starred/Cloak

Fork 0

mirror of https://github.com/cbeuw/Cloak.git synced 2026-04-25 20:45:59 +03:00

[GH-ISSUE #279] Shadowsocks-rust/OpenVPN + Cloak does not work on some net in rus #225

New issue

Closed

opened 2026-02-26 12:34:18 +03:00 by kerem · 9 comments

kerem commented

2026-02-26 12:34:18 +03:00

Owner

Originally created by @unixs on GitHub (Sep 18, 2024).
Original GitHub issue: https://github.com/cbeuw/Cloak/issues/279

I think today censorship devices have been updated. Cloak does not work on only one specific network.
Yesterday everything was good.

The problem occurred sequentially. First, the "plain" mode stopped working. A few days later, the encrypted mode stopped working.

cloak-server-1   | time="2024-09-18T18:56:04Z" level=warning msg="error reading first packet: read error after connection is established: read tcp 1.2.3.4:443->188.65.247.135:62419: i/o timeout" remoteAddr="188.65.247.135:62419"
cloak-server-1   | time="2024-09-18T18:56:04Z" level=warning msg="error reading first packet: read error after connection is established: read tcp 1.2.3.4:443->188.65.247.135:43785: i/o timeout" remoteAddr="188.65.247.135:43785"
cloak-server-1   | time="2024-09-18T18:56:04Z" level=warning msg="error reading first packet: read error after connection is established: read tcp 1.2.3.4:443->188.65.247.135:30731: i/o timeout" remoteAddr="188.65.247.135:30731"
cloak-server-1   | time="2024-09-18T18:56:04Z" level=warning msg="error reading first packet: read error after connection is established: read tcp 1.2.3.4:443->188.65.247.135:13623: i/o timeout" remoteAddr="188.65.247.135:13623"

Originally created by @unixs on GitHub (Sep 18, 2024). Original GitHub issue: https://github.com/cbeuw/Cloak/issues/279 I think today censorship devices have been updated. Cloak does not work on only one specific network. Yesterday everything was good. The problem occurred sequentially. First, the "plain" mode stopped working. A few days later, the encrypted mode stopped working. ``` cloak-server-1 | time="2024-09-18T18:56:04Z" level=warning msg="error reading first packet: read error after connection is established: read tcp 1.2.3.4:443->188.65.247.135:62419: i/o timeout" remoteAddr="188.65.247.135:62419" cloak-server-1 | time="2024-09-18T18:56:04Z" level=warning msg="error reading first packet: read error after connection is established: read tcp 1.2.3.4:443->188.65.247.135:43785: i/o timeout" remoteAddr="188.65.247.135:43785" cloak-server-1 | time="2024-09-18T18:56:04Z" level=warning msg="error reading first packet: read error after connection is established: read tcp 1.2.3.4:443->188.65.247.135:30731: i/o timeout" remoteAddr="188.65.247.135:30731" cloak-server-1 | time="2024-09-18T18:56:04Z" level=warning msg="error reading first packet: read error after connection is established: read tcp 1.2.3.4:443->188.65.247.135:13623: i/o timeout" remoteAddr="188.65.247.135:13623" ```

kerem closed this issue

2026-02-26 12:34:18 +03:00

kerem commented

2026-02-26 12:34:18 +03:00

Author

Owner

@LindaFerum commented on GitHub (Sep 22, 2024):

I think you might want to change you server's IP

Also, by "plain" you mean Cloak's plain? Why use that in prod at all?

@LindaFerum commented on GitHub (Sep 22, 2024): I think you might want to change you server's IP Also, by "plain" you mean Cloak's plain? Why use that in prod at all?

kerem commented

2026-02-26 12:34:18 +03:00

Author

Owner

@unixs commented on GitHub (Sep 29, 2024):

According to readme:

EncryptionMethod is the name of the encryption algorithm you want Cloak to use. Options are plain, aes-256-gcm ( synonymous to aes-gcm), aes-128-gcm, and chacha20-poly1305. Note: Cloak isn't intended to provide transport security. The point of encryption is to hide fingerprints of proxy protocols and render the payload statistically random-like. You may only leave it as plain if you are certain that your underlying proxy tool already provides BOTH encryption and authentication (via AEAD or similar techniques).

