search

MetaCubeX / mihomo

A simple Python Pydantic model for Honkai: Star Rail parsed data from the Mihomo API.
https://wiki.metacubex.one
MIT License
16.65k stars 2.66k forks source link

[Bug] 1.18.1 不支持 vmess + tcp + tls 吗? JMS的 tcp vmess 没有特殊header 需要忽略ssl验证. proxy-providers好像有bug.. #1040

Open gowy222 opened 9 months ago

gowy222 commented 9 months ago

Verify steps

Mihomo version

docker 最新版本 1.18.1

What OS are you seeing the problem on?

openwrt + docker

Mihomo config

openwrt docker tun 部署 docker pull metacubex/mihomo:latest
直接使用的官方页面配置: https://wiki.metacubex.one/example/conf/

######### 锚点 start #######
# 策略组相关
pr: &pr {type: select, proxies: [默认,香港,台湾,日本,新加坡,美国,其它地区,全部节点,自动选择,直连]}

#这里是订阅更新和延迟测试相关的
p: &p {type: http, interval: 3600, health-check: {enable: true, url: https://www.gstatic.com/generate_204, interval: 300}}

######### 锚点 end #######

# url 里填写自己的订阅,名称不能重复
proxy-providers:
  provider1:
    <<: *p
    url: "这里是JMS官方订阅url....忽略不写..."

ipv6: true
allow-lan: true
mixed-port: 7890
unified-delay: false
tcp-concurrent: true
external-controller: 127.0.0.1:9090
external-ui: ui
external-ui-url: "https://github.com/MetaCubeX/metacubexd/archive/refs/heads/gh-pages.zip"

geodata-mode: true
geox-url:
  geoip: "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip-lite.dat"
  geosite: "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geosite.dat"
  mmdb: "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/country-lite.mmdb"

find-process-mode: strict
global-client-fingerprint: chrome

profile:
  store-selected: true
  store-fake-ip: true

sniffer:
  enable: true
  sniff:
    HTTP:
      ports: [80, 8080-8880]
      override-destination: true
    TLS:
      ports: [443, 8443]
    QUIC:
      ports: [443, 8443]
  skip-domain:
    - "Mijia Cloud"

tun:
  enable: true
  stack: mixed
  dns-hijack:
    - "any:53"
  auto-route: true
  auto-detect-interface: true

dns:
  enable: true
  listen: :1053
  ipv6: true
  enhanced-mode: fake-ip
  fake-ip-filter:
    - "*"
    - "+.lan"
    - "+.local"
  nameserver:
    - https://doh.pub/dns-query
    - https://dns.alidns.com/dns-query
  proxy-server-nameserver:
    - https://doh.pub/dns-query
  nameserver-policy:
    "geosite:cn,private":
      - https://doh.pub/dns-query
      - https://dns.alidns.com/dns-query
    "geosite:geolocation-!cn":
      - "https://dns.cloudflare.com/dns-query#dns"
      - "https://dns.google/dns-query#dns"
proxies:
- name: "直连"
  type: direct
  udp: true
proxy-groups:
  - {name: 默认, type: select, proxies: [自动选择, 直连, 香港, 台湾, 日本, 新加坡, 美国, 其它地区, 全部节点]}
  - {name: dns, type: select, proxies: [自动选择, 默认, 香港, 台湾, 日本, 新加坡, 美国, 其它地区, 全部节点]}
  - {name: Google, <<: *pr}
  - {name: Telegram, <<: *pr}
  - {name: Twitter, <<: *pr}
  - {name: Pixiv, <<: *pr}
  - {name: ehentai, <<: *pr}
  - {name: 哔哩哔哩, <<: *pr}
  - {name: 哔哩东南亚, <<: *pr}
  - {name: 巴哈姆特, <<: *pr}
  - {name: YouTube, <<: *pr}
  - {name: NETFLIX, <<: *pr}
  - {name: Spotify, <<: *pr}
  - {name: Github, <<: *pr}
  - {name: 国内, type: select, proxies: [直连, 默认, 香港, 台湾, 日本, 新加坡, 美国, 其它地区, 全部节点, 自动选择]}
  - {name: 其他, <<: *pr}

