安装控制面板后无法使用Kcptun

[felixnie]

首先感谢@xtaci的工作~很棒！

之前一直使用@kuoran制作的《Kcptun 服务端一键安装脚本》，配合ss使用，美哉……
我使用的Kcptun配置工具是kcptun_gclient，运行在Win10x64，服务端是运行了BBR的Ubuntu 16.04.3 LTS (GNU/Linux 4.13.0-041300rc3-generic x86_64)
由于希望VPS承担建站任务，就安装了宝塔这个控制面板（也许猜到了我要干什么吧……）
然后，出现了#422 #425十分相似的症状——ss直连没有问题，一经过kcptun就不行了……
后来，我有机会在重装系统后又尝试在kcptun服务端配置好后安装VestaCP控制面板，问题依旧出现。

服务端日志：（在服务端启动后没有新消息出现，一直保持启动时的样子）

2017/08/15 23:06:41 keepalive: 10
2017/08/15 23:06:41 snmplog: 
2017/08/15 23:06:41 snmpperiod: 60
2017/08/15 23:06:41 pprof: false
2017/08/15 23:15:19 version: 20170525
2017/08/15 23:15:19 listening on: [::]:8389
2017/08/15 23:15:19 target: 127.0.0.1:8989
2017/08/15 23:15:19 encryption: none
2017/08/15 23:15:19 nodelay parameters: 1 10 2 1
2017/08/15 23:15:19 sndwnd: 1024 rcvwnd: 1024
2017/08/15 23:15:19 compression: false
2017/08/15 23:15:19 mtu: 1200
2017/08/15 23:15:19 datashard: 10 parityshard: 3
2017/08/15 23:15:19 acknodelay: false
2017/08/15 23:15:19 dscp: 0
2017/08/15 23:15:19 sockbuf: 4194304
2017/08/15 23:15:19 keepalive: 10
2017/08/15 23:15:19 snmplog: 
2017/08/15 23:15:19 snmpperiod: 60
2017/08/15 23:15:19 pprof: false

客户端日志：

2017/08/15 23:40:14 version: 20170525
2017/08/15 23:40:14 listening on: [::]:8989
2017/08/15 23:40:14 encryption: none
2017/08/15 23:40:14 nodelay parameters: 1 10 2 1
2017/08/15 23:40:14 remote address: xxx.xxx.xxx.xx:8389
2017/08/15 23:40:14 sndwnd: 1024 rcvwnd: 1024
2017/08/15 23:40:14 compression: false
2017/08/15 23:40:14 mtu: 1200
2017/08/15 23:40:14 datashard: 10 parityshard: 3
2017/08/15 23:40:14 acknodelay: false
2017/08/15 23:40:14 dscp: 0
2017/08/15 23:40:14 sockbuf: 4194304
2017/08/15 23:40:14 keepalive: 10
2017/08/15 23:40:14 conn: 1
2017/08/15 23:40:14 autoexpire: 0
2017/08/15 23:40:14 scavengettl: 600
2017/08/15 23:40:14 snmplog: 
2017/08/15 23:40:14 snmpperiod: 60
2017/08/15 23:40:14 connection: 192.168.123.87:51418 -> xxx.xxx.xxx.xx:8389
2017/08/15 23:40:20 stream opened
2017/08/15 23:40:20 stream opened
2017/08/15 23:40:20 stream opened
2017/08/15 23:40:20 stream opened
2017/08/15 23:40:20 stream opened
2017/08/15 23:40:20 stream opened
2017/08/15 23:40:21 stream opened
2017/08/15 23:40:21 stream opened
2017/08/15 23:40:21 stream opened
2017/08/15 23:40:23 stream opened
2017/08/15 23:40:23 stream opened
2017/08/15 23:40:23 stream opened
2017/08/15 23:40:26 stream opened
2017/08/15 23:40:26 stream opened
2017/08/15 23:40:32 stream opened
2017/08/15 23:40:36 stream opened
2017/08/15 23:40:44 stream closed
2017/08/15 23:40:44 stream closed
2017/08/15 23:40:44 stream closed
2017/08/15 23:40:44 stream closed
2017/08/15 23:40:44 stream closed
2017/08/15 23:40:44 stream closed
2017/08/15 23:40:44 stream closed
2017/08/15 23:40:44 stream closed
2017/08/15 23:40:44 stream closed
2017/08/15 23:40:44 stream closed
2017/08/15 23:40:44 stream closed
2017/08/15 23:40:44 stream closed
2017/08/15 23:40:44 stream closed
2017/08/15 23:40:44 stream closed
2017/08/15 23:40:44 stream closed
2017/08/15 23:40:44 stream closed
2017/08/15 23:40:44 connection: 192.168.123.87:51141 -> xxx.xxx.xxx.xx:8389
2017/08/15 23:40:44 stream opened
2017/08/15 23:40:44 session marked as expired
2017/08/15 23:40:44 stream opened
2017/08/15 23:40:44 stream opened
2017/08/15 23:40:45 session normally closed
2017/08/15 23:41:14 stream closed
2017/08/15 23:41:14 stream closed
2017/08/15 23:41:14 stream closed
2017/08/15 23:41:19 session marked as expired
2017/08/15 23:41:19 connection: 192.168.123.87:63816 -> xxx.xxx.xxx.xx:8389
2017/08/15 23:41:19 stream opened
2017/08/15 23:41:20 session normally closed
2017/08/15 23:41:26 stream opened
2017/08/15 23:41:29 stream opened
2017/08/15 23:41:49 stream closed
2017/08/15 23:41:49 stream closed
2017/08/15 23:41:49 stream closed
2017/08/15 23:42:19 session marked as expired
2017/08/15 23:42:19 connection: 192.168.123.87:58979 -> xxx.xxx.xxx.xx:8389
2017/08/15 23:42:19 stream opened
2017/08/15 23:42:20 session normally closed
2017/08/15 23:42:49 stream closed
2017/08/15 23:43:26 session marked as expired
2017/08/15 23:43:26 connection: 192.168.123.87:63819 -> xxx.xxx.xxx.xx:8389
2017/08/15 23:43:26 stream opened
2017/08/15 23:43:27 session normally closed
2017/08/15 23:43:41 stream opened
2017/08/15 23:43:49 stream opened
2017/08/15 23:43:56 stream closed
2017/08/15 23:43:56 stream closed
2017/08/15 23:43:56 stream closed

