Bad request through vmess with shadowtls

[Eintler]

Welcome

• [X] Yes, I'm using the latest major release. Only such installations are supported.
• [X] Yes, I'm using the latest Golang release. Only such installations are supported.
• [X] Yes, I've searched similar issues on GitHub and didn't find any.
• [X] Yes, I've included all information below (version, config, log, etc).

Description of the problem

+0000 2022-11-01 06:54:48 INFO [2765046038] inbound/shadowtls[shadowtls-in-vmess]: inbound connection from my_ip:23541 +0000 2022-11-01 06:54:48 INFO [2765046038] dns: lookup succeed for www.bing.com: 13.107.21.200 2600:1403:9c00:4a8::255e 2600:1403:9c00:499::255e +0000 2022-11-01 06:54:49 INFO [2765046038] inbound/shadowtls[shadowtls-in-vmess]: inbound connection to vps_ip:2081 +0000 2022-11-01 06:54:49 ERROR [2765046038] inbound/shadowtls[shadowtls-in-vmess]: process connection from my_ip:23541: inject vmess-in: bad request

Version of sing-box

$ sing-box version sing-box version 1.1-beta11

Environment: go1.19.2 linux/amd64 Tags: with_quic,with_wireguard,with_acme Revision: 16d959e6770932e88608cb3487b87f7c21eab103 CGO: enabled

Server and client configuration file

Server

{ "type": "shadowtls", "tag": "shadowtls-in-vmess", "listen": "0.0.0.0", "listen_port": 2081, "tcp_fast_open": false, "version": 2, "password": "pw", "detour": "vmess-in", "handshake": { "server": "www.bing.com", "server_port": 443 } },
{ "type": "vmess", "tag": "vmess-in", "listen": "127.0.0.1", "tcp_fast_open": false, "users": [ { "name": "user", "uuid": "194480b6-b25c-464b-8cb9-f4dd738cbff7", "alterId": 0 } ], "tls": { "enabled": true, "server_name": "domain_name", "min_version": "1.2", "max_version": "1.3", "certificate_path": "/root/.acme.sh/domain_name/fullchain.cer", "key_path": "/root/.acme.sh/domain_name/domain_name.key" }, "transport": { "type": "ws", "path": "/gfw" } }

client

"inbounds": [ { "type": "mixed", "listen_port": 1080, "sniff": true // "set_system_proxy": true } ], "outbounds": [ { "type": "vmess", "tag": "vmess-out", "detour": "shadowtls-out-vmess", "uuid": "194480b6-b25c-464b-8cb9-f4dd738cbff7", "security": "auto", "alter_id": 0, "global_padding": false, "authenticated_length": true, "tls": { "enabled": true, "disable_sni": false, "server_name": "domain_name", "insecure": false, "min_version": "1.2", "max_version": "1.3", "ech": { "enabled": false, "pq_signature_schemes_enabled": false, "dynamic_record_sizing_disabled": false, "config": "" } }, "packet_encoding": "", "multiplex": { "enabled": true, "protocol": "smux", "max_connections": 4, "min_streams": 4 }, "transport": { "type": "ws", "path": "/gfw" } }, { "type": "shadowtls", "tag": "shadowtls-out-vmess", "server": "vps_ip", "server_port": 2081, "version": 2, "password": "pw", "tls": { "enabled": true, "server_name": "www.bing.com" } },
{ "type": "direct", "tag": "direct" }, { "type": "block", "tag": "block" } ], "route": { "rules": [ { "geosite": "category-ads-all", "outbound": "block" }, { "geosite": "cn", "geoip": "cn", "outbound": "direct" } ] }

Server and client log file

server side

+0000 2022-11-01 06:54:48 INFO [2765046038] inbound/shadowtls[shadowtls-in-vmess]: inbound connection from my_ip:23541 +0000 2022-11-01 06:54:48 INFO [2765046038] dns: lookup succeed for www.bing.com: 13.107.21.200 2600:1403:9c00:4a8::255e 2600:1403:9c00:499::255e +0000 2022-11-01 06:54:49 INFO [2765046038] inbound/shadowtls[shadowtls-in-vmess]: inbound connection to vps_ip:2081 +0000 2022-11-01 06:54:49 ERROR [2765046038] inbound/shadowtls[shadowtls-in-vmess]: process connection from my_ip:23541: inject vmess-in: bad request

[nekohasekai]

It doesn't make sense to use double tls.

[Eintler]

@nekohasekai Thanks.

I

set "tls": { "enabled": false,

for server and client, the same bad request is shown.

Any wrong configuration?

[nekohasekai]

You should use minimal configuration to check what is causing the problem.

[Eintler]

@nekohasekai

After removing

"transport": { "type": "ws", "path": "/gfw" } }

working fine. so it triggers a question that the block transport is not supported right now?

Thanks

[Eintler]

The latest situation is like this. WS works fine without shadowtls.

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days