Not working with TCI, # Update from TCI users needed, please report.

[adelmrk]

Hi Sasuke thx for this tutorial. I followed step by step and done.

but in both android and windows i got test Error on TCI ISP I tested on TCI, Irancell and Rightel ISP's. just TCI has error. what is problem? need I more complex configure? I need a configure to working on just TCI.

please help to fix this problem thank you again.

[SasukeFreestyle]

Hello!

You're welcome!

Sometimes TCI bans the IP-Address of the machine you are hosting xray. You maybe need to change IP if its possible.

Run this command without VPN to check this and give me output.

curl -v https://yourdomain.com

replace yourdomain.com with your domain

check if xray is running, send me output.

sudo systemctl status xray

if its not running send me output of this command. sudo journalctl -u xray

[adelmrk]

without vpn i cant login to my server, with TCI connection. but with others like Irancell I can login normally. what should i do when i want to run these commands? use vpn or use Irancell or just must be TCI

also is it safe which i share all output here? in comment :) give me a safety path to send you.

[SasukeFreestyle]

Yes it is safe, Just remove any sensitive information like your username, IP, and domain before you post.

You need to run this command without VPN to see if you can connect and check if IP is not blocked. You can also try to visit your website with chrome/firefox, type https://yourdomain.com if you can not visit either IP is blocked by TCI or nginx/xray is not configured correctly.

My curl -v https://yourdomain.com example

ubuntu@testmachine:~$ curl -v https://XXX.XXX.XXX
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying XXX.XXX.XXX.XXX:443...
* Connected to XXX.XXX.XXX (XXX.XXX.XXX.XXX) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS header, Certificate Status (22):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.2 (IN), TLS header, Finished (20):
{ [5 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [21 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [4025 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* TLSv1.2 (OUT), TLS header, Finished (20):
} [5 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=XXX.XXX.XXX
*  start date: Feb 12 21:33:04 2023 GMT
*  expire date: May 13 21:33:03 2023 GMT
*  subjectAltName: host "XXX.XXX.XXX" matched cert's "XXX.XXX.XXX"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]

Run this command inside your machine, with or without VPN, does not matter

sudo systemctl status xray

ubuntu@testmachine:~$ sudo systemctl status xray
● xray.service - Xray-core VMESS/VLESS
     Loaded: loaded (/etc/systemd/system/xray.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2023-03-09 21:29:08 CET; 1 day 21h ago
   Main PID: 256 (xray)
      Tasks: 22 (limit: 9362)
     Memory: 411.5M
        CPU: 15h 37min 52.185s
     CGroup: /system.slice/xray.service
             └─256 /home/ubuntu/xray/xray run -config /home/ubuntu/xray/configs.json

[adelmrk]

TCI without VPN : https://yourdomain.com is online (Welcome to nginx!) in both chrome and firefox.

My curl -v https://yourdomain.com :

root@ubuntu:~# curl -v https://yourdomain.com
*   Trying xxx.xxx.xxx.xxx:443...
* TCP_NODELAY set
* Connected to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=yourdomain.com
*  start date: Mar 11 12:26:47 2023 GMT
*  expire date: Jun  9 12:26:46 2023 GMT
*  subjectAltName: host "yourdomain.com" matched cert's "yourdomain.com"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
> GET / HTTP/1.1
> Host: yourdomain.com
> User-Agent: curl/7.68.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx
< Date: Sat, 11 Mar 2023 18:04:51 GMT
< Content-Type: text/html
< Content-Length: 615
< Last-Modified: Tue, 13 Dec 2022 15:53:53 GMT
< Connection: keep-alive
< ETag: "6398a011-267"
< Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
< Accept-Ranges: bytes
< 
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
* Connection #0 to host yourdomain.com left intact

and sudo systemctl status xray :

root@ubuntu:~# sudo systemctl status xray
● xray.service - XTLS Xray-Core a VMESS/VLESS Server
     Loaded: loaded (/etc/systemd/system/xray.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2023-03-11 14:43:58 CET; 4h 26min ago
   Main PID: 157573 (xray)
      Tasks: 7 (limit: 470)
     Memory: 41.8M
     CGroup: /system.slice/xray.service
             └─157573 /home/xxx/xray/xray run -config /home/xxx/xray/config.json

[SasukeFreestyle]

Great IP is not blocked if you can visit your site and to curl -v

xray is also running, good.

what client are you using to connect?