#分隔,下面是地区分组
  - {name: 香港, type: select , include-all-providers: true, filter: "(?i)港|hk|hongkong|hong kong"}
  - {name: 台湾, type: select , include-all-providers: true, filter: "(?i)台|tw|taiwan"}
  - {name: 日本, type: select , include-all-providers: true, filter: "(?i)日|jp|japan"}
  - {name: 美国, type: select , include-all-providers: true, filter: "(?i)美|us|unitedstates|united states"}
  - {name: 新加坡, type: select , include-all-providers: true, filter: "(?i)(新|sg|singapore)"}
  - {name: 其它地区, type: select , include-all-providers: true, filter: "(?i)^(?!.*(?:🇭🇰|🇯🇵|🇺🇸|🇸🇬|🇨🇳|港|hk|hongkong|台|tw|taiwan|日|jp|japan|新|sg|singapore|美|us|unitedstates)).*"}
  - {name: 全部节点, type: select , include-all-providers: true}
  - {name: 自动选择, type: url-test, include-all-providers: true, tolerance: 10}

rules:
  - GEOIP,lan,直连,no-resolve
  - GEOSITE,biliintl,哔哩东南亚
  - GEOSITE,ehentai,ehentai
  - GEOSITE,github,Github
  - GEOSITE,twitter,Twitter
  - GEOSITE,youtube,YouTube
  - GEOSITE,google,Google
  - GEOSITE,telegram,Telegram
  - GEOSITE,netflix,NETFLIX
  - GEOSITE,bilibili,哔哩哔哩
  - GEOSITE,bahamut,巴哈姆特
  - GEOSITE,spotify,Spotify
  - GEOSITE,pixiv,Pixiv
  - GEOSITE,CN,国内
  - GEOSITE,geolocation-!cn,其他

  - GEOIP,google,Google
  - GEOIP,netflix,NETFLIX
  - GEOIP,telegram,Telegram
  - GEOIP,twitter,Twitter
  - GEOIP,CN,国内
  - MATCH,其他

Mihomo log

其实vmess+tls 完全没有报错就是测速没有延迟, 节点连不上, 打开任何网页也打不开.. Windows v2rayN客户端没有问题..(JMS 官方建议的v2rayN客户端版本是V5.18...对应===Xray 1.5.4 (Xray, Penetrates Everything.) Custom (go1.17.7 windows/386)一直用到今天...)

stdout: time="2024-02-17T03:19:48.688862936Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.689216723Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.689504594Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.689836505Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.690146251Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.69085499Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.69158473Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.692339844Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.692712005Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.693056458Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.693321579Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.693547326Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.693759656Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.694004361Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.694237691Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.694517978Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.694790683Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.695031596Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.69528855Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.695617545Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.696779237Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.69709569Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.697573142Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.698719375Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"
stdout: time="2024-02-17T03:19:48.699847817Z" level=warning msg="To use xtls-rprx-vision, ensure your server is upgrade to Xray-core v1.8.0+"

