Bug#881847: shadowsocks-libev: Consider listening on all interfaces, and IPv6

Sat, 01 Sep 2018 04:06:29 -0700 

On Wed, Mar 21, 2018 at 7:11 PM, James Valleroy <jvalle...@mailbox.org> wrote:
> On 03/21/2018 04:11 AM, Roger Shimizu wrote:
>> Considering currently the service only binds to localhost, for security's 
>> sake,
>> I think it's better to use the patch below.
>> What do you think?
>>
>> diff --git a/debian/config.json b/debian/config.json
>> index 8ffa650..eb32b99 100644
>> --- a/debian/config.json
>> +++ b/debian/config.json
>> @@ -1,5 +1,5 @@
>>  {
>> -    "server":"127.0.0.1",
>> +    "server":["127.0.0.1", "::1"],
>>      "server_port":8388,
>>      "local_port":1080,
>>      "password":"barfoo!",
>
> Dear Roger,
>
> Is there a use case where you would want to run the server only for 
> localhost? I
> guess I'm not aware of this.

No. This is for safety.
I don't want to open a port to the world if anyone just happened to
install a package.

If the user really want to use this, he/she need to to modify the setting.
This is not an install-and-play package.

BTW. I tried the "server":["127.0.0.1", "::1"] setting on a IPv4 only
machine, and the service failed to start normally.

Enclosed is the log:
Sep 01 18:35:39 ss-server[18386]:  2018-09-01 19:35:39 INFO: tcp
server listening at [::0]:8388
Sep 01 18:35:41 ss-server[18386]:  2018-09-01 19:35:41 ERROR: failed
to resolve server name, wait 2 seconds
Sep 01 18:35:45 ss-server[18386]:  2018-09-01 19:35:45 ERROR: failed
to resolve server name, wait 4 seconds
Sep 01 18:35:53 ss-server[18386]:  2018-09-01 19:35:53 ERROR: failed
to resolve server name, wait 8 seconds
Sep 01 18:36:09 ss-server[18386]:  2018-09-01 19:36:09 ERROR: failed
to resolve server name, wait 16 seconds
Sep 01 18:36:41 ss-server[18386]:  2018-09-01 19:36:41 ERROR: failed
to resolve server name, wait 32 seconds
Sep 01 18:37:45 ss-server[18386]:  2018-09-01 19:37:45 ERROR: failed
to resolve server name, wait 64 seconds
Sep 01 18:39:53 systemd[1]: shadowsocks-libev.service: Main process
exited, code=exited, status=255/n/a

I'll report this upstream.
Before fixing this issue, I don't want to apply the patch.
Thanks for your understanding!

Cheers,
-- 
Roger Shimizu, GMT +9 Tokyo
PGP/GPG: 4096R/6C6ACD6417B3ACB1

Reply via email to