-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Windows][Desktop App] KeyApp is not working behind a company proxy #8922
Comments
I have the same problem with the Linux version. |
There’s really nothing you can do except tell your admin to whitelist *.keybase.io and *.keybase.pub so you can see them. |
Can we have a fix for this please? |
Have you tried setting HTTP_PROXY, HTTPS_PROXY and NO_PROXY envirionment variables? |
As per keybase/keybase-issues#2482 evidently proxy fiddling through the OS layer (at least on MS Windows) doesn't resolve the problem. I suspect this ticket is a duplicate of #2482 btw. |
To add more information... My environment:
What I see so far is like this :
I think part of the app leverages the proxy through the environment variables, but other components don't leverage that feature. Keybase people, your product is great (and would even consider paying for it), so let me know if you need some debug assistance on this issue. |
You can try setting a proxy in the config |
Here's a workaround for people behind a coorporate proxy, it's totally easy and I use it since ~2 years: Use keybase mainly on your smartphone. And if you have to type a longer text, type it on the PC, email it to your phone and copy&paste it into the keybase app! |
Insecure manual workarounds notwithstanding, this is still a major adoption pain point in the corporate world. Please do not close this issue except to merge it with keybase/keybase-issues#2482 -- which is slightly older than this ticket (3y4m vs 2y3m) |
@jedd, we put a bunch of proxy support this summer. Have you tried the settings in the settings menu? And if yes, what errors do you see? |
@maxtaco Wow - you really have, sorry I missed this when it came up. I'm forced to use Windows laptops somewhat intermittently, and hadn't noticed the new options. I set up a new one this morning, works a treat - thank you! (I'm using a non-auth proxy for http and https out through a single port) |
I can also confirm that SOCKS5 to 127.0.0.1:8080 using an SSH tunnel to an AWS VM works perfectly. Kudos! - Dave |
I'm still having one issue with proxy. When I access the Though, for general chat, it works really well. |
@aureq we are surprised by this, can you try shutting down keybase and starting it back up again? What platform are you on? |
@maxtaco I'm using Windows 10 (latest patch) and keybase (as installed yesterday). I just closed Keybase and opened it again and when I go into "Files", there's a blue ribbon saying "You are offline". The firewall logs are like this
If I purge my firewall and remove all rules (so it becomes a simple packet forwader), then the offline message disappears within a second or two and file transfer is working as expected. If I load my firewall rules, then Keybase shows again the offline message in the File section. |
OK, thanks for the feedback. Pinging @songgao who knows more about this! |
That blue offline banner is solely driven by connection status with the mdserver. So this seems to suggest we aren't respecting proxy settings somehow for connections to the mdserver. Will investigate. |
@aureq are you using the HTTP proxy or SOCKS5? |
@songgao I'm using an HTTP proxy (squid-cache). What's the DNS named for the |
@aureq It eventually goes to |
@seojangho One last piece of information, my proxy does MitM, though, the CA is deployed system wide. It appears that Keybase for Windows fails to retain the |
Sadly the |
I agree with @Ewarren7. I noticed the same. |
@aureq does the following help you:
keybase config set proxy-type <"socks" or "http_connect">
keybase config set proxy <"localhost:8080" or "username:password@localhost:8080">
export PROXY_TYPE=<"socks" or "http_connect">
export PROXY=<"localhost:8080" or "username:password@localhost:8080">
keybase config set disable-ssl-pinning true
# OR
export DISABLE_SSL_PINNING="true"
# OR
keybase --disable-ssl-pinning
|
Thanks a lot for the follow up ! Here is my feedback on version Using On the advanced settings screen, I see the proxy details being set and displayed correctly. And the settings are retained across restarts. I also used 2 - the CA certificate doesn't appear to be trusted by default by Debian 10 On that point, I understand that SSL interception is bad and I agree with this. The proxy in place does interception but also validates the certificate issuer accordingly using a local cert db as provided by Finally, and quite minor... it's a bit unclear if Keybase should be closed when invoking On my second attempt (after closing keybase), I go the message
But there's no indication whether the flag/arguments were valid and taken into account or not. The way I tested everything above was to close keybase each time, and then running each |
@taruti, @aureq, we've been playing around with Keybase for the last days, and we stumbled on the same Corporate proxy problematic. When I apply the
I see that the loading works, but that the chat - which is the primary use for us - is still not able to connect. Could it be that the chat connection is not using the same proxy settings? WebSockets etc work (tested). We're using it on a W7 laptop with the latest version of Keybase. Thanks for any help. |
@kvandermast Yes, I have my proxy also set in the app. Basically, the proxy you set from the GUI works fine with the chat feature and most of the app, except the file transfer (aka The proxy you set from the command line, allows the file transfer to work. Could you please confirm this ? |
@aureq, I'm afraid it is not working. I can for example lookup users in the "People" section, which shows that the proxy config is indeed working. Chat does not, I got a "API network error: doRetry failed, attempts: 1, timeout 5s, last err: context deadline exceeded". FYI, version is 5.3.0-20200310141357 |
I can confirm that this issue also affects the macOS App. |
@taruti @aureq and anybody else who finds this ... The option is The only place On my machine (well,
... and after fully quitting and restarting Keybase, I was able to log in and make use of KBFS again. It wasn't nearly as fast as if the MITM attack wasn't happening, but it did eventually work. |
Great to know @kg4zow Thank you for pointing out. |
Keybase is not working behind a proxy. And there is no option in menu, to configure one.
Here the error message I have:
The text was updated successfully, but these errors were encountered: