Socks proxy Troubleshooting
This document describes SocksProxy troubleshooting steps, focusing on configuration verification and checking the connection status from the CE and PE sides. In this case, users cannot connect to the SocksProxy. The causes could include a slow connection in terms of speed, failure to access given resources, or complete failure of connectivity. The whole troubleshooting process involves checking the Shadowsocks configuration both at the CE and PE, as well as checking for the status of network connections and also searching for error logs.
Issue: Shadowsocks Configuration Mismatch
Troubleshooting Steps
Verify CE Configuration
Log into the CE and inspect the Shadowsocks configuration file. The location may be different but common locations include /etc/config/shadowsocks-libev. Run the following command.
sudo cat /etc/config/shadowsocks-libev
This command shows the configuration file contents. Carefully check the settings, especially the server address, port, and password.
Verify PE Configuration
In the PE, log in and check the Shadowsocks configuration file. A common phrase for this is /etc/shadowsocks-libev/vtun56_3.json. The command to run the configuration in a pretty print format is:
cat /etc/shadowsocks-libev/vtun56_3.json | json_pp
json_pp formats the JSON output for better readability. Check also that the port and password are set correctly in the settings.
Check for Configuration Errors
Review both configuration files for syntax errors, typos, or wrong characters. Even a tiny error can keep shadowsocks from working correctly. For the PE's JSON configuration, validate the file with a JSON validator, either online or command line tools. Invalid JSON will prevent Shadowsocks from starting.
Issue: Connection Status
Check the Connection Status on the CE
Use netstat on the CE to check the connection status. The following command can determine whether the CE tried to connect the PE on the configured port, such as port 30021:
netstat -ntualp | grep 30021
This command filters the netstat output for lines containing the word "30021". Use this command to find Established connections from the CE that successfully connected to the PE. If no line is found or if the connection is in the SYN_SENT state, then the CE cannot establish a connection with the PE.
Check the Connection Status on the PE
Use netstat on the PE to see if there are incoming connections on the Shadowsocks port:
sudo netstat -ntualp | grep 30021
This command verifies that the PE is listening on the given port and if there are connections established. If the PE is not listening on the port, then something is wrong with Shadowsocks. If connections are Seen, then it means the CE is successfully connecting to the PE.
Check Shadowsocks Logs
The Shadowsocks logs on the CE and PE for errors or warnings. The log location varies depending on the system. For systems that use logread, run the following command:
logread
This will print the system logs. Check for messages concerning Shadowsocks, particularly error messages regarding failed startups or connection attempts. Pay attention to the timestamps to associate the log entries with the attempted connections.
Verify Network Connectivity:
Make sure the CE device has a valid IP address, subnet mask, and gateway. Use the following command to check network configuration:
uci show network
(Example Response):
root@Backup_node:~# uci show network
network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.@globals[0]=globals
network.@globals[0].packet_steering='1'
network.eth0=interface
network.eth0.device='eth0'
network.eth0.default_wan='1'
network.eth0.disabled='0'
network.eth0.proto='static'
network.eth0.ipaddr='172.20.10.8'
network.eth0.netmask='255.255.255.0'
network.eth0.dns='172.20.10.1'
network.eth3=interface
network.eth3.device='eth3'
network.eth3.proto='static'
network.eth3.netmask='255.255.255.0'
network.eth3.disabled='0'
network.eth3.ipaddr='172.30.1.1'
network.@rule[0]=rule
network.@rule[0].priority='901'
network.@rule[0].lookup='main'
network.wlm0=interface
network.wlm0.disabled='1'
network.wlm0.proto='3g'
network.wlm0.pppname='wlm0'
network.wlm0.device='ttyUSB0'
network.wlm0.apn='comgt'
network.wlm0.ipv6='0'
network.wlm0.delegate='0'
network.wlm0.metric='2'
network.wlm0.ip4table='2'
network.f85c71f21c3040bdb4abcd168fa8e900=route
network.f85c71f21c3040bdb4abcd168fa8e900.target='172.30.2.0'
network.f85c71f21c3040bdb4abcd168fa8e900.netmask='255.255.255.0'
network.f85c71f21c3040bdb4abcd168fa8e900.gateway='172.31.0.2'
network.f85c71f21c3040bdb4abcd168fa8e900.table='main'
network.f85c71f21c3040bdb4abcd168fa8e900.proto='static'
network.f85c71f21c3040bdb4abcd168fa8e900.metric='1'
network.f85c71f21c3040bdb4abcd168fa8e900.interface='br25'
network.1777530465de4eafada07376f1239abf=route
network.1777530465de4eafada07376f1239abf.target='172.30.1.0'
network.1777530465de4eafada07376f1239abf.netmask='255.255.255.0'
network.1777530465de4eafada07376f1239abf.gateway='172.31.0.1'
network.1777530465de4eafada07376f1239abf.table='main'
network.1777530465de4eafada07376f1239abf.proto='static'
network.1777530465de4eafada07376f1239abf.metric='1'
network.eth1=interface
network.eth1.proto='static'
network.eth1.device='eth1'
network.eth1.ipaddr='100.100.100.2'
network.eth1.netmask='255.255.255.0'
network.eth1.dns='172.20.10.1'
This output contains information about network settings such as IP address, netmask and DNS server for each interface pay particular attention to the interface used for WAN connectivity ( in this example, probably eth0). It must have a valid IP address and configured DNS server too. In any case, wrong network settings can block the access of the essential for accessing various networks. Ensure that the routes required to access the hiCloud server are properly configured.
