[GH-ISSUE #124] connection problem to ovpn behind cloak

kerem commented

2026-02-26 12:33:59 +03:00

Owner

Originally created by @A2116 on GitHub (Jul 22, 2020).
Original GitHub issue: https://github.com/cbeuw/Cloak/issues/124

when I want to connect to ovpn behind of cloak it prompts me in client

time="2020-07-22T05:52:35+04:30" level=error msg="Failed to prepare connection to remote: EOF"

on server it prompt

INFO[0058] failed to read anything after connection is established: read tcp YYY.YYY.YYY.YYY:8443->XXX.XXX.XXX.XXX:65289: i/o timeout remoteAddr="XXX.XXX.XXX.XXX:65289"

Originally created by @A2116 on GitHub (Jul 22, 2020). Original GitHub issue: https://github.com/cbeuw/Cloak/issues/124 when I want to connect to ovpn behind of cloak it prompts me in client time="2020-07-22T05:52:35+04:30" level=error msg="Failed to prepare connection to remote: EOF" on server it prompt INFO[0058] failed to read anything after connection is established: read tcp YYY.YYY.YYY.YYY:8443->XXX.XXX.XXX.XXX:65289: i/o timeout remoteAddr="XXX.XXX.XXX.XXX:65289"

kerem closed this issue

2026-02-26 12:33:59 +03:00

kerem commented

2026-02-26 12:33:59 +03:00

Author

Owner

@A2116 commented on GitHub (Jul 22, 2020):

I build a test VM on my pc
and install OpenVPN and cloak on it
I test OpenVPN directly and it works fine
also, I test cloak using NC and it works fine too
but with the same setup for NC and different proxy rule for it not connect behind the cloak
in server-side, I add
local 127.0.0.1 to the server config file and restart OpenVPN service
in client-side, I change the target from 192.168.2.124 to 127.0.0.1
also, I stop ck-server service and run it manually to see it's log

#below is server-side log

INFO[0084] Terminating active user UID="arxn/uSbVkeg+eD6xgwI7Q==" reason="no session left"
INFO[0084] Session closed UID="arxn/uSbVkeg+eD6xgwI7Q==" reason="Failed to connect to proxy server" sessionID=1279337380
INFO[0084] Terminating active user UID="arxn/uSbVkeg+eD6xgwI7Q==" reason="no session left"
INFO[0096] New session UID="arxn/uSbVkeg+eD6xgwI7Q==" sessionID=3716463871
INFO[0120] Session closed UID="arxn/uSbVkeg+eD6xgwI7Q==" reason="a connection has dropped unexpectedly" sessionID=3716463871
INFO[0120] Terminating active user UID="arxn/uSbVkeg+eD6xgwI7Q==" reason="no session left"
WARN[0201] invalid proxy method UID="arxn/uSbVkeg+eD6xgwI7Q==" encryptionMethod=1 proxyMethod=cloakovpnloc remoteAddr="192.168.2.123:60022" sessionId=3936174049
WARN[0201] invalid proxy method UID="arxn/uSbVkeg+eD6xgwI7Q==" encryptionMethod=1 proxyMethod=cloakovpnloc remoteAddr="192.168.2.123:60023" sessionId=3936174049
WARN[0201] invalid proxy method UID="arxn/uSbVkeg+eD6xgwI7Q==" encryptionMethod=1 proxyMethod=cloakovpnloc remoteAddr="192.168.2.123:60025" sessionId=3936174049
WARN[0201] invalid proxy method UID="arxn/uSbVkeg+eD6xgwI7Q==" encryptionMethod=1 proxyMethod=cloakovpnloc remoteAddr="192.168.2.123:60024" sessionId=3936174049

#and this is client-side log

time="2020-07-22T23:27:11+04:30" level=info msg="Starting standalone mode"
time="2020-07-22T23:27:11+04:30" level=info msg="Listening on TCP 127.0.0.1:48443 for cloakovpnlocal client"
time="2020-07-22T23:27:15+04:30" level=info msg="Attempting to start a new session"

#below server config file

local 127.0.0.1
port 48443
proto tcp
dev tun
user nobody
group nobody
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 192.168.2.110"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key 0
crl-verify crl.pem
ca ca.crt
cert server_rdQZnfuKyj3kmvUB.crt
key server_rdQZnfuKyj3kmvUB.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3

#below is the client config file

client
proto tcp-client
remote 127.0.0.1 48443
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_rdQZnfuKyj3kmvUB name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3

#below is ckserver.json file

{
"ProxyBook": {
"cloakovpnlocal":["tcp","127.0.0.1:48443"] , "panel":["tcp","127.0.0.1:0"] , "nclocal":["tcp","127.0.0.1:12345"]
},
"BypassUID": [
"ZU3pfZUc6OQ+vvZ0gEmA4A==",
"arxn/uSbVkeg+eD6xgwI7Q=="
],
"BindAddr":[":8443"],
"RedirAddr": "204.79.197.200",
"PrivateKey": "+GooAh1+lfmjTz4ppuCFmPDkdI8xSeS/skwwh7hr3lQ=",
"AdminUID": "8mSgMtBc6hKuyuoIgcJrVg==",
"DatabasePath": "userinfo.db",
"StreamTimeout": 300
}

#below is cloakovpnlocal.json file

{
"ProxyMethod":"cloakovpnlocal",
"EncryptionMethod":"aes-gcm",
"UID":"arxn/uSbVkeg+eD6xgwI7Q==",
"PublicKey":"ZSprHBRoo6RlkTKQ7UxswLF5yxrHUU4SF78vTTppiFY=",
"ServerName":"204.79.197.200",
"NumConn":4,
"BrowserSig":"chrome",
"StreamTimeout": 300
}

what is the problem and what should I do?

