[GH-ISSUE #199] Failed to decrypt a frame for session #162

New issue

Open

opened 2026-02-26 12:34:09 +03:00 by kerem · 0 comments

kerem commented

2026-02-26 12:34:09 +03:00

Owner

Originally created by @c459f on GitHub (Sep 14, 2022).
Original GitHub issue: https://github.com/cbeuw/Cloak/issues/199

Hi,

I'm having a probem with cloaking an ssh connection which then tunnels vnc. All seems to work well for a while, then the connection drops (esp under heavy load).

The system is, so far, a test, nothing used in heavily censored countries. The client is running Windows10 in a Linux virtualbox vm, the server is running on a remote vps running centos7, with
reasonable connectivity. The problem occurs with binaries created against commit e305871d89, tag: v2.6.0, with go 1.18.4 and 1.19.1.

Here are some slightly redacted server logs.

A try with EncryptionMethod: chacha20poly1305:

Sep 14 10:53:34 XXXX ck-server[797]: time="2022-09-14T10:53:34+01:00" level=info msg="New session" UID="XXXXXX" sessionID=1192106565

Sep 14 11:02:31 XXXX ck-server[797]: time="2022-09-14T11:02:31+01:00" level=error msg="Failed to decrypt a frame for session 1192106565: chacha20poly1305: message authentication failed"

Sep 14 11:02:31 XXXX ck-server[797]: time="2022-09-14T11:02:31+01:00" level=info msg="Session closed" UID="XXXXXX" reason="a connection has dropped unexpectedly" sessionID=1192106565

A try with EncryptionMethod: aes-256-gcm

Sep 14 12:05:52 XXXX ck-server[797]: time="2022-09-14T12:05:52+01:00" level=info msg="New session" UID="XXXXXX" sessionID=2181709940

Sep 14 12:07:13 XXXX ck-server[797]: time="2022-09-14T12:07:13+01:00" level=error msg="Failed to decrypt a frame for session 2181709940: cipher: message authentication failed"

Sep 14 12:07:13 XXXX ck-server[797]: time="2022-09-14T12:07:13+01:00" level=error msg="Failed to decrypt a frame for session 2181709940: cipher: message authentication failed"

Sep 14 12:07:13 XXXX ck-server[797]: time="2022-09-14T12:07:13+01:00" level=error msg="Failed to decrypt a frame for session 2181709940: cipher: message authentication failed"

Sep 14 12:07:13 XXXX ck-server[797]: time="2022-09-14T12:07:13+01:00" level=info msg="Session closed" UID="XXXXXX" reason="a connection has dropped unexpectedly" sessionID=2181709940

What might cause this?

Also, if cloak packets go over TCP, then they should not be garbled, right? They should be dropped by the network stack and resent by the client before ever getting to cloak?

I managed to get this to work more reliably by changing the virtualbox network type from NATted, to Bridged, so the VB networking code, or some other firewalling on the Linux host issue might be the culprit. I thought I'd post this, though, to understand a little more, specifically, should not Cloak be immune to network glitches such as these?

Thank you for your work on Cloak, it's a very nice piece of software.

Originally created by @c459f on GitHub (Sep 14, 2022). Original GitHub issue: https://github.com/cbeuw/Cloak/issues/199 Hi, I'm having a probem with cloaking an ssh connection which then tunnels vnc. All seems to work well for a while, then the connection drops (esp under heavy load). The system is, so far, a test, nothing used in heavily censored countries. The client is running Windows10 in a Linux virtualbox vm, the server is running on a remote vps running centos7, with reasonable connectivity. The problem occurs with binaries created against commit e305871d89, tag: v2.6.0, with go 1.18.4 and 1.19.1. Here are some slightly redacted server logs. A try with EncryptionMethod: chacha20poly1305: ``` Sep 14 10:53:34 XXXX ck-server[797]: time="2022-09-14T10:53:34+01:00" level=info msg="New session" UID="XXXXXX" sessionID=1192106565 Sep 14 11:02:31 XXXX ck-server[797]: time="2022-09-14T11:02:31+01:00" level=error msg="Failed to decrypt a frame for session 1192106565: chacha20poly1305: message authentication failed" Sep 14 11:02:31 XXXX ck-server[797]: time="2022-09-14T11:02:31+01:00" level=info msg="Session closed" UID="XXXXXX" reason="a connection has dropped unexpectedly" sessionID=1192106565 ``` A try with EncryptionMethod: aes-256-gcm ``` Sep 14 12:05:52 XXXX ck-server[797]: time="2022-09-14T12:05:52+01:00" level=info msg="New session" UID="XXXXXX" sessionID=2181709940 Sep 14 12:07:13 XXXX ck-server[797]: time="2022-09-14T12:07:13+01:00" level=error msg="Failed to decrypt a frame for session 2181709940: cipher: message authentication failed" Sep 14 12:07:13 XXXX ck-server[797]: time="2022-09-14T12:07:13+01:00" level=error msg="Failed to decrypt a frame for session 2181709940: cipher: message authentication failed" Sep 14 12:07:13 XXXX ck-server[797]: time="2022-09-14T12:07:13+01:00" level=error msg="Failed to decrypt a frame for session 2181709940: cipher: message authentication failed" Sep 14 12:07:13 XXXX ck-server[797]: time="2022-09-14T12:07:13+01:00" level=info msg="Session closed" UID="XXXXXX" reason="a connection has dropped unexpectedly" sessionID=2181709940 ``` What might cause this? Also, if cloak packets go over TCP, then they should not be garbled, right? They should be dropped by the network stack and resent by the client before ever getting to cloak? I managed to get this to work more reliably by changing the virtualbox network type from NATted, to Bridged, so the VB networking code, or some other firewalling on the Linux host issue might be the culprit. I thought I'd post this, though, to understand a little more, specifically, should not Cloak be immune to network glitches such as these? Thank you for your work on Cloak, it's a very nice piece of software.

No labels

pull-request

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/Cloak#162

No description provided.

Rows
Columns