Connection refused

[luckypoem]

hi.

yudeMacBook-Air:vpn-ws brite$ sudo ./vpn-ws-client /dev/tap0 wss://mydomain.com/vpn
Password:
[Wed Jul 13 11:36:02 2016] connecting to mydomain.com port 443 (transport: wss)
[Wed Jul 13 11:36:03 2016] vpn_ws_connect()/connect(): Connection refused
[Wed Jul 13 11:36:03 2016] disconnected

how to fix it?
thank u.

[unbit]

Have you installed and executed the server part ?

[luckypoem]

hi.

yes,i executed the server part.

root@AR:# ps aux|grep vpn-ws
root 967 0.0 0.0 2120 460 ? S 7月12 0:00 ./vpn-ws /run/vpn.sock
root 3264 0.0 0.1 4664 1000 pts/0 S+ 03:15 0:00 grep vpn-ws
root@AR:#

there is one thing i don't understand.the client must connect to the server's port 443?
how to set to make it to connect to another port?

[unbit]

./vpn-ws-client /dev/tap0 wss://mydomain.com:port/vpn

will do the trick

[luckypoem]

hi.

yudeMacBook-Air:vpn-ws brite$ sudo ./vpn-ws-client /dev/tap0 wss://mydomain.com:449/vpn
Password:
[Wed Jul 13 16:00:09 2016] connecting to mydomain.com port 449 (transport: wss)
[Wed Jul 13 16:00:39 2016] vpn_ws_connect()/gethostbyname(): unable to resolve name
[Wed Jul 13 16:00:39 2016] disconnected

how to fix it?
thank u

[unbit]

Which domain are you using in place of mydomain.com ? it looks like the system is not able to resolve it

[luckypoem]

now the domain resolves properly.but still there is error:

yudeMacBook-Air:vpn-ws brite$ sudo ./vpn-ws-client /dev/tap0 wss://ws.smt.biz.st:449/
Password:
[Wed Jul 13 17:03:27 2016] connecting to ws.smt.biz.st port 449 (transport: wss)
[Wed Jul 13 17:03:28 2016] vpn_ws_ssl_handshake()/SSLHandshake(): -9807
[Wed Jul 13 17:03:28 2016] disconnected

my nginx config part:
server {
listen 449;
server_name ws.smt.biz.st;
index index.html index.htm;
root /usr/share/nginx/html/;
location / {
include /etc/nginx/uwsgi_params;
uwsgi_pass unix:/run/vpn.sock;
}
ssl on;
ssl_certificate /etc/nginx/public.crt;
ssl_certificate_key /etc/nginx/private.key;
}

how to fix it?
thank u

[unbit]

you have to fix your ssl certificates in nginx. -9807 means "invalid certificate chain"

If you do not have a valid certificate use the --no-verify option

[luckypoem]

where to add --no-verify?

[luckypoem]

i see.
sudo ./vpn-ws-client /dev/tap0 wss://ws.smt.biz.st:449/ --no-verify

[luckypoem]

now i can connect successfully.
sudo ./vpn-ws-client /dev/tap0 wss://ws.smt.biz.st:449/ --no-verify
Password:
[Wed Jul 13 17:28:39 2016] connecting to ws.smt.biz.st port 449 (transport: wss)
[Wed Jul 13 17:28:40 2016] connected to ws.smt.biz.st port 449 (transport: wss)

but i still cannot cross gfw(great firewall of china).in my browser,i cancelled proxy setting.and visit
http://whatismyipaddress.com ,the site still shows the ip my isp assigned to me,doesn't show my vps's ip.
why?

[unbit]

once the tunnel is established you should route all (or part) of your traffic to the vpn interface. One of the ways (on osx) is:

route add default <internal ip of the gateway>

ensure the server has nat enabled for the vpn interface

[luckypoem]

hi.

yudeMacBook-Air:~ brite$ sudo route add default 10.8.0.1
route: writing to routing socket: File exists
add net default: gateway 10.8.0.1: File exists
yudeMacBook-Air:~ brite$

is the 2 "File exists" hint normal?and in my server,how to set the internal ip?

[luckypoem]

hi.

on my mac, i run:
yudeMacBook-Air:~ brite$ sudo route add my_vps_ip 182.16.0.1
Password:
add host my_vps_ip: gateway 182.16.0.1
yudeMacBook-Air:~ yuming$ cd vpn-ws

then,
sudo ./vpn-ws-client /dev/tap1 wss://ws.smt.biz.st:449/ --no-verify
[Thu Jul 14 15:45:57 2016] connecting to ws.smt.biz.st port 449 (transport: wss)
[Thu Jul 14 15:45:59 2016] connected to ws.smt.biz.st port 449 (transport: wss)

and i login my vps,run:
root@AR:# iptables -t nat -A POSTROUTING -s 182.16.0.0/24 -o venet0 -j MASQUERADE
root@AR:#

then i cancelled proxy setting in browser on my mac.and visit
http://whatismyipaddress.com ,the site still shows the ip my isp assigned to me,doesn't show my vps's ip.
why?

tks for ur reply

[unbit]

sudo route add my_vps_ip 182.16.0.1

the problem is here, you have to set a default gw route not a route to the server

[luckypoem]

hi.

yudeMacBook-Air:~ brite$ sudo route add 182.16.0.2 182.16.0.1
Password:
add host 182.16.0.2: gateway 182.16.0.1
yudeMacBook-Air:~ brite$

still not ok to cross the GFW.
how to fix it?tks

[unbit]

