search

SagerNet / sing-box

The universal proxy platform
https://sing-box.sagernet.org/
Other
18.93k stars 2.26k forks source link

Shadowsocks outbound with TCP fast-open fails to operate #1903

Closed Mahdi-zarei closed 4 weeks ago

Mahdi-zarei commented 3 months ago

Operating system

Windows

System version

Windows 11 23H2

Installation type

Original sing-box Command Line

If you are using a graphical client, please provide the version of the client.

No response

Version

sing-box version 1.9.3

Environment: go1.22.4 windows/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: 085f60337799afc906069b540a38368968c123e4
CGO: disabled

Description

When using shadowsocks outbound with tcp fast open, nothing works and the logs indicate nothing. Once tcp fast open is changed to false, everything works normally.

Reproduction

minimal server config:

{
  "log": {
    "level": "error",
    "timestamp": true
  },
  "dns": {
    "reverse_mapping": true,
    "servers": [
      {
        "tag": "google",
        "address": "8.8.8.8",
        "strategy": "prefer_ipv4",
        "detour": "direct"
      }
    ]
  },
  "inbounds": [
    {
      "type": "shadowsocks",
      "tag": "SST",
      "listen": "...",
      "listen_port": 20,
      "tcp_fast_open": true,
      "sniff": true,
      "network": "tcp",
      "domain_strategy": "prefer_ipv4",
      "method": "2022-blake3-aes-128-gcm",
      "password": "yUtqN9WLh1PMBaACIaQRYQ==",
      "multiplex": {
        "enabled": true
      }
    },
    {
      "type": "trojan",
      "tag": "TRJin",
      "tcp_fast_open": true,
      "listen": "...",
      "listen_port": 8443,
      "sniff": true,
      "domain_strategy": "prefer_ipv4",
      "users": [
        {
          "name": "trojan",
          "password": "..."
        }
      ],
      "multiplex": {
        "enabled": true
      },
      "tls": {
        "enabled": true,
        "server_name": "...",
        "certificate_path": "...",
        "key_path": "..."
      }
    }
  ],
  "outbounds": [
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    },
    {
      "type": "wireguard",
      "tag": "wg",
      "server": "...",
      "server_port": 2408,
      "system_interface": true,
      "gso": true,
      "interface_name": "singwg",
      "local_address": [
        "172.16.0.2/24",
        "2606:4700:110:8fe8:931f:ea87:ba92:305c/96"
      ],
      "mtu": 1420,
      "peer_public_key": "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=",
      "private_key": "..."
    }
  ],
  "route": {
    "final": "wg",
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      }
    ],
    "auto_detect_interface": true
  }
}

Minimal client config:

{
  "log": {
    "level": "debug",
    "timestamp": true
  },
  "dns": {
    "reverse_mapping": true,
    "servers": [
      {
        "tag": "google",
        "address": "8.8.8.8",
        "strategy": "prefer_ipv4",
        "detour": "SST"
      }
    ]
  },
  "inbounds": [
    {
      "type": "vless",
      "tag": "tehranTEU",
      "listen": "::",
      "listen_port": 25836,
      "tcp_fast_open": true,
      "sniff": true,
      "users": [
        {
          "name": "tehranTEU",
          "uuid": "56c823be-366e-48e6-9851-991348f4a6b7"
        }
      ],
      "multiplex": {
        "enabled": true
      }
    },
    {
      "type": "vless",
      "tag": "tehranJEU",
      "listen": "::",
      "listen_port": 25814,
      "tcp_fast_open": true,
      "sniff": true,
      "users": [
        {
          "name": "tehranJEU",
          "uuid": "0cb57620-eb53-43b4-9273-d18c04836d46"
        }
      ],
      "multiplex": {
        "enabled": true
      }
    }
  ],
  "outbounds": [
    {
      "type": "shadowsocks",
      "tag": "SST",
      "server": "...",
      "server_port": 20,
      "tcp_fast_open": true,
      "domain_strategy": "prefer_ipv4",
      "method": "2022-blake3-aes-128-gcm",
      "password": "yUtqN9WLh1PMBaACIaQRYQ==",
      "multiplex": {
        "enabled": true,
        "protocol": "smux",
        "max_streams": 8
      }
    },
    {
      "type": "trojan",
      "tag": "JEU",
      "server": "...",
      "server_port": 8443,
      "password": "...",
      "tcp_fast_open": true,
      "domain_strategy": "prefer_ipv4",
      "tls": {
        "enabled": true,
        "server_name": "...",
        "utls": {
          "enabled": true,
          "fingerprint": "chrome"
        }
      },
      "multiplex": {
        "enabled": true,
        "protocol": "smux",
        "max_streams": 8
      }
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
    "auto_detect_interface": true,
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      },
      {
        "inbound": [
          "tehranTEU"
        ],
        "outbound": "SST"
      },
      {
        "inbound": "tehranJEU",
        "outbound": "JEU"
      }
    ]
  }
}