[adelmrk]

v2rayNG and Qv2ray and V2rayN all with xray-core 1.7.5

[SasukeFreestyle]

Can you send me a picture/screenshot of your V2rayNG server settings,

Also, try connecting with Wifi/ADSL, sometimes 4G/Mobiledata blocks the connection

You can also try random uTLS setting instead of chrome

Make sure UUID is the same as your UUID in xray server config.

use flow xtls-rprx-vision, and make sure its enabled.

[adelmrk]

i just have problem with www.tci.ir (Adsl connection) yes, my configure is like your picture. i change chrometo random, but nothing changes.

[adelmrk]

I got this error in test : Fail to detect internet connection: net/http: TLS handshake timeout

[SasukeFreestyle]

Can you give me output of. sudo journalctl -u xray Remove IP and sensitive information.

[adelmrk]

root@ubuntu:~# sudo journalctl -u xray
-- Logs begin at Sat 2023-03-11 14:06:51 CET, end at Sat 2023-03-11 20:13:15 CET. --
Mar 11 14:43:58 ubuntu systemd[1]: Started XTLS Xray-Core a VMESS/VLESS Server.
Mar 11 14:43:59 ubuntu xray[157573]: Xray 1.7.5 (Xray, Penetrates Everything.) Custom (go1.20 linux/amd64)
Mar 11 14:43:59 ubuntu xray[157573]: A unified platform for anti-censorship.
Mar 11 14:43:59 ubuntu xray[157573]: 2023/03/11 14:43:59 [Info] infra/conf/serial: Reading config: /home/xxx/xray/config.json
Mar 11 14:44:00 ubuntu xray[157573]: 2023/03/11 14:44:00 [Warning] core: Xray 1.7.5 started
Mar 11 15:16:19 ubuntu xray[157573]: 2023/03/11 15:16:19 XXX.XXX.XXX.XXX:63699 accepted tcp:www.google.com:443 [direct]
Mar 11 15:16:23 ubuntu xray[157573]: 2023/03/11 15:16:23 XXX.XXX.XXX.XXX:63701 accepted tcp:clients4.google.com:443 [direct]
Mar 11 15:16:24 ubuntu xray[157573]: 2023/03/11 15:16:24 XXX.XXX.XXX.XXX:63703 accepted tcp:fonts.gstatic.com:443 [direct]
Mar 11 15:16:24 ubuntu xray[157573]: 2023/03/11 15:16:24 XXX.XXX.XXX.XXX:63704 accepted tcp:www.gstatic.com:443 [direct]
Mar 11 15:16:24 ubuntu xray[157573]: 2023/03/11 15:16:24 XXX.XXX.XXX.XXX:63706 accepted tcp:www.google.com:443 [direct]
Mar 11 15:16:30 ubuntu xray[157573]: 2023/03/11 15:16:30 XXX.XXX.XXX.XXX:63722 accepted tcp:ogs.google.com:443 [direct]
