I've confugured Dante 1.4on Ubuntu 16.04 as a socks5 proxy for Telegram.
Chats are working, but voice calls are not, failing at "Connecting".
Is there something special I need to configure in order to proxy Telegram voice traffic?
I'm using a single non priveleged (>1024) TCP/UDP port + login + password for connection.
Thanks!
UPD: Thats piece of log while i am trying to call somebody:
Apr 15 23:05:38 (1523736338.510915) danted[22977]: info: pass(1): udp/udpassociate [: username%USER#0.0.0.0.0 192.168.1.30.36562
Apr 15 23:08:33 (1523736513.020190) danted[22989]: info: pass(1): udp/udpassociate [: username%USER#0.0.0.0.0 192.168.1.30.49065
I can answer the call at destination device but connection is looping and getting error after 30 seconds.
Proxying UDP with socks is a bit more complex than it might seem, so let's start from the beginning.
Telegram calls use UDP with socks. Socks5 RFC1928 defines the following sequence for relaying UDP:
Client instantiates a TCP socks5 connection.
Client sends a UDP ASSOCIATE request, containing the client's source address and port, which will be used to send UDP datagrams to the socks5 Server. They might be zeros (in Telegram they are) (section 4).
Socks5 Server binds a random UDP port for relaying datagrams for this TCP socks5 connection and sends a UDP ASSOCIATE response, containing the address and port where the client should send the datagrams to be relayed (section 6).
To send a datagram, the Client must add a header to the payload, containing a destination address and port, where the server should relay that datagram (section 7).
Server will keep the UDP port bound until the TCP socks5 connection terminates.
As you can see, opening a single TCP port is not enough. For UDP to work correctly, the automatically bound UDP port must be reachable by client. NATs and Firewalls might further complicate the situation.
UDP relaying configuration with Dante
Telegram calls are Peer-to-Peer, so the udpassociate command should be allowed to 0/0:
socks pass {
from: 0.0.0.0/0
to: 0.0.0.0/0
# udp.portrange: 40000-45000
command: udpassociate
log: error connect disconnect
}
udpreply (that's for the actual relaying, the 4'th step above) should also be allowed to everyone as well:
socks pass {
from: 0.0.0.0/0
to: 0.0.0.0/0
command: udpreply
log: error connect disconnect
}
If your socks5 Server is behind a firewall, open a range of UDP ports (say 40000-45000) and add the udp.portrange: 40000-45000 line to the udpassociate block (see the commented out example in the first point). Then Dante would bind UDP ports in that range only.
If your socks5 Server is behind a NAT, then the returned destination address in the response to UDP ASSOCIATE request would be a local IP, rather than the external one. That local IP is unlikely to be reachable by the client, so the sent datagrams would be silently dropped.
Unfortunately, Dante uses the destination address of the TCP connection as the one where the client should send UDP datagrams to (see the comment in the source code). NAT mangles this address from an external to a local one, so the Dante's assumption that the client can reach the proxy using that destination address is broken.
A possible solution, which doesn't involve patching Dante, would be to use iptables to change the destination address from a local to the external one (assuming that it's known and doesn't change):
# 203.0.113.12 – the external IP
# 1080/tcp - Dante TCP port
# 40000:45000 – Dante UDP portrange
iptables -t nat -A PREROUTING -p tcp --dport 1080 -j DNAT --to-destination 203.0.113.12
iptables -t nat -A PREROUTING -p udp --dport 40000:45000 -j DNAT --to-destination 203.0.113.12
# If external address is not added to any network device on that
# machine, then add it to the loopback interface, so the kernel
# would know where to route the DNATed packets:
ip addr add 203.0.113.12/32 dev lo
I had the same problem. Found the solution.
You have to add udpassociate bindreply udpreply commands to conf file. here is my conf file that works with voice calls.
logoutput: syslog /var/log/danted.log
internal: ip port = 1080
external: ip
socksmethod: username
user.privileged: root
user.unprivileged: nobody
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: error connect
}
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
command: bind connect udpassociate bindreply udpreply
log: error connect
}
Allow clients' voice traffic
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
command: udpreply
log: connect disconnect error
socksmethod: username
}
iptables -A INPUT -p udp -m multiport --dports 1024:65535 -j ACCEPT
You should enable calls via proxy in your telegram settings.
I am building simple webpage.
I could run on my local host.
I made ec2 instance, I opened ports 22, 8000.
