the response

5
Enter UID
BCuD2N6o7o/LxzlJ02hoI54BRJRr4IWcze7cLvW0GXY=
Are you sure to delete this user? y/n
y
open /etc/shadowsocks-libev/BackupDir/1562463369_pre_del_BCuD2N6o7o/LxzlJ02hoI54BRJRr4IWcze7cLvW0GXY=.bak: no such file or directory

i thought when creating backup file its has / that mean another folder right? all UID without / normal without issue when deleting those account/UID.

Trying to build the client with make client from the latest source I get the following error:

~/go/src/github.com/cbeuw/Cloak$ make client
mkdir -p build
go build -ldflags "-X main.version=master(8317f44)" ./cmd/ck-client
# github.com/cbeuw/Cloak/cmd/ck-client
cmd/ck-client/protector.go:7: undefined: syscall.RawConn
Makefile:10: recipe for target 'client' failed
make: *** [client] Error 2

Building the server with make server works fine.
Is the function in protector.go required, since it is empty?

Using go version go1.7.4 linux/amd64

Hello
Just like before I wrote a new script to install Cloak 2. But not only with shadowsocks, but with anything you like. You can set custom forwarding rules.
Plus with the new Admin Panel API, adding users is completely done by script. You just have to define the quota and ... in script and the script takes care of adding it.

Here is the project link:
https://github.com/HirbodBehnam/Shadowsocks-Cloak-Installer
And here is the installer link:
https://github.com/HirbodBehnam/Shadowsocks-Cloak-Installer/blob/master/Cloak2-Installer.sh

If you like you can put it in readme just like the one in Cloak 1.

Also I may add built-in openvpn installer later.

Hi,
I have built ck-client from souce (using latest code from master branch) inside a docker container. The server runs fine, but while attempting to run ck-client I ran into this errors:

 2019-03-17 06:41:57 INFO: plugin "/go/github.com/cbeuw/Cloak/build/ck-client" enabled
 2019-03-17 06:41:57 INFO: initializing ciphers... chacha20-ietf-poly1305
 2019-03-17 06:41:57 INFO: listening at 0.0.0.0:1080
 2019-03-17 06:41:57 INFO: udprelay enabled
2019/03/17 06:41:57 ck-client.go:158: Listening for ss on ::1:45643
2019/03/17 06:41:57 ck-client.go:160: listen tcp: address ::1:45643: too many colons in address
 2019-03-17 06:41:57 INFO: running from root user
 2019-03-17 06:41:57 ERROR: plugin service exit unexpectedly

Any ideas?

Thanks

Hello,
I installed ck-server with shadowsocks-libev3.2.5 on ubuntu18.10.
ck-server's cpu load is very high than ss-server.
ck-server's cpu usage is about 58%. ss-server's cpu usage is about 18%.
Why is ck-server's cpu load very high?
How to reduce ck-server's cpu load?

{ "WebServerAddr":"204.79.197.200:443", "PrivateKey":"EN5aPEpNBO+vw+BtFQY2OnK9bQU7rvEj5qmnmgwEtUc=", "AdminUID":"ugDmcEmxWf0pKxfkZ/8EoP35Ht+wQnqf3L0xYgyQFlQ=", "DatabasePath":"userinfo.db", "BackupDirPath":"" }
can we use IPs in this section

"WebServerAddr":"204.79.197.200:443",

become

"WebServerAddr":"204.79.197.200:443;a.b.c.d:443;e.f.g.h:443",

?

Hi,
I am trying to build Cloak using latest source available, but no matter what I do build fails with either of these two messages:
use of internal package not allowed
or
cannot find package "github.com/cbeuw/Cloak/internal/ecdh" in any of ...

Any suggestions?

