FattyboyN
commented
6 years ago Open FattyboyN opened 6 years ago
FattyboyN
commented
6 years ago FattyboyN
commented
6 years ago 写了个链式代理的进一步使用教程。如果合适可以增补到白话文教程。无版权,欢迎转发修正,作者FattyboyN
ToutyRater
commented
6 years ago 非常感谢你写了这么多,也看得出来你下了一番功夫,这中转功能确实是 V2Ray 一个非常鲜明的特点。我之所以没有写这部分,纯粹是因为 V2Ray 的手册本来有中转的配置示例,也就懒得写了,但后来删了。既然你提到了,应该是有部分用户有这样的需求,我过段时间再抽空补上。
huxiaofan1223
commented
5 years ago 这么多看得我头皮发麻
star8618
commented
4 years ago 有多用户中转代码么? 比如a b c 3个用户,a用户直连,b用户连接到中转1服务器,c用户连接到中转2服务器
vongoethe
commented
4 years ago 谢谢教程 不用dokodemo的话,翻墙服务器只能用tcp模式,那请问中转服务器可以用ws+tls么? 谢谢
eaglesharkmayonnaise
commented
4 years ago @FattyboyN
websocket+TLS(Vmess+websocket+TLS+Nginx+Website)方式使用你提供的第二种配置是不是不行啊
以下是错误:
2020/05/07 14:15:06 [Warning] [2513150821] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: connection ends > v2ray.com/core/proxy/vmess/outbound: failed to read header > v2ray.com/core/proxy/vmess/encoding: failed to read response header > io: read/write on closed pipe
2020/05/07 14:15:06 [Warning] [2136282099] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: connection ends > v2ray.com/core/proxy/vmess/outbound: failed to read header > v2ray.com/core/proxy/vmess/encoding: failed to read response header > io: read/write on closed pipe
2020/05/07 14:15:07 [Warning] [4207572829] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: connection ends > v2ray.com/core/proxy/vmess/outbound: failed to read header > v2ray.com/core/proxy/vmess/encoding: failed to read response header > io: read/write on closed pipe
2020/05/07 14:15:08 [Warning] [3294750213] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: connection ends > v2ray.com/core/proxy/vmess/outbound: failed to read header > v2ray.com/core/proxy/vmess/encoding: failed to read response header > EOF
2020/05/07 14:15:08 [Warning] [3294750213] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: connection ends > v2ray.com/core/proxy/vmess/outbound: failed to read header > v2ray.com/core/proxy/vmess/encoding: failed to read response header > io: read/write on closed pipe
2020/05/07 14:15:11 [Warning] [1670260891] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: connection ends > v2ray.com/core/proxy/vmess/outbound: failed to read header > v2ray.com/core/proxy/vmess/encoding: failed to read response header > EOF
2020/05/07 14:15:11 [Warning] [1670260891] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: connection ends > v2ray.com/core/proxy/vmess/outbound: failed to read header > v2ray.com/core/proxy/vmess/encoding: failed to read response header > io: read/write on closed pipe
2020/05/07 14:15:11 [Warning] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/websocket: failed to dial WebSocket > v2ray.com/core/transport/internet/websocket: failed to dial to (wss://127.0.0.1:50001/ray): > EOF] > v2ray.com/core/common/retry: all retry attempts failed
waahaa
commented
4 years ago 请注意:inboundDetour、outboundDetour和domainOverride均已被废弃
1klakla1
commented
3 years ago 你这种设置测试过没有? 官方文档里面写到:
注意:如果你打算配置(动态)链式代理转发,应当明确几点:
性能。链式代理使用了多个节点,可能会造成延时、带宽等网络性能问题,并且客户端对每一个加解密的次数取决于代理链的长度,理论上也会有一定的影响。 安全。前文提到,代理转发会一定程度上提高安全性,但安全取决于最弱一环,并不意味着代理链越长就会越安全。如果你需要匿名,请考虑成熟的匿名方案。 另外,使用了代理转发 streamSettings 会失效,即只能是非 TLS、无 HTTP 伪装的 TCP 传输协议。
你的案例中,streamSettings 有TLS,也有PATH,这都属于官方文档中,明确说明会失效的。 这样配置下来,你的翻墙机(最后一链)是接受不了这个转发包的。没有TLS,PATH。
FattyboyN
commented
3 years ago 当然测试过
Felix Sent from my iPhone
On 10 Sep 2021, at 1:19 pm, 1klakla1 @.***> wrote:
你这种设置测试过没有? 官方文档里面写到:
注意:如果你打算配置(动态)链式代理转发,应当明确几点:
性能。链式代理使用了多个节点,可能会造成延时、带宽等网络性能问题,并且客户端对每一个加解密的次数取决于代理链的长度,理论上也会有一定的影响。 安全。前文提到,代理转发会一定程度上提高安全性,但安全取决于最弱一环,并不意味着代理链越长就会越安全。如果你需要匿名,请考虑成熟的匿名方案。 另外,使用了代理转发 streamSettings 会失效,即只能是非 TLS、无 HTTP 伪装的 TCP 传输协议。
你的案例中,streamSettings 有TLS,也有PATH,这都属于官方文档中,明确说明会失效的。 这样配置下来,你的翻墙机(最后一链)是接受不了这个转发包的。没有TLS,PATH。
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/ToutyRater/v2ray-guide/issues/16#issuecomment-916599569, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOFZXZULFPKTSCDY5OUDUBF2KLANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
1klakla1
commented
3 years ago 当然测试过 Felix Sent from my iPhone On 10 Sep 2021, at 1:19 pm, 1klakla1 @.***> wrote: 你这种设置测试过没有? 官方文档里面写到: 注意:如果你打算配置(动态)链式代理转发,应当明确几点: 性能。链式代理使用了多个节点,可能会造成延时、带宽等网络性能问题,并且客户端对每一个加解密的次数取决于代理链的长度,理论上也会有一定的影响。 安全。前文提到,代理转发会一定程度上提高安全性,但安全取决于最弱一环,并不意味着代理链越长就会越安全。如果你需要匿名,请考虑成熟的匿名方案。 另外,使用了代理转发 streamSettings 会失效,即只能是非 TLS、无 HTTP 伪装的 TCP 传输协议。 你的案例中,streamSettings 有TLS,也有PATH,这都属于官方文档中,明确说明会失效的。 这样配置下来,你的翻墙机(最后一链)是接受不了这个转发包的。没有TLS,PATH。 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#16 (comment)>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOFZXZULFPKTSCDY5OUDUBF2KLANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
啊? 我看你翻墙机(最后一链),配置的是vmess+ws+tls的入站协议。 如果按照官方文档说明,tls,path这些参数是无法通过出站代理的代理机出站的啊。
这个怎么理解啊,大佬。有点迷惑。
FattyboyN
commented
3 years ago 这还是很老的config,还在用outbound Detour的语法。 现在都改了。当时ProxySetting 是只允许tcp协议,不允许别的。 所以转发有两种思路:1. 用proxySetting,各级服务端都是最基本的config,但是本机客户端要非常复杂的config;2. 不用proxySetting,而是让服务器每一级的outbound指向下一级服务器的inbound,这样就不局限于tcp。
过了很久了现在还有人这么玩吗? 我人肉翻墙后就没研究这些了
Felix Sent from my iPhone
On 10 Sep 2021, at 1:25 pm, 1klakla1 @.***> wrote:
当然测试过 Felix Sent from my iPhone On 10 Sep 2021, at 1:19 pm, 1klakla1 @.***> wrote: 你这种设置测试过没有? 官方文档里面写到: 注意:如果你打算配置(动态)链式代理转发,应当明确几点: 性能。链式代理使用了多个节点,可能会造成延时、带宽等网络性能问题,并且客户端对每一个加解密的次数取决于代理链的长度,理论上也会有一定的影响。 安全。前文提到,代理转发会一定程度上提高安全性,但安全取决于最弱一环,并不意味着代理链越长就会越安全。如果你需要匿名,请考虑成熟的匿名方案。 另外,使用了代理转发 streamSettings 会失效,即只能是非 TLS、无 HTTP 伪装的 TCP 传输协议。 你的案例中,streamSettings 有TLS,也有PATH,这都属于官方文档中,明确说明会失效的。 这样配置下来,你的翻墙机(最后一链)是接受不了这个转发包的。没有TLS,PATH。 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#16 (comment)https://github.com/ToutyRater/v2ray-guide/issues/16#issuecomment-916599569>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOFZXZULFPKTSCDY5OUDUBF2KLANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
啊? 我看你翻墙机(最后一链),配置的是vmess+ws+tls的入站协议。 如果按照官方文档说明,tls,path这些参数是无法通过出站代理的代理机出站的啊。
这个怎么理解啊,大佬。有点迷惑。
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/ToutyRater/v2ray-guide/issues/16#issuecomment-916601553, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOF6KO4MVDJWGTGHHBP3UBF3DFANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
1klakla1
commented
3 years ago 这还是很老的config,还在用outbound Detour的语法。 现在都改了。当时ProxySetting 是只允许tcp协议,不允许别的。 所以转发有两种思路:1. 用proxySetting,各级服务端都是最基本的config,但是本机客户端要非常复杂的config;2. 不用proxySetting,而是让服务器每一级的outbound指向下一级服务器的inbound,这样就不局限于tcp。 过了很久了现在还有人这么玩吗? 我人肉翻墙后就没研究这些了 Felix Sent from my iPhone On 10 Sep 2021, at 1:25 pm, 1klakla1 @.> wrote: 当然测试过 Felix Sent from my iPhone On 10 Sep 2021, at 1:19 pm, 1klakla1 @.> wrote: 你这种设置测试过没有? 官方文档里面写到: 注意:如果你打算配置(动态)链式代理转发,应当明确几点: 性能。链式代理使用了多个节点,可能会造成延时、带宽等网络性能问题,并且客户端对每一个加解密的次数取决于代理链的长度,理论上也会有一定的影响。 安全。前文提到,代理转发会一定程度上提高安全性,但安全取决于最弱一环,并不意味着代理链越长就会越安全。如果你需要匿名,请考虑成熟的匿名方案。 另外,使用了代理转发 streamSettings 会失效,即只能是非 TLS、无 HTTP 伪装的 TCP 传输协议。 你的案例中,streamSettings 有TLS,也有PATH,这都属于官方文档中,明确说明会失效的。 这样配置下来,你的翻墙机(最后一链)是接受不了这个转发包的。没有TLS,PATH。 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#16 (comment)<#16 (comment)>>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOFZXZULFPKTSCDY5OUDUBF2KLANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. … ____ 啊? 我看你翻墙机(最后一链),配置的是vmess+ws+tls的入站协议。 如果按照官方文档说明,tls,path这些参数是无法通过出站代理的代理机出站的啊。 这个怎么理解啊,大佬。有点迷惑。 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#16 (comment)>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOF6KO4MVDJWGTGHHBP3UBF3DFANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
羡慕大佬人肉翻墙!
