search

SagerNet / sing-box

The universal proxy platform
https://sing-box.sagernet.org/
Other
18.82k stars 2.25k forks source link

sing-box h2 client not work with xray h2 server #412

Closed Gzxhwq closed 1 year ago

Gzxhwq commented 1 year ago

Welcome

Description of the problem

With the same config & both latest commit had test result like below:

Client: sing-box / Server: Xray-core -- failed Client: Xray-core / Server: sing-box -- OK Client: sing-box / Server: sing-box -- OK Client: Xray-core / Server: Xray-core -- OK

Version of sing-box

sing-box version:

```console $ sing-box version sing-box version v1.2-beta6-1-g83593ae Environment: go1.20.1 linux/amd64 Tags: with_quic,with_wireguard,with_acme,with_clash_api,with_gvisor,with_utls,with_dhcp,with_reality_server Revision: 83593aee707d8e1b80e0ebb6459a0ea0aa90693d CGO: disabled ```

xray-core version:

```console $xray version Xray 1.7.5 (Xray, Penetrates Everything.) c04c333 (go1.20.1 linux/amd64) A unified platform for anti-censorship. ```

Server and client configuration file

sing-box client:

```json { "log": { "disabled": false, "level": "debug", "output": "/var/log/sing-box.log", "timestamp": true }, "experimental": { "clash_api": { "external_controller": "0.0.0.0:9090", "external_ui": "", "secret": "********", "default_mode": "rule", "store_selected": true, "cache_file": "cache.db" } }, "dns": { "servers": [ { "tag": "foreign", "address": "https://1.1.1.1/dns-query" }, { "tag": "local", "address": "tls://1.12.12.12", "detour": "direct" }, { "tag": "block", "address": "rcode://success" } ], "rules": [ { "geosite": "category-ads-all", "server": "block", "disable_cache": true }, { "domain": "mydomain.com", "geosite": "cn", "server": "local" } ], "strategy": "ipv4_only" }, "ntp": { "enabled": true, "server": "time.apple.com", "server_port": 123, "interval": "30m", "detour": "direct" }, "inbounds": [ { "type": "tun", "tag": "TUN-in", "interface_name": "sb-tun0", "inet4_address": "172.19.0.1/30", "auto_route": true, "endpoint_independent_nat": true, "stack": "system", "sniff": true }, { "type": "redirect", "tag": "REDIRECT-in", "listen": "::", "listen_port": 12345, "sniff": true } ], "outbounds": [ { "type": "selector", "outbounds": [ "direct", "H2-REALITY-out" ] }, { "type": "urltest", "tag": "H2-REALITY-group", "outbounds": [ "H2-REALITY-out" ], "url": "https://cp.cloudflare.com", "interval": "1m", "tolerance": 50 }, { "type": "vless", "tag": "H2-REALITY-out", "server":"*.*.*.*", "server_port": 28443, "uuid": "**********", "packet_encoding": "xudp", "tls": { "enabled": true, "server_name": "www.nintendo.co.jp", "utls": { "enabled": true, "fingerprint": "ios" }, "reality": { "enabled": true, "public_key": "*********", "short_id": "**********" } }, "transport": { "type": "http" } }, { "type": "direct", "tag": "direct" }, { "type": "block", "tag": "block" }, { "type": "dns", "tag": "dns-out" } ], "route": { "rules": [ { "protocol": "dns", "outbound": "dns-out" }, { "protocol": "quic", "outbound": "block" }, { "geosite": "category-ads-all", "outbound": "block" }, { "geosite": "cn", "geoip": [ "cn", "private" ], "outbound": "direct" } ], "default_mark": 43, "auto_detect_interface": true } } ```

Xray-core server:

```json { "log": { "loglevel": "debug" }, "inbounds": [ { "port": 28443, "protocol": "vless", "settings": { "clients": [ { "id": "******************", "level": 0, "email": "h2-reality@gmail.com" } ], "decryption": "none" }, "streamSettings": { "network": "h2", "security": "reality", "realitySettings": { "show": false, "dest": "www.nintendo.co.jp:443", "serverNames": [ "www.nintendo.co.jp" ], "privateKey": "*************************", "shortIds": [ "*****************" ] } } } ], "outbounds": [ { "tag" : "direct", "protocol": "freedom" } ] } ```