I will check it with new ip ASAP

@unixs commented on GitHub (Sep 29, 2024): According to readme: > EncryptionMethod is the name of the encryption algorithm you want Cloak to use. Options are plain, aes-256-gcm ( synonymous to aes-gcm), aes-128-gcm, and chacha20-poly1305. Note: **Cloak isn't intended to provide transport security**. The point of encryption is to hide fingerprints of proxy protocols and render the payload statistically random-like. **You may only leave it as plain if you are certain that your underlying proxy tool already provides BOTH encryption and authentication (via AEAD or similar techniques).** I will check it with new ip ASAP

kerem commented

2026-02-26 12:34:18 +03:00

Author

Owner

@LLIycTpbIu commented on GitHub (Sep 30, 2024):

Same here, ss+cloak with aes-256-cfb cypher, doesn`t work on network of my mobile operator anymore

@LLIycTpbIu commented on GitHub (Sep 30, 2024): Same here, ss+cloak with aes-256-cfb cypher, doesn`t work on network of my mobile operator anymore

kerem commented

2026-02-26 12:34:18 +03:00

Author

Owner

@cbeuw commented on GitHub (Oct 11, 2024):

One probable way to detect Cloak has been monitoring packet sizes for encapsulated TLS handshakes, so that could be what's happening here. The latest release (v2.10.0) could help as I've added random padding

@cbeuw commented on GitHub (Oct 11, 2024): One probable way to detect Cloak has been monitoring packet sizes for encapsulated TLS handshakes, so that could be what's happening here. The latest release (v2.10.0) could help as I've added random padding

kerem commented

2026-02-26 12:34:18 +03:00

Author

Owner

@LLIycTpbIu commented on GitHub (Oct 14, 2024):

@cbeuw Now it works at release (v2.10.0) builded from sources, downloaded version of binary doesn`t work.
Thank you!

@LLIycTpbIu commented on GitHub (Oct 14, 2024): @cbeuw Now it works at release (v2.10.0) builded from sources, downloaded version of binary doesn`t work. Thank you!

kerem commented

2026-02-26 12:34:18 +03:00

Author

Owner

@cbeuw commented on GitHub (Oct 14, 2024):

Huh that's very strange, the releases are built by CI. Could you upload the binary you built? I'm curious about the difference.

@cbeuw commented on GitHub (Oct 14, 2024): Huh that's very strange, the releases are built by CI. Could you upload the binary you built? I'm curious about the difference.

kerem commented

2026-02-26 12:34:18 +03:00

Author

Owner

@LLIycTpbIu commented on GitHub (Oct 14, 2024):

here
ck-server_2.10.zip

@LLIycTpbIu commented on GitHub (Oct 14, 2024): here [ck-server_2.10.zip](https://github.com/user-attachments/files/17364243/ck-server_2.10.zip)

kerem commented

2026-02-26 12:34:18 +03:00

Author

Owner

@LLIycTpbIu commented on GitHub (Oct 14, 2024):

It works, but randomly, I tried many times to connect and disconnect client on Android, 2/10 - connected, 8/10 connectrion refused.

@LLIycTpbIu commented on GitHub (Oct 14, 2024): It works, but randomly, I tried many times to connect and disconnect client on Android, 2/10 - connected, 8/10 connectrion refused.

kerem commented

2026-02-26 12:34:18 +03:00

Author

Owner

@unixs commented on GitHub (Oct 29, 2024):

All works fine with same provider.
Server and client version 2.10.0 from github.

@unixs commented on GitHub (Oct 29, 2024): All works fine with same provider. Server and client version 2.10.0 from github.

No labels

pull-request

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/Cloak#225

No description provided.

Rows
Columns