Closed lobstergy closed 4 years ago
Acris
commented
5 years ago I am looking at the connection loss problem.
I think unbound is stable enough, and stubby has a bug on asuswrt-merlin, see: https://github.com/getdnsapi/stubby/issues/127 for more details.
shadowsocks + v2ray-plugin can also work with websocket + tls +Nginx/Caddy + CDN mode, and the server-side is easier to deploy, so I have no plan to work with a v2ray version.
Acris
commented
4 years ago Can you upgrade shadowsocks-asuswrt-merlin to the latest version with ss-merlin upgrade command and see if that happens again?
lobstergy
commented
4 years ago Hi, Acris, Sorry for reply late, kind of busy lately and thanks for your response...
Two cases:
Case ONE, it seemed it's improved a bit, only once since this morning encounter FC (force crash), plus, ssh Segmentation fault. [Are there any watchdog for the script to monitor?] Don’t get me wrong, when it works, it’s awesome, DoT enabled and speed test reached 35/30 Mbps, Y2b 20+ Kbps!
……
May 5 14:15:48 ss-redir[5870]: remote recv: Connection reset by peer
May 5 14:15:48 ss-redir[5870]: **plugin service exit unexpectedly**
May 5 14:15:48 ss-redir[5870]: **error on terminating the plugin.** Case TWO, Very slow / failed outside connection, DoT failed, almost unusable. Is it caused by the updated server docker image? Please check and let me know, thanks.
Some logs and comparisons:
docker top shadowsocks-libev
UID PID PPID C STIME TTY TIME CMD
root 547 525 0 Oct22 ? 00:00:00 ss-server -s 0.0.0.0 -p 8388 -k PASSWORD -m chacha20-ietf-poly1305 -t **86400** -d 1.1.1.1,1.0.0.1 --reuse-port --no-delay --plugin v2ray-plugin --plugin-opts server;quick;host=*********;path=/***;cert=/root/.acme.sh/*********/fullchain.cer;key=/root/.acme.sh/*********/*********.key -u
root 607 547 0 Oct22 ? 00:00:01 v2ray-plugindocker top shadowsocks-libev
UID PID PPID C STIME TTY TIME CMD
root 14049 14029 0 21:21 ? 00:00:03 ss-server -s 0.0.0.0 -p 8388 -k PASSWORD -m chacha20-ietf-poly1305 -t **600** -d 1.1.1.1,1.0.0.1 --reuse-port --no-delay --plugin v2ray-plugin --plugin-opts server;quic;host=*********;path=/***;cert=/root/.acme.sh/*********/*********.cer;key=/root/.acme.sh/*********/*********.key
root 14086 14049 0 21:21 ? 00:00:06 v2ray-plugin
username@vmanual-outline:~$ docker logs shadowsocks-libev -f --tail 100 [NEW SERVER]
2019-10-23 00:19:44 INFO: enable TCP no-delay
2019-10-23 00:19:44 INFO: plugin "v2ray-plugin" enabled
2019-10-23 00:19:44 INFO: UDP relay enabled
2019-10-23 00:19:44 INFO: enable TCP no-delay
2019-10-23 00:19:44 INFO: initializing ciphers... chacha20-ietf-poly1305
2019-10-23 00:19:44 INFO: using nameserver: 1.1.1.1,1.0.0.1
2019-10-23 00:19:44 INFO: tcp server listening at 127.0.0.1:36727
2019-10-23 00:19:44 INFO: tcp port reuse enabled
2019-10-23 00:19:44 INFO: udp server listening at 0.0.0.0:8388
2019-10-23 00:19:44 INFO: udp port reuse enabled
2019-10-23 00:19:44 INFO: running from root user
2019/10/23 00:19:45 **V2Ray 4.19.1** (Po) Custom
2019/10/23 00:19:45 A unified platform for anti-censorship.
2019/10/23 00:19:45 [Warning] v2ray.com/core: V2Ray 4.19.1 started
2019/10/23 00:19:49 [Warning] v2ray.com/core/transport/internet/websocket: failed to serve http for WebSocket > accept tcp [::]:8388: use of closed network connection
2019-10-23 00:20:12 INFO: enable TCP no-delay
2019-10-23 00:20:12 INFO: plugin "v2ray-plugin" enabled
2019-10-23 00:20:12 INFO: UDP relay enabled
2019-10-23 00:20:12 INFO: enable TCP no-delay
2019-10-23 00:20:12 INFO: initializing ciphers... chacha20-ietf-poly1305
2019-10-23 00:20:12 INFO: using nameserver: 1.1.1.1,1.0.0.1
2019-10-23 00:20:12 INFO: tcp server listening at 127.0.0.1:47837
2019-10-23 00:20:12 INFO: tcp port reuse enabled
2019-10-23 00:20:12 INFO: udp server listening at 0.0.0.0:8388
2019-10-23 00:20:12 INFO: udp port reuse enabled
2019-10-23 00:20:12 INFO: running from root user
2019/10/23 00:20:12 V2Ray 4.19.1 (Po) Custom
2019/10/23 00:20:12 A unified platform for anti-censorship.