Server and client log file

sing-box client:

```console +0000 2023-03-07 02:15:27 INFO clash-api: restful api listening at [::]:9090 +0000 2023-03-07 02:15:27 INFO router: loaded geoip database: 250 codes +0000 2023-03-07 02:15:27 INFO outbound/vless[H2-REALITY-out]: outbound connection to cp.cloudflare.com:443 +0000 2023-03-07 02:15:27 INFO router: updated default interface eth0, index 2 +0000 2023-03-07 02:15:27 INFO router: loaded geosite database: 1370 codes +0000 2023-03-07 02:15:28 INFO outbound/direct[direct]: outbound packet connection to time.apple.com:123 +0000 2023-03-07 02:15:28 DEBUG dns: lookup domain time.apple.com +0000 2023-03-07 02:15:28 DEBUG outbound/direct[direct]: outbound connection to 1.1.1.1:443 +0000 2023-03-07 02:15:28 DEBUG outbound/urltest[H2-REALITY-group]: outbound H2-REALITY-out unavailable: Head "https://cp.cloudflare.com": unexpected status: 404 404 Not Found +0000 2023-03-07 02:15:30 DEBUG dns: exchanged time.apple.com NOERROR 600 +0000 2023-03-07 02:15:30 DEBUG dns: exchanged time.apple.com CNAME time.apple.com. 6392 IN CNAME time.g.aaplimg.com. +0000 2023-03-07 02:15:30 DEBUG dns: exchanged time.apple.com A time.g.aaplimg.com. 92 IN A 17.253.4.125 +0000 2023-03-07 02:15:30 DEBUG dns: exchanged time.apple.com A time.g.aaplimg.com. 92 IN A 17.253.4.253 +0000 2023-03-07 02:15:30 DEBUG dns: exchanged time.apple.com A time.g.aaplimg.com. 92 IN A 17.253.16.125 +0000 2023-03-07 02:15:30 DEBUG dns: lookup succeed for time.apple.com: 17.253.4.125 17.253.4.253 17.253.16.125 +0000 2023-03-07 02:15:30 INFO ntp: updated time: 2023-03-07 02:15:30 +0000 +0000 2023-03-07 02:15:30 INFO inbound/tun[TUN-in]: started at sb-tun0 +0000 2023-03-07 02:15:30 INFO inbound/redirect[REDIRECT-in]: tcp server started at [::]:12345 +0000 2023-03-07 02:15:30 INFO sing-box started (2.366s) +0000 2023-03-07 02:15:42 INFO [912833326] inbound/tun[TUN-in]: inbound packet connection from 172.19.0.1:57481 +0000 2023-03-07 02:15:42 INFO [912833326] inbound/tun[TUN-in]: inbound packet connection to 119.29.29.29:53 +0000 2023-03-07 02:15:42 DEBUG [912833326] router: sniffed packet protocol: dns +0000 2023-03-07 02:15:42 DEBUG [912833326] router: match[0] protocol=dns => dns-out +0000 2023-03-07 02:15:42 DEBUG [912833326] dns: exchange ip.sb. IN AAAA +0000 2023-03-07 02:15:42 DEBUG [912833326] dns: exchange ip.sb. IN A +0000 2023-03-07 02:15:42 DEBUG [912833326] dns: strategy rejected +0000 2023-03-07 02:15:42 DEBUG [912833326] dns: exchange ip.sb. IN AAAA +0000 2023-03-07 02:15:42 DEBUG [912833326] dns: exchange ip.sb. IN AAAA +0000 2023-03-07 02:15:42 DEBUG [912833326] dns: exchange ip.sb. IN A +0000 2023-03-07 02:15:42 DEBUG [912833326] dns: strategy rejected +0000 2023-03-07 02:15:42 DEBUG [912833326] dns: strategy rejected +0000 2023-03-07 02:15:42 DEBUG [912833326] dns: exchange ip.sb. IN A +0000 2023-03-07 02:15:42 DEBUG [912833326] dns: exchanged ip.sb NOERROR 600 +0000 2023-03-07 02:15:42 INFO [912833326] dns: exchanged ip.sb A ip.sb. 63 IN A 104.26.13.31 +0000 2023-03-07 02:15:42 DEBUG [912833326] dns: exchanged ip.sb NOERROR 600 +0000 2023-03-07 02:15:42 INFO [912833326] dns: exchanged ip.sb A ip.sb. 63 IN A 104.26.13.31 +0000 2023-03-07 02:15:42 INFO [912833326] dns: exchanged ip.sb A ip.sb. 63 IN A 104.26.12.31 +0000 2023-03-07 02:15:42 INFO [912833326] dns: exchanged ip.sb A ip.sb. 63 IN A 104.26.12.31 +0000 2023-03-07 02:15:42 INFO [912833326] dns: exchanged ip.sb A ip.sb. 63 IN A 172.67.75.172 +0000 2023-03-07 02:15:42 INFO [912833326] dns: exchanged ip.sb. A ip.sb. 63 IN A 104.26.13.31 +0000 2023-03-07 02:15:42 INFO [912833326] dns: exchanged ip.sb. A ip.sb. 63 IN A 104.26.12.31 +0000 2023-03-07 02:15:42 INFO [912833326] dns: exchanged ip.sb. A ip.sb. 63 IN A 172.67.75.172 +0000 2023-03-07 02:15:42 INFO [912833326] dns: exchanged ip.sb A ip.sb. 63 IN A 172.67.75.172 +0000 2023-03-07 02:15:42 INFO [912833326] dns: exchanged ip.sb. A ip.sb. 63 IN A 104.26.13.31 +0000 2023-03-07 02:15:42 DEBUG [912833326] dns: exchanged ip.sb NOERROR 600 +0000 2023-03-07 02:15:42 INFO [912833326] dns: exchanged ip.sb A ip.sb. 63 IN A 172.67.75.172 +0000 2023-03-07 02:15:42 INFO [912833326] dns: exchanged ip.sb A ip.sb. 63 IN A 104.26.13.31 +0000 2023-03-07 02:15:42 INFO [912833326] dns: exchanged ip.sb A ip.sb. 63 IN A 104.26.12.31 +0000 2023-03-07 02:15:42 INFO [912833326] dns: exchanged ip.sb. A ip.sb. 63 IN A 172.67.75.172 +0000 2023-03-07 02:15:42 INFO [912833326] dns: exchanged ip.sb. A ip.sb. 63 IN A 104.26.13.31 +0000 2023-03-07 02:15:42 INFO [912833326] dns: exchanged ip.sb. A ip.sb. 63 IN A 104.26.12.31 +0000 2023-03-07 02:15:42 INFO [912833326] dns: exchanged ip.sb. A ip.sb. 63 IN A 104.26.12.31 +0000 2023-03-07 02:15:42 INFO [912833326] dns: exchanged ip.sb. A ip.sb. 63 IN A 172.67.75.172 +0000 2023-03-07 02:15:42 INFO [4275637741] inbound/redirect[REDIRECT-in]: inbound connection from 172.19.0.1:47658 +0000 2023-03-07 02:15:42 INFO [4275637741] inbound/redirect[REDIRECT-in]: inbound connection to 104.26.13.31:80 +0000 2023-03-07 02:15:42 DEBUG [4275637741] router: sniffed protocol: http, domain: ip.sb +0000 2023-03-07 02:15:42 INFO [4275637741] outbound/vless[H2-REALITY-out]: outbound connection to 104.26.13.31:80 +0000 2023-03-07 02:15:42 DEBUG [4275637741] inbound/redirect[REDIRECT-in]: connection closed: process connection from 172.19.0.1:47658: upload: read tcp 127.0.0.1:12345->172.19.0.1:47658: use of closed network connection | download: unexpected status: 404 404 Not Found ```

Xray-core server:

