Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SOCKS proxy 5 second handshake/auth/connect hard-coded timeout #267

Closed
ValdikSS opened this issue Mar 2, 2023 · 2 comments
Closed

SOCKS proxy 5 second handshake/auth/connect hard-coded timeout #267

ValdikSS opened this issue Mar 2, 2023 · 2 comments
Assignees
@flichtenheld
Labels
enhancement patch-submitted There is a patch on the list waiting for merge

Comments

@ValdikSS
Copy link
Contributor

ValdikSS commented Mar 2, 2023
edited
Loading

Describe the bug
OpenVPN 2.5, 2.6 and master have a hard-coded timeout of 5 seconds for SOCKS communications, which may not be enough for slow proxies, such as when the connection is performed over Tor.

To Reproduce

  1. Setup OpenVPN server using TCP
  2. Configure Tor Hidden Service to that server
  3. On another machine, configure client to Tor hidden service VPN using Tor's SOCKS port socks-proxy 127.0.0.1 9050

Expected behavior
Proxy timeout follow --server-poll-timeout value

--server-poll-timeout n
When connecting to a remote server do not wait for more than n seconds for a response before trying the next server. The de‐fault value is 120s. This timeout includes proxy and TCP connect timeouts.

Actual behavior
Socks code has a 5 second hard-coded timeout in numerous places

openvpn/src/openvpn/socks.c

Line 95 in 9c52e0c

const int timeout_sec = 5;

openvpn/src/openvpn/socks.c

Line 194 in 9c52e0c

const int timeout_sec = 5;

openvpn/src/openvpn/socks.c

Line 312 in 9c52e0c

const int timeout_sec = 5;

@5andr0
Copy link
Contributor

5andr0 commented Aug 30, 2023

I submitted a patch for that: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26962.html
5andr0@e6d7add

@5andr0 5andr0 mentioned this issue Sep 15, 2023
Closed
5andr0 added a commit to 5andr0/openvpn that referenced this issue Sep 16, 2023
@5andr0
Implement server_poll_timeout for SOCKS instead of hard-coded 5 sec
1e0e261 
Connections over SOCKS are timed out after hard-coded 5 sec,
which causes problems when using slow proxies like Tor.

With this patch, establishing a SOCKS connection uses the timeout
set by server-poll-timeout (default: 120s).
It uses the same logic that was implemented for HTTP proxies,
which includes the SOCKS handshake for the timeout.

Github: fixes OpenVPN#267
@flichtenheld flichtenheld self-assigned this Mar 6, 2024
@flichtenheld flichtenheld added the patch-submitted There is a patch on the list waiting for merge label Mar 6, 2024
@ValdikSS
Copy link
Contributor Author

ValdikSS commented Jun 6, 2024

I can confirm that the patch works great.

@cron2 cron2 closed this as completed in b3a68b8 Jun 19, 2024
cron2 pushed a commit that referenced this issue Jun 19, 2024
@5andr0 @cron2
Implement server_poll_timeout for socks
94bfb71 
So far --server-poll-timeout was only applied
for HTTP proxies, apply it also to SOCKS proxies.

This removes the default 5 second socks connect timeout
which can be too small depending on network setup and
replaces it with the configurable overall connect timeout
(default 120 seconds).

Trac: #328
Github: fixes #267

Change-Id: I2b109f8c551c23045a1be355778b08f0fd4d309f
Signed-off-by: 5andr0 <sandro.trianni@gmail.com>
Tested-By: ValdikSS <valdikss@gmail.com>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20240315162011.1661139-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28408.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit b3a68b8)
@cron2 cron2 mentioned this issue Jun 19, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@flichtenheld flichtenheld

Labels
enhancement patch-submitted There is a patch on the list waiting for merge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@flichtenheld @5andr0 @schwabe @ValdikSS