I could connect with ssh and run server for webpage,
but I get this error
this is my github address that contain the code.
enter link description herehttps://github.com/MoreNiceJay/django2
In your security group rules, open port 80
This is the standard port for http traffic
Other things to check: login to the host with ssh and use netstat |grep LISTEN to see if there is a process listening on port 80
I've been trying to learn this for days and nothing is working. When I write code like this
for the client.
require 'socket'
tcp_client=TCPSocket.new('localhost',2000)
while grab_string=tcp_client.gets
puts(grab_string)
end
tcp_client.close
and code like this for the server.
# Set up a server program.
require 'socket'
tcp_server=TCPServer.new(2000)
loop{
waiting_client=tcp_server.accept
path='C:\Users\Nil_Face\Music\Bad Religion - Anxiety.mp3'
test=File.new(path,'rb')
waiting_client.puts(File.basename(path))
test.close
waiting_client.close
}
It works just fine but when I use that server on my desktop and try to get that text string to appear on the client located on a different computer. It doesn't work. Why won't the client connect to the server when their both on different computers? And how can I get them to?
Your client is connecting to 'localhost', which is the same computer where the client runs.
tcp_client=TCPSocket.new('localhost',2000)
The client should be connecting to the hostname/ip of the machine on which the server is running. Change 'localhost' with the IPv4 address / inet addr of the server machine, in this case '192.168.1.10'.
On windows:
ipconfig
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : local.domain
IPv4 Address. . . . . . . . . . . : 192.168.1.10
On Linux:
# /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr FF:FF:FF:FF:FF:FF
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
If you're getting connection timed out. You can try connecting with telnet from the command prompt:
telnet 192.168.1.10 2000
From the server computer, you can also verify that the server is running and is accepting connections with netstat:
netstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:2000 0.0.0.0:0 LISTENING
If those are all correct, you probably have a firewall that is blocking the connection.
My lab runs RStudio on a server. A couple weeks ago, from my cousin's house, I successfully ssh'd into the server and pulled up the server-side RStudio through my local Firefox browser. Now when I try to access the server RStudio from home (via my own router), it doesn't work. I need help troubleshooting, and I'm guessing it's some problem on the router. I'm running Mac OSX 10.6.8. No idea what the university server's running, but I don't think it's a server-side problem.
Here's how it worked the first time I did it, at my cousin's house: first, I VPN into the university network; then I call SSH with port forwarding; then I open a Firefox browser, connect to my localhost port, and it opens up RStudio on the server side which I can access through my local browser window.
Here's the problem I'm having right now when I try to log-in from my home network:
I can make the VPN connection successfully. I can also set up SSH successfully with this command:
ssh -v -L 8783:localhost:8783 myacct#server.com
Here are the last several lines of the verbose output from the successful ssh command:
debug1: Authentication succeeded (password).
debug1: Local connections to LOCALHOST:8783 forwarded to remote address localhost:8783
debug1: Local forwarding listening on 127.0.0.1 port 8783.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on ::1 port 8783.
debug1: channel 1: new [port listener]
debug1: channel 2: new [client-session]
debug1: Entering interactive session.
Last login: Mon Sep 2 04:02:40 2013 from vpnipaddress
So I think I'm still succeeding at the VPN and SSH stage (though I don't know why it says my last login was Sep 2 when I've logged in a few times since then).
Next, I open Firefox, and I type localhost:8783, and instead of getting an RStudio server app through my browser window, I get the following errors:
In the Firefox browser window, it says: Server not found, Firefox can't find the server at www.localhost.com, Check the address for typing errors etc.
In the terminal window, it says:
debug1: Connection to port 8783 forwarding to localhost port 8783 requested.
debug1: channel 3: new [direct-tcpip]
channel 3: open failed: connect failed: Connection refused
debug1: channel 3: free: direct-tcpip: listening port 8783 for localhost port 8783, connect from 127.0.0.1 port 50420, nchannels 4
I'm not sure what I've got wrong. I haven't changed anything on my laptop since my last successful connection. I'm on my own router (instead of my cousin's), so maybe I need to mess with the firewall? I already allowed ports 22 and 8783 to come through the firewall to my laptop (I'm not even sure I needed to do that though). Help?
ssh -v -L 8783:localhost:8783 myacct#server.com
...
channel 3: open failed: connect failed: Connection refused
When you connect to port 8783 on your local system, that connection is tunneled through your ssh link to the ssh server on server.com. From there, the ssh server makes TCP connection to localhost port 8783 and relays data between the tunneled connection and the connection to target of the tunnel.
