You are not logged in.

Pages: 1

#1 2015-01-27 11:25:09

fazky
Member
Registered: 2012-01-25
Posts: 34

[SOLVED] SOCKS Proxy and Bittorrent Sync

Hello,

I am trying to configure my BitTorrent Sync client to use a SOCKS proxy.  The setup is the following:
- client A at work; runs BitTorrent Sync; behind a firewall; however, I have accesss to
- client B at work; publicly visible;
- client C at home; runs BitTorrent Sync.

I can setup a SOCKS proxy on A using 

ssh -vv -N -D 1080 B

where host B is client B.  This works perfectly for Firefox (if I set it to use the SOCKS proxy on localhost:1080).

However, when I configure BitTorrent Sync on client A to use the same SOCKS proxy and start it up, the SOCKS proxy refuses all its connections.  The ssh log:

OpenSSH_6.7p1, OpenSSL 1.0.1l 15 Jan 2015
debug1: Reading configuration data /home/dominik/.ssh/config
debug1: /home/dominik/.ssh/config line 18: Applying options for vetgrid
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Hostname has changed; re-reading configuration
debug1: Reading configuration data /home/dominik/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to i122mc151.vu-wien.ac.at [193.171.97.93] port 22.
debug1: Connection established.
debug1: identity file /home/dominik/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dominik/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dominik/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dominik/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dominik/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dominik/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dominik/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dominik/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH_5* compat 0x0c000000
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: setup umac-64@openssh.com
debug1: kex: server->client aes128-ctr umac-64@openssh.com none
debug2: mac_setup: setup umac-64@openssh.com
debug1: kex: client->server aes128-ctr umac-64@openssh.com none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 1537/3072
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA c5:ab:c7:df:92:bf:0f:ae:78:25:43:f4:fc:20:44:69
debug1: Host 'i122mc151.vu-wien.ac.at' is known and matches the RSA host key.
debug1: Found key in /home/dominik/.ssh/known_hosts:1
debug2: bits set: 1571/3072
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/dominik/.ssh/id_rsa (0x7fb00860ec60),
debug2: key: /home/dominik/.ssh/id_dsa ((nil)),
debug2: key: /home/dominik/.ssh/id_ecdsa ((nil)),
debug2: key: /home/dominik/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/dominik/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp 81:c8:05:3e:87:13:bf:c7:bf:0e:8c:c0:4a:63:6a:dc
debug1: Authentication succeeded (publickey).
Authenticated to i122mc151.vu-wien.ac.at ([193.171.97.93]:22).
debug1: Local connections to LOCALHOST:1080 forwarded to remote address socks:0
debug1: Local forwarding listening on ::1 port 1080.
debug2: fd 4 setting O_NONBLOCK
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 1080.
debug2: fd 5 setting O_NONBLOCK
debug1: channel 1: new [port listener]
debug2: fd 3 setting TCP_NODELAY
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Connection to port 1080 forwarding to socks port 0 requested.
debug2: fd 6 setting TCP_NODELAY
debug2: fd 6 setting O_NONBLOCK
debug1: channel 2: new [dynamic-tcpip]
debug2: channel 2: pre_dynamic: have 0
debug1: Connection to port 1080 forwarding to socks port 0 requested.
debug2: fd 7 setting TCP_NODELAY
debug2: fd 7 setting O_NONBLOCK
debug1: channel 3: new [dynamic-tcpip]
debug2: channel 2: pre_dynamic: have 0
debug2: channel 3: pre_dynamic: have 0
debug2: channel 2: pre_dynamic: have 9
debug2: channel 2: decode socks4
debug2: channel 2: decode socks4: user /0
debug2: channel 2: dynamic request: socks4 host 127.0.0.1 port 1080 command 1
debug2: channel 3: pre_dynamic: have 9
debug2: channel 3: decode socks4
debug2: channel 3: decode socks4: user /0
debug2: channel 3: dynamic request: socks4 host 54.225.92.50 port 3000 command 1
channel 2: open failed: connect failed: Connection refused
debug2: channel 2: zombie
debug2: channel 2: garbage collecting
debug1: channel 2: free: direct-tcpip: listening port 1080 for 127.0.0.1 port 1080, connect from 127.0.0.1 port 36828 to 127.0.0.1 port 1080, nchannels 4
debug1: Connection to port 1080 forwarding to socks port 0 requested.