FattyboyN
commented
3 years ago 肉翻前我最后用的两级服务器配置你参考着看吧,客户端-深圳-香港-(日本、美国、新加坡) sz的: { "policy": { "levels": { "1": { "bufferSize": 10240 } } }, "inbounds": [ { "sniffing": { "enabled": false, "destOverride": ["http", "tls"] }, "port": 10001, "protocol": "vmess", "settings": { "clients": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "alterId": 4 } ] }, "tag":"CHINA" }, { "port": 10002, "protocol": "vmess", "settings": { "clients": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "alterId": 4 } ] }, "tag": "EXCLOUD" }, { "port" : 10003, "protocol" : "shadowsocks", "settings": { "method": "chacha20-ietf-poly1305", "password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "ota": false, "network": "tcp,udp" }, "tag": "EXCLOUDSS" } ], "outbounds": [ { "protocol": "freedom", "settings": {}, "tag": "direct" }, { "protocol": "blackhole", "settings": {}, "tag": "blocked" }, { "mux" : { "concurrency" : 8, "enabled" : true }, "protocol": "vmess", "settings": { "vnext": [ { "users": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "172.31.1.43", "port" : 10002 } ] }, "streamSettings": { "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "ExCloudHK" }, { "mux" : { "concurrency" : 8, "enabled" : false }, "protocol": "vmess", "settings": { "vnext": [ { "users": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "172.123.111.121", "port" : 10086 } ] }, "streamSettings": { "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag" : "YK" } ], "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ { "type": "field", "inboundTag": ["EXCLOUD"], "outboundTag": "ExCloudHK" }, { "type": "field", "inboundTag": ["CHINA"], "outboundTag": "YK" }, { "type": "field", "inboundTag": ["EXCLOUDSS"], "outboundTag": "ExCloudHK" }, { "type": "field", "domain": [ "domain:amdc.m.taobao.com" ], "outboundTag": "YK" }, { "type": "field", "ip": [ "47.102.83.0/8", "106.11.209.0/8", "106.11.248.0/8", "203.119.217.0/8", "140.205.35.0/8" ], "outboundTag": "YK" }, { "type": "field", "domain": [ "geosite:cn" ], "outboundTag": "direct" } ] } }
HK的:
{ "policy": { "levels": { "1": { "bufferSize": 10240 } } }, "inbounds": [ { "port": 10001, "protocol": "vmess", "settings": { "clients": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "alterId": 4 } ] }, "tag": "ExHK" }, { "port": 10002, "protocol": "vmess", "settings": { "clients": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "alterId": 4 } ] }, "tag": "SZ" }, { "port" : 10003, "protocol" : "shadowsocks", "settings": { "method": "chacha20-ietf-poly1305", "password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "ota": false, "network": "tcp,udp" } } ], "outbounds": [ { "protocol": "freedom", "settings": {} }, { "protocol": "blackhole", "settings": {}, "tag": "blocked" }, { "mux":{ "concurrency" :8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "172.xxx.xxx.xxx", "port": 10001 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "ExSZ" }, { "mux":{ "concurrency" :8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "172.xxx.xxx.xxx", "port": 10001 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "LinodeJP" }, { "mux" : { "concurrency" : 1, "enabled" : false }, "protocol" : "shadowsocks", "settings" : { "servers":[ { "port": 445, "password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "address": "103.xxx.xxx.xxx", "method": "chacha20-ietf-poly1305" } ] }, "tag" : "DMITOUTSS" }, { "mux":{ "concurrency" :8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "103.xxx.xxx.xxx", "port": 10002 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "DMITOUT" }, { "mux":{ "concurrency" : 8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "154.xxx.xxx.xxx", "port": 10006 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "LinodeUS" }, { "mux":{ "concurrency" : 8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "139.xxx.xxx.xxx", "port": 23740 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "LinodeSG" } ], "routing": { "rules": [ { "type": "field", "inboundTag": ["ExHK"], "outboundTag": "ExSZ" }, { "type": "field", "ip": ["geoip:cn"], "outboundTag": "ExSZ" }, { "type": "field", "domain": [ "geosite:cn", "kugou", "migu", "miguvideo", "qq", "taobao", "baidu", "cibntv", "iqiyi", "cmvideo", "youku", "ali", "mmstat" ], "outboundTag": "ExSZ" }, { "type": "field", "domain": [ "dmm.co.jp", "domain:xvideos.com", "domain:javtube.com", "domain:avgle.com", "domain:pornhd.vip", "jav" ], "outboundTag": "LinodeJP" }, { "type": "field", "domain": [ "formula1.com", "f1tv.formula1.com", "f1-prod-production.apigee.net", "f1tv-api.formula1.com", "app-measurement.com", "f1tv-images.formula1.com", "f1tv-livedata.formula1.com", "conviva.com", "f1tv-cdn-cent-live.formula1.com", "mobile-collector.newrelic.com", "domain:disneyplus.com", "domain:disney-plus.net", "domain:sentry.io", "domain:bamgrid.com", "domain:braze.com", "disneyplus", "disney-plus", "disney", "f1tv", "domain:iheart.com", "p14-buy.itunes.apple.com" ], "outboundTag": "LinodeUS" }, { "type": "field", "domain": [ "hbogoasia.com", "hbogoasia", "hbogo" ], "outboundTag": "LinodeSG" }, { "type": "field", "domain": [ "domain:nflxvideo.net", "domain:nflxso.net", "domain:netflix.com" ], "outboundTag": "DMITOUT" } ] } }
Felix Sent from my iPhone
On 10 Sep 2021, at 1:34 pm, 1klakla1 @.***> wrote:
这还是很老的config,还在用outbound Detour的语法。 现在都改了。当时ProxySetting 是只允许tcp协议,不允许别的。 所以转发有两种思路:1. 用proxySetting,各级服务端都是最基本的config,但是本机客户端要非常复杂的config;2. 不用proxySetting,而是让服务器每一级的outbound指向下一级服务器的inbound,这样就不局限于tcp。 过了很久了现在还有人这么玩吗? 我人肉翻墙后就没研究这些了 Felix Sent from my iPhone On 10 Sep 2021, at 1:25 pm, 1klakla1 @.> wrote: 当然测试过 Felix Sent from my iPhone On 10 Sep 2021, at 1:19 pm, 1klakla1 @.> wrote: 你这种设置测试过没有? 官方文档里面写到: 注意:如果你打算配置(动态)链式代理转发,应当明确几点: 性能。链式代理使用了多个节点,可能会造成延时、带宽等网络性能问题,并且客户端对每一个加解密的次数取决于代理链的长度,理论上也会有一定的影响。 安全。前文提到,代理转发会一定程度上提高安全性,但安全取决于最弱一环,并不意味着代理链越长就会越安全。如果你需要匿名,请考虑成熟的匿名方案。 另外,使用了代理转发 streamSettings 会失效,即只能是非 TLS、无 HTTP 伪装的 TCP 传输协议。 你的案例中,streamSettings 有TLS,也有PATH,这都属于官方文档中,明确说明会失效的。 这样配置下来,你的翻墙机(最后一链)是接受不了这个转发包的。没有TLS,PATH。 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#16https://github.com/ToutyRater/v2ray-guide/issues/16 (comment)<#16 (comment)https://github.com/ToutyRater/v2ray-guide/issues/16#issuecomment-916599569>>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOFZXZULFPKTSCDY5OUDUBF2KLANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. … ____ 啊? 我看你翻墙机(最后一链),配置的是vmess+ws+tls的入站协议。 如果按照官方文档说明,tls,path这些参数是无法通过出站代理的代理机出站的啊。 这个怎么理解啊,大佬。有点迷惑。 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#16 (comment)https://github.com/ToutyRater/v2ray-guide/issues/16#issuecomment-916601553>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOF6KO4MVDJWGTGHHBP3UBF3DFANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
羡慕大佬人肉翻墙!
