diff --git a/server/proxy/http.go b/server/proxy/http.go index cd4c4b96..3e0d5239 100644 --- a/server/proxy/http.go +++ b/server/proxy/http.go @@ -164,7 +164,12 @@ func (pxy *HTTPProxy) GetRealConn(remoteAddr string) (workConn net.Conn, err err var rwc io.ReadWriteCloser = tmpConn if pxy.cfg.Transport.UseEncryption { - rwc, err = libio.WithEncryption(rwc, []byte(pxy.serverCfg.Auth.Token)) + key := []byte(pxy.serverCfg.Auth.Token) + if pxy.serverCfg.Auth.Method == v1.AuthMethodJWT { + key = []byte(pxy.loginMsg.PrivilegeKey) + } + + rwc, err = libio.WithEncryption(rwc, key) if err != nil { xl.Errorf("create encryption stream error: %v", err) return diff --git a/server/proxy/proxy.go b/server/proxy/proxy.go index d5ab0f13..b73fa9ee 100644 --- a/server/proxy/proxy.go +++ b/server/proxy/proxy.go @@ -240,7 +240,11 @@ func (pxy *BaseProxy) handleUserTCPConnection(userConn net.Conn) { xl.Tracef("handler user tcp connection, use_encryption: %t, use_compression: %t", cfg.Transport.UseEncryption, cfg.Transport.UseCompression) if cfg.Transport.UseEncryption { - local, err = libio.WithEncryption(local, []byte(serverCfg.Auth.Token)) + key := []byte(serverCfg.Auth.Token) + if serverCfg.Auth.Method == v1.AuthMethodJWT { + key = []byte(pxy.loginMsg.PrivilegeKey) + } + local, err = libio.WithEncryption(local, key) if err != nil { xl.Errorf("create encryption stream error: %v", err) return diff --git a/server/proxy/udp.go b/server/proxy/udp.go index 53a07d52..28784f01 100644 --- a/server/proxy/udp.go +++ b/server/proxy/udp.go @@ -205,7 +205,11 @@ func (pxy *UDPProxy) Run() (remoteAddr string, err error) { var rwc io.ReadWriteCloser = workConn if pxy.cfg.Transport.UseEncryption { - rwc, err = libio.WithEncryption(rwc, []byte(pxy.serverCfg.Auth.Token)) + key := []byte(pxy.serverCfg.Auth.Token) + if pxy.serverCfg.Auth.Method == v1.AuthMethodJWT { + key = []byte(pxy.loginMsg.PrivilegeKey) + } + rwc, err = libio.WithEncryption(rwc, key) if err != nil { xl.Errorf("create encryption stream error: %v", err) workConn.Close()