Add a new user, When this added new user connect to Server, The cloak service will crash, And unable start again.
添加一个新用户后，当新增的用户连接到服务器时，Cloak服务会崩溃，并且无法再次启动。

By deleted userinfo.db in server, Service back to normal.
通过删除服务器上的 userinfo.db 文件，服务将可以再次启动。

I'm not sure is my operation miss or something else... :(
我不确定这是我操作失误或者出现了其他的问题。。。 :(

System:
Linux debian-s-1vcpu-1gb-lon1-01 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u3 (2019-06-16) x86_64 GNU/Linux

ck-server version:
ck-server 1.1.1

Error log:

● shadowsocks-libev.service - Shadowsocks-libev Default Server Service
   Loaded: loaded (/lib/systemd/system/shadowsocks-libev.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Thu 2019-07-11 07:10:49 UTC; 5s ago
     Docs: man:shadowsocks-libev(8)
  Process: 2615 ExecStart=/usr/bin/ss-server -c $CONFFILE $DAEMON_ARGS (code=exited, status=255)
 Main PID: 2615 (code=exited, status=255)

Jul 11 07:10:49 debian-s-1vcpu-1gb-lon1-01 ss-server[2615]:         /home/andy/go/src/github.com/cbeuw/Cloak/internal/multiplex/qos.go:34 +0x39
Jul 11 07:10:49 debian-s-1vcpu-1gb-lon1-01 ss-server[2615]: github.com/cbeuw/Cloak/internal/multiplex.MakeValve(0x0, 0x8000000, 0xc000072ad0, 0xc000072ad8, 0x0)
Jul 11 07:10:49 debian-s-1vcpu-1gb-lon1-01 ss-server[2615]:         /home/andy/go/src/github.com/cbeuw/Cloak/internal/multiplex/qos.go:29 +0x69
Jul 11 07:10:49 debian-s-1vcpu-1gb-lon1-01 ss-server[2615]: github.com/cbeuw/Cloak/internal/server/usermanager.MakeUser(0xc00004c100, 0xc000072aa0, 0x0)
Jul 11 07:10:49 debian-s-1vcpu-1gb-lon1-01 ss-server[2615]:         /home/andy/go/src/github.com/cbeuw/Cloak/internal/server/usermanager/user.go:40 +0x4e
Jul 11 07:10:49 debian-s-1vcpu-1gb-lon1-01 ss-server[2615]: github.com/cbeuw/Cloak/internal/server/usermanager.(*Userpanel).GetAndActivateUser(0xc00004c100, 0xc00001a1e0, 0x20, 0x24, 0x20, 0x21, 0xa9919d00)
Jul 11 07:10:49 debian-s-1vcpu-1gb-lon1-01 ss-server[2615]:         /home/andy/go/src/github.com/cbeuw/Cloak/internal/server/usermanager/userpanel.go:158 +0x1cb
Jul 11 07:10:49 debian-s-1vcpu-1gb-lon1-01 systemd[1]: shadowsocks-libev.service: Main process exited, code=exited, status=255/n/a
Jul 11 07:10:49 debian-s-1vcpu-1gb-lon1-01 systemd[1]: shadowsocks-libev.service: Unit entered failed state.
Jul 11 07:10:49 debian-s-1vcpu-1gb-lon1-01 systemd[1]: shadowsocks-libev.service: Failed with result 'exit-code'.

Add user step:

D:\Software\Shadowsocks\plugins>ck-client.exe -a -c ck-client.json
2019/07/11 15:07:11 ck-client.go:131: Starting standalone mode
Enter the ip:port of your server
xxx.xxx.xxx.xxx:xxxxx
Enter the admin UID
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
1       listActiveUsers         none            []uids
2       listAllUsers            none            []userinfo
3       getUserInfo             uid             userinfo
4       addNewUser              userinfo        ok
5       delUser                 uid             ok
6       syncMemFromDB           uid             ok

7       setSessionsCap          uid cap         ok
8       setUpRate               uid rate        ok
9       setDownRate             uid rate        ok
10      setUpCredit             uid credit      ok
11      setDownCredit           uid credit      ok
12      setExpiryTime           uid time        ok
13      addUpCredit             uid delta       ok
14      addDownCredit           uid delta       ok
Select your command
2
null
Select your command
4
UID:eXmPhhIlbGSVI45k+CDNdTSfmGFP/X0WaWTh3DOgPbk=
SessionsCap:255
UpRate:DownRate:134217728:134217728
UpCredit:DownCredit:ExpiryTime:10995116277760:10995116277760:1672502399
ok
Select your command
2019/07/11 15:09:22 admin.go:67: Unreconised cmd
Select your command
2
[{"UID":"eXmPhhIlbGSVI45k+CDNdTSfmGFP/X0WaWTh3DOgPbk=","SessionsCap":255,"UpRate":0,"DownRate":134217728,"UpCredit":134217728,"DownCredit":0,"ExpiryTime":10995116277760}]
Select your command
2
2019/07/11 15:11:22 ck-client.go:142: EOF

D:\Software\Shadowsocks\plugins>

Thank you.