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/ToutyRater/v2ray-guide/issues/16#issuecomment-916604021, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOF6QPXHB5OW2YIYOQVTUBF4DBANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
1klakla1
commented
3 years ago 肉翻前我最后用的两级服务器配置你参考着看吧,客户端-深圳-香港-(日本、美国、新加坡) sz的: { "policy": { "levels": { "1": { "bufferSize": 10240 } } }, "inbounds": [ { "sniffing": { "enabled": false, "destOverride": ["http", "tls"] }, "port": 10001, "protocol": "vmess", "settings": { "clients": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "alterId": 4 } ] }, "tag":"CHINA" }, { "port": 10002, "protocol": "vmess", "settings": { "clients": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "alterId": 4 } ] }, "tag": "EXCLOUD" }, { "port" : 10003, "protocol" : "shadowsocks", "settings": { "method": "chacha20-ietf-poly1305", "password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "ota": false, "network": "tcp,udp" }, "tag": "EXCLOUDSS" } ], "outbounds": [ { "protocol": "freedom", "settings": {}, "tag": "direct" }, { "protocol": "blackhole", "settings": {}, "tag": "blocked" }, { "mux" : { "concurrency" : 8, "enabled" : true }, "protocol": "vmess", "settings": { "vnext": [ { "users": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "172.31.1.43", "port" : 10002 } ] }, "streamSettings": { "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "ExCloudHK" }, { "mux" : { "concurrency" : 8, "enabled" : false }, "protocol": "vmess", "settings": { "vnext": [ { "users": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "172.123.111.121", "port" : 10086 } ] }, "streamSettings": { "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag" : "YK" } ], "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ { "type": "field", "inboundTag": ["EXCLOUD"], "outboundTag": "ExCloudHK" }, { "type": "field", "inboundTag": ["CHINA"], "outboundTag": "YK" }, { "type": "field", "inboundTag": ["EXCLOUDSS"], "outboundTag": "ExCloudHK" }, { "type": "field", "domain": [ "domain:amdc.m.taobao.com" ], "outboundTag": "YK" }, { "type": "field", "ip": [ "47.102.83.0/8", "106.11.209.0/8", "106.11.248.0/8", "203.119.217.0/8", "140.205.35.0/8" ], "outboundTag": "YK" }, { "type": "field", "domain": [ "geosite:cn" ], "outboundTag": "direct" } ] } } HK的: { "policy": { "levels": { "1": { "bufferSize": 10240 } } }, "inbounds": [ { "port": 10001, "protocol": "vmess", "settings": { "clients": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "alterId": 4 } ] }, "tag": "ExHK" }, { "port": 10002, "protocol": "vmess", "settings": { "clients": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "alterId": 4 } ] }, "tag": "SZ" }, { "port" : 10003, "protocol" : "shadowsocks", "settings": { "method": "chacha20-ietf-poly1305", "password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "ota": false, "network": "tcp,udp" } } ], "outbounds": [ { "protocol": "freedom", "settings": {} }, { "protocol": "blackhole", "settings": {}, "tag": "blocked" }, { "mux":{ "concurrency" :8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "172.xxx.xxx.xxx", "port": 10001 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "ExSZ" }, { "mux":{ "concurrency" :8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "172.xxx.xxx.xxx", "port": 10001 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "LinodeJP" }, { "mux" : { "concurrency" : 1, "enabled" : false }, "protocol" : "shadowsocks", "settings" : { "servers":[ { "port": 445, "password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "address": "103.xxx.xxx.xxx", "method": "chacha20-ietf-poly1305" } ] }, "tag" : "DMITOUTSS" }, { "mux":{ "concurrency" :8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "103.xxx.xxx.xxx", "port": 10002 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "DMITOUT" }, { "mux":{ "concurrency" : 8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "154.xxx.xxx.xxx", "port": 10006 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "LinodeUS" }, { "mux":{ "concurrency" : 8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "139.xxx.xxx.xxx", "port": 23740 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "LinodeSG" } ], "routing": { "rules": [ { "type": "field", "inboundTag": ["ExHK"], "outboundTag": "ExSZ" }, { "type": "field", "ip": ["geoip:cn"], "outboundTag": "ExSZ" }, { "type": "field", "domain": [ "geosite:cn", "kugou", "migu", "miguvideo", "qq", "taobao", "baidu", "cibntv", "iqiyi", "cmvideo", "youku", "ali", "mmstat" ], "outboundTag": "ExSZ" }, { "type": "field", "domain": [ "dmm.co.jp", "domain:xvideos.com", "domain:javtube.com", "domain:avgle.com", "domain:pornhd.vip", "jav" ], "outboundTag": "LinodeJP" }, { "type": "field", "domain": [ "formula1.com", "f1tv.formula1.com", "f1-prod-production.apigee.net", "f1tv-api.formula1.com", "app-measurement.com", "f1tv-images.formula1.com", "f1tv-livedata.formula1.com", "conviva.com", "f1tv-cdn-cent-live.formula1.com", "mobile-collector.newrelic.com", "domain:disneyplus.com", "domain:disney-plus.net", "domain:sentry.io", "domain:bamgrid.com", "domain:braze.com", "disneyplus", "disney-plus", "disney", "f1tv", "domain:iheart.com", "p14-buy.itunes.apple.com" ], "outboundTag": "LinodeUS" }, { "type": "field", "domain": [ "hbogoasia.com", "hbogoasia", "hbogo" ], "outboundTag": "LinodeSG" }, { "type": "field", "domain": [ "domain:nflxvideo.net", "domain:nflxso.net", "domain:netflix.com" ], "outboundTag": "DMITOUT" } ] } } Felix Sent from my iPhone On 10 Sep 2021, at 1:34 pm, 1klakla1 @.***> wrote: 这还是很老的config,还在用outbound Detour的语法。 现在都改了。当时ProxySetting 是只允许tcp协议,不允许别的。 所以转发有两种思路:1. 用proxySetting,各级服务端都是最基本的config,但是本机客户端要非常复杂的config;2. 不用proxySetting,而是让服务器每一级的outbound指向下一级服务器的inbound,这样就不局限于tcp。 过了很久了现在还有人这么玩吗? 我人肉翻墙后就没研究这些了 Felix Sent from my iPhone On 10 Sep 2021, at 1:25 pm, 1klakla1 @.> wrote: 当然测试过 Felix Sent from my iPhone On 10 Sep 2021, at 1:19 pm, 1klakla1 @.> wrote: 你这种设置测试过没有? 官方文档里面写到: 注意:如果你打算配置(动态)链式代理转发,应当明确几点: 性能。链式代理使用了多个节点,可能会造成延时、带宽等网络性能问题,并且客户端对每一个加解密的次数取决于代理链的长度,理论上也会有一定的影响。 安全。前文提到,代理转发会一定程度上提高安全性,但安全取决于最弱一环,并不意味着代理链越长就会越安全。如果你需要匿名,请考虑成熟的匿名方案。 另外,使用了代理转发 streamSettings 会失效,即只能是非 TLS、无 HTTP 伪装的 TCP 传输协议。 你的案例中,streamSettings 有TLS,也有PATH,这都属于官方文档中,明确说明会失效的。 这样配置下来,你的翻墙机(最后一链)是接受不了这个转发包的。没有TLS,PATH。 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#16<#16> (comment)<#16 (comment)<#16 (comment)>>>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOFZXZULFPKTSCDY5OUDUBF2KLANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. … … ____ 啊? 我看你翻墙机(最后一链),配置的是vmess+ws+tls的入站协议。 如果按照官方文档说明,tls,path这些参数是无法通过出站代理的代理机出站的啊。 这个怎么理解啊,大佬。有点迷惑。 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#16 (comment)<#16 (comment)>>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOF6KO4MVDJWGTGHHBP3UBF3DFANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. 羡慕大佬人肉翻墙! — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#16 (comment)>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOF6QPXHB5OW2YIYOQVTUBF4DBANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
先谢谢大佬,不过我现在的问题是不能配置那个中转服务器。
我是打算用机场的节点代理我的翻墙机(流畅是国内客户端-机场节点-翻墙客户机)
翻墙机配置: { "outbounds": [ { "protocol": "vmess", "settings": { "vnext": [ { "address": "fanqiangji.com", "port": 18888, "users": [ { "id": "翻墙机UUID" } ] } ] }, "streamSettings": { "network": "ws", "security": "tls", "wsSettings": { "path": "/vmws" } }, "tag": "zhuanfa" } ] }
