search

SagerNet / sing-box

The universal proxy platform
https://sing-box.sagernet.org/
Other
20.34k stars 2.43k forks source link

Hysteria2 masquerade not working #1767

Closed rsivanov-dev closed 6 months ago

rsivanov-dev commented 6 months ago

Operating system

Linux

System version

Ubuntu 22.04

Installation type

Original sing-box Command Line

If you are using a graphical client, please provide the version of the client.

No response

Version

sing-box version 1.8.13

Environment: go1.22.2 linux/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: a07c4add78da08e5731257256706a2422e0fd661
CGO: disabled

Description

Hysteria2 inbound protocol doesn’t listen to tcp requests on the given listen port, as a result masquerade is not working. I tried opening the page for the hysteria2 server in the browser and there’s a connection timeout instead of returning the masquerade page.

The proxy itself is working fine, the problem is only in masquerade.

Maybe, the problem is in the network UDP only configuration: inbound := &Hysteria2{ myInboundAdapter: myInboundAdapter{ protocol: C.TypeHysteria2, network: []string{N.NetworkUDP}, ctx: ctx, router: router, logger: logger, tag: tag, listenOptions: options.ListenOptions, }, tlsConfig: tlsConfig, }

Reproduction

"inbounds": [ { "type": "hysteria2", "listen": "::", "listen_port": 443, "users": [ { "name": "user", "password": "password" } ], "tls": { "enabled": true, "server_name": "sub.domain.com", "acme": { "domain": "sub.domain.com", "email": "admin@domain.com", "dns01_challenge": { "provider": "cloudflare", "api_token": "token" } } }, "masquerade": "https://google.com" } ],

Logs

No response

Supporter

Integrity requirements

Colgrave34 commented 1 month ago

I'm encountering the same problem. The proxy works, but the masquerade doesn't. Here's my curl output: 

colgrave@host:~$ curl https://my.example.com
curl: (7) Failed to connect to localhost port 443 after 0 ms: Couldn't connect to server

I have both udp tcp 443 port open, and it just doesn't seem like sing-box is accepting the request. It feels like sing-box wasn't even listening on the 443/tcp port. I also see no logs about the redirection. 

Oct 02 10:05:49 hysteria sing-box[52456]: INFO[0304] [494379565 0ms] inbound/hysteria2[0]: inbound connection to login-wall.deepl.com:443
Oct 02 10:05:49 hysteria sing-box[52456]: INFO[0304] [494379565 0ms] outbound/direct[0]: outbound connection to login-wall.deepl.com:443
Oct 02 10:05:52 hysteria sing-box[52456]: INFO[0306] [3164177903 0ms] inbound/hysteria2[0]: inbound connection from [::ffff:]:1286
Oct 02 10:05:52 hysteria sing-box[52456]: INFO[0306] [3164177903 0ms] inbound/hysteria2[0]: inbound connection to github.com:443
Oct 02 10:05:52 hysteria sing-box[52456]: INFO[0306] [3164177903 0ms] outbound/direct[0]: outbound connection to github.com:443
Oct 02 10:05:54 hysteria sing-box[52456]: INFO[0309] [961727264 0ms] inbound/hysteria2[0]: inbound connection from [::ffff:]:1286
Oct 02 10:05:54 hysteria sing-box[52456]: INFO[0309] [961727264 0ms] inbound/hysteria2[0]: inbound connection to alive.github.com:443
Oct 02 10:05:54 hysteria sing-box[52456]: INFO[0309] [961727264 0ms] outbound/direct[0]: outbound connection to alive.github.com:443
Colgrave34 commented 1 month ago

@rsivanov-dev I figured it out, hysteria purely uses UDP and QUIC. So if you want to test it out, follow this command that I find here: 

chrome --origin-to-force-quic-on=your.site.com:443

This will launch chrome and force using QUIC to connect to your site. Hope it helps!