Socks proxy Troubleshooting
This document describes SocksProxy troubleshooting steps, focusing on configuration verification and checking the connection status from the CE and PE sides. In this case, users cannot connect to the SocksProxy. The causes could include a slow connection in terms of speed, failure to access given resources, or complete failure of connectivity. The whole troubleshooting process involves checking the Shadowsocks configuration both at the CE and PE, as well as checking for the status of network connections and also searching for error logs.
Troubleshooting Steps
- Cloud
- UCI
- Run-Time
- Testing
- Log
Cloud Configuration Verification
This section details how to check the configurations made in the cloud. The commands below can be used to verify the cloud configuration.
Verify CE Configuration
Log into the CE and inspect the Shadowsocks configuration file. The location may be different but common locations include /etc/config/shadowsocks-libev. Run the following command.
sudo cat /etc/config/shadowsocks-libev
Example Response
config server 'vtun56_3_server'
option disabled '0'
option server '103.78.41.23'
option server_port '30021'
option password 'IEUGVQl5a8wiGiBYujkDvtun56_3'
option method 'chacha20'
This command shows the configuration file contents. Carefully check the settings, especially the server address, port, and password.
Verify PE Configuration
In the PE, log in and check the Shadowsocks configuration file. A common phrase for this is /etc/shadowsocks-libev/vtun56_3.json. The command to run the configuration in a pretty print format is:
cat /etc/shadowsocks-libev/vtun56_3.json | json_pp
Example Response
{
"password" : "IEUGVQl5a8wiGiBYujkDvtun56_3",
"reuse_port" : true,
"method" : "chacha20",
"local_port" : "40021",
"server_port" : "30021",
"timeout" : 60,
"fast_open" : true,
"server" : "0.0.0.0"
}
json_pp formats the JSON output for better readability. Check also that the port and password are set correctly in the settings.
Check for Configuration Errors
Review both configuration files for syntax errors, typos, or wrong characters. Even a tiny error can keep shadowsocks from working correctly. For the PE's JSON configuration, validate the file with a JSON validator, either online or command line tools. Invalid JSON will prevent Shadowsocks from starting.
Q:1 What is a common example of a configuration file found in CE?
Q:2 How do I verify Shadowsocks configuration on PE (Provider Edge)?
UCI Configuration Verification
This section focuses on verifying the socksproxy configuration stored in the UCI system.
Check Network UCI Configuration
To check network-related UCI configurations for "socks," use the following command:
uci show netwrok | grep socks
Example Response
socks.vtun_50024=ssh
socks.vtun_50024.localport='50024'
socks.vtun_50024.key_file='/etc/dropbear/vtun38_2.key'
socks.vtun_50024.user='edge'
socks.vtun_50024.server='117.186.234.99'
socks.vtun_50024.server_port='25321'
socks.vtun_50024.enabled='1'
Q:1 What output should be displayed after running the command?
Q:2 What to do if the output is empty after running a command?
Q:3 What is the simplest method to verify Socks server IP and port?
Run Time Configuration Verification
This section details how to check the run-time status and manage the SocksProxy and firewall services.
Check SocksProxy Service Status
To check the current status of the SocksProxy service:
/etc/init.d/socks status
View Start SocksProxy Service
To start the SocksProxy service if it's not running:
/etc/init.d/socks start
View Stop SocksProxy Service
To stop the SocksProxy service:
/etc/init.d/socks stop
Q:1 What to do if the SocksProxy service is not starting?
Testing Verification
Check the Connection Status on the CE
Use netstat on the CE to check the connection status. The following command can determine whether the CE tried to connect the PE on the configured port, such as port 30021:
netstat -ntualp | grep 30021
Example Response
tcp 0 0 172.20.10.9:37772 103.78.41.23:30021 ESTABLISHED 19873/ss-local
This command filters the netstat output for lines containing the word "30021". Use this command to find Established connections from the CE that successfully connected to the PE. If no line is found or if the connection is in the SYN_SENT state, then the CE cannot establish a connection with the PE.