机场节点机(代理机配置,这个配置是无法修改的): { "outbounds": [ { "protocol": "vmess", "settings": { "vnext": [ { "address": "机场节点,代理机域名", "port": 机场节点,代理机端口, "users": [ { "alterId": 2, "id": "机场节点,代理机UUID", "security": "aes-128-gcm" } ] } ] }, "streamSettings": { "network": "ws", "tlsSettings": { "disableSystemRoot": false }, "wsSettings": { "path": "/video" }, "xtlsSettings": { "disableSystemRoot": false } }, "tag": "zhuanfa" } ] }
这两个机器服务器上不做任何配置修改的话,客户端可以实现链式转发的效果么? 然后国内客户端代码这样写对不对: { "outbounds": [ { "protocol": "vmess", "settings": { "vnext": [ { "address": "翻墙机域名", "port": 翻墙机端口, "users": [ { "id": "翻墙机UUID" } ] } ] }, "streamSettings": { "network": "ws", "security": "tls", "wsSettings": { "path": "/vmws" } }, "tag": "zhuanfa" //翻墙机和代理机标签保持一致 }, { "protocol": "vmess", "settings": { "vnext": [ { "address": "机场节点,代理机域名", "port": 机场节点,代理机端口, "users": [ { "alterId": 2, "id": "机场节点,代理机UUID", "security": "aes-128-gcm" } ] } ] }, "streamSettings": { "network": "ws", "tlsSettings": { "disableSystemRoot": false }, "wsSettings": { "path": "/video" }, "xtlsSettings": { "disableSystemRoot": false } }, "tag": "zhuanfa" //翻墙机和代理机标签保持一致 } ] }
FattyboyN
commented
3 years ago 那你就要用proxySetting自带的这种链式转发。 协议只能是tcp吧?你看看fly的org官网proxySetting现在支持别的了吗 这种服务器就默认配置好了。你的机场也得是给你一个纯tcp的inbound端口。所有的链式配置都在你客户端配置里实现
Felix Sent from my iPhone
On 10 Sep 2021, at 2:04 pm, 1klakla1 @.***> wrote:
肉翻前我最后用的两级服务器配置你参考着看吧,客户端-深圳-香港-(日本、美国、新加坡) sz的: { "policy": { "levels": { "1": { "bufferSize": 10240 } } }, "inbounds": [ { "sniffing": { "enabled": false, "destOverride": ["http", "tls"] }, "port": 10001, "protocol": "vmess", "settings": { "clients": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "alterId": 4 } ] }, "tag":"CHINA" }, { "port": 10002, "protocol": "vmess", "settings": { "clients": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "alterId": 4 } ] }, "tag": "EXCLOUD" }, { "port" : 10003, "protocol" : "shadowsocks", "settings": { "method": "chacha20-ietf-poly1305", "password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "ota": false, "network": "tcp,udp" }, "tag": "EXCLOUDSS" } ], "outbounds": [ { "protocol": "freedom", "settings": {}, "tag": "direct" }, { "protocol": "blackhole", "settings": {}, "tag": "blocked" }, { "mux" : { "concurrency" : 8, "enabled" : true }, "protocol": "vmess", "settings": { "vnext": [ { "users": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "172.31.1.43", "port" : 10002 } ] }, "streamSettings": { "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "ExCloudHK" }, { "mux" : { "concurrency" : 8, "enabled" : false }, "protocol": "vmess", "settings": { "vnext": [ { "users": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "172.123.111.121", "port" : 10086 } ] }, "streamSettings": { "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag" : "YK" } ], "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ { "type": "field", "inboundTag": ["EXCLOUD"], "outboundTag": "ExCloudHK" }, { "type": "field", "inboundTag": ["CHINA"], "outboundTag": "YK" }, { "type": "field", "inboundTag": ["EXCLOUDSS"], "outboundTag": "ExCloudHK" }, { "type": "field", "domain": [ "domain:amdc.m.taobao.com" ], "outboundTag": "YK" }, { "type": "field", "ip": [ "47.102.83.0/8", "106.11.209.0/8", "106.11.248.0/8", "203.119.217.0/8", "140.205.35.0/8" ], "outboundTag": "YK" }, { "type": "field", "domain": [ "geosite:cn" ], "outboundTag": "direct" } ] } } HK的: { "policy": { "levels": { "1": { "bufferSize": 10240 } } }, "inbounds": [ { "port": 10001, "protocol": "vmess", "settings": { "clients": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "alterId": 4 } ] }, "tag": "ExHK" }, { "port": 10002, "protocol": "vmess", "settings": { "clients": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "alterId": 4 } ] }, "tag": "SZ" }, { "port" : 10003, "protocol" : "shadowsocks", "settings": { "method": "chacha20-ietf-poly1305", "password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "ota": false, "network": "tcp,udp" } } ], "outbounds": [ { "protocol": "freedom", "settings": {} }, { "protocol": "blackhole", "settings": {}, "tag": "blocked" }, { "mux":{ "concurrency" :8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "172.xxx.xxx.xxx", "port": 10001 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "ExSZ" }, { "mux":{ "concurrency" :8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "172.xxx.xxx.xxx", "port": 10001 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "LinodeJP" }, { "mux" : { "concurrency" : 1, "enabled" : false }, "protocol" : "shadowsocks", "settings" : { "servers":[ { "port": 445, "password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "address": "103.xxx.xxx.xxx", "method": "chacha20-ietf-poly1305" } ] }, "tag" : "DMITOUTSS" }, { "mux":{ "concurrency" :8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "103.xxx.xxx.xxx", "port": 10002 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "DMITOUT" }, { "mux":{ "concurrency" : 8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "154.xxx.xxx.xxx", "port": 10006 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "LinodeUS" }, { "mux":{ "concurrency" : 8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "139.xxx.xxx.xxx", "port": 23740 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "LinodeSG" } ], "routing": { "rules": [ { "type": "field", "inboundTag": ["ExHK"], "outboundTag": "ExSZ" }, { "type": "field", "ip": ["geoip:cn"], "outboundTag": "ExSZ" }, { "type": "field", "domain": [ "geosite:cn", "kugou", "migu", "miguvideo", "qq", "taobao", "baidu", "cibntv", "iqiyi", "cmvideo", "youku", "ali", "mmstat" ], "outboundTag": "ExSZ" }, { "type": "field", "domain": [ "dmm.co.jp", "domain:xvideos.com", "domain:javtube.com", "domain:avgle.com", "domain:pornhd.vip", "jav" ], "outboundTag": "LinodeJP" }, { "type": "field", "domain": [ "formula1.com", "f1tv.formula1.com", "f1-prod-production.apigee.net", "f1tv-api.formula1.com", "app-measurement.com", "f1tv-images.formula1.com", "f1tv-livedata.formula1.com", "conviva.com", "f1tv-cdn-cent-live.formula1.com", "mobile-collector.newrelic.com", "domain:disneyplus.com", "domain:disney-plus.net", "domain:sentry.io", "domain:bamgrid.com", "domain:braze.com", "disneyplus", "disney-plus", "disney", "f1tv", "domain:iheart.com", "p14-buy.itunes.apple.com" ], "outboundTag": "LinodeUS" }, { "type": "field", "domain": [ "hbogoasia.com", "hbogoasia", "hbogo" ], "outboundTag": "LinodeSG" }, { "type": "field", "domain": [ "domain:nflxvideo.net", "domain:nflxso.net", "domain:netflix.com" ], "outboundTag": "DMITOUT" } ] } } Felix Sent from my iPhone On 10 Sep 2021, at 1:34 pm, 1klakla1 @.***> wrote: 这还是很老的config,还在用outbound Detour的语法。 现在都改了。当时ProxySetting 是只允许tcp协议,不允许别的。 所以转发有两种思路:1. 用proxySetting,各级服务端都是最基本的config,但是本机客户端要非常复杂的config;2. 不用proxySetting,而是让服务器每一级的outbound指向下一级服务器的inbound,这样就不局限于tcp。 过了很久了现在还有人这么玩吗? 我人肉翻墙后就没研究这些了 Felix Sent from my iPhone On 10 Sep 2021, at 1:25 pm, 1klakla1 @.> wrote: 当然测试过 Felix Sent from my iPhone On 10 Sep 2021, at 1:19 pm, 1klakla1 @.> wrote: 你这种设置测试过没有? 官方文档里面写到: 注意:如果你打算配置(动态)链式代理转发,应当明确几点: 性能。链式代理使用了多个节点,可能会造成延时、带宽等网络性能问题,并且客户端对每一个加解密的次数取决于代理链的长度,理论上也会有一定的影响。 安全。前文提到,代理转发会一定程度上提高安全性,但安全取决于最弱一环,并不意味着代理链越长就会越安全。如果你需要匿名,请考虑成熟的匿名方案。 另外,使用了代理转发 streamSettings 会失效,即只能是非 TLS、无 HTTP 伪装的 TCP 传输协议。 你的案例中,streamSettings 有TLS,也有PATH,这都属于官方文档中,明确说明会失效的。 这样配置下来,你的翻墙机(最后一链)是接受不了这个转发包的。没有TLS,PATH。 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#16https://github.com/ToutyRater/v2ray-guide/issues/16<#16https://github.com/ToutyRater/v2ray-guide/issues/16> (comment)<#16https://github.com/ToutyRater/v2ray-guide/issues/16 (comment)<#16 (comment)https://github.com/ToutyRater/v2ray-guide/issues/16#issuecomment-916599569>>>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOFZXZULFPKTSCDY5OUDUBF2KLANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. … … ____ 啊? 我看你翻墙机(最后一链),配置的是vmess+ws+tls的入站协议。 如果按照官方文档说明,tls,path这些参数是无法通过出站代理的代理机出站的啊。 这个怎么理解啊,大佬。有点迷惑。 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#16https://github.com/ToutyRater/v2ray-guide/issues/16 (comment)<#16 (comment)https://github.com/ToutyRater/v2ray-guide/issues/16#issuecomment-916601553>>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOF6KO4MVDJWGTGHHBP3UBF3DFANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. 羡慕大佬人肉翻墙! — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#16 (comment)https://github.com/ToutyRater/v2ray-guide/issues/16#issuecomment-916604021>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOF6QPXHB5OW2YIYOQVTUBF4DBANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
