[Windows] TLS handshake error when using Desktop app
murchu27 opened this issue · 5 comments
I had previously set up my tablet with the automagic script, which generated cert and key, and set up the proxy service on my tablet. I can see that the service runs on my tablet, and it works fine:
● proxy.service - reverse proxy
Loaded: loaded (/etc/systemd/system/proxy.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2021-12-11 15:40:43 UTC; 1 day 19h ago
Main PID: 190 (rmfake-proxy)
CGroup: /system.slice/proxy.service
└─190 /home/root/rmfakecloud/rmfake-proxy -cert /home/root/rmfakecloud/proxy.bundle.crt
-key /home/root/rmfakecloud/proxy.key https://my.server
I can see in the exec line that the cert is proxy.bundle.crt, and the key is proxy.key. So, I copied the two of these to my Windows PC, which also has the necessary lines added to C:\Windows\system32\drivers\etc\hosts:
# rmfake_start
127.0.0.1 hwr-production-dot-remarkable-production.appspot.com
127.0.0.1 service-manager-production-dot-remarkable-production.appspot.com
127.0.0.1 local.appspot.com
127.0.0.1 my.remarkable.com
127.0.0.1 internal.cloud.remarkable.com
127.0.0.1 ping.remarkable.com
# rmfake_end
I run the proxy on the PC using a config file, and it starts without issue:
PS C:\Users\mmurphy\Downloads\rmfake-proxy> .\rmfake-proxy.exe -c .\config.yml
2021/12/13 11:09:33 cert-file=proxy.bundle.crt key-file=proxy.key listen-addr=:443 upstream-url=https://my.server
I then generated a one-time code from the web UI, and punched that into the Desktop app. But it gets stuck on "Verifing one-time code. Please wait...", while the proxy just repeatedly outputs "TLS handshake error" from different ports that the Desktop app is trying to connect to.
PS C:\Users\mmurphy\Downloads\rmfake-proxy> .\rmfake-proxy.exe -c .\config.yml
2021/12/13 11:09:33 cert-file=proxy.bundle.crt key-file=proxy.key listen-addr=:443 upstream-url=https://my.server
2021/12/13 11:09:36 http: TLS handshake error from 127.0.0.1:65215: EOF
2021/12/13 11:09:36 http: TLS handshake error from 127.0.0.1:65216: EOF
2021/12/13 11:09:37 http: TLS handshake error from 127.0.0.1:65217: EOF
2021/12/13 11:09:40 http: TLS handshake error from 127.0.0.1:65218: EOF
2021/12/13 11:09:43 http: TLS handshake error from 127.0.0.1:65219: EOF
2021/12/13 11:09:50 http: TLS handshake error from 127.0.0.1:65220: EOF
2021/12/13 11:09:59 http: TLS handshake error from 127.0.0.1:65221: EOF
2021/12/13 11:10:14 http: TLS handshake error from 127.0.0.1:65223: EOF
If I specify a port for addr (e.g., 8080 as in the README), then I don't see any output while trying to connect, but the app still doesn't get past the "Verifying one-time code" message.
PS C:\Users\mmurphy\Downloads\rmfake-proxy> .\rmfake-proxy.exe -c .\config.yml
2021/12/13 11:13:58 cert-file=proxy.bundle.crt key-file=proxy.key listen-addr=:8080 upstream-url=https://murchu27.zapto.org:3000
{no more output when trying to connect}
Any idea what I might be missing here?
i havent figured it out yet. something with the ciphers qt and proxy are using on windows
Cool, no worries. Do you use the desktop app at all? What do you use for reverse proxy?
I usually don't use the desktop app (mostly rmapi)
So I just tested the rmfake-proxy.exe from the releases and it works on Windows 11 (21H2). But I remember I had the tls problem on a Windows 10 VM that I have.
The listen address has to be :443 (can be omitted as that's the default), I corrected that in the readme.
Yeah I was seeing the issue using 443, whenever I used other ports I didn't see any output from rmfake-proxy.exe at all
Fixed this by trusting the ca.crt file that gets generated by the installer script on the tablet.
I just pulled the file from the tablet via sftp, and then followed this section of Microsoft's article to install it. I didn't need to follow the certificate snap-in section.
After trusting it, then I can run the proxy, and the Desktop app connects successfully
PS C:\Users\mmurphy\Downloads\rmfake-proxy> .\rmfake-proxy.exe -c .\config.yml
2021/12/13 11:09:33 cert-file=proxy.bundle.crt key-file=proxy.key listen-addr=:443 upstream-url=https://my.server