Hi @cbeuw, after upgrading my server and my build env. this issue came up. I do not know the reason is recent commits or a golang related bug?

Thank you for all of your efforts.

./ck-server -c server.json -p 443 -s 0.0.0.0

INFO[0000] Starting standalone mode, listening on 0.0.0.0:443 
FATA[0000] Configuration file error: Failed to read configuration file: json: cannot unmarshal string into Go struct field rawConfig.ProxyBook of type []string

Server configuration file:

{
"ProxyBook":{
"shadowsocks": "",
"openvpn": "",
"tor": ""},

"BypassUID": "",
"RedirAddr": "",
"PrivateKey": "",
"AdminUID": "",
"DatabasePath": "userinfo.db"
}

Build environment:
go1.12.9.linux-amd64 on Ubuntu.

Hello
At first, your plugin is great! Shadowsocks is throttled in some ISPs in Iran. I used to get around 400 kbit/s but with cloak the speed is boosted to 40Mbit/s.
The script you provided here is not installing shadowsocks-libev for CentOS 7 because dnf is not installed by default.
Therefore, I have rewritten a script from scratch (well somehow). Here is the link. If you like you can put this in your page. It also creates QR Code and ss:// link at the end of it. I supports Debian 8/9, Ubuntu 16~19 and Centos 7. I will add other features later.

Plus if you have an Ethereum wallet, I am ready to donate to you!

As RedirAddr I use the IP of one of my personal websites. On the client, I specify the domain that resolves to this IP as ServerName. This website has an SSL certificate for the domain specified in ServerName.

However, the website is hosted on a shared hosting and the domain name is used as a virtual host. As such, simply browsing to the RedirAddr shows an error page saying "this website is not installed" - because it expects a domain name as vhost. The SSL certificate of the error page does not match the domain specified in ServerName (a certificate with the hoster's domain name is served e.g. server1.hostingcompany.com).

Browsing to the cloak public IP therefore does redirect all traffic to the correct IP where my website is hosted, but it does not serve my personal website (it serves the error page), and the SSL certificate does not match ServerName.

Does this impact the active probing mitigation of cloak?

Hello,
Sometimes when internet connection is lost and reconnected, cloak gets stuck and doesn't establish a new session to the server until cloak itself is restarted. Is there a timer keepalive that is implemented for it to detect timeout and connection loss and reconnect more aggressively ?

GoQuiet doesn't suffer this problem as there is 1:1 mapping between tcp connections and goquiet connections so the main operation will timeout and it will reconnect.

But in case of Cloak and multiplexing, the multiplexing layer doesn't reconnect and causes timeout and connection failure to all processes trying to go through it forever (until it is restarted).

this my

opkg print-architecture | awk '{print $2}'
all
noarch
mipsel_24kc

Hello
Is it possible to use Cloak with a CDN like cloudflare?
I successfully done it with V2Ray HTTP websocket mode to route my traffic through cloudflare. It is possible to do the same thing with cloak?
I am running cloak on port 443, AES-128-GCM and even tried to set my ServerName to my cloudflare domain. (The one that I assigned in cloudflare)

Hello, i set up the SS server with Cloak, but got an error when running ss-server

the error info line : ck-server.go:254: Configuration file error: Failed to unmarshal: invalid character '}' looking for beginning of object key string

My ckserver.json looks like this :
{
"ProxyBook":{
"shadowsocks":"127.0.0.1:1488",
},
"RedirAddr":"54.222.60.218:443",
"PrivateKey":"myprivatekey",
"AdminUID":"myadminuid",
"DatabasePath":"home/peiper/cloak/userinfo.db"
}

I cpoied the json file in your github code and edit it. Anything wrong with it ?

.