先谢谢大佬,不过我现在的问题是不能配置那个中转服务器。
我是打算用机场的节点代理我的翻墙机(流畅是国内客户端-机场节点-翻墙客户机)
翻墙机配置: { "outbounds": [ { "protocol": "vmess", "settings": { "vnext": [ { "address": "fanqiangji.com", "port": 18888, "users": [ { "id": "翻墙机UUID" } ] } ] }, "streamSettings": { "network": "ws", "security": "tls", "wsSettings": { "path": "/vmws" } }, "tag": "zhuanfa" } ] }
机场节点机(代理机配置,这个配置是无法修改的): { "outbounds": [ { "protocol": "vmess", "settings": { "vnext": [ { "address": "机场节点,代理机域名", "port": 机场节点,代理机端口, "users": [ { "alterId": 2, "id": "机场节点,代理机UUID", "security": "aes-128-gcm" } ] } ] }, "streamSettings": { "network": "ws", "tlsSettings": { "disableSystemRoot": false }, "wsSettings": { "path": "/video" }, "xtlsSettings": { "disableSystemRoot": false } }, "tag": "zhuanfa" } ] }
这两个机器服务器上不做任何配置修改的话,客户端可以实现链式转发的效果么? 然后国内客户端代码这样写对不对: { "outbounds": [ { "protocol": "vmess", "settings": { "vnext": [ { "address": "翻墙机域名", "port": 翻墙机端口, "users": [ { "id": "翻墙机UUID" } ] } ] }, "streamSettings": { "network": "ws", "security": "tls", "wsSettings": { "path": "/vmws" } }, "tag": "zhuanfa" //翻墙机和代理机标签保持一致 }, { "protocol": "vmess", "settings": { "vnext": [ { "address": "机场节点,代理机域名", "port": 机场节点,代理机端口, "users": [ { "alterId": 2, "id": "机场节点,代理机UUID", "security": "aes-128-gcm" } ] } ] }, "streamSettings": { "network": "ws", "tlsSettings": { "disableSystemRoot": false }, "wsSettings": { "path": "/video" }, "xtlsSettings": { "disableSystemRoot": false } }, "tag": "zhuanfa" //翻墙机和代理机标签保持一致 } ] }
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/ToutyRater/v2ray-guide/issues/16#issuecomment-916612585, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOF36P724YK3UA3FLQ6TUBF7ULANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
FattyboyN
commented
3 years ago 你的配置不对。参看https://guide.v2fly.org/advanced/outboundproxy.html
Felix Sent from my iPhone
On 10 Sep 2021, at 2:04 pm, 1klakla1 @.***> wrote:
肉翻前我最后用的两级服务器配置你参考着看吧,客户端-深圳-香港-(日本、美国、新加坡) sz的: { "policy": { "levels": { "1": { "bufferSize": 10240 } } }, "inbounds": [ { "sniffing": { "enabled": false, "destOverride": ["http", "tls"] }, "port": 10001, "protocol": "vmess", "settings": { "clients": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "alterId": 4 } ] }, "tag":"CHINA" }, { "port": 10002, "protocol": "vmess", "settings": { "clients": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "alterId": 4 } ] }, "tag": "EXCLOUD" }, { "port" : 10003, "protocol" : "shadowsocks", "settings": { "method": "chacha20-ietf-poly1305", "password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "ota": false, "network": "tcp,udp" }, "tag": "EXCLOUDSS" } ], "outbounds": [ { "protocol": "freedom", "settings": {}, "tag": "direct" }, { "protocol": "blackhole", "settings": {}, "tag": "blocked" }, { "mux" : { "concurrency" : 8, "enabled" : true }, "protocol": "vmess", "settings": { "vnext": [ { "users": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "172.31.1.43", "port" : 10002 } ] }, "streamSettings": { "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "ExCloudHK" }, { "mux" : { "concurrency" : 8, "enabled" : false }, "protocol": "vmess", "settings": { "vnext": [ { "users": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "172.123.111.121", "port" : 10086 } ] }, "streamSettings": { "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag" : "YK" } ], "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ { "type": "field", "inboundTag": ["EXCLOUD"], "outboundTag": "ExCloudHK" }, { "type": "field", "inboundTag": ["CHINA"], "outboundTag": "YK" }, { "type": "field", "inboundTag": ["EXCLOUDSS"], "outboundTag": "ExCloudHK" }, { "type": "field", "domain": [ "domain:amdc.m.taobao.com" ], "outboundTag": "YK" }, { "type": "field", "ip": [ "47.102.83.0/8", "106.11.209.0/8", "106.11.248.0/8", "203.119.217.0/8", "140.205.35.0/8" ], "outboundTag": "YK" }, { "type": "field", "domain": [ "geosite:cn" ], "outboundTag": "direct" } ] } } HK的: { "policy": { "levels": { "1": { "bufferSize": 10240 } } }, "inbounds": [ { "port": 10001, "protocol": "vmess", "settings": { "clients": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "alterId": 4 } ] }, "tag": "ExHK" }, { "port": 10002, "protocol": "vmess", "settings": { "clients": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "alterId": 4 } ] }, "tag": "SZ" }, { "port" : 10003, "protocol" : "shadowsocks", "settings": { "method": "chacha20-ietf-poly1305", "password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "ota": false, "network": "tcp,udp" } } ], "outbounds": [ { "protocol": "freedom", "settings": {} }, { "protocol": "blackhole", "settings": {}, "tag": "blocked" }, { "mux":{ "concurrency" :8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "172.xxx.xxx.xxx", "port": 10001 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "ExSZ" }, { "mux":{ "concurrency" :8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "172.xxx.xxx.xxx", "port": 10001 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "LinodeJP" }, { "mux" : { "concurrency" : 1, "enabled" : false }, "protocol" : "shadowsocks", "settings" : { "servers":[ { "port": 445, "password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "address": "103.xxx.xxx.xxx", "method": "chacha20-ietf-poly1305" } ] }, "tag" : "DMITOUTSS" }, { "mux":{ "concurrency" :8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "103.xxx.xxx.xxx", "port": 10002 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "DMITOUT" }, { "mux":{ "concurrency" : 8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "154.xxx.xxx.xxx", "port": 10006 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "LinodeUS" }, { "mux":{ "concurrency" : 8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "139.xxx.xxx.xxx", "port": 23740 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "LinodeSG" } ], "routing": { "rules": [ { "type": "field", "inboundTag": ["ExHK"], "outboundTag": "ExSZ" }, { "type": "field", "ip": ["geoip:cn"], "outboundTag": "ExSZ" }, { "type": "field", "domain": [ "geosite:cn", "kugou", "migu", "miguvideo", "qq", "taobao", "baidu", "cibntv", "iqiyi", "cmvideo", "youku", "ali", "mmstat" ], "outboundTag": "ExSZ" }, { "type": "field", "domain": [ "dmm.co.jp", "domain:xvideos.com", "domain:javtube.com", "domain:avgle.com", "domain:pornhd.vip", "jav" ], "outboundTag": "LinodeJP" }, { "type": "field", "domain": [ "formula1.com", "f1tv.formula1.com", "f1-prod-production.apigee.net", "f1tv-api.formula1.com", "app-measurement.com", "f1tv-images.formula1.com", "f1tv-livedata.formula1.com", "conviva.com", "f1tv-cdn-cent-live.formula1.com", "mobile-collector.newrelic.com", "domain:disneyplus.com", "domain:disney-plus.net", "domain:sentry.io", "domain:bamgrid.com", "domain:braze.com", "disneyplus", "disney-plus", "disney", "f1tv", "domain:iheart.com", "p14-buy.itunes.apple.com" ], "outboundTag": "LinodeUS" }, { "type": "field", "domain": [ "hbogoasia.com", "hbogoasia", "hbogo" ], "outboundTag": "LinodeSG" }, { "type": "field", "domain": [ "domain:nflxvideo.net", "domain:nflxso.net", "domain:netflix.com" ], "outboundTag": "DMITOUT" } ] } } Felix Sent from my iPhone On 10 Sep 2021, at 1:34 pm, 1klakla1 @.