@A2116 commented on GitHub (Jul 22, 2020): I build a test VM on my pc and install OpenVPN and cloak on it I test OpenVPN directly and it works fine also, I test cloak using NC and it works fine too but with the same setup for NC and different proxy rule for it not connect behind the cloak in server-side, I add local 127.0.0.1 to the server config file and restart OpenVPN service in client-side, I change the target from 192.168.2.124 to 127.0.0.1 also, I stop ck-server service and run it manually to see it's log #below is server-side log INFO[0084] Terminating active user UID="arxn/uSbVkeg+eD6xgwI7Q==" reason="no session left" INFO[0084] Session closed UID="arxn/uSbVkeg+eD6xgwI7Q==" reason="Failed to connect to proxy server" sessionID=1279337380 INFO[0084] Terminating active user UID="arxn/uSbVkeg+eD6xgwI7Q==" reason="no session left" INFO[0096] New session UID="arxn/uSbVkeg+eD6xgwI7Q==" sessionID=3716463871 INFO[0120] Session closed UID="arxn/uSbVkeg+eD6xgwI7Q==" reason="a connection has dropped unexpectedly" sessionID=3716463871 INFO[0120] Terminating active user UID="arxn/uSbVkeg+eD6xgwI7Q==" reason="no session left" WARN[0201] invalid proxy method UID="arxn/uSbVkeg+eD6xgwI7Q==" encryptionMethod=1 proxyMethod=cloakovpnloc remoteAddr="192.168.2.123:60022" sessionId=3936174049 WARN[0201] invalid proxy method UID="arxn/uSbVkeg+eD6xgwI7Q==" encryptionMethod=1 proxyMethod=cloakovpnloc remoteAddr="192.168.2.123:60023" sessionId=3936174049 WARN[0201] invalid proxy method UID="arxn/uSbVkeg+eD6xgwI7Q==" encryptionMethod=1 proxyMethod=cloakovpnloc remoteAddr="192.168.2.123:60025" sessionId=3936174049 WARN[0201] invalid proxy method UID="arxn/uSbVkeg+eD6xgwI7Q==" encryptionMethod=1 proxyMethod=cloakovpnloc remoteAddr="192.168.2.123:60024" sessionId=3936174049 #and this is client-side log time="2020-07-22T23:27:11+04:30" level=info msg="Starting standalone mode" time="2020-07-22T23:27:11+04:30" level=info msg="Listening on TCP 127.0.0.1:48443 for cloakovpnlocal client" time="2020-07-22T23:27:15+04:30" level=info msg="Attempting to start a new session" #below server config file local 127.0.0.1 port 48443 proto tcp dev tun user nobody group nobody persist-key persist-tun keepalive 10 120 topology subnet server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "dhcp-option DNS 192.168.2.110" push "redirect-gateway def1 bypass-dhcp" dh none ecdh-curve prime256v1 tls-crypt tls-crypt.key 0 crl-verify crl.pem ca ca.crt cert server_rdQZnfuKyj3kmvUB.crt key server_rdQZnfuKyj3kmvUB.key auth SHA256 cipher AES-128-GCM ncp-ciphers AES-128-GCM tls-server tls-version-min 1.2 tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 client-config-dir /etc/openvpn/ccd status /var/log/openvpn/status.log verb 3 #below is the client config file client proto tcp-client remote 127.0.0.1 48443 dev tun resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server verify-x509-name server_rdQZnfuKyj3kmvUB name auth SHA256 auth-nocache cipher AES-128-GCM tls-client tls-version-min 1.2 tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 ignore-unknown-option block-outside-dns setenv opt block-outside-dns # Prevent Windows 10 DNS leak verb 3 #below is ckserver.json file { "ProxyBook": { "cloakovpnlocal":["tcp","127.0.0.1:48443"] , "panel":["tcp","127.0.0.1:0"] , "nclocal":["tcp","127.0.0.1:12345"] }, "BypassUID": [ "ZU3pfZUc6OQ+vvZ0gEmA4A==", "arxn/uSbVkeg+eD6xgwI7Q==" ], "BindAddr":[":8443"], "RedirAddr": "204.79.197.200", "PrivateKey": "+GooAh1+lfmjTz4ppuCFmPDkdI8xSeS/skwwh7hr3lQ=", "AdminUID": "8mSgMtBc6hKuyuoIgcJrVg==", "DatabasePath": "userinfo.db", "StreamTimeout": 300 } #below is cloakovpnlocal.json file { "ProxyMethod":"cloakovpnlocal", "EncryptionMethod":"aes-gcm", "UID":"arxn/uSbVkeg+eD6xgwI7Q==", "PublicKey":"ZSprHBRoo6RlkTKQ7UxswLF5yxrHUU4SF78vTTppiFY=", "ServerName":"204.79.197.200", "NumConn":4, "BrowserSig":"chrome", "StreamTimeout": 300 } what is the problem and what should I do?

kerem commented

2026-02-26 12:33:59 +03:00

Author

Owner

@A2116 commented on GitHub (Jul 25, 2020):

the problem is because of the conflict between firewalld and iptables
problem solved

@A2116 commented on GitHub (Jul 25, 2020): the problem is because of the conflict between firewalld and iptables problem solved

Rows
Columns

[GH-ISSUE #124] connection problem to ovpn behind cloak #105