Even a valid json is provided, server failed to start.
Error Msg:
FATA[0000] Configuration file error: Failed to read configuration file: json: cannot unmarshal array into Go struct field rawConfig.ProxyBook of type string

Server Json:

{
  "ProxyBook": {
    "socks5": [
      "tcp",
      "127.0.0.1:1080"
    ]
  },
  "BindAddr": [
    ":443"
  ],
  "BypassUID": [
    "1rmq6Ag1jZJCImLBIL5wzQ=="
  ],
  "RedirAddr": "202.89.233.100",
  "PrivateKey": "yJ5mAFkKYBDBCjqY0a8MFVMs/6iC9x0F4Kk5RNV5QFo=",
  "AdminUID": "sbw8iIVASiAL0WVL9Ro0ig==",
  "DatabasePath": "userinfo.db",
  "StreamTimeout": 300
}

When trying to build the package on Debian Stretch using the command make server as stated in the readme,md, the build fails with this error message:

make server
mkdir -p build
go build -ldflags "-X main.version=master(cffee14)" ./cmd/ck-server
cmd/ck-server/keygen.go:6:2: cannot find package "github.com/cbeuw/Cloak/internal/ecdh" in any of:
/usr/lib/go-1.7/src/github.com/cbeuw/Cloak/internal/ecdh (from $GOROOT)
($GOPATH not set)
cmd/ck-server/ck-server.go:15:2: cannot find package "github.com/cbeuw/Cloak/internal/multiplex" in any of:
/usr/lib/go-1.7/src/github.com/cbeuw/Cloak/internal/multiplex (from $GOROOT)
($GOPATH not set)
cmd/ck-server/ck-server.go:16:2: cannot find package "github.com/cbeuw/Cloak/internal/server" in any of:
/usr/lib/go-1.7/src/github.com/cbeuw/Cloak/internal/server (from $GOROOT)
($GOPATH not set)
cmd/ck-server/ck-server.go:17:2: cannot find package "github.com/cbeuw/Cloak/internal/server/usermanager" in any of:
/usr/lib/go-1.7/src/github.com/cbeuw/Cloak/internal/server/usermanager (from $GOROOT)
($GOPATH not set)
cmd/ck-server/ck-server.go:18:2: cannot find package "github.com/cbeuw/Cloak/internal/util" in any of:
/usr/lib/go-1.7/src/github.com/cbeuw/Cloak/internal/util (from $GOROOT)
($GOPATH not set)
Makefile:15: recipe for target 'server' failed
make: *** [server] Error 1

root@raspberrypi:/Cloak# make client
mkdir -p build
go build -ldflags "-X main.version=master(6977138)" ./cmd/ck-client
cmd/ck-client/admin.go:21:2: cannot find package "github.com/cbeuw/Cloak/internal/client" in any of:
/usr/lib/go-1.7/src/github.com/cbeuw/Cloak/internal/client (from $GOROOT)
($GOPATH not set)
cmd/ck-client/admin.go:22:2: cannot find package "github.com/cbeuw/Cloak/internal/client/TLS" in any of:
/usr/lib/go-1.7/src/github.com/cbeuw/Cloak/internal/client/TLS (from $GOROOT)
($GOPATH not set)
cmd/ck-client/admin.go:23:2: cannot find package "github.com/cbeuw/Cloak/internal/util" in any of:
/usr/lib/go-1.7/src/github.com/cbeuw/Cloak/internal/util (from $GOROOT)
($GOPATH not set)
Makefile:10: recipe for target 'client' failed
make: *** [client] Error 1
root@raspberrypi:/Cloak#

^ as title. I think it's very non-intuitive the way it is.

I'm trying to use shadowsocks client with cloak plugin, but I get this error.

ss-local -s x.x.x.x -p 443 -b 192.168.1.1 -l 1080 -k sspasswd -m chacha20-ietf-poly1305 --plugin ck-client-linux-mips_softfloat-2.0.2 --plugin-opts "UID=xxx;PublicKey=xxx;NumConn=4;BrowserSig=chrome;EncryptionMethod=chacha20-poly1305" -v

 2019-08-24 20:16:07 INFO: plugin "ck-client-linux-mips_softfloat-2.0.2" enabled
 2019-08-24 20:16:07 INFO: initializing ciphers... chacha20-ietf-poly1305
 2019-08-24 20:16:07 INFO: listening at 192.168.1.1:1080
 2019-08-24 20:16:07 INFO: running from root user
INFO[0000] Listening on 127.0.0.1:55703 for proxy clients
 2019-08-24 20:16:10 INFO: connect to github.com:443
INFO[0003] Attemtping to start a new session
ERRO[0003] Failed to prepare connection to remote: Reading TLS message: message size greater than buffer. message size: 7304

I'm using OpenWrt 18.06.4. What am I doing wrong?

command:

ck-client -s <IP of the server> -l <A local port> -a <AdminUID> -c <path-to-ckclient.json>

error log:

2019/08/05 03:33:11 ck-client.go:166: Starting standalone mode
2019/08/05 03:33:11 ck-client.go:173: open ckclient.json: no such file or directory

I confirm that the configuration file path is correct, and the configuration reference is the currently given example config.

@cbeuw
Hey. Thanks for the plugin. It seems to work faster that ssr with auth_chain_a+ tls1.2 ticket auth for me now, will continue to test it.

The problem is that I can not fully understand how to add new users.

I understand that I have to generate new UID as at mentioned in the Readme of this repo but what about Public and Private Keys? Are they same for all users or we have to provide separate Public and Private key for each user (UID)? If YES, how to do that in proper way?

Thanks.

netstat -ntlp

tcp6 0 0 :::53794 :::* LISTEN 4117/ck-server

request to bind tcp not tcp6

My English is poor, Sorry.

我注意到一个问题，在长时间运行的情况下，ck-client 客户端可能会频繁出现 "Failed to write to stream: the switchboard is broken" 提示，也无法连接服务器。

如果是以独立模式运行，输出信息如下：

time="2019-08-31T11:33:17+08:00" level=error msg="Failed to write to stream: the
 switchboard is broken"
time="2019-08-31T11:33:17+08:00" level=error msg="Failed to write to stream: the
 switchboard is broken"
time="2019-08-31T11:33:17+08:00" level=error msg="Failed to write to stream: the
 switchboard is broken"

在Shadowsocks的日志中显示（非同时收集）：
客户端：

[2019-08-30 10:31:51] System.Net.Sockets.SocketException (0x80004005): 由于以前的关闭调用，套接字在那个方向已经关闭，发送或接收数据的请求没有被接受。
   在 System.Net.Sockets.Socket.BeginReceive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags, AsyncCallback callback, Object state)
   在 Shadowsocks.Controller.TCPHandler.PipeRemoteSendCallback(IAsyncResult ar)
[2019-08-30 10:35:43] Cannot get Windows 10 system theme mode, return default value 0 (dark mode).

