[GH-ISSUE #291] Failed to prepare connection to remote: cipher: message authentication failed #229

New issue

Open

opened 2026-02-26 12:34:19 +03:00 by kerem · 1 comment

kerem commented

2026-02-26 12:34:19 +03:00

Owner

Originally created by @holyslav on GitHub (Nov 21, 2024).
Original GitHub issue: https://github.com/cbeuw/Cloak/issues/291

Hi, I raised openvpn + cloak in docker. I checked openvpn separately, there are no problems, everything connects, and when I try to send traffic through the client, I get an error from the header, and only in the client, the server is silent.
The Cloak server itself generally responds to packets, if you send some garbage to it via the telnet utility, it will say:

time="2024-11-21T14:11:10Z" level=warning msg="error reading first packet: unrecognised protocol" remoteAddr="172.30.0.2:43732"

docker-compose.yml

 cloak:
  container_name: "cloak"
  restart: always
  build:
    context: cloak
    dockerfile: Dockerfile
  image: cloak:local
  command: "/usr/bin/ck-server -c /etc/cloak/ckserver.json -verbosity trace"
  volumes:
    - type: bind
      source: ./cfg/cloak.json
      target: /etc/cloak/ckserver.json
    - type: bind
      source: ./userinfo.db
      target: /userinfo.db
  network_mode: service:openvpn
  depends_on:
    openvpn:
      condition: 'service_healthy'

ckserver.json

{
      "ProxyBook":
      {
          "openvpn":
          [
              "tcp",
              "127.0.0.1:1194"
          ]
      },
      "BindAddr":
      [
          ":443"
      ],
      "BypassUID":
      [
          "BypassUID=="
      ],
      "RedirAddr": "theyr.com",
      "PrivateKey": "PrivateKey=",
      "AdminUID": "AdminUID==",
      "DatabasePath": "/userinfo.db",
      "StreamTimeout": 300
  }

client.json

{
    "BrowserSig": "chrome",
    "EncryptionMethod": "aes-gcm",
    "NumConn": 1,
    "ProxyMethod": "openvpn",
    "PublicKey": "PublicKey=",
    "RemoteHost": "SeverIP",
    "RemotePort": "443",
    "ServerName": "google.com",
    "StreamTimeout": 300,
    "Transport": "direct",
    "UID": "AdminUID=="
}

./ck-client-linux-amd64-v2.10.0 -c ./client.json -verbosity trace

INFO[0000] Starting standalone mode                     
INFO[2024-11-21T14:19:25Z] Listening on TCP 127.0.0.1:1984 for openvpn client 
INFO[2024-11-21T14:19:28Z] Attempting to start a new session            
TRAC[2024-11-21T14:19:28Z] client hello sent successfully               
TRAC[2024-11-21T14:19:28Z] waiting for ServerHello                      
ERRO[2024-11-21T14:19:28Z] Failed to prepare connection to remote: cipher: message authentication failed

Originally created by @holyslav on GitHub (Nov 21, 2024). Original GitHub issue: https://github.com/cbeuw/Cloak/issues/291 Hi, I raised openvpn + cloak in docker. I checked openvpn separately, there are no problems, everything connects, and when I try to send traffic through the client, I get an error from the header, and only in the client, the server is silent. The Cloak server itself generally responds to packets, if you send some garbage to it via the telnet utility, it will say: ``` time="2024-11-21T14:11:10Z" level=warning msg="error reading first packet: unrecognised protocol" remoteAddr="172.30.0.2:43732" ``` docker-compose.yml ``` cloak: container_name: "cloak" restart: always build: context: cloak dockerfile: Dockerfile image: cloak:local command: "/usr/bin/ck-server -c /etc/cloak/ckserver.json -verbosity trace" volumes: - type: bind source: ./cfg/cloak.json target: /etc/cloak/ckserver.json - type: bind source: ./userinfo.db target: /userinfo.db network_mode: service:openvpn depends_on: openvpn: condition: 'service_healthy' ``` ckserver.json ``` { "ProxyBook": { "openvpn": [ "tcp", "127.0.0.1:1194" ] }, "BindAddr": [ ":443" ], "BypassUID": [ "BypassUID==" ], "RedirAddr": "theyr.com", "PrivateKey": "PrivateKey=", "AdminUID": "AdminUID==", "DatabasePath": "/userinfo.db", "StreamTimeout": 300 } ``` client.json ``` { "BrowserSig": "chrome", "EncryptionMethod": "aes-gcm", "NumConn": 1, "ProxyMethod": "openvpn", "PublicKey": "PublicKey=", "RemoteHost": "SeverIP", "RemotePort": "443", "ServerName": "google.com", "StreamTimeout": 300, "Transport": "direct", "UID": "AdminUID==" } ``` ./ck-client-linux-amd64-v2.10.0 -c ./client.json -verbosity trace ``` INFO[0000] Starting standalone mode INFO[2024-11-21T14:19:25Z] Listening on TCP 127.0.0.1:1984 for openvpn client INFO[2024-11-21T14:19:28Z] Attempting to start a new session TRAC[2024-11-21T14:19:28Z] client hello sent successfully TRAC[2024-11-21T14:19:28Z] waiting for ServerHello ERRO[2024-11-21T14:19:28Z] Failed to prepare connection to remote: cipher: message authentication failed ```

kerem commented

2026-02-26 12:34:19 +03:00

Author

Owner

@chrisvte commented on GitHub (Feb 21, 2025):

I have the same issue but using shadowsocks. It was working but, in some moment, it wasn't (server update maybe?).

However, when I use the same combo in android (shadowsocks + ck-client) I don't have any problem.

@chrisvte commented on GitHub (Feb 21, 2025): I have the same issue but using shadowsocks. It was working but, in some moment, it wasn't (server update maybe?). However, when I use the same combo in android (shadowsocks + ck-client) I don't have any problem.

No labels

pull-request

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/Cloak#229

No description provided.

Rows
Columns