Check the Connection Status on the PE
Use netstat on the PE to see if there are incoming connections on the Shadowsocks port:
sudo netstat -ntualp | grep 30021
Example Response
tcp 0 0 0.0.0.0:30021 0.0.0.0:* LISTEN 15817/ss-server
tcp 0 0 103.78.41.23:30021 223.189.65.74:52905 ESTABLISHED 15817/ss-server
This command verifies that the PE is listening on the given port and if there are connections established. If the PE is not listening on the port, then something is wrong with Shadowsocks. If connections are Seen, then it means the CE is successfully connecting to the PE.
Q:1 How to check connection status on PE?
Log Verification
Checking logs can help you diagnose specific issues, such as failed authentication attempts or service errors.
Check Shadowsocks Logs
The Shadowsocks logs on the CE and PE for errors or warnings. The log location varies depending on the system. For systems that use logread, run the following command:
logread | grep socks
Example Response
Jun 19 11:42:58 hiCLOUDS hiclouds_config.sh[21789]: execute post config command "/etc/init.d/socks start vtun_50024"
Jun 19 11:49:17 hiCLOUDS hiclouds_config.sh[13492]: restarting shadowsocks-libev
Jun 19 11:49:18 hiCLOUDS hiclouds_config.sh[13492]: execute post config command "/etc/init.d/socks stop vtun_50024"
Jun 19 11:49:43 hiCLOUDS procd: Instance shadowsocks-libev::ss_local.vtun38_2_local s in a crash loop 6 crashes, 1 seconds since last crash
Jun 19 11:53:29 hiCLOUDS openvpn(vtun38_2)[24865]: ERROR: recv_socks_reply: empty response from socks server
Jun 19 11:53:29 hiCLOUDS openvpn(vtun38_2)[24865]: SIGUSR1[soft,socks-error] received, process restarting
Jun 19 11:53:36 hiCLOUDS openvpn(vtun38_2)[24865]: ERROR: recv_socks_reply: empty response from socks server
Jun 19 11:53:36 hiCLOUDS openvpn(vtun38_2)[24865]: SIGUSR1[soft,socks-error] received, process restarting
Jun 19 11:53:37 hiCLOUDS openvpn(vtun38_2)[24865]: ERROR: recv_socks_reply: empty response from socks server
Jun 19 11:53:37 hiCLOUDS openvpn(vtun38_2)[24865]: SIGUSR1[soft,socks-error] received, process restarting
Jun 19 11:53:38 hiCLOUDS openvpn(vtun38_2)[24865]: ERROR: recv_socks_reply: empty response from socks server
Jun 19 11:53:38 hiCLOUDS openvpn(vtun38_2)[24865]: SIGUSR1[soft,socks-error] received, process restarting
Jun 19 11:53:39 hiCLOUDS openvpn(vtun38_2)[24865]: ERROR: recv_socks_reply: empty response from socks server
Jun 19 11:53:39 hiCLOUDS openvpn(vtun38_2)[24865]: SIGUSR1[soft,socks-error] received, process restarting
Jun 19 11:53:40 hiCLOUDS openvpn(vtun38_2)[24865]: ERROR: recv_socks_reply: empty response from socks server
Jun 19 11:53:40 hiCLOUDS openvpn(vtun38_2)[24865]: SIGUSR1[soft,socks-error] received, process restarting
Jun 19 11:53:41 hiCLOUDS openvpn(vtun38_2)[24865]: ERROR: recv_socks_reply: empty response from socks server
Jun 19 11:53:41 hiCLOUDS openvpn(vtun38_2)[24865]: SIGUSR1[soft,socks-error] received, process restarting
Jun 19 11:53:43 hiCLOUDS procd: Instance shadowsocks-libev::ss_local.vtun38_2_local s in a crash loop 7 crashes, 0 seconds since last crash
Jun 19 11:54:04 hiCLOUDS hiclouds_config.sh[30254]: restarting shadowsocks-libev
Jun 19 12:00:54 hiCLOUDS hiclouds_config.sh[21699]: execute post config command "/etc/init.d/socks start vtun_50024"
Jun 19 12:02:56 hiCLOUDS hiclouds_config.sh[31899]: restarting shadowsocks-libev
Jun 19 12:02:57 hiCLOUDS hiclouds_config.sh[31899]: execute post config command "/etc/init.d/socks stop vtun_50024"
This will print the system logs. Check for messages concerning Shadowsocks, particularly error messages regarding failed startups or connection attempts. Pay attention to the timestamps to associate the log entries with the attempted connections.