[GH-ISSUE #3501] 相同证书相同配置tls连接被拒绝

gitea-mirror commented

2026-05-05 13:48:32 -06:00

Owner

Copy link

Originally created by @iciness on GitHub (Jun 27, 2023).
Original GitHub issue: https://github.com/fatedier/frp/issues/3501

Bug Description

2台frps用相同的证书，配置也一致
唯一不同一台是家庭内网通过路由器端口转发（有外网IP）
另一台是阿里云服务器
家庭内网这台一切正常
阿里云这台不能用tls连接，启用tls客户端提示
[service.go:131] login to server failed: read tcp 192.168.33.50:38023->xx.xx.xx.xx:xxxx: wsarecv: An existing connection was forcibly closed by the remote host.
服务器端提示
[service.go:475] Accept new mux stream error: write tcp 172.18.9.245:xxxx->xx.xx.xx.xx:38023: write: connection reset by peer
如果禁用tls则可以正常连接

frpc Version

0.50.0

frps Version

0.50.0

System Architecture

linux/amd64

Configurations

服务端配置：
[common]
bind_port = xxxx
token = xxxxx

tls_cert_file = /opt/frp/cert/server.crt
tls_key_file = /opt/frp/cert/server.key
tls_trusted_ca_file = /opt/frp/cert/ca.crt

log_level = debug

客户端配置：
[common]
server_addr = xxx.xxx.com
server_port = xxxx

token = xxxxx

tls_cert_file = C:/Home/WinAll/frp/cert/client.crt
tls_key_file = C:/Home/WinAll/frp/cert/client.key
tls_trusted_ca_file = C:/Home/WinAll/frp/cert/ca.crt
tls_server_name = xxx.com

log_level = debug

Logs

No response

Steps to reproduce

...

Affected area

Docs
Installation
Performance and Scalability
Security
User Experience
Test and Release
Developer Infrastructure
Client Plugin
Server Plugin
Extensions
Others

Originally created by @iciness on GitHub (Jun 27, 2023). Original GitHub issue: https://github.com/fatedier/frp/issues/3501 ### Bug Description 2台frps用相同的证书，配置也一致唯一不同一台是家庭内网通过路由器端口转发（有外网IP）另一台是阿里云服务器家庭内网这台一切正常阿里云这台不能用tls连接，启用tls客户端提示 [service.go:131] login to server failed: read tcp 192.168.33.50:38023->xx.xx.xx.xx:xxxx: wsarecv: An existing connection was forcibly closed by the remote host. 服务器端提示 [service.go:475] Accept new mux stream error: write tcp 172.18.9.245:xxxx->xx.xx.xx.xx:38023: write: connection reset by peer 如果禁用tls则可以正常连接 ### frpc Version 0.50.0 ### frps Version 0.50.0 ### System Architecture linux/amd64 ### Configurations 服务端配置： [common] bind_port = xxxx token = xxxxx tls_cert_file = /opt/frp/cert/server.crt tls_key_file = /opt/frp/cert/server.key tls_trusted_ca_file = /opt/frp/cert/ca.crt log_level = debug 客户端配置： [common] server_addr = xxx.xxx.com server_port = xxxx token = xxxxx tls_cert_file = C:/Home/WinAll/frp/cert/client.crt tls_key_file = C:/Home/WinAll/frp/cert/client.key tls_trusted_ca_file = C:/Home/WinAll/frp/cert/ca.crt tls_server_name = xxx.com log_level = debug ### Logs _No response_ ### Steps to reproduce 1. 2. 3. ... ### Affected area - [ ] Docs - [X] Installation - [ ] Performance and Scalability - [X] Security - [ ] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [ ] Others

gitea-mirror

2026-05-05 13:48:32 -06:00

closed this issue
added the
lifecycle/stale
label

gitea-mirror commented

2026-05-05 13:48:35 -06:00

Author

Owner

Copy link

@fatedier commented on GitHub (Jun 27, 2023):

看上去怀疑被防火墙之类的主动断开了。

@fatedier commented on GitHub (Jun 27, 2023): 看上去怀疑被防火墙之类的主动断开了。

gitea-mirror commented

2026-05-05 13:48:36 -06:00

Author

Owner

Copy link

@iciness commented on GitHub (Jun 27, 2023):

阿里云这边安全策略端口入是开放的，出默认是全放行

@iciness commented on GitHub (Jun 27, 2023): 阿里云这边安全策略端口入是开放的，出默认是全放行

gitea-mirror commented

2026-05-05 13:48:37 -06:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Jul 28, 2023):

Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

@github-actions[bot] commented on GitHub (Jul 28, 2023): Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

No Branch/Tag specified