***> wrote: 这还是很老的config,还在用outbound Detour的语法。 现在都改了。当时ProxySetting 是只允许tcp协议,不允许别的。 所以转发有两种思路:1. 用proxySetting,各级服务端都是最基本的config,但是本机客户端要非常复杂的config;2. 不用proxySetting,而是让服务器每一级的outbound指向下一级服务器的inbound,这样就不局限于tcp。 过了很久了现在还有人这么玩吗? 我人肉翻墙后就没研究这些了 Felix Sent from my iPhone On 10 Sep 2021, at 1:25 pm, 1klakla1 @.> wrote: 当然测试过 Felix Sent from my iPhone On 10 Sep 2021, at 1:19 pm, 1klakla1 @.> wrote: 你这种设置测试过没有? 官方文档里面写到: 注意:如果你打算配置(动态)链式代理转发,应当明确几点: 性能。链式代理使用了多个节点,可能会造成延时、带宽等网络性能问题,并且客户端对每一个加解密的次数取决于代理链的长度,理论上也会有一定的影响。 安全。前文提到,代理转发会一定程度上提高安全性,但安全取决于最弱一环,并不意味着代理链越长就会越安全。如果你需要匿名,请考虑成熟的匿名方案。 另外,使用了代理转发 streamSettings 会失效,即只能是非 TLS、无 HTTP 伪装的 TCP 传输协议。 你的案例中,streamSettings 有TLS,也有PATH,这都属于官方文档中,明确说明会失效的。 这样配置下来,你的翻墙机(最后一链)是接受不了这个转发包的。没有TLS,PATH。 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#16https://github.com/ToutyRater/v2ray-guide/issues/16<#16https://github.com/ToutyRater/v2ray-guide/issues/16> (comment)<#16https://github.com/ToutyRater/v2ray-guide/issues/16 (comment)<#16 (comment)https://github.com/ToutyRater/v2ray-guide/issues/16#issuecomment-916599569>>>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOFZXZULFPKTSCDY5OUDUBF2KLANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. … … ____ 啊? 我看你翻墙机(最后一链),配置的是vmess+ws+tls的入站协议。 如果按照官方文档说明,tls,path这些参数是无法通过出站代理的代理机出站的啊。 这个怎么理解啊,大佬。有点迷惑。 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#16https://github.com/ToutyRater/v2ray-guide/issues/16 (comment)<#16 (comment)https://github.com/ToutyRater/v2ray-guide/issues/16#issuecomment-916601553>>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOF6KO4MVDJWGTGHHBP3UBF3DFANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. 羡慕大佬人肉翻墙! — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#16 (comment)https://github.com/ToutyRater/v2ray-guide/issues/16#issuecomment-916604021>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOF6QPXHB5OW2YIYOQVTUBF4DBANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
先谢谢大佬,不过我现在的问题是不能配置那个中转服务器。
我是打算用机场的节点代理我的翻墙机(流畅是国内客户端-机场节点-翻墙客户机)
翻墙机配置: { "outbounds": [ { "protocol": "vmess", "settings": { "vnext": [ { "address": "fanqiangji.com", "port": 18888, "users": [ { "id": "翻墙机UUID" } ] } ] }, "streamSettings": { "network": "ws", "security": "tls", "wsSettings": { "path": "/vmws" } }, "tag": "zhuanfa" } ] }
机场节点机(代理机配置,这个配置是无法修改的): { "outbounds": [ { "protocol": "vmess", "settings": { "vnext": [ { "address": "机场节点,代理机域名", "port": 机场节点,代理机端口, "users": [ { "alterId": 2, "id": "机场节点,代理机UUID", "security": "aes-128-gcm" } ] } ] }, "streamSettings": { "network": "ws", "tlsSettings": { "disableSystemRoot": false }, "wsSettings": { "path": "/video" }, "xtlsSettings": { "disableSystemRoot": false } }, "tag": "zhuanfa" } ] }
这两个机器服务器上不做任何配置修改的话,客户端可以实现链式转发的效果么? 然后国内客户端代码这样写对不对: { "outbounds": [ { "protocol": "vmess", "settings": { "vnext": [ { "address": "翻墙机域名", "port": 翻墙机端口, "users": [ { "id": "翻墙机UUID" } ] } ] }, "streamSettings": { "network": "ws", "security": "tls", "wsSettings": { "path": "/vmws" } }, "tag": "zhuanfa" //翻墙机和代理机标签保持一致 }, { "protocol": "vmess", "settings": { "vnext": [ { "address": "机场节点,代理机域名", "port": 机场节点,代理机端口, "users": [ { "alterId": 2, "id": "机场节点,代理机UUID", "security": "aes-128-gcm" } ] } ] }, "streamSettings": { "network": "ws", "tlsSettings": { "disableSystemRoot": false }, "wsSettings": { "path": "/video" }, "xtlsSettings": { "disableSystemRoot": false } }, "tag": "zhuanfa" //翻墙机和代理机标签保持一致 } ] }
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/ToutyRater/v2ray-guide/issues/16#issuecomment-916612585, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOF36P724YK3UA3FLQ6TUBF7ULANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
1klakla1
commented
3 years ago 你的配置不对。参看https://guide.v2fly.org/advanced/outboundproxy.html Felix Sent from my iPhone On 10 Sep 2021, at 2:04 pm, 1klakla1 @.> wrote: 肉翻前我最后用的两级服务器配置你参考着看吧,客户端-深圳-香港-(日本、美国、新加坡) sz的: { "policy": { "levels": { "1": { "bufferSize": 10240 } } }, "inbounds": [ { "sniffing": { "enabled": false, "destOverride": ["http", "tls"] }, "port": 10001, "protocol": "vmess", "settings": { "clients": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "alterId": 4 } ] }, "tag":"CHINA" }, { "port": 10002, "protocol": "vmess", "settings": { "clients": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "alterId": 4 } ] }, "tag": "EXCLOUD" }, { "port" : 10003, "protocol" : "shadowsocks", "settings": { "method": "chacha20-ietf-poly1305", "password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "ota": false, "network": "tcp,udp" }, "tag": "EXCLOUDSS" } ], "outbounds": [ { "protocol": "freedom", "settings": {}, "tag": "direct" }, { "protocol": "blackhole", "settings": {}, "tag": "blocked" }, { "mux" : { "concurrency" : 8, "enabled" : true }, "protocol": "vmess", "settings": { "vnext": [ { "users": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "172.31.1.43", "port" : 10002 } ] }, "streamSettings": { "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "ExCloudHK" }, { "mux" : { "concurrency" : 8, "enabled" : false }, "protocol": "vmess", "settings": { "vnext": [ { "users": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "172.123.111.121", "port" : 10086 } ] }, "streamSettings": { "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag" : "YK" } ], "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ { "type": "field", "inboundTag": ["EXCLOUD"], "outboundTag": "ExCloudHK" }, { "type": "field", "inboundTag": ["CHINA"], "outboundTag": "YK" }, { "type": "field", "inboundTag": ["EXCLOUDSS"], "outboundTag": "ExCloudHK" }, { "type": "field", "domain": [ "domain:amdc.m.taobao.com" ], "outboundTag": "YK" }, { "type": "field", "ip": [ "47.102.83.0/8", "106.11.209.0/8", "106.11.248.0/8", "203.119.217.0/8", "140.205.35.0/8" ], "outboundTag": "YK" }, { "type": "field", "domain": [ "geosite:cn" ], "outboundTag": "direct" } ] } } HK的: { "policy": { "levels": { "1": { "bufferSize": 10240 } } }, "inbounds": [ { "port": 10001, "protocol": "vmess", "settings": { "clients": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "alterId": 4 } ] }, "tag": "ExHK" }, { "port": 10002, "protocol": "vmess", "settings": { "clients": [ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "alterId": 4 } ] }, "tag": "SZ" }, { "port" : 10003, "protocol" : "shadowsocks", "settings": { "method": "chacha20-ietf-poly1305", "password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "level": 1, "ota": false, "network": "tcp,udp" } } ], "outbounds": [ { "protocol": "freedom", "settings": {} }, { "protocol": "blackhole", "settings": {}, "tag": "blocked" }, { "mux":{ "concurrency" :8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "172.xxx.xxx.xxx", "port": 10001 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "ExSZ" }, { "mux":{ "concurrency" :8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "172.xxx.xxx.xxx", "port": 10001 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "LinodeJP" }, { "mux" : { "concurrency" : 1, "enabled" : false }, "protocol" : "shadowsocks", "settings" : { "servers":[ { "port": 445, "password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "address": "103.xxx.xxx.xxx", "method": "chacha20-ietf-poly1305" } ] }, "tag" : "DMITOUTSS" }, { "mux":{ "concurrency" :8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "103.xxx.xxx.xxx", "port": 10002 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "DMITOUT" }, { "mux":{ "concurrency" : 8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "154.xxx.xxx.xxx", "port": 10006 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "LinodeUS" }, { "mux":{ "concurrency" : 8, "enabled": false }, "protocol": "vmess", "settings": { "vnext": [ { "users":[ { "id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "alterId": 4, "security": "none" } ], "address": "139.xxx.xxx.xxx", "port": 23740 } ] }, "streamSettings":{ "security": "none", "tcpSettings": { "header": { "type" : "none" } }, "network": "tcp", "tlsSettings": { "allowInsecure": true } }, "tag": "LinodeSG" } ], "routing": { "rules": [ { "type": "field", "inboundTag": ["ExHK"], "outboundTag": "ExSZ" }, { "type": "field", "ip": ["geoip:cn"], "outboundTag": "ExSZ" }, { "type": "field", "domain": [ "geosite:cn", "kugou", "migu", "miguvideo", "qq", "taobao", "baidu", "cibntv", "iqiyi", "cmvideo", "youku", "ali", "mmstat" ], "outboundTag": "ExSZ" }, { "type": "field", "domain": [ "dmm.co.jp", "domain:xvideos.com", "domain:javtube.com", "domain:avgle.com", "domain:pornhd.vip", "jav" ], "outboundTag": "LinodeJP" }, { "type": "field", "domain": [ "formula1.com", "f1tv.formula1.com", "f1-prod-production.apigee.net", "f1tv-api.formula1.com", "app-measurement.com", "f1tv-images.formula1.com", "f1tv-livedata.formula1.com", "conviva.com", "f1tv-cdn-cent-live.formula1.com", "mobile-collector.newrelic.com", "domain:disneyplus.com", "domain:disney-plus.net", "domain:sentry.io", "domain:bamgrid.com", "domain:braze.com", "disneyplus", "disney-plus", "disney", "f1tv", "domain:iheart.com", "p14-buy.itunes.apple.com" ], "outboundTag": "LinodeUS" }, { "type": "field", "domain": [ "hbogoasia.com", "hbogoasia", "hbogo" ], "outboundTag": "LinodeSG" }, { "type": "field", "domain": [ "domain:nflxvideo.net", "domain:nflxso.net", "domain:netflix.com" ], "outboundTag": "DMITOUT" } ] } } Felix Sent from my iPhone On 10 Sep 2021, at 1:34 pm, 1klakla1 @.> wrote: 这还是很老的config,还在用outbound Detour的语法。 现在都改了。当时ProxySetting 是只允许tcp协议,不允许别的。 所以转发有两种思路:1. 用proxySetting,各级服务端都是最基本的config,但是本机客户端要非常复杂的config;2. 不用proxySetting,而是让服务器每一级的outbound指向下一级服务器的inbound,这样就不局限于tcp。 过了很久了现在还有人这么玩吗? 我人肉翻墙后就没研究这些了 Felix Sent from my iPhone On 10 Sep 2021, at 1:25 pm, 1klakla1 @.> wrote: 当然测试过 Felix Sent from my iPhone On 10 Sep 2021, at 1:19 pm, 1klakla1 @.> wrote: 你这种设置测试过没有? 官方文档里面写到: 注意:如果你打算配置(动态)链式代理转发,应当明确几点: 性能。链式代理使用了多个节点,可能会造成延时、带宽等网络性能问题,并且客户端对每一个加解密的次数取决于代理链的长度,理论上也会有一定的影响。 安全。前文提到,代理转发会一定程度上提高安全性,但安全取决于最弱一环,并不意味着代理链越长就会越安全。如果你需要匿名,请考虑成熟的匿名方案。 另外,使用了代理转发 streamSettings 会失效,即只能是非 TLS、无 HTTP 伪装的 TCP 传输协议。 你的案例中,streamSettings 有TLS,也有PATH,这都属于官方文档中,明确说明会失效的。 这样配置下来,你的翻墙机(最后一链)是接受不了这个转发包的。没有TLS,PATH。 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#16<#16><#16https://github.com/ToutyRater/v2ray-guide/issues/16> (comment)<#16<#16> (comment)<#16 (comment)<#16 (comment)>>>>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOFZXZULFPKTSCDY5OUDUBF2KLANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. … … … ____ 啊? 我看你翻墙机(最后一链),配置的是vmess+ws+tls的入站协议。 如果按照官方文档说明,tls,path这些参数是无法通过出站代理的代理机出站的啊。 这个怎么理解啊,大佬。有点迷惑。 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#16<#16> (comment)<#16 (comment)<#16 (comment)>>>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOF6KO4MVDJWGTGHHBP3UBF3DFANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. 羡慕大佬人肉翻墙! — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#16 (comment)<#16 (comment)>>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOF6QPXHB5OW2YIYOQVTUBF4DBANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. ____ 先谢谢大佬,不过我现在的问题是不能配置那个中转服务器。 我是打算用机场的节点代理我的翻墙机(流畅是国内客户端-机场节点-翻墙客户机) 翻墙机配置: { "outbounds": [ { "protocol": "vmess", "settings": { "vnext": [ { "address": "fanqiangji.com", "port": 18888, "users": [ { "id": "翻墙机UUID" } ] } ] }, "streamSettings": { "network": "ws", "security": "tls", "wsSettings": { "path": "/vmws" } }, "tag": "zhuanfa" } ] } 机场节点机(代理机配置,这个配置是无法修改的): { "outbounds": [ { "protocol": "vmess", "settings": { "vnext": [ { "address": "机场节点,代理机域名", "port": 机场节点,代理机端口, "users": [ { "alterId": 2, "id": "机场节点,代理机UUID", "security": "aes-128-gcm" } ] } ] }, "streamSettings": { "network": "ws", "tlsSettings": { "disableSystemRoot": false }, "wsSettings": { "path": "/video" }, "xtlsSettings": { "disableSystemRoot": false } }, "tag": "zhuanfa" } ] } ____ 这两个机器服务器上不做任何配置修改的话,客户端可以实现链式转发的效果么? 然后国内客户端代码这样写对不对: { "outbounds": [ { "protocol": "vmess", "settings": { "vnext": [ { "address": "翻墙机域名", "port": 翻墙机端口, "users": [ { "id": "翻墙机UUID" } ] } ] }, "streamSettings": { "network": "ws", "security": "tls", "wsSettings": { "path": "/vmws" } }, "tag": "zhuanfa" //翻墙机和代理机标签保持一致 }, { "protocol": "vmess", "settings": { "vnext": [ { "address": "机场节点,代理机域名", "port": 机场节点,代理机端口, "users": [ { "alterId": 2, "id": "机场节点,代理机UUID", "security": "aes-128-gcm" } ] } ] }, "streamSettings": { "network": "ws", "tlsSettings": { "disableSystemRoot": false }, "wsSettings": { "path": "/video" }, "xtlsSettings": { "disableSystemRoot": false } }, "tag": "zhuanfa" //翻墙机和代理机标签保持一致 } ] } — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#16 (comment)>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOF36P724YK3UA3FLQ6TUBF7ULANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
我自己写的那个配置就是参看这个写的。。囧
1klakla1
commented
3 years ago v2fly 代理转发配置案例里面是没有关于节点TLS+WS的配置项的,所以我给加上了。 但是模板是套用的官方第一个模板
FattyboyN
commented
3 years ago 那你这样能通吗?能通就行
Felix Sent from my iPhone
On 10 Sep 2021, at 2:33 pm, 1klakla1 @.***> wrote:
v2fly 代理转发配置案例里面是没有关于节点TLS+WS的配置项的,所以我给加上了。 但是模板是套用的官方第一个模板
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/ToutyRater/v2ray-guide/issues/16#issuecomment-916623589, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOF4VRO2J6HG2QICNGW3UBGDCNANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
1klakla1
commented
3 years ago 那你这样能通吗?能通就行 Felix Sent from my iPhone On 10 Sep 2021, at 2:33 pm, 1klakla1 @.***> wrote: v2fly 代理转发配置案例里面是没有关于节点TLS+WS的配置项的,所以我给加上了。 但是模板是套用的官方第一个模板 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#16 (comment)>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOF4VRO2J6HG2QICNGW3UBGDCNANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
还没去测试,没搞明白怎么添加到客户端呢。嘿嘿
1klakla1
commented
3 years ago 我再继续研究研究,先谢谢大佬!
plumn
commented
2 years ago 感谢大佬分享,我之前用的vmess链式中转和您肉身出国前的配置一样,现在使用vless后貌似落地鸡vless接收不了中转机outbound发出的vless流量,日志最后一步到落地鸡nginx的日志访问对应path返回400 error.也就是传到落地鸡的流量不是vless协议能识别的,不知道中转机的outbound该如何正确配置出站vless数据,改回vmess一切正常
FattyboyN
commented
2 years ago 提交issue给开发者。
Felix Sent from my iPhone
On 10 Jan 2022, at 6:16 am, plumn @.***> wrote:
感谢大佬分享,我之前用的vmess链式中转和您肉身出国前的配置一样,现在使用vless后貌似落地鸡vless接收不了中转机outbound发出的vless流量,日志最后一步到落地鸡nginx的日志访问对应path返回400 error.也就是传到落地鸡的流量不是vless协议能识别的,不知道中转机的outbound该如何正确配置出站vless数据,改回vmess一切正常
— Reply to this email directly, view it on GitHubhttps://github.com/ToutyRater/v2ray-guide/issues/16#issuecomment-1008357572, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJ7OOF5AYMWUCCKRVEDACS3UVHNG7ANCNFSM4FM3CIDA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you were mentioned.Message ID: @.***>
izeroo
commented
2 years ago 请问Vmess inbound转发到trojan outbound是不支持的么?PC通过vmess连中转服务器,中转服务器分流国外IP到trojan代理服务器,国内IP可以正常使用,国外IP error.log里一直报错 中转服务器→代理服务器connection reset by peer
paulwg128
commented
4 months ago 請高手多多指點 [客户端 <-> 中转服务器 <-> 無公網 IP的 x-ui 翻墙服务器]
config.json 檔案要怎樣配置 ;使客户端在外網聯到無公網 IP的 x-ui 翻墙服务器 ?