You have to set the default gw:

route add default 182.16.0.1

before this, check 182.16.0.1 is reachable pinging it

Oh and obviously hold a route to the vps:

route add <ip_of_the_vps> <original_gateway>

otherwise you will not be able to reach the vps anymore

[luckypoem]

hi.

yudeMacBook-Air:vpn-ws brite$ sudo ./vpn-ws-client /dev/tap0 wss://ws.smt.biz.st:449/ --no-verify
Password:
[Thu Jul 14 18:10:53 2016] connecting to ws.smt.biz.st port 449 (transport: wss)
[Thu Jul 14 18:11:00 2016] connected to ws.smt.biz.st port 449 (transport: wss)

but i cannot ping thru 182.16.0.1:
yudeMacBook-Air:~ brite$ ping 182.16.0.1
PING 182.16.0.1 (182.16.0.1): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
Request timeout for icmp_seq 5
Request timeout for icmp_seq 6
^C
--- 182.16.0.1 ping statistics ---
8 packets transmitted, 0 packets received, 100.0% packet loss
yudeMacBook-Air:~ brite$

headache.why i cannot ping thru 182.16.0.1??
it's strange.
tks

[unbit]

can you paste your routing table (the osx one) after the connection is established ?

[luckypoem]

hi

my mac's routing table:
yudeMacBook-Air:~ brite$ netstat -nr
Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGSc 16 10 en0
127 127.0.0.1 UCS 0 19 lo0
127.0.0.1 127.0.0.1 UH 47 132396 lo0
169.254 link#4 UCS 1 0 en0
169.254.244.229 1c:87:2c:63:f8:38 UHLSW 0 0 en0 325
192.168.1 link#4 UCS 2 0 en0
192.168.1.1/32 link#4 UCS 1 0 en0
192.168.1.1 b0:48:7a:25:11:aa UHLWIir 17 202 en0 624
192.168.1.100 0:23:cd:69:ef:7 UHLWI 0 0 en0 1171
192.168.1.101/32 link#4 UCS 0 0 en0
192.168.1.105 1c:87:2c:63:f8:38 UHLWI 0 0 en0 352
224.0.0 link#4 UmCS 1 0 en0
224.0.0.251 1:0:5e:0:0:fb UHmLWI 0 0 en0
255.255.255.255/32 link#4 UCS 0 0 en0

Internet6:
Destination Gateway Flags Netif Expire
::1 ::1 UHL lo0
fe80::%lo0/64 fe80::1%lo0 UcI lo0
fe80::1%lo0 link#1 UHLI lo0
fe80::%en0/64 link#4 UCI en0
fe80::e2ac:cbff:fe76:bca6%en0 e0:ac:cb:76:bc:a6 UHLI lo0
fe80::%awdl0/64 link#8 UCI awdl0
fe80::309b:acff:fe05:170c%awdl0 32:9b:ac:5:17:c UHLI lo0
ff01::%lo0/32 ::1 UmCI lo0
ff01::%en0/32 link#4 UmCI en0
ff01::%awdl0/32 link#8 UmCI awdl0
ff02::%lo0/32 ::1 UmCI lo0
ff02::%en0/32 link#4 UmCI en0
ff02::%awdl0/32 link#8 UmCI awdl0
yudeMacBook-Air:~ brite$

[luckypoem]

my mac is using wireless lan.
router's ip:192.168.1.1

[unbit]

it looks like you are not enabling the network interface like explained here: https://github.com/unbit/vpn-ws#the---exec-trick

[luckypoem]

about
vpn-ws-client --exec "ifconfig vpn17 192.168.173.17 netmask 255.255.255.0" vpn17 wss://example.com/

what is vpn17?

the follwoing is the result of ifconfig on my mac:
yudeMacBook-Air:sockstunnel brite$ ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether e0:ac:cb:76:bc:a6
inet6 fe80::e2ac:cbff:fe76:bca6%en0 prefixlen 64 scopeid 0x4
inet 192.168.1.101 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=1
media: autoselect
status: active
en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 9a:00:03:47:af:20
media: autoselect
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether e2:ac:cb:67:6d:00
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 5 priority 0 path cost 0
nd6 options=1
media:
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 02:ac:cb:76:bc:a6
media: autoselect
status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
ether 02:70:12:92:6c:68
inet6 fe80::70:12ff:fe92:6c68%awdl0 prefixlen 64 scopeid 0x8
nd6 options=1
media: autoselect
status: active
yudeMacBook-Air:sockstunnel brite$

the following is the result of ifconfig on my vps:
root@AR:~# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:321056 errors:0 dropped:0 overruns:0 frame:0
TX packets:321056 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:748826124 (714.1 MiB) TX bytes:748826124 (714.1 MiB)

venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.168.0.10 P-t-P:10.168.0.10 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:19033435 errors:0 dropped:0 overruns:0 frame:0
TX packets:18282270 errors:0 dropped:211 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13314870269 (12.4 GiB) TX bytes:12697612106 (11.8 GiB)

venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:104.255.35.132 P-t-P:104.255.35.132 Bcast:104.255.35.132 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
root@AR:~#

the following is routing table on my vps:
root@AR:# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 182.16.0.1 255.255.255.255 UGH 0 0 0 venet0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 venet0
root@AR:# route -e
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default 182.16.0.1 255.255.255.255 UGH 0 0 0 venet0
default * 0.0.0.0 U 0 0 0 venet0
root@AR:~#

so could u pls tell me in detail how to do?
tks for ur kindness