以下是我使用Kcptun服务端一键安装脚本提供的状态查询命令得到的结果，这与未安装控制面板时的状态一致：

root@MyVPS:~# **service supervisord status**
● supervisord.service - Supervisor process control system for UNIX
   Loaded: loaded (/lib/systemd/system/supervisord.service; enabled; vendor preset: enabled)
   Active: **active** (running) since Tue 2017-08-15 23:06:40 CST; 5min ago
     Docs: http://supervisord.org
 Main PID: 3272 (supervisord)
   CGroup: /system.slice/supervisord.service
           ├─3272 /usr/bin/python /usr/local/bin/supervisord -c /etc/supervisor/supervisord.conf
           └─3390 /usr/local/kcptun/server_linux_amd64 -c /usr/local/kcptun/server-config.json

Aug 15 23:06:40 xxxxxx.cc systemd[1]: Stopped Supervisor process control system for UNIX.
Aug 15 23:06:40 xxxxxx.cc systemd[1]: Starting Supervisor process control system for UNIX...
Aug 15 23:06:40 xxxxxx.cc systemd[1]: Started Supervisor process control system for UNIX.

root@MyVPS:~# **supervisorctl status**
kcptun                           RUNNING   pid 3390, uptime 0:06:39

希望作者百忙之中能解答一下我这个新手的问题，谢谢。

[felixnie]

补充一个情况：宝塔的防火墙可以看到端口占用的情况。kcptun使用的端口显示的总是未占用

[baggiogogo]

iptables检查过吗，这个面板是否会自动添加规则，看服务端状态什么都没收到。

[felixnie]

@baggiogogo 您好！我不太了解iptables，能不能请您帮忙看一看呢？
这是
这是 iptables -L 命令的结果：（目前我安装了的是vestacp，8083是面板端口，8389和8989分别是kcptun和ss的端口）

Chain INPUT (policy DROP)
target     prot opt source               destination         
f2b-sshd   tcp  --  anywhere             anywhere             multiport dports ssh
fail2ban-VESTA  tcp  --  anywhere             anywhere             tcp dpt:8083
fail2ban-MAIL  tcp  --  anywhere             anywhere             multiport dports smtp,urd,submission,2525,pop3,pop3s,imap2,imaps
fail2ban-SSH  tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  xxx.xxx.xxx.xx.16clouds.com  anywhere            
ACCEPT     all  --  localhost            anywhere            
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8389
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8989
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             multiport dports http,https
ACCEPT     tcp  --  anywhere             anywhere             multiport dports ftp,12000:12100
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             multiport dports smtp,urd,submission,2525
ACCEPT     tcp  --  anywhere             anywhere             multiport dports pop3,pop3s
ACCEPT     tcp  --  anywhere             anywhere             multiport dports imap2,imaps
ACCEPT     tcp  --  anywhere             anywhere             multiport dports mysql,postgresql
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8083
ACCEPT     icmp --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain f2b-sshd (1 references)
target     prot opt source               destination         
REJECT     all  --  59.45.175.34         anywhere             reject-with icmp-port-unreachable
REJECT     all  --  221.194.47.224       anywhere             reject-with icmp-port-unreachable
REJECT     all  --  59.45.175.96         anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain fail2ban-MAIL (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain fail2ban-SSH (1 references)
target     prot opt source               destination         
REJECT     all  --  59.45.175.34         anywhere             reject-with icmp-port-unreachable
REJECT     all  --  221.194.47.224       anywhere             reject-with icmp-port-unreachable
REJECT     all  --  59.45.175.96         anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere            

Chain fail2ban-VESTA (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain vesta (0 references)
target     prot opt source               destination    

能否烦您解释一下呢？谢谢您！

[felixnie]

iptables似乎挂掉了……

**service iptables status**
● iptables.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)

[baggiogogo]

你把这条先加进去
iptables -I INPUT -i lo -j ACCEPT
如果通了把它放在/etc/rc.local里面
你这些规则肯定是你的面板自己添加的，可能重启后又恢复它的状态，弄完如果可以用，记得重启看看检查下。
如果不行，试试把kcptun-sever target: 127.0.0.1:8989，其中的127.0.0.1换成你服务器地址看看。

-----update
不用试上面了，ACCEPT tcp -- anywhere anywhere tcp dpt:8389
你端口开错了，开udp8389端口，不是tcp,你面板应该有选项。
没有选项的话，iptables -I INPUT -p udp --dport 8389 -j ACCEPT

[felixnie]

啊！是我蠢了……忘记开udp了……然而宝塔貌似不能控制udp的开关（之前的版本是这样），所以有了这样的问题……抱歉自己犯傻浪费您时间了，再次感谢！