Logs

logs don't reflect the problem, but here they are anyways:

+0330 2024-07-01 02:43:29 INFO [1387722945 0ms] inbound/vless[tehranTEU]: inbound connection from 127.0.0.1:53135
+0330 2024-07-01 02:43:29 INFO [1404542395 0ms] inbound/vless[tehranTEU]: [tehranTEU] inbound connection to sp.mux.sing-box.arpa:444
+0330 2024-07-01 02:43:29 INFO [1345694639 0ms] inbound/vless[tehranTEU]: inbound multiplex connection to 149.154.167.92:80
+0330 2024-07-01 02:43:29 INFO [524180415 0ms] inbound/vless[tehranTEU]: inbound multiplex connection to 149.154.167.91:80
+0330 2024-07-01 02:43:29 INFO [3407624985 0ms] inbound/vless[tehranTEU]: inbound multiplex connection to 149.154.167.92:80
+0330 2024-07-01 02:43:29 DEBUG [524180415 0ms] router: sniffed protocol: http, domain: 149.154.167.91
+0330 2024-07-01 02:43:29 DEBUG [524180415 0ms] router: match[5] inbound=[tehranTEU socksprx] => SST
+0330 2024-07-01 02:43:29 DEBUG [1345694639 0ms] router: sniffed protocol: http, domain: 149.154.167.92
+0330 2024-07-01 02:43:29 DEBUG [3407624985 0ms] router: sniffed protocol: http, domain: 149.154.167.92
+0330 2024-07-01 02:43:29 INFO [524180415 0ms] outbound/shadowsocks[SST]: outbound multiplex connection to 149.154.167.91:80
+0330 2024-07-01 02:43:29 DEBUG [1345694639 0ms] router: match[5] inbound=[tehranTEU socksprx] => SST
+0330 2024-07-01 02:43:29 DEBUG [3407624985 0ms] router: match[5] inbound=[tehranTEU socksprx] => SST
+0330 2024-07-01 02:43:29 INFO [1345694639 1ms] outbound/shadowsocks[SST]: outbound multiplex connection to 149.154.167.92:80
+0330 2024-07-01 02:43:29 INFO [3407624985 1ms] outbound/shadowsocks[SST]: outbound multiplex connection to 149.154.167.92:80
+0330 2024-07-01 02:43:29 INFO [2065529331 0ms] inbound/vless[tehranTEU]: inbound multiplex connection to 149.154.167.92:80
+0330 2024-07-01 02:43:29 INFO [4147112604 0ms] inbound/vless[tehranTEU]: inbound multiplex connection to 149.154.167.92:80
+0330 2024-07-01 02:43:29 DEBUG [2065529331 0ms] router: sniffed protocol: http, domain: 149.154.167.92
+0330 2024-07-01 02:43:29 DEBUG [2065529331 0ms] router: match[5] inbound=[tehranTEU socksprx] => SST
+0330 2024-07-01 02:43:29 DEBUG [4147112604 0ms] router: sniffed protocol: http, domain: 149.154.167.92
+0330 2024-07-01 02:43:29 INFO [2065529331 0ms] outbound/shadowsocks[SST]: outbound multiplex connection to 149.154.167.92:80
+0330 2024-07-01 02:43:29 INFO [4072609405 0ms] inbound/vless[tehranTEU]: inbound multiplex connection to 149.154.167.91:80
+0330 2024-07-01 02:43:29 DEBUG [4147112604 0ms] router: match[5] inbound=[tehranTEU socksprx] => SST
+0330 2024-07-01 02:43:29 INFO [4147112604 0ms] outbound/shadowsocks[SST]: outbound multiplex connection to 149.154.167.92:80
+0330 2024-07-01 02:43:29 DEBUG [4072609405 0ms] router: sniffed protocol: http, domain: 149.154.167.91
+0330 2024-07-01 02:43:29 DEBUG [4072609405 0ms] router: match[5] inbound=[tehranTEU socksprx] => SST
