From 3fb172b4d26f5929faf79a26d7e76fdef4a1ade8 Mon Sep 17 00:00:00 2001
From: chenxudong2020 <872603935@qq.com>
Date: Thu, 5 Jun 2025 11:56:07 +0800
Subject: [PATCH] Modify SNI logic: always use "localhost" as SNI to avoid IP
 blocking (#934)

---
 easytier/src/tunnel/websocket.rs | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/easytier/src/tunnel/websocket.rs b/easytier/src/tunnel/websocket.rs
index dd64b9e..2f423d3 100644
--- a/easytier/src/tunnel/websocket.rs
+++ b/easytier/src/tunnel/websocket.rs
@@ -204,12 +204,12 @@ impl WSTunnelConnector {
             init_crypto_provider();
             let tls_conn =
                 tokio_rustls::TlsConnector::from(Arc::new(get_insecure_tls_client_config()));
-            let domain_or_ip = match domain {
-                None => host.to_string(),
-                Some(domain) => domain.to_string(),
-            };
+            // Modify SNI logic: always use "localhost" as SNI to avoid IP blocking.
+            let sni = "localhost";
+            let server_name = rustls::pki_types::ServerName::try_from(sni)
+                .map_err(|_| TunnelError::InvalidProtocol("Invalid SNI".to_string()))?;
             let stream = tls_conn
-                .connect(domain_or_ip.try_into().unwrap(), stream)
+                .connect(server_name, stream)
                 .await?;
             MaybeTlsStream::Rustls(stream)
         } else {