OpenVPN plus obfsproxy: Invalid SOCKS command: '3'

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
girzel
OpenVpn Newbie
Posts: 1
Joined: Sun Sep 20, 2015 7:32 am

OpenVPN plus obfsproxy: Invalid SOCKS command: '3'

Post by girzel » Sun Sep 20, 2015 7:49 am

I'm trying to get OpenVPN to run through obfsproxy, to mask the fact that I'm using a VPN. On my client machine, I can't get the two programs talking to each other. Whenever I try to connect, OpenVPN tells me

Code: Select all

recv_socks_reply: Socks proxy returned bad reply
, while obfsproxy tells me

Code: Select all

Invalid SOCKS command: '3'
.

The Arch client is running the openvpn-obfs package https://aur.archlinux.org/packages/openvpn-obfs/ ("OpenVPN binary with obfs patch"), and openvpn reports its version as 2.3.6. I've installed obfsproxy using pip2, and it reports its version as 0.2.13. I've also tried this with the Arch obfsproxy package, with the same results.

The client config:
client
dev tun
proto udp
remote SERVER_IP 21194
socks-proxy-retry
socks-proxy 127.0.0.1 443
route SERVER_IP 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
ca PATH_TO_FILE
cert PATH_TO_FILE
key PATH_TO_FILE
remote-cert-tls server
tls-auth PATH_TO_FILE
comp-lzo
verb 6
tun-mtu 1500
tun-mtu-extra 32
mssfix 1400
On the client I start obfsproxy like this:

Code: Select all

sudo obfsproxy --log-file=obfsproxy.log --log-min-severity=debug obfs3 socks 127.0.0.1:443
The OpenVPN logs show me this:
LZO compression initialized
Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:10 ]
Socket Buffers: R=[212992->131072] S=[212992->131072]
Data Channel MTU parms [ L:1574 D:1400 EF:42 EB:135 ET:32 EL:10 AF:3/1 ]
Local Options String: 'V4,dev-type tun,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Expected Remote Options String: 'V4,dev-type tun,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Local Options hash (VER=V4): 'ec497616'
Expected Remote Options hash (VER=V4): '7cd8ed90'
Attempting to establish TCP connection with [AF_INET]127.0.0.1:443 [nonblock]
TCP connection established with [AF_INET]127.0.0.1:443
recv_socks_reply: Socks proxy returned bad reply
TCP/UDP: Closing socket
SIGUSR1[soft,init_instance] received, process restarting
Restart pause, 5 second(s)
Re-using SSL/TLS context
That repeats indefinitely. Meanwhile, the output of obfsproxy is:
[INFO] OBFSSOCKSv5Factory starting on 443
[INFO] Starting factory <obfsproxy.network.socks.OBFSSOCKSv5Factory instance at 0x7f6e618bc710>
[DEBUG] socks_fact_0x7f6e618bc710: Starting up SOCKS server factory.
[INFO] Launched 'socks' listener at '[scrubbed]:443' for transport 'obfs3'.
[DEBUG] socks_fact_0x7f6e618bc710: New connection.
[ERROR] Invalid SOCKS command: '3'
[DEBUG] socks_up_0x7f6e618b8f10: Connection was lost (Connection was closed cleanly.).
[DEBUG] socks_up_0x7f6e618b8f10: Closing connection.
[DEBUG] circ_0x7f6e618bce60: Tearing down circuit.
[DEBUG] socks_fact_0x7f6e618bc710: New connection.
[ERROR] Invalid SOCKS command: '3'
This, too, repeats indefinitely.

Does anyone know why they won't talk to each other?

Thanks!
Eric

sergani
OpenVPN User
Posts: 22
Joined: Fri May 13, 2011 2:47 pm
Location: Cairo, EG

Re: OpenVPN plus obfsproxy: Invalid SOCKS command: '3'

Post by sergani » Wed Jul 05, 2017 12:27 pm

Hello,

I know it's an old topic, but I ran into the same issue a few days ago.
You need to switch your VPN to TCP instead of UDP for SOCKS to run.

Thanks

Post Reply