服务端：

Aug 29 23:21:45 debian-s-1vcpu-1gb-lon1-01 ss-server[1925]:  2019-08-29 23:21:45 ERROR: getpeername: Transport endpoint is not connected
Aug 29 23:21:45 debian-s-1vcpu-1gb-lon1-01 ss-server[1925]:  2019-08-29 23:21:45 ERROR: getpeername: Transport endpoint is not connected
Aug 29 23:21:45 debian-s-1vcpu-1gb-lon1-01 ss-server[1925]:  2019-08-29 23:21:45 ERROR: getpeername: Transport endpoint is not connected
Aug 29 23:21:46 debian-s-1vcpu-1gb-lon1-01 ss-server[1925]:  2019-08-29 23:21:46 ERROR: getpeername: Transport endpoint is not connected
Aug 29 23:21:46 debian-s-1vcpu-1gb-lon1-01 ss-server[1925]:  2019-08-29 23:21:46 ERROR: getpeername: Transport endpoint is not connected
Aug 30 00:08:44 debian-s-1vcpu-1gb-lon1-01 ss-server[1925]: time="2019-08-30T00:08:44Z" level=warning msg="TLS but non-Cloak ClientHello" UID= encryptionMethod=0 proxyMethod= remoteAddr="35.161.49.247:53764" sessionId=0
Aug 30 00:32:46 debian-s-1vcpu-1gb-lon1-01 ss-server[1925]: time="2019-08-30T00:32:46Z" level=warning msg="TLS but non-Cloak ClientHello" UID= encryptionMethod=0 proxyMethod= remoteAddr="207.46.13.17:14589" sessionId=0
Aug 30 00:32:46 debian-s-1vcpu-1gb-lon1-01 ss-server[1925]: time="2019-08-30T00:32:46Z" level=warning msg="TLS but non-Cloak ClientHello" UID= encryptionMethod=0 proxyMethod= remoteAddr="207.46.13.17:15108" sessionId=0
Aug 30 00:32:47 debian-s-1vcpu-1gb-lon1-01 ss-server[1925]: time="2019-08-30T00:32:47Z" level=warning msg="TLS but non-Cloak ClientHello" UID= encryptionMethod=0 proxyMethod= remoteAddr="207.46.13.17:1052" sessionId=0
Aug 30 00:59:25 debian-s-1vcpu-1gb-lon1-01 ss-server[1925]: time="2019-08-30T00:59:25Z" level=info msg="New session" UID="CVtm0jH66wNhG9sDEg1ykw==" sessionID=2492795987
Aug 30 01:06:51 debian-s-1vcpu-1gb-lon1-01 ss-server[1925]: time="2019-08-30T01:06:51Z" level=warning msg="TLS but non-Cloak ClientHello" UID= encryptionMethod=0 proxyMethod= remoteAddr="213.32.122.82:35873" sessionId=0
Aug 30 01:06:51 debian-s-1vcpu-1gb-lon1-01 ss-server[1925]: time="2019-08-30T01:06:51Z" level=warning msg="TLS but non-Cloak ClientHello" UID= encryptionMethod=0 proxyMethod= remoteAddr="213.32.122.82:39809" sessionId=0
Aug 30 01:06:51 debian-s-1vcpu-1gb-lon1-01 ss-server[1925]: time="2019-08-30T01:06:51Z" level=warning msg="non (or malformed) ClientHello" UID= encryptionMethod=0 proxyMethod= remoteAddr="213.32.122.82:38591" sessionId=0
Aug 30 01:07:33 debian-s-1vcpu-1gb-lon1-01 ss-server[1925]: time="2019-08-30T01:07:33Z" level=warning msg="TLS but non-Cloak ClientHello" UID= encryptionMethod=0 proxyMethod= remoteAddr="66.249.66.56:50083" sessionId=0
Aug 30 01:13:24 debian-s-1vcpu-1gb-lon1-01 ss-server[1925]:  2019-08-30 01:13:24 ERROR: getpeername: Transport endpoint is not connected
Aug 30 01:13:24 debian-s-1vcpu-1gb-lon1-01 ss-server[1925]:  2019-08-30 01:13:24 ERROR: getpeername: Transport endpoint is not connected
Aug 30 01:13:24 debian-s-1vcpu-1gb-lon1-01 ss-server[1925]:  2019-08-30 01:13:24 ERROR: getpeername: Transport endpoint is not connected
Aug 30 01:13:45 debian-s-1vcpu-1gb-lon1-01 ss-server[1925]:  2019-08-30 01:13:45 ERROR: getpeername: Transport endpoint is not connected
Aug 30 02:00:55 debian-s-1vcpu-1gb-lon1-01 ss-server[1925]:  2019-08-30 02:00:55 ERROR: server recv: Connection reset by peer
Aug 30 02:01:28 debian-s-1vcpu-1gb-lon1-01 ss-server[1925]:  2019-08-30 02:01:28 ERROR: server recv: Connection reset by peer

我注意到一个非常有意思的地方，当出现该问题时，如果使用Wireshark抓包，不会有任何通信过程（已确定抓包配置没有问题）：

如果使用TCP连接状态软件，会看到只有一条连接链接到服务器：

我设置了最多24条连接，正常的时候应该是这样的：

当出现该问题时，如果切换一下代理（插件方式运行），或者Ctrl+C结束任务后立刻再起动，就能恢复正常。

我不确定是Wa11的问题，还是客户端存在某些问题？

感谢。

How do I create userinfo.db? I get an error message when I start ss-server because userinfo.db does not exist.