stdout: time="2024-02-17T04:25:14.816407271Z" level=warning msg="[TCP] dial Google (match RuleSet/google_domain) 192.168.2.103:43472 --> www.google-analytics.com:443 error: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match example.com"
stdout: time="2024-02-17T04:25:15.002071779Z" level=warning msg="[TCP] dial Google (match RuleSet/google_domain) 192.168.2.103:43472 --> www.google-analytics.com:443 error: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match example.com"
stdout: time="2024-02-17T04:25:15.197407939Z" level=warning msg="[TCP] dial Google (match RuleSet/google_domain) 192.168.2.103:43472 --> www.google-analytics.com:443 error: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match example.com"
stdout: time="2024-02-17T04:25:15.489233119Z" level=warning msg="[TCP] dial Google (match RuleSet/google_domain) 192.168.2.103:43472 --> www.google-analytics.com:443 error: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match example.com"
stdout: time="2024-02-17T04:25:15.804417554Z" level=warning msg="[TCP] dial Google (match RuleSet/google_domain) 192.168.2.103:43472 --> www.google-analytics.com:443 error: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match example.com"
stdout: time="2024-02-17T04:25:16.120199322Z" level=warning msg="[TCP] dial Google (match RuleSet/google_domain) 192.168.2.103:43472 --> www.google-analytics.com:443 error: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match example.com"
stdout: time="2024-02-17T04:25:17.277260804Z" level=warning msg="[TCP] dial Google (match RuleSet/google_domain) 192.168.2.103:43472 --> www.google-analytics.com:443 error: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match example.com"
stdout: time="2024-02-17T04:25:18.420052516Z" level=warning msg="[TCP] dial Google (match RuleSet/google_domain) 192.168.2.103:43472 --> www.google-analytics.com:443 error: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match example.com"
stdout: time="2024-02-17T04:25:19.527322323Z" level=warning msg="[TCP] dial Google (match RuleSet/google_domain) 192.168.2.103:43475 --> www.google-analytics.com:443 error: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match example.com"
stdout: time="2024-02-17T04:25:19.669251481Z" level=warning msg="[TCP] dial Google (match RuleSet/google_domain) 192.168.2.103:43475 --> www.google-analytics.com:443 error: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match example.com"
stdout: time="2024-02-17T04:25:20.877100507Z" level=warning msg="[TCP] dial Google (match RuleSet/google_domain) 192.168.2.103:43475 --> www.google-analytics.com:443 error: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match example.com"
stdout: time="2024-02-17T04:25:21.071899418Z" level=warning msg="[TCP] dial Google (match RuleSet/google_domain) 192.168.2.103:43475 --> www.google-analytics.com:443 error: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match example.com"
stdout: time="2024-02-17T04:25:21.261579002Z" level=warning msg="[TCP] dial Google (match RuleSet/google_domain) 192.168.2.103:43475 --> www.google-analytics.com:443 error: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match example.com"
stdout: time="2024-02-17T04:25:21.511552119Z" level=warning msg="[TCP] dial Google (match RuleSet/google_domain) 192.168.2.103:43475 --> www.google-analytics.com:443 error: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match example.com"
stdout: time="2024-02-17T04:25:21.888827917Z" level=warning msg="[TCP] dial Google (match RuleSet/google_domain) 192.168.2.103:43475 --> www.google-analytics.com:443 error: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match example.com"
stdout: time="2024-02-17T04:25:22.405146834Z" level=warning msg="[TCP] dial Google (match RuleSet/google_domain) 192.168.2.103:43475 --> www.google-analytics.com:443 error: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match example.com"
stdout: time="2024-02-17T04:25:23.197550287Z" level=warning msg="[TCP] dial Google (match RuleSet/google_domain) 192.168.2.103:43475 --> www.google-analytics.com:443 error: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match example.com"
stdout: time="2024-02-17T04:25:24.321044482Z" level=warning msg="[TCP] dial Google (match RuleSet/google_domain) 192.168.2.103:43475 --> www.google-analytics.com:443 error: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match example.com"

Description

配置里自动订阅的: proxy-providers: provider1: <<: *p url: "https://jjsubmarines.com/members...

没有其他问题,所有节点全部是TLS的...毕竟JMS节点比较简单, 但是它大厂不怕墙啊... JMS官方订阅b64解码得到的是: { ps: 'JMS-xxxxx@XXs4.jjcruises.com:xxx', port: 'xxxx', id: 'xxxxxxx', aid: 0, net: 'tcp', type: 'none', tls: 'tls', sni: 'example.com', add: '42.xxxxx' } JMS的tls sni 是固定的 example.com

ss节点可以测速有反应,所有 vmess tls 的不通.. 看log是需要机场那边支持Xray-core v1.8.0+??? 这....用户角度无解?

面板里面看到 vemss tls tcp的节点 标记的是 vmess:: xudp , ss: udp 其中ss: udp 都能正常使用, vmess:: xudp都不行, 而且其实配置是错的, JMS的vemss 只支持 tcp.. net: 'tcp'

verify certificate: x509: certificate is not valid for any names, but wanted to match example.com 手动选择没有测速反馈的 JMS vmess tls 节点用的tls example.com, log第二段请求google 触发了verify certificate: x509

wwqgtxx commented 8 months ago

你这个可以在provider1url后面加override配置项,设置skip-cert-verify: true