+0330 2024-07-01 02:43:29 INFO [4072609405 0ms] outbound/shadowsocks[SST]: outbound multiplex connection to 149.154.167.91:80
+0330 2024-07-01 02:43:29 INFO [2527209111 0ms] inbound/vless[tehranTEU]: inbound multiplex connection to 149.154.167.92:80
+0330 2024-07-01 02:43:29 INFO [3010229 0ms] inbound/vless[tehranTEU]: inbound multiplex connection to 149.154.167.91:80
+0330 2024-07-01 02:43:29 DEBUG [2527209111 0ms] router: sniffed protocol: http, domain: 149.154.167.92
+0330 2024-07-01 02:43:29 DEBUG [3010229 0ms] router: sniffed protocol: http, domain: 149.154.167.91
+0330 2024-07-01 02:43:29 DEBUG [2527209111 0ms] router: match[5] inbound=[tehranTEU socksprx] => SST
+0330 2024-07-01 02:43:29 DEBUG [3010229 0ms] router: match[5] inbound=[tehranTEU socksprx] => SST
+0330 2024-07-01 02:43:29 INFO [2527209111 0ms] outbound/shadowsocks[SST]: outbound multiplex connection to 149.154.167.92:80
+0330 2024-07-01 02:43:29 INFO [3010229 0ms] outbound/shadowsocks[SST]: outbound multiplex connection to 149.154.167.91:80
+0330 2024-07-01 02:43:29 INFO [637456832 0ms] inbound/vless[tehranTEU]: inbound multiplex connection to 149.154.167.92:80
+0330 2024-07-01 02:43:29 DEBUG [637456832 0ms] router: sniffed protocol: http, domain: 149.154.167.92
+0330 2024-07-01 02:43:29 DEBUG [637456832 0ms] router: match[5] inbound=[tehranTEU socksprx] => SST
+0330 2024-07-01 02:43:29 INFO [637456832 0ms] outbound/shadowsocks[SST]: outbound multiplex connection to 149.154.167.92:80
+0330 2024-07-01 02:43:29 INFO [617223468 0ms] inbound/vless[tehranTEU]: inbound multiplex connection to 149.154.167.91:80
+0330 2024-07-01 02:43:29 INFO [863189643 0ms] inbound/vless[tehranTEU]: inbound multiplex connection to 149.154.167.92:80
+0330 2024-07-01 02:43:29 DEBUG [617223468 0ms] router: sniffed protocol: http, domain: 149.154.167.91
+0330 2024-07-01 02:43:29 DEBUG [863189643 0ms] router: sniffed protocol: http, domain: 149.154.167.92
+0330 2024-07-01 02:43:29 DEBUG [617223468 0ms] router: match[5] inbound=[tehranTEU socksprx] => SST
+0330 2024-07-01 02:43:29 DEBUG [863189643 0ms] router: match[5] inbound=[tehranTEU socksprx] => SST
+0330 2024-07-01 02:43:29 INFO [617223468 0ms] outbound/shadowsocks[SST]: outbound multiplex connection to 149.154.167.91:80
+0330 2024-07-01 02:43:29 INFO [863189643 0ms] outbound/shadowsocks[SST]: outbound multiplex connection to 149.154.167.92:80
+0330 2024-07-01 02:43:29 INFO [3349813023 0ms] inbound/vless[tehranTEU]: inbound multiplex connection to 149.154.167.92:80
+0330 2024-07-01 02:43:29 DEBUG [3349813023 0ms] router: sniffed protocol: http, domain: 149.154.167.92
+0330 2024-07-01 02:43:29 DEBUG [3349813023 0ms] router: match[5] inbound=[tehranTEU socksprx] => SST
+0330 2024-07-01 02:43:29 INFO [3349813023 0ms] outbound/shadowsocks[SST]: outbound multiplex connection to 149.154.167.92:80
+0330 2024-07-01 02:43:30 INFO [1281122953 0ms] inbound/vless[tehranTEU]: inbound multiplex connection to [2001:67c:4e8:f004::a]:443
+0330 2024-07-01 02:43:30 INFO [292326622 0ms] inbound/vless[tehranTEU]: inbound multiplex connection to 149.154.167.91:443