Mar 11 15:16:32 ubuntu xray[157573]: 2023/03/11 15:16:32 XXX.XXX.XXX.XXX:63756 accepted tcp:149.154.165.96:443 [direct]
Mar 11 15:16:32 ubuntu xray[157573]: 2023/03/11 15:16:32 XXX.XXX.XXX.XXX:63755 accepted tcp:149.154.165.96:80 [direct]
Mar 11 15:25:36 ubuntu xray[157573]: 2023/03/11 15:25:36 XXX.XXX.XXX.XXX:49680 accepted udp:1.1.1.1:53 [direct]
Mar 11 15:25:36 ubuntu xray[157573]: 2023/03/11 15:25:36 XXX.XXX.XXX.XXX:56112 accepted udp:1.1.1.1:53 [direct]
Mar 11 15:25:37 ubuntu xray[157573]: 2023/03/11 15:25:37 XXX.XXX.XXX.XXX:38294 accepted tcp:mqtt-mini.facebook.com:443 [direct]
Mar 11 15:25:37 ubuntu xray[157573]: 2023/03/11 15:25:37 XXX.XXX.XXX.XXX:55469 accepted tcp:edge-mqtt.facebook.com:443 [direct]
Mar 11 15:25:38 ubuntu xray[157573]: 2023/03/11 15:25:38 XXX.XXX.XXX.XXX:18479 accepted tcp:www.google.com:443 [direct]
Mar 11 15:25:39 ubuntu xray[157573]: 2023/03/11 15:25:39 XXX.XXX.XXX.XXX:26013 accepted tcp:www.fishjacksonbaygreen.com:443 [direct]
Mar 11 15:25:40 ubuntu xray[157573]: 2023/03/11 15:25:40 XXX.XXX.XXX.XXX:13028 accepted tcp:185.80.220.45:53 [direct]
Mar 11 15:25:40 ubuntu xray[157573]: 2023/03/11 15:25:40 XXX.XXX.XXX.XXX:17948 accepted tcp:167.99.49.31:53 [direct]
Mar 11 15:25:40 ubuntu xray[157573]: 2023/03/11 15:25:40 XXX.XXX.XXX.XXX:47741 accepted tcp:79.142.71.11:53 [direct]
Mar 11 15:25:40 ubuntu xray[157573]: 2023/03/11 15:25:40 XXX.XXX.XXX.XXX:44725 accepted tcp:137.184.178.89:23 [direct]
Mar 11 15:25:40 ubuntu xray[157573]: 2023/03/11 15:25:40 XXX.XXX.XXX.XXX:31407 accepted tcp:elegantseniorcase.org:443 [direct]
Mar 11 15:25:40 ubuntu xray[157573]: 2023/03/11 15:25:40 XXX.XXX.XXX.XXX:41884 accepted tcp:bicyclecalgary.com:80 [direct]
Mar 11 15:25:40 ubuntu xray[157573]: 2023/03/11 15:25:40 XXX.XXX.XXX.XXX:25698 accepted tcp:www.threegardenzing.net:443 [direct]
Mar 11 15:25:40 ubuntu xray[157573]: 2023/03/11 15:25:40 XXX.XXX.XXX.XXX:50012 accepted tcp:212.227.226.107:53 [direct]
Mar 11 15:25:40 ubuntu xray[157573]: 2023/03/11 15:25:40 XXX.XXX.XXX.XXX:24463 accepted tcp:www.opswebcamvegas.com:80 [direct]
