Setup
Cloak client -> Cloudflare CDN -> nginx web server -> Cloak server
Issue
Traffic that's proxied through Cloudflare CDN is never directed to my remote server. Tcpdump listening on port 80 and port 443 of the remote server doesn't receive packets while Cloak client's trying to connect through this setup.
Resulting in this:
Cloak client -> Cloudflare CDN -X-> nginx web server -> Cloak server
But if I turn off Cloudflare proxy and connect directly to my server, everything works fine.
Like this:
Cloak client -> nginx web server -> Cloak server
Description
I switched to the CDN proxying setup earlier this month and was able to connect just fine for the first few weeks. Cloak's client-side plugin would output level=error msg="Failed to prepare connection to remote: read tcp XXXX:53753->XXXX:443: wsarecv: An existing connection was forcibly closed by the remote host." error, but I'd get Session XXXX established pretty quickly.
About a week or so ago, Cloak client started to get stuck on numerous level=error msg="Failed to prepare connection to remote: read tcp XXXX:53753->XXXX:443: wsarecv: An existing connection was forcibly closed by the remote host." errors when it tries to connect. Then one day, it failed to connect to the server entirely, just the same error message outputted over and over again.
I tried turning off the Cloudflare proxy and connecting directly. Cloak was able to connect just fine. So this's not a problem with my setup or IP/domain name being blocked.
I set up tcpdump on the server to listen to port 80 and 443 and find that the server doesn't receive any packet from Cloudflare while the Cloak client's trying to connect. Wireshark on client side reveals that connection to the Cloudflare CDN's always forcibly reset directly after client sends a Client Hello. Hence Cloaked packets never got past the CDN.
Rudimentary analysis by myself concludes that something about Cloak looks not-TLS enough for Cloudflare to drop the connection. But I cannot make this claim with any degree of certainty and, therefore, invite those more knowledgeable than I to review my debugging process and offer advice.
Thank you.
Setup
Cloak client -> Cloudflare CDN -> nginx web server -> Cloak server
Issue
Traffic that's proxied through Cloudflare CDN is never directed to my remote server. Tcpdump listening on port 80 and port 443 of the remote server doesn't receive packets while Cloak client's trying to connect through this setup.
Resulting in this:
Cloak client -> Cloudflare CDN -X->
nginx web server -> Cloak serverBut if I turn off Cloudflare proxy and connect directly to my server, everything works fine.
Like this:
Cloak client -> nginx web server -> Cloak server
Description
I switched to the CDN proxying setup earlier this month and was able to connect just fine for the first few weeks. Cloak's client-side plugin would output
level=error msg="Failed to prepare connection to remote: read tcp XXXX:53753->XXXX:443: wsarecv: An existing connection was forcibly closed by the remote host."error, but I'd getSession XXXX establishedpretty quickly.About a week or so ago, Cloak client started to get stuck on numerous
level=error msg="Failed to prepare connection to remote: read tcp XXXX:53753->XXXX:443: wsarecv: An existing connection was forcibly closed by the remote host."errors when it tries to connect. Then one day, it failed to connect to the server entirely, just the same error message outputted over and over again.I tried turning off the Cloudflare proxy and connecting directly. Cloak was able to connect just fine. So this's not a problem with my setup or IP/domain name being blocked.
I set up tcpdump on the server to listen to port 80 and 443 and find that the server doesn't receive any packet from Cloudflare while the Cloak client's trying to connect. Wireshark on client side reveals that connection to the Cloudflare CDN's always forcibly reset directly after client sends a Client Hello. Hence Cloaked packets never got past the CDN.
Rudimentary analysis by myself concludes that something about Cloak looks not-TLS enough for Cloudflare to drop the connection. But I cannot make this claim with any degree of certainty and, therefore, invite those more knowledgeable than I to review my debugging process and offer advice.
Thank you.