+0330 2024-07-01 02:43:30 INFO [2901142713 0ms] inbound/vless[tehranTEU]: inbound multiplex connection to 149.154.167.92:443
+0330 2024-07-01 02:43:30 INFO [3025824371 0ms] inbound/vless[tehranTEU]: inbound multiplex connection to 149.154.167.92:443
+0330 2024-07-01 02:43:30 INFO [2339518261 0ms] inbound/vless[tehranTEU]: inbound multiplex connection to [2001:67c:4e8:f004::a]:443
+0330 2024-07-01 02:43:30 INFO [1778087697 0ms] inbound/vless[tehranTEU]: inbound multiplex connection to [2001:67c:4e8:f004::a]:443
+0330 2024-07-01 02:43:30 DEBUG [1778087697 306ms] router: match[5] inbound=[tehranTEU socksprx] => SST
+0330 2024-07-01 02:43:30 INFO [1778087697 307ms] outbound/shadowsocks[SST]: outbound multiplex connection to [2001:67c:4e8:f004::a]:443
+0330 2024-07-01 02:43:30 DEBUG [1281122953 306ms] router: match[5] inbound=[tehranTEU socksprx] => SST
+0330 2024-07-01 02:43:30 DEBUG [2339518261 306ms] router: match[5] inbound=[tehranTEU socksprx] => SST
+0330 2024-07-01 02:43:30 DEBUG [3025824371 306ms] router: match[5] inbound=[tehranTEU socksprx] => SST
+0330 2024-07-01 02:43:30 DEBUG [292326622 307ms] router: match[5] inbound=[tehranTEU socksprx] => SST
+0330 2024-07-01 02:43:30 DEBUG [2901142713 306ms] router: match[5] inbound=[tehranTEU socksprx] => SST
+0330 2024-07-01 02:43:30 INFO [1281122953 307ms] outbound/shadowsocks[SST]: outbound multiplex connection to [2001:67c:4e8:f004::a]:443
+0330 2024-07-01 02:43:30 INFO [2339518261 307ms] outbound/shadowsocks[SST]: outbound multiplex connection to [2001:67c:4e8:f004::a]:443
+0330 2024-07-01 02:43:30 INFO [3025824371 307ms] outbound/shadowsocks[SST]: outbound multiplex connection to 149.154.167.92:443
+0330 2024-07-01 02:43:30 INFO [292326622 308ms] outbound/shadowsocks[SST]: outbound multiplex connection to 149.154.167.91:443
+0330 2024-07-01 02:43:30 INFO [2901142713 308ms] outbound/shadowsocks[SST]: outbound multiplex connection to 149.154.167.92:443

Supporter

Integrity requirements

dyhkwong commented 3 months ago

Some ISPs are known not working with TFO. You have to provided the server and client configuration files and process that can be reproduced locally.

Mahdi-zarei commented 3 months ago

Sorry for not providing the full configurations, I assumed the problem can be easily reproduced. I edited the issue to have the configs on both client and server ( with inbounds and outbounds that are not involved removed ). Also there are 2 points here: I ran the client both on my own system (Win11) and a VPS (Linux) with the same results ( The server is another VPS which uses Linux). I also have a Trojan outbound (JEU) running at the same VPS which has tcp fast open enabled, and it connects without any problems, so I doubt it is a problem with certain ISPs.

tell me if there is anything else needed to investigate this problem.

github-actions[bot] commented 1 month ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days