debug2: fd 6 setting TCP_NODELAY
debug2: fd 6 setting O_NONBLOCK
debug1: channel 2: new [dynamic-tcpip]
debug2: channel 2: pre_dynamic: have 0
debug2: channel 2: pre_dynamic: have 9
debug2: channel 2: decode socks4
debug2: channel 2: decode socks4: user /0
debug2: channel 2: dynamic request: socks4 host 54.225.100.8 port 80 command 1
debug2: channel 2: open confirm rwindow 2097152 rmax 32768
debug2: channel 2: read<=0 rfd 6 len 0
debug2: channel 2: read failed
debug2: channel 2: close_read
debug2: channel 2: input open -> drain
debug2: channel 2: ibuf empty
debug2: channel 2: send eof
debug2: channel 2: input drain -> closed
debug2: channel 2: rcvd eof
debug2: channel 2: output open -> drain
debug2: channel 2: obuf empty
debug2: channel 2: close_write
debug2: channel 2: output drain -> closed
debug2: channel 2: send close
debug2: channel 2: rcvd close
debug2: channel 2: is dead
debug2: channel 2: garbage collecting
debug1: channel 2: free: direct-tcpip: listening port 1080 for 54.225.100.8 port 80, connect from 127.0.0.1 port 36830 to 127.0.0.1 port 1080, nchannels 4
debug1: Connection to port 1080 forwarding to socks port 0 requested.
debug2: fd 6 setting TCP_NODELAY
debug2: fd 6 setting O_NONBLOCK
debug1: channel 2: new [dynamic-tcpip]
debug2: channel 2: pre_dynamic: have 0
debug2: channel 2: pre_dynamic: have 9
debug2: channel 2: decode socks4
debug2: channel 2: decode socks4: user /0
debug2: channel 2: dynamic request: socks4 host 127.0.0.1 port 1080 command 1
channel 2: open failed: connect failed: Connection refused
debug2: channel 2: zombie
debug2: channel 2: garbage collecting
debug1: channel 2: free: direct-tcpip: listening port 1080 for 127.0.0.1 port 1080, connect from 127.0.0.1 port 36831 to 127.0.0.1 port 1080, nchannels 4
debug1: Connection to port 1080 forwarding to socks port 0 requested.
debug2: fd 6 setting TCP_NODELAY
debug2: fd 6 setting O_NONBLOCK
debug1: channel 2: new [dynamic-tcpip]
debug2: channel 2: pre_dynamic: have 0
debug2: channel 2: pre_dynamic: have 9
debug2: channel 2: decode socks4
debug2: channel 2: decode socks4: user /0
debug2: channel 2: dynamic request: socks4 host 127.0.0.1 port 1080 command 1
channel 2: open failed: connect failed: Connection refused
debug2: channel 2: zombie
debug2: channel 2: garbage collecting
debug1: channel 2: free: direct-tcpip: listening port 1080 for 127.0.0.1 port 1080, connect from 127.0.0.1 port 36840 to 127.0.0.1 port 1080, nchannels 4
debug1: Connection to port 1080 forwarding to socks port 0 requested.
debug2: fd 6 setting TCP_NODELAY
debug2: fd 6 setting O_NONBLOCK
debug1: channel 2: new [dynamic-tcpip]
debug2: channel 2: pre_dynamic: have 0
debug2: channel 2: pre_dynamic: have 9
debug2: channel 2: decode socks4
debug2: channel 2: decode socks4: user /0
debug2: channel 2: dynamic request: socks4 host 127.0.0.1 port 1080 command 1
channel 2: open failed: connect failed: Connection refused
debug2: channel 2: zombie
debug2: channel 2: garbage collecting
debug1: channel 2: free: direct-tcpip: listening port 1080 for 127.0.0.1 port 1080, connect from 127.0.0.1 port 36853 to 127.0.0.1 port 1080, nchannels 4
debug1: Connection to port 1080 forwarding to socks port 0 requested.
debug2: fd 6 setting TCP_NODELAY
debug2: fd 6 setting O_NONBLOCK
debug1: channel 2: new [dynamic-tcpip]
debug2: channel 2: pre_dynamic: have 0
debug2: channel 2: pre_dynamic: have 9
debug2: channel 2: decode socks4
debug2: channel 2: decode socks4: user /0
debug2: channel 2: dynamic request: socks4 host 23.23.146.116 port 80 command 1
debug2: channel 2: open confirm rwindow 2097152 rmax 32768
debug2: channel 2: read<=0 rfd 6 len 0
debug2: channel 2: read failed
debug2: channel 2: close_read
debug2: channel 2: input open -> drain
debug2: channel 2: ibuf empty
debug2: channel 2: send eof
debug2: channel 2: input drain -> closed
debug2: channel 2: rcvd eof
debug2: channel 2: output open -> drain
debug2: channel 2: obuf empty
debug2: channel 2: close_write
debug2: channel 2: output drain -> closed
debug2: channel 2: send close
debug2: channel 2: rcvd close
debug2: channel 2: is dead
debug2: channel 2: garbage collecting

and so on.   What makes me think a little bit, is that Firefox works without hazzles, but the BitTorrent client does not.  Maybe the client B (the host) blocks certain ports or connections?  How could I check that?