Check hiCLOUDS Configuration:
The configuration on the CE device can be verified using the following command.
uci show hiclouds
(Example Response):
root@Backup_node:~# uci show hiclouds
hiclouds.globals=hiclouds
hiclouds.globals.hub='hub.hi-clouds.com'
hiclouds.globals.uri='deviceApi/getEndpointUrl'
hiclouds.globals.request_timeout='30'
hiclouds.globals.machine_id='33b01673-94a7-343e-b403-8c47cabac692'
hiclouds.globals.router_id='08:00:27:82:fc:73'
hiclouds.globals.endpoint='dev.hi-clouds.com'
hiclouds.globals.device_id='677e6da4ab30043a8492148a'
hiclouds.globals.auth_token='eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiI2NzdlNmRhNGFiMzAwNDNhODQ5MjE0OGE6OmNlOjozM2IwMTY3My05NGE3LTM0M2UtYjQwMy04YzQ3Y2FiYWM2OTI6OjA4OjAwOjI3OjgyOmZjOjczIiwiaWF0IjoxNzM4NjcxOTg5LCJleHAiOjE3Mzg2NzU1ODl9.JU0WBSCzpCbS8PTPypXoCvjka01IKcuKVm54YJnPjtt9jUZdF_5fTyraDc3oirSh67ZzKU7MbYo7Osy84AmoeA'
hiclouds.register=hiclouds
hiclouds.register.interval='30'
hiclouds.register.uri='api/deviceApi/v1/devices/register'
hiclouds.status=hiclouds
hiclouds.status.keepalive_interval='10'
hiclouds.status.status_interval='30'
hiclouds.status.uri='api/deviceApi/v1/devices'
hiclouds.config=hiclouds
hiclouds.config.uri='api/deviceApi/v1/devices'
hiclouds.config.revision='64bd463d-f6ae-4cfc-b89d-c4d74b63a382'
hiclouds.edge=hiclouds_edge
hiclouds.edge.type='CE'
hiclouds.hiclouds=hiclouds
hiclouds.hiclouds.version='22.03.5'
hiclouds.hiclouds.build='b75'
root@Backup_node:~# uci show hiclouds
hiclouds.globals=hiclouds
hiclouds.globals.hub='hub.hi-clouds.com'
hiclouds.globals.uri='deviceApi/getEndpointUrl'
hiclouds.globals.request_timeout='30'
hiclouds.globals.machine_id='33b01673-94a7-343e-b403-8c47cabac692'
hiclouds.globals.router_id='08:00:27:82:fc:73'
hiclouds.globals.endpoint='dev.hi-clouds.com'
hiclouds.globals.device_id='677e6da4ab30043a8492148a'
hiclouds.globals.auth_token='eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiI2NzdlNmRhNGFiMzAwNDNhODQ5MjE0OGE6OmNlOjozM2IwMTY3My05NGE3LTM0M2UtYjQwMy04YzQ3Y2FiYWM2OTI6OjA4OjAwOjI3OjgyOmZjOjczIiwiaWF0IjoxNzM4NjcxOTg5LCJleHAiOjE3Mzg2NzU1ODl9.JU0WBSCzpCbS8PTPypXoCvjka01IKcuKVm54YJnPjtt9jUZdF_5fTyraDc3oirSh67ZzKU7MbYo7Osy84AmoeA'
hiclouds.register=hiclouds
hiclouds.register.interval='30'
hiclouds.register.uri='api/deviceApi/v1/devices/register'
hiclouds.status=hiclouds
hiclouds.status.keepalive_interval='10'
hiclouds.status.status_interval='30'
hiclouds.status.uri='api/deviceApi/v1/devices'
hiclouds.config=hiclouds
hiclouds.config.uri='api/deviceApi/v1/devices'
hiclouds.config.revision='64bd463d-f6ae-4cfc-b89d-c4d74b63a382'
hiclouds.edge=hiclouds_edge
hiclouds.edge.type='CE'
hiclouds.hiclouds=hiclouds
hiclouds.hiclouds.version='22.03.5'
hiclouds.hiclouds.build='b75'
This output displays the hiCLOUDS-related configurations, such as the hub address, endpoint, deviceId, authToken, and the keepalive_interval. Check whether the hub and endpoint are correct and if the authToken is valid and non-expired. The keepalive_interval specifies how often the device is set to send Keepalive requests. A very short interval may cause unnecessary overloading of the network, while a too big interval may cause the device to be determined as offline in case connectivity is temporarily lost