2019/10/23 00:20:13 [Warning] v2ray.com/core: V2Ray 4.19.1 started
2019/10/23 00:24:36 tcp:120.229.17.26:9079 accepted tcp:127.0.0.1:0Connected to 1.1.1.1
No
Using DNS over HTTPS (DoH)
No
Using DNS over TLS (DoT)
No
AS Name
**Shanghai Qiangxin Network Technology Co. [/ xTom Hong Kong Limited]**
AS Number
58879
Cloudflare Data Center
SEA
Connectivity to Resolver IP Addresses
1.1.1.1
Yes
1.0.0.1
Yes
2606:4700:4700::1111
No
2606:4700:4700::1001
Nousername@v2raycentos:~$ docker logs shadowsocks-libev -f --tail 100 [OLD SERVER]
2019-10-23 03:36:48 INFO: enable TCP no-delay
2019-10-23 03:36:48 INFO: plugin "v2ray-plugin" enabled
2019-10-23 03:36:48 INFO: enable TCP no-delay
2019-10-23 03:36:48 INFO: initializing ciphers... chacha20-ietf-poly1305
2019-10-23 03:36:48 INFO: using nameserver: 1.1.1.1,1.0.0.1
2019-10-23 03:36:48 INFO: tcp server listening at 127.0.0.1:45947
2019-10-23 03:36:48 INFO: tcp port reuse enabled
2019-10-23 03:36:48 INFO: running from root user
2019/10/23 03:36:49 **V2Ray 4.16 (Po) Custom**
2019/10/23 03:36:49 A unified platform for anti-censorship.
2019/10/23 03:36:49 [Warning] v2ray.com/core: V2Ray 4.16 started
2019/10/23 03:36:49 tcp:120.229.17.39:10216 accepted tcp:127.0.0.1:0
2019/10/23 03:36:49 tcp:120.229.17.39:10217 accepted tcp:127.0.0.1:0 Connected to 1.1.1.1
Yes
Using DNS over HTTPS (DoH)
No
Using DNS over TLS (DoT)
Yes
AS Name
Cloudflare
AS Number
13335
Cloudflare Data Center
LAX
Connectivity to Resolver IP Addresses
1.1.1.1
Yes
1.0.0.1
Yes
2606:4700:4700::1111
No
2606:4700:4700::1001
NoHello, there is one mistake in your v2ray-plugin configurations, it is quic mode, not quick mode, try correct your configurations and try again.
BTW, next time when you paste your configurations, be careful to hide sensitive information.
Acris
commented
4 years ago Issue closed, feel free to re-open it if needed.
The script is working that’s amazing, It even supports DoT! I can say the author, whoever you are, are paying great efforts, hard workings to make this working, based on the original trusty Asuswrt-merlin, thanks a lot!!! I can’t appreciate it more. Problems are: 1.- Randomly lost connection, mostly happened at night, visiting shift from CN sites to outsides or family members' devices added in. Don’t know for sure. When these happened, have no idea which triggered, I either lost wan connection or even with obtaining wan IP but router shows disconnected in the network map, as well as lost ssh connection, both Mac & Android 10 phones. If I'd already login router, every commands resulted in “Segmentation fault”, if not the ssh login attempts would be refused by the router. Thus I cannot try to restart the script manually, only reboot. And I noticed almost every time, logs in the WebUI always contain these notices:
2.- I was enabled router schedule reboot, but often doesn't work, the more reliable working procedures are manually shut fiber modern, reboot router, wait for all devices connected to the router then turn on modern to obtain WAN IP. 3.- Even in normal connections, the logs always show these abnormal notices:
SOMETIMES:
These wired things above, in my guessing, are proofs of this script that can be detected or what? What’s triggered router disconnection to devices and even ssh login to the router? Or is this my router firmware’s problems? I’d searched the WLCEVENTD: eth2: Assoc / Disassoc mean connecting / disconnecting device, but don’t know why these keep happening when no devices turn on and off at the time.
BTW: My condition is, rt-ac88u (fm: 384.13) PPPoE to China Mobile fiber modem, server use “quick” mode [once tried tls, server docker logs show tls failed]; client: TCP-Only, bypass mode; WAN DNS point to router/gateway, and LAN DNS as well, so all clients DNS query can be done by unbound listening port instead of DHCP server force pushed 114 along with router's IP.
Regarding DoT, I think maybe unbound isn't that stable for Entware? Can you consider supporting stubby that comes with the official firmware of Merlin? It’s listening to 127.0.1.1: 53; Or 3rd party stubby script by Xentrk which supports custom designated ports. I’d tried to point stubby listening 15253, but most of time only UDP can be activated but TCP failed.
P.S. Is there any possibility to consider to support v2&ray runs on the router? V2ray seemed more stable and more future promising, only need client support, for its too hard to support vary protocols combinations, I’ve established a working v2 + ws + tls + Nginx + CDN server, just can’t figure out how to deploy onto original merlin. (384.13). For the koolshare’s modified firmware, I won’t comment, but I don’t use it even if I have to give up router's bypass GXX capability and manually setup clients for each platform. So if you can do that it’ll be something big! Thanks and hoping...