Thanks,
Dominik

Last edited by fazky (2015-01-28 12:52:01)

Offline

#2 2015-01-27 12:20:56

EscapedNull
Member
Registered: 2013-12-04
Posts: 129

Re: [SOLVED] SOCKS Proxy and Bittorrent Sync

I don't know anything about BT sync, but as a general note, verify that SSH and BT sync are using the same SOCKS version. Alternatively, you can use something like libconnect or torsocks (based on libconnect), which implements the SOCKS protocol itself and intercepts connection attempts from unconfigured programs. It could just be that BT sync has poor SOCKS support. Does BT sync report any errors?

Alternatively, couldn't you install BT sync on client B? The BT sync network, to my (limited) knowledge, is self-organizing, so C should be able to see B, and B can see A, which might be enough for it to traverse the NAT without SSH.

[Edit: Is there a firewall between A and B that could be blocking BT sync? Can you SSH into A, directly or indirectly through B?]

Last edited by EscapedNull (2015-01-27 12:22:08)

Offline

#3 2015-01-27 13:06:37

fazky
Member
Registered: 2012-01-25
Posts: 34

Re: [SOLVED] SOCKS Proxy and Bittorrent Sync

Hello,
thanks for the comments.

Both, BT Sync and ssh can use SOCKS4 and SOCKS5.  I tried both versions for  BT Sync; both fail.  BT Sync does not report any errors.  Does SSH recognize the version automatically?

Installing BT sync on client B is not an option because I don't want my files to be there.

There should not be a firewall between A and B.  I can directly connect to B from A and the other way around.  I can also directly connect to C from B and the other way around.  However, I cannot directly connect from A to C or from C to A.  E.g., to connect from A to C via SSH, I use 

ssh -q B -W C:forwardedPortNr

where B is client B and C is client C.

Regarding torsocks, I have to expose my ignorance ;-).  How could I use this to use my local ssh SOCKS proxy?  Do I need to run tor in order to use torsocks?

Are there other methods to check my ssh proxy?  Maybe most of the ports are still blocked and I just don't know it?

Thanks,
Dominik

EDIT:  I guess I know now what you meant with torsocks.  I came accross tsocks, and tried to use it with BT Sync, so that all requests are automatically sent through the ssh proxy.  However, I get the very same error messages and refused connections.

Last edited by fazky (2015-01-27 13:29:18)

Offline

#4 2015-01-27 21:31:07

EscapedNull
Member
Registered: 2013-12-04
Posts: 129

Re: [SOLVED] SOCKS Proxy and Bittorrent Sync

Try connecting to some of those addresses from B directly. e.g. 

netcat 54.225.92.50 3000
netcat 23.23.146.116 80
...

If you get an error, then the firewall is probably blocking the BT bootstrap nodes. I don't know if there's any way around this.

Offline

#5 2015-01-28 12:50:52

fazky
Member
Registered: 2012-01-25
Posts: 34

Re: [SOLVED] SOCKS Proxy and Bittorrent Sync

Hello,
thanks for the hint.

Netcat is not installed on the server (it is a mac), but I found nc, which is probably the same.

nc -v 54.225.92.50 3000

gives

Connection to 54.225.92.50 3000 port [tcp/hbci] succeeded!

And

nc -v 23.23.146.116 80

gives the same

Connection to 23.23.146.116 80 port [tcp/http] succeeded!

So I am not really sure, where the problem is...

Now I restarted the server and connections are opened and it works.  Sorry for the hazzle, no idea what was going on here.  THanks for your comments!

Dominik

Offline

#6 2015-01-28 13:17:10

EscapedNull
Member
Registered: 2013-12-04
Posts: 129

Re: [SOLVED] SOCKS Proxy and Bittorrent Sync

fazky wrote:

Now I restarted the server and connections are opened and it works.  Sorry for the hazzle, no idea what was going on here.

Not sure what might have been the problem, but I'm glad to hear you got it working!

Offline

Pages: 1

Board footer

Powered by FluxBB