Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Immediate crash and no connection on server with 10.0.0 #53

Open
simpz opened this issue Aug 16, 2024 · 1 comment
Open

Immediate crash and no connection on server with 10.0.0 #53

simpz opened this issue Aug 16, 2024 · 1 comment

Comments

@simpz
Copy link

simpz commented Aug 16, 2024

I have just tried the new version on wstunnel and it crashes straight way on the server when a 10.0.0 client crashes it on connection.

My server command launch is

./wstunnel server --tls-certificate ./certs/wstunnel-server.cert.pem \
   --tls-private-key ./private/wstunnel-server.pem \
   --tls-client-ca-certs ./certs/ca.cert.pem \
   --restrict-to '[::1]:51820' \
   --log-lvl=TRACE \
   wss://[::]:8443

The output is (with a number of lines encryption lines removed) :

./wstunnel_start 
2024-08-16T13:02:47.356413Z  INFO wstunnel::protocols::tls::server: Loading tls certificate from "./certs/wstunnel-server.cert.pem"
2024-08-16T13:02:47.356496Z  INFO wstunnel::protocols::tls::server: Loading tls private key from "./private/wstunnel-server.pem"
2024-08-16T13:02:47.356526Z  INFO wstunnel::protocols::tls::server: Loading tls certificate from "./certs/ca.cert.pem"
2024-08-16T13:02:47.356751Z TRACE hickory_resolver::async_resolver: handle passed back
2024-08-16T13:02:47.356762Z  INFO wstunnel: Starting wstunnel server v10.0.0 with config WsServerConfig { socket_so_mark: None, bind: [::]:8443, websocket_ping_frequency: None, timeout_connect: 10s, websocket_mask_frame: false, restriction_config: None, tls: true, mTLS: true }
2024-08-16T13:02:47.356784Z DEBUG wstunnel: Restriction rules: RestrictionsRules {
    restrictions: [
        RestrictionConfig {
            name: "Allow All",
            match: [
                Any,
            ],
            allow: [
                Tunnel(
                    AllowTunnelConfig {
                        protocol: [],
                        port: [
                            51820..=51820,
                        ],
                        host: Regex(
                            "^::1$",
                        ),
                        cidr: [
                            0.0.0.0/0,
                            ::/0,
                        ],
                    },
                ),
                ReverseTunnel(
                    AllowReverseTunnelConfig {
                        protocol: [],
                        port: [
                            51820..=51820,
                        ],
                        port_mapping: {},
                        cidr: [
                            ::1/128,
                        ],
                    },
                ),
            ],
        },
    ],
}    
2024-08-16T13:02:47.356851Z  INFO wstunnel::tunnel::server::server: Starting wstunnel server listening on [::]:8443
2024-08-16T13:02:47.357051Z TRACE mio::poll: registering event source with poller: token=Token(0), interests=READABLE    
2024-08-16T13:02:47.357093Z  INFO wstunnel::tunnel::tls_reloader: Starting to watch tls certificates and private key for changes to reload them
2024-08-16T13:02:47.357104Z TRACE mio::poll: registering event source with poller: token=Token(0), interests=READABLE    
2024-08-16T13:02:47.357164Z TRACE notify::inotify: adding inotify watch: /etc/config/wstunnel/./certs/wstunnel-server.cert.pem    
2024-08-16T13:02:47.357284Z TRACE notify::inotify: adding inotify watch: /etc/config/wstunnel/./private/wstunnel-server.pem    
2024-08-16T13:02:47.357332Z TRACE notify::inotify: adding inotify watch: /etc/config/wstunnel/./certs/ca.cert.pem    
2024-08-16T13:03:11.977741Z  INFO wstunnel::tunnel::server::server: Accepting connection
2024-08-16T13:03:11.977826Z  INFO tunnel{peer="[::ffff:193.34.36.243]:41920"}: wstunnel::tunnel::server::server: Doing TLS handshake