Mar 11 15:25:40 ubuntu xray[157573]: 2023/03/11 15:25:40 XXX.XXX.XXX.XXX:33850 accepted tcp:rcrsoz.com:443 [direct]
Mar 11 15:25:40 ubuntu xray[157573]: 2023/03/11 15:25:40 XXX.XXX.XXX.XXX:11670 accepted tcp:5.157.51.70:53 [direct]
Mar 11 15:25:40 ubuntu xray[157573]: 2023/03/11 15:25:40 XXX.XXX.XXX.XXX:21815 accepted tcp:23.92.127.84:22 [direct]
Mar 11 15:25:40 ubuntu xray[157573]: 2023/03/11 15:25:40 XXX.XXX.XXX.XXX:58207 accepted tcp:139.162.110.237:22 [direct]
Mar 11 15:25:40 ubuntu xray[157573]: 2023/03/11 15:25:40 XXX.XXX.XXX.XXX:62237 accepted tcp:196.196.200.82:443 [direct]
Mar 11 15:25:40 ubuntu xray[157573]: 2023/03/11 15:25:40 tcp:XXX.XXX.XXX.XXX:33546 accepted udp:172.105.251.92:554 [direct]
Mar 11 15:25:40 ubuntu xray[157573]: 2023/03/11 15:25:40 XXX.XXX.XXX.XXX:52585 accepted tcp:196.196.14.110:53 [direct]
Mar 11 15:25:40 ubuntu xray[157573]: 2023/03/11 15:25:40 tcp:XXX.XXX.XXX.XXX:57972 accepted udp:209.95.52.121:976 [direct]
Mar 11 15:25:40 ubuntu xray[157573]: 2023/03/11 15:25:40 tcp:XXX.XXX.XXX.XXX:41921 accepted udp:74.207.240.79:983 [direct]
Mar 11 15:25:41 ubuntu xray[157573]: 2023/03/11 15:25:41 XXX.XXX.XXX.XXX:21825 accepted tcp:hillcubetw.com:443 [direct]
Mar 11 15:25:41 ubuntu xray[157573]: 2023/03/11 15:25:41 XXX.XXX.XXX.XXX:30210 accepted tcp:www.jumbovan.net:80 [direct]
Mar 11 15:25:41 ubuntu xray[157573]: 2023/03/11 15:25:41 XXX.XXX.XXX.XXX:51156 accepted tcp:212.78.94.95:53 [direct]
Mar 11 15:25:41 ubuntu xray[157573]: 2023/03/11 15:25:41 XXX.XXX.XXX.XXX:27033 accepted tcp:217.160.34.202:22 [direct]
Mar 11 15:25:41 ubuntu xray[157573]: 2023/03/11 15:25:41 XXX.XXX.XXX.XXX:55425 accepted tcp:creditcover.org:80 [direct]
Mar 11 15:25:41 ubuntu xray[157573]: 2023/03/11 15:25:41 tcp:XXX.XXX.XXX.XXX:60722 accepted udp:172.105.0.198:22 [direct]
Mar 11 15:25:43 ubuntu xray[157573]: 2023/03/11 15:25:43 XXX.XXX.XXX.XXX:40878 accepted tcp:139.162.74.122:554 [direct]
Mar 11 15:25:44 ubuntu xray[157573]: 2023/03/11 15:25:44 XXX.XXX.XXX.XXX:14227 accepted udp:1.1.1.1:53 [direct]