The "connection refused" error is coming from the ssh server on server.com when it tries to make the TCP connection to the target of the tunnel. "Connection refused" means that a connection attempt was rejected. The simplest explanation for the rejection is that, on server.com, there's nothing listening for connections on localhost port 8783. In other words, the server software that you were trying to tunnel to isn't running, or else it is running but it's not listening on that port.
Posting this to help someone.
Symptom:
channel 2: open failed: connect failed: Connection refused
debug1: channel 2: free: direct-tcpip:
listening port 8890 for 169.254.76.1 port 8890,
connect from ::1 port 52337 to ::1 port 8890, nchannels 8
My scenario; i had to use the remote server as a bastion host to connect elsewhere. Final Destination/Target: 169.254.76.1, port 8890. Through intermediary server with public ip: ec2-54-162-180-7.compute-1.amazonaws.com
SSH local port forwarding command:
ssh -i ~/keys/dev.tst -vnNT -L :8890:169.254.76.1:8890
glue#ec2-54-162-180-7.compute-1.amazonaws.com
What the problem was:
There was no service bound on port 8890 in the target host. i had forgotten to start the service.
How did i trouble shoot:
SSH into bastion host and then do curl.
Hope this helps.
Note: localhost is the hostname for an address using the local (loopback) network interface, and 127.0.0.1 is its IP in the IPv4 network standard (it's ::1 in IPv6). 0.0.0.0 is the IPv4 standard "current network" IP address.
I experienced this error with a Docker setup. I had a Docker container running on an external server, and I'd (correctly) mapped its ports out as 127.0.0.1:9232:9232. By port-forwarding ssh remote -L 9232:127.0.0.1:9232, I'd expected to be able to communicate with the remote server's port 9232 as if it were my own local port.
It turned out that the Docker container was internally running its process on 127.0.0.1:9232 rather than 0.0.0.0:9232, and so even though I'd specified the container's port-mappings correctly, they weren't on the correct interface for being mapped out.
In my case, it worked after running the vncserver on linux.
Entered this on linux command line : sudo ssh -L 5901:localhost:5901 -i <ssh_private_key> <username>#<public-IP-address>
Type there vncserver
Go to VncViewer application and connect using localhost:5901
I used to meet the similar problem because 'localhost' was not available on server when it restarted network service, e.g. 'ifdown -a' but followed by only 'ifup -eo1'. Besides server is not listening to the port, you can also check 'localhost' is available or not.
ps: Post it just hope someone who has the similar problem may benefit.
I had this problem when I wanted to make a vnc connection via a tunnel.
But the vncserver was not running.
I solved it by opening the channel on the remote machine with vncserver :3.
In my case, it worked after checking the correct IP address of the user credentials
previously I was using the wrong IP of the server
ssh -NfL 127.0.0.1:8084:127.0.0.1:8888 user#ip_address_of_server
after correcting it, works fine.
Encountered with the same error.
In my case, I found the problem was in the config file of jupyter.
Let's say there are 3 computers named A, B, and C, and A can access B but can't access C; B can access C.
To access jupyter-notebook service of C from A, first I established ssh tunnel from A to C through B, then I access jupyter-notebook by typing localhost:port_number, then I got the error.
Finally the problem was solved by writing the "c.NotebookApp.ip = '0.0.0.0'" in jupyter-notebook's config file, where '0.0.0.0' allows the access of other IPs.
Hope someone in a similar situation may benefit.
I had the same error when I was trying to tunnel my mlflow ui over ssh to view remotely. As mentioned in the first answer, the error arises because nothing on the server is listening for the port. This, for me, is because I forgot to start the mlflow app on my remote machine! So in general – make sure the app you're trying to access remotely is running.
Just replace localhost with 127.0.0.1.
(The answer is based on answers of other people on this page.)
This means the remote vm is not listening to current port i solved this by adding the port in the vm server
Used SSH Tunnel to route the traffic addressed to server1:port1 to server2:port2.
Now,the problem is that i want to redirect all TCP/IP packets from desktop addressed to server1:port1 to server2:port2.
using "hosts" file on windows, i mapped server1 ip as ipaddress of server2. [local DNS mapping]
http://server2:port2 //gives the desired page.
http://server1:port2 //gives the desired page as server1 ip is mapped as that of server2 ip.
Is it possible to rewrite the destination port of all TCP/IP packets addressed to some host?
[Transform destination port all TCP/IP packets with (destn ip as server1 and destn port as port1) to port2]
This is required as there is no direct access to server1 from the working desktop.
I can't use the same port number on server2 as that of server1 as that port is already taken on server2.
Please share your comments on this.
You can use iptables to rewrite the destination port either on the desktop machine or on an intermediate router.