2024-08-16T13:03:11.978525Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::hs: we got a clienthello ClientHelloPayload { client_version: TLSv1_2, random: e9c6b4be6b329ae1917f906ed2c4230233a4b65c27528cf88ce78fcfedaa4a0c, session_id: ef41c65d4655656cf03f02c806a3ea01660fbbf2c9674bcda17cc1a70b607ce1, cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV], compression_methods: [Null], extensions: [KeyShare([KeyShareEntry { group: X25519, payload: b79a692ba8477c4a7c8d526ecd7ca2a5a0f8f9e21e2d567761a7422a67fcb52b }]), PresharedKeyModes([PSK_DHE_KE]), SessionTicket(Request), SupportedVersions([TLSv1_3, TLSv1_2]), NamedGroups([X25519, secp256r1, secp384r1]), ExtendedMasterSecretRequest, EcPointFormats([Uncompressed]), Protocols([ProtocolName(687474702f312e31)]), CertificateStatusRequest(Ocsp(OcspCertificateStatusRequest { responder_ids: [], extensions:  })), SignatureAlgorithms([RSA_PKCS1_SHA1, ECDSA_SHA1_Legacy, RSA_PKCS1_SHA256, ECDSA_NISTP256_SHA256, RSA_PKCS1_SHA384, ECDSA_NISTP384_SHA384, RSA_PKCS1_SHA512, ECDSA_NISTP521_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, ED25519, ED448])] }    
2024-08-16T13:03:11.978591Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::server_conn: sni None    
2024-08-16T13:03:11.978605Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::server_conn: sig schemes [RSA_PKCS1_SHA1, ECDSA_SHA1_Legacy, RSA_PKCS1_SHA256, ECDSA_NISTP256_SHA256, RSA_PKCS1_SHA384, ECDSA_NISTP384_SHA384, RSA_PKCS1_SHA512, ECDSA_NISTP521_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, ED25519, ED448]    
2024-08-16T13:03:11.978613Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::server_conn: alpn protocols Some([ProtocolName(687474702f312e31)])    
2024-08-16T13:03:11.978621Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::server_conn: cipher suites [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]    
2024-08-16T13:03:11.978633Z DEBUG tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::hs: decided upon suite TLS13_AES_256_GCM_SHA384    
2024-08-16T13:03:11.979132Z DEBUG tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::hs: Chosen ALPN protocol [104, 116, 116, 112, 47, 49, 46, 49]    
2024-08-16T13:03:11.979142Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::tls13::client_hello: sending encrypted extensions Message { version: TLSv1_3, payload: Handshake { parsed: HandshakeMessagePayload { typ: EncryptedExtensions, payload: EncryptedExtensions([Protocols([ProtocolName(687474702f312e31)])]) }, encoded: 08000011000f0010000b000908687474702f312e31 } }    
2024-08-16T13:03:12.005386Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::conn: Dropping CCS    
2024-08-16T13:03:12.006282Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::tls13: client CertificateVerify OK    
2024-08-16T13:03:12.006597Z TRACE tunnel{peer="[::ffff:193.34.36.243]:41920"}: rustls::server::tls13: sending new ticket Message { version: TLSv1_3, payload: Handshake { parsed: HandshakeMessagePayload { typ: NewSessionTicket, payload: NewSessionTicketTls13(NewSessionTicketPayloadTls13 { lifetime: 86400, age_add: 3838686406, nonce: 2b89529cad2aac5bee41466d50e96b4349159667d8ce6a1212da9d64bda3dfdf, ticket: a935a20b2d5a2821af1fa6dcbf4dd4493c97f55df17599f29ed5a6c1f1b8dfc2, exts: [] }) }, encoded: 0400004d00015180e4cdb4c6202b89529cad2aac5bee41466d50e96b4349159667d8ce6a1212da9d64bda3dfdf0020a935a20b2d5a2821af1fa6dcbf4dd4493c97f55df17599f29ed5a6c1f1b8dfc20000 } } (stateless: false)    
thread 'tokio-runtime-worker' panicked at /cargo/registry/src/index.crates.io-6f17d22bba15001f/hyper-1.4.1/src/common/time.rs:73:32:
timeout `header_read_timeout` set, but no timer set
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Aborted

The daemon is dead after this.
The client reports nothing except cannot connect to tcp endpoint (no surprise).

This was your linux arm64 binary running on a Raspberry Pi 5 with OpenWRT, the client is an android arm64 binary.
This was a working 9.7.2 setup and just swapped the executables to a 10.0.0 version.
@simpz
Copy link
Author

simpz commented Aug 17, 2024

Wrong project...closing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@simpz