服务端xray内核将google分流走warp，pc端用sing-box内核"系统代理"模式访问google流量走warp的但是"tun/vpn"模式流量没走warp

[willaytoun]

描述问题

预期行为："系统代理"模式和"vpn"模式google.com都走warp。

实际行为：服务端我vps跳谷歌验证所以就套了warp google走warp，但是pc端vpn模式的话google就不走warp了还是跳验证google搜索my ip也显示的是vps的ip不是warp的ip，切换到系统代理模式就又不跳google验证了google搜索my ip也显示的是warp的ip了。 我试了v2aryn的"系统代理"和"tun"模式，google搜索my ip都是走了warp的。

如何复现

pc端sing-box内核只要是"vpn"模式google就都不走warp

日志

这个是我xray的配置 { "log": { "loglevel": "warning", "error": "/var/log/xray/error.log", "access": "/var/log/xray/access.log" }, "api": { "services": [ "HandlerService", "LoggerService", "StatsService" ], "tag": "api" }, "stats": {}, "policy": { "levels": { "0": { "handshake": 2, "connIdle": 128, "statsUserUplink": true, "statsUserDownlink": true } }, "system": { "statsInboundUplink": true, "statsInboundDownlink": true, "statsOutboundUplink": true, "statsOutboundDownlink": true } }, "dns": { "servers": [ "https+local://cloudflare-dns.com/dns-query", "1.1.1.1", "1.0.0.1", "8.8.8.8", "8.8.4.4", "localhost" ] }, "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ { "inboundTag": [ "api" ], "outboundTag": "api", "type": "field" }, { "type": "field", "protocol": [ "bittorrent" ], "outboundTag": "block" }, { "type": "field", "ip": [ "geoip:private" ], "outboundTag": "block" }, { "type": "field", "ip": [ "geoip:cn" ], "outboundTag": "block" }, { "type": "field", "domain": [ "geosite:category-ads-all" ], "outboundTag": "block" }, { "type": "field", "domain": [ "domain:google.com", "geosite:netflix", "domain:ai.com", "domain:openai.com" ], "outboundTag": "warp" } ] }, "inbounds": [ { "listen": "127.0.0.1", "port": 32768, "protocol": "dokodemo-door", "settings": { "address": "127.0.0.1" }, "tag": "api", "sniffing": null }, { "tag": "xray-script-xtls-reality", "listen": "0.0.0.0", "port": 1443, "protocol": "vless", "settings": { "clients": [ { "email": "vless@xtls.reality", "id": "d44eb089-4f37-4539-bd27-1a3af2cd89fa", "flow": "xtls-rprx-vision", "level": 0 } ], "decryption": "none" }, "streamSettings": { "network": "tcp", "security": "reality", "realitySettings": { "show": false, "dest": "www.amazon.com:443", "xver": 0, "serverNames": [ "amazon.com" ], "privateKey": "qO4akox0liTuvVnsTRfyVsuN5dlc7cd9e467f53", "shortIds": [ "", "b1", "ea03" ] } }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] } } ], "outbounds": [ { "tag": "direct", "protocol": "freedom" }, { "tag": "block", "protocol": "blackhole" }, { "tag": "warp", "protocol": "wireguard", "settings": { "secretKey": "QAqJv1Y3o48bCH3L8yTiSXIkbiJomhgmKkmqXwVDq2b=", "address": [ "172.16.0.2/32" ], "peers": [ { "publicKey": "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=", "allowedIPs": [ "0.0.0.0/0" ], "endpoint": "188.114.99.205:5279" } ], "reserved":[115, 63, 36], "mtu": 1420 } } ] }

[ghost]

服务端开 sniffing 试一下

https://xtls.github.io/config/inbound.html#sniffingobject

[willaytoun]

这个有点没看明白它和路由routing的分流有啥不一样啊，重置当前连接的目标是什么意思啊？（sniffing：当流量为指定类型时，按其中包括的目标地址重置当前连接的目标） 为什么"系统代理"模式google分流成功走warp了但是"tun"就没有走啊？

[ghost]

系统代理模式下，域名直接被发送到服务器，服务端看到域名后分流。

Tun 模式下，客户端先将域名解析为 ip，服务器不进行嗅探的话，只会按照 ip 规则处理。

如果服务端不想动，请考虑使用 FakeDNS。但目前 GUI 暂未适配。

[willaytoun]

感谢您的解答,服务端sniffing这里更为这样"tun"模式google就可以正常分流了： "sniffing": { "enabled": true, "destOverride": [ "http", "tls", "quic" ] }

期待GUI可以早日适配FakeDNS让其他和我一样的人少些困扰(^_^)

[ghost]

FakeDNS 的话 v2ray 有，但是 nekoray 的魔改 core 很久没更新了。

nekobox 好像也有，只不过需要用自定义配置没试过。

自己魔改 core 迟早要完

[willaytoun]

nekobox的“tun”模式没有黑框挺好的，自定义路由网上貌似也没有教程的我想试试也不知道怎么上手。。。

[ghost]

隐藏黑框镜请在 VPN设置开启隐藏控制台

[willaytoun]

嗯好，Tun 模式客户端是先将域名解析为IP再发给服务端这样的话会不会存在DNS泄露的风险啊？

[ghost]

嗯好，Tun 模式客户端是先将域名解析为IP再发给服务端这样的话会不会存在DNS泄露的风险啊？

任何方案都有 DNS 泄漏的可能，但只要正确配置路由就没问题。