```console Xray 1.7.5 (Xray, Penetrates Everything.) c04c333 (go1.20.1 linux/amd64) A unified platform for anti-censorship. 2023/03/07 09:40:07 [Info] infra/conf/serial: Reading config: /etc/xray/config.json 2023/03/07 09:40:07 [Debug] app/log: Logger started 2023/03/07 09:40:07 [Debug] app/proxyman/inbound: creating stream worker on 0.0.0.0:28443 2023/03/07 09:40:07 [Warning] core: Xray 1.7.5 started ```
nekohasekai commented 1 year ago

请对特定的协议提出问题,并简化您的配置以创建一个对任何人都可用的本地能够还原的环境。

Gzxhwq commented 1 year ago

Reality -> Pure TLS 并精简如下:

Xray-core server:

```json { "log": { "loglevel": "debug" }, "inbounds": [ { "port": 28444, "protocol": "vless", "settings": { "clients": [ { "id": "**********", "level": 0, "email": "h2-tls@gmail.com" } ], "decryption": "none" }, "streamSettings": { "network": "h2", "security": "tls", "tlsSettings": { "certificates": [ { "ocspStapling": 3600, "usage": "encipherment", "certificateFile": "/etc/ssl/proxy/full.pem", "keyFile": "/etc/ssl/proxy/key.pem" } ] } } } ], "outbounds": [ { "tag" : "direct", "protocol": "freedom" } ] } ```

sing-box client:

```json { "log": { "disabled": false, "level": "debug", "output": "/var/log/sing-box.log", "timestamp": true }, "dns": { "servers": [ { "tag": "foreign", "address": "https://1.1.1.1/dns-query" }, { "tag": "local", "address": "tls://1.12.12.12", "detour": "direct" }, { "tag": "block", "address": "rcode://success" } ], "rules": [ { "geosite": "category-ads-all", "server": "block", "disable_cache": true }, { "domain": "mydomain.com", "geosite": "cn", "server": "local" } ], "strategy": "ipv4_only" }, "inbounds": [ { "type": "tun", "tag": "TUN-in", "interface_name": "sb-tun0", "inet4_address": "172.19.0.1/30", "auto_route": true, "endpoint_independent_nat": true, "stack": "system", "sniff": true } ], "outbounds": [ { "type": "vless", "tag": "H2-TLS-out", "server":"*.*.*.*", "server_port": 28444, "uuid": "**********************************", "packet_encoding": "xudp", "tls": { "enabled": true, "server_name": "***example.org***", "utls": { "enabled": true, "fingerprint": "ios" } }, "transport": { "type": "http" } }, { "type": "direct", "tag": "direct" }, { "type": "block", "tag": "block" }, { "type": "dns", "tag": "dns-out" } ], "route": { "rules": [ { "protocol": "dns", "outbound": "dns-out" }, { "geosite": "category-ads-all", "outbound": "block" }, { "geosite": "cn", "geoip": [ "cn", "private" ], "outbound": "direct" } ], "auto_detect_interface": true } } ```