this log isnt by TCI, it was by Irancell (with tci cant connect)

[SasukeFreestyle]

Then unfortunately there is nothing I can do :(

Your server is working fine, I should have asked output of sudo journalctl -u xray first. Sorry for misunderstanding. I first thought the server config was wrong and server did not work.

Somehow TCI based on your region/location is blocking the connecting.

The weird thing is that if you can see the website with TCI, you should also be able to connect with TCI. Maybe TCI has found a way to block Vision. But I'm not from Iran so I can't know for sure. I will update when I've more information.

I'm currently hosting a server myself, and some from TCI are able to connect, some or not able to connect.

[adelmrk]

2023/03/11 22:54:31 127.0.0.1:60645 accepted //149.154.167.91:443 [http_IN >> xiaabvykzgjbrhd]
2023/03/11 22:54:31 127.0.0.1:60647 accepted http://149.154.167.91:80/api [http_IN >> xiaabvykzgjbrhd]
2023/03/11 22:54:32 [Warning] [398857164] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [dial tcp xxx.xxx.xxx.xxx:443: operation was canceled dial tcp: lookup xxx.xxx.xxx.xxx: operation was canceled] > common/retry: all retry attempts failed
2023/03/11 22:54:32 [Warning] [1193270785] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [dial tcp xxx.xxx.xxx.xxx:443: operation was canceled dial tcp: lookup xxx.xxx.xxx.xxx: operation was canceled] > common/retry: all retry attempts failed
2023/03/11 22:54:32 [Warning] [322783257] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [dial tcp xxx.xxx.xxx.xxx:443: operation was canceled dial tcp: lookup xxx.xxx.xxx.xxx: operation was canceled] > common/retry: all retry attempts failed
2023/03/11 22:54:32 [Warning] [2851052530] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [dial tcp xxx.xxx.xxx.xxx:443: operation was canceled dial tcp: lookup xxx.xxx.xxx.xxx: operation was canceled] > common/retry: all retry attempts failed
2023/03/11 22:54:33 [Warning] [2188670629] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [dial tcp xxx.xxx.xxx.xxx:443: i/o timeout dial tcp xxx.xxx.xxx.xxx:443: operation was canceled dial tcp: lookup xxx.xxx.xxx.xxx: operation was canceled] > common/retry: all retry attempts failed
2023/03/11 22:54:34 [Warning] [536815001] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [dial tcp xxx.xxx.xxx.xxx:443: operation was canceled dial tcp: lookup xxx.xxx.xxx.xxx: operation was canceled] > common/retry: all retry attempts failed
2023/03/11 22:54:34 127.0.0.1:60665 accepted //alive.github.com:443 [http_IN >> xiaabvykzgjbrhd]
2023/03/11 22:54:34 [Warning] [2288177334] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [dial tcp xxx.xxx.xxx.xxx:443: operation was canceled dial tcp: lookup xxx.xxx.xxx.xxx: operation was canceled] > common/retry: all retry attempts failed
2023/03/11 22:54:34 [Warning] [1030676164] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [dial tcp xxx.xxx.xxx.xxx:443: operation was canceled dial tcp: lookup xxx.xxx.xxx.xxx: operation was canceled] > common/retry: all retry attempts failed
2023/03/11 22:54:34 [Warning] [1342554452] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [dial tcp xxx.xxx.xxx.xxx:443: operation was canceled dial tcp: lookup xxx.xxx.xxx.xxx: operation was canceled] > common/retry: all retry attempts failed
2023/03/11 22:54:35 127.0.0.1:60668 accepted //149.154.167.92:443 [http_IN >> xiaabvykzgjbrhd]
2023/03/11 22:54:35 127.0.0.1:60671 accepted http://149.154.167.92:80/api [http_IN >> xiaabvykzgjbrhd]
2023/03/11 22:54:35 127.0.0.1:60673 accepted //149.154.175.58:443 [http_IN >> xiaabvykzgjbrhd]
2023/03/11 22:54:35 127.0.0.1:60675 accepted //149.154.175.54:443 [http_IN >> xiaabvykzgjbrhd]
2023/03/11 22:54:35 127.0.0.1:60677 accepted http://149.154.175.58:80/api [http_IN >> xiaabvykzgjbrhd]
2023/03/11 22:54:35 127.0.0.1:60678 accepted http://149.154.175.54:80/api [http_IN >> xiaabvykzgjbrhd]
2023/03/11 22:54:35 127.0.0.1:60680 accepted //149.154.167.91:443 [http_IN >> xiaabvykzgjbrhd]
2023/03/11 22:54:35 127.0.0.1:60684 accepted http://149.154.167.91:80/api [http_IN >> xiaabvykzgjbrhd]

this is part of Qv2ray log when i open google.com in chrome (also test latency has error)

[SasukeFreestyle]

I dont think Qv2ray supports Vision. you need to add ,none in flow in server configuration.

"flow":"xtls-rprx-vision,none"

No support for Vision. leave flow empty in Qv2ray with flow ,.none.

[adelmrk]

I got this problem from 1 March and i cant fix it yet. I used direct with another way of configure, but result is like vision yeah this is wierd for me too. I will check your topic for new update

[adelmrk]

yes in config code i added none, and in Qv2ray set none in V2rayN used vision I got same result

[3245]

@adelmrk you found any method for TCI?

Thanks.

[SasukeFreestyle]

No, Many of my 4000 users connecting to my own server have TCI and it works for them.

Try using V2rayN instead of Qv2ray, does your phone or friends phone work on the same network as you have?