V2Ray中转(链式代理)教程 V2Ray的链式代理主要分为两大类:
在此模型下,需要依次对每一台安装了V2ray的中转服务器端config.json进行修改,使得其outbound指向下一级中转服务器,中转服务器V2Ray的Protocol可以是shadowsocks或者Vmess(TCP,Websocket,MKCP,以及HTTP/2)。
举一个例子,“客户端 <-> 中转服务器1 <-> 翻墙服务器”,假设中转服务器1和翻墙服务器都采用WS+TLS+Caddy反代,中转服务器1和翻墙服务器都有真实的的域名和网页内容,下面是中转服务器1的服务端配置: config.json { "inbound": { "listen":"127.0.0.1", "port": 443, "protocol": "vmess", "settings": { "udp": true, "clients": [ { "id": "中转服务器1的用户UUID", "alterId": 64 } ] }, "streamSettings": { "network":"ws", "wsSettings":{ "path":"/ray01"//中转服务器1的path } } }, "outbound" : { "mux" : { "concurrency" : 8, "enabled" : true }, "protocol" : "vmess", "settings" : { "vnext" : [ { "users" : [ { "id" : "翻墙服务器的用户UUID", "alterId" : 64, "security" : "auto" } ], "address" : "翻墙服务器的域名", "port" : 443 } ] }, "streamSettings" : { "security" : "tls", "wsSettings" : { "headers" : { "Host" : "翻墙服务器的域名"//注意,是翻墙服务器的域名 }, "path" : "ray02"//翻墙服务器的path }, "network" : "ws", "tlsSettings" : { "allowInsecure" : false, "serverName" : "翻墙服务器的域名" } } }, "inboundDetour": [], "outboundDetour": [ { "protocol": "blackhole", "settings": {}, "tag": "blocked" } ], "routing": { "strategy": "rules", "settings": { "rules": [ { "type": "field", "ip": [ "0.0.0.0/8", "10.0.0.0/8", "100.64.0.0/10", "127.0.0.0/8", "169.254.0.0/16", "172.16.0.0/12", "192.0.0.0/24", "192.0.2.0/24", "192.168.0.0/16", "198.18.0.0/15", "198.51.100.0/24", "203.0.113.0/24", "::1/128", "fc00::/7", "fe80::/10" ], "outboundTag": "blocked" } ] } } } 这样当客户端发送请求到中转服务器1的inbound,被中转服务器outbound到翻墙服务器去,形成了链式转发。上述例子中用的是WS+TLS,换成http/2也是成立的,但要把相应的配置都改成http/2的。 翻墙服务器的服务端配置不在此给出了,可以自行去查找相应的教程。 这种链式转发的优点是所有配置都在服务端,客户端看到的只是到中转服务器1的信息,适合机场管理员采用;但是缺点是要在中转服务器1里留下翻墙服务器的信息,如果中转服务器是国内vps提供商,存在被明文发现的隐患。
2.通过客户端配置,由客户端判定中转路径,直到最终到达翻墙服务器。 链路逻辑如下: 客户端 <-> 中转服务器1 <-> 中转服务器2 <-> 中转服务器3 ... <-> 中转服务器n <-> 翻墙服务器 <-> 目标网站 V2Ray本身自带Vmess TCP的链式转发。请参考官方教程的proxySettings{}函数。下面仅给出一个完整的客户端配置例子参考: config.json { "inbound" : { "port" : 8081, "listen" : "127.0.0.1", "protocol" : "http", "settings" : {
}, "inboundDetour" : [ { "domainOverride" : [ "http", "tls" ], "port" : 1080, "listen" : "127.0.0.1", "protocol" : "socks", "settings" : { "auth" : "noauth", "udp" : true } } ], "outbound" : { "mux" : { "concurrency" : 8, "enabled" : true }, "protocol" : "vmess", "settings" : { "vnext" : [ { "users" : [ { "id" : "翻墙服务器的用户UUID", "alterId" : 64, "security" : "auto" } ], "address" : "翻墙服务器的ip", "port" : 443 } ] }, "streamSettings" : { "security" : "auto", "tcpSettings" : { "header" : { "type" : "none" } }, "network" : "tcp",//这里一定是tcp,因为proxySettings函数仅支持tcp,如果是别的协议,要通过其他方法中转 "tlsSettings" : { "allowInsecure" : true } }, "tag" : "proxy",//outboundTag是proxy,下面分流要用到 "proxySettings" : { "tag" : "transit"//这个tag名字必须和下面的outboundDetour里的中转服务器的tag一致 }//这里调用proxySettings函数,白话翻译过来就是告诉客户端,要想访问outbound里设置的翻墙服务器,先去找proxySetting里定义的“transit”服务器,“transit”服务器是什么?在哪儿?去下面的outboundDetour找:) }, "outboundDetour" : [ { "protocol" : "blackhole", "settings" : {
], "dns" : { "servers" : [ "223.5.5.5", "8.8.8.8" ] }, "routing" : { "settings" : { "rules" : [ { "type" : "field", "domain" : [ "dropbox", "github", "google", "instagram", "tumblr", "twitter", "domain:facebook.com", "domain:youtube.com", "domain:google.com" ],//依照个人爱好添加删减 "outboundTag" : "proxy" }, { "type" : "field", "ip" : [ "125.209.222.0\/24", "149.154.167.0\/24", "149.154.175.0\/24", "91.108.56.0\/24" ],//telegram的服务器地址:) "outboundTag" : "proxy" }, { "type" : "field", "domain" : [ "geosite:cn" ], "outboundTag" : "direct" }, { "type" : "field", "ip" : [ "geoip:cn", "geoip:private" ], "outboundTag" : "direct" }, { "type" : "field", "domain" : [ "domain:doubleclick.net" ], "outboundTag" : "block" } ], "domainStrategy" : "AsIs" }, "strategy" : "rules" } } 上述例子实现了“客户端 <-> 中转服务器1 <-> 翻墙服务器”的路径,但是要求翻墙服务器必须采用Vmess TCP,如果有多级转发,依次在outboundDetour里加入下一级的转发服务器信息,但记住,真正的翻墙服务器信息一定写在outbound里。
那么问题来了,对于翻墙服务器不是Vmess TCP协议的,该如何转发呢?这时候我们需要用到V2Ray的dokodemo-door协议。它支持shadowsocks, Vmess(websocket, http/2,kcp)的链式代理。 基本逻辑思路就是在客户端本机回环地址127.0.0.1建立一个dokodemo-door监听端口,将所有的客户端inbound(包括inboundDetour)收到的信息通过客户端outbound发送到这个任意门监听端口,由任意门再发往下一级中转服务器。 下面的例子是按照“客户端 <-> 中转服务器1 <-> 中转服务器2 <-> 翻墙服务器”的路径,其中翻墙服务器采用了WS+TLS+Caddy,中转服务器1和中转服务器2都是默认的V2Ray安装。 config.json { "inbound" : { "domainOverride" : [ "http", "tls" ], "port" : 8081, "listen" : "127.0.0.1", "protocol" : "http", "settings" : { "allowTransparent" : true } },//主传入http "outbound" : { "mux" : { "concurrency" : 8, "enabled" : true }, "protocol" : "vmess", "settings" : { "vnext" : [ { "users" : [ { "id" : "翻墙服务器的用户UUID", "alterId" : 64, "security" : "auto" } ], "address" : "127.0.0.1",//这里一定要填写本机回环地址,就是将翻墙服务器的用户UUID,alterID和加密方式要发送到dokodemo-door去 "port" : 50001//这个端口和下面的dokodemo-door监听端口保持一致 } ] }, "streamSettings" : { "security" : "tls", "wsSettings" : { "headers" : { "Host" : "翻墙服务器的域名" }, "path" : "\/ray" }, "network" : "ws",//本例子采用websocket+tls+caddy作为翻墙服务器的配置 "tlsSettings" : { "allowInsecure" : false, "serverName" : "翻墙服务器的域名" } }, "tag" : "proxy" }, "inboundDetour" : [ { "port" : 50001,//在端口50001建立一个任意门监听端口,和上面outbound的端口保持一致 "listen" : "127.0.0.1",//监听本机回环地址 "protocol" : "dokodemo-door", "settings" : { "port" : 443,//这个端口就不能乱改了,设为443是因为本教程所有的翻墙服务器都有真实的域名和真实的证书,有真实的网站伪装。 "network" : "tcp, udp",//同时监听tcp和udp "address" : "翻墙服务器的域名" },//在dokodemo-door里要定义真正的翻墙服务器的端口和地址,这里地址采用了域名。 "tag" : "bridge"//桥接tag,可以随意起名字,但和后面要保持一致 }, { "port" : 1081, "listen" : "127.0.0.1", "protocol" : "socks", "settings" : { "auth" : "noauth", "timeout" : 0, "udp" : true } }//额外传入socks ], "outboundDetour" : [ { "protocol" : "vmess", "settings" : { "vnext" : [ { "users" : [ { "id" : "中转服务器1的用户UUID", "alterId" : 64 } ], "address" : "中转服务器1的ip地址", "port" : 443 } ] }, "tag" : "transit1"//中转服务器1的标识 }, { "protocol" : "vmess", "settings" : { "vnext" : [ { "users" : [ { "id" : "中转服务器2的用户UUID", "alterId" : 64 } ], "address" : "中转服务器2的ip地址", "port" : 443 } ] }, "tag" : "transit2",//中转服务器2的标识 "proxySettings" : { "tag" : "transit1" }//对,这里要用到proxySettings函数,无论翻墙服务器采用哪种协议,中转服务器1、2...n之间用tcp协议传输;这里白话翻译过来就是:“要想访问transit2,先去找transit1中转” }, { "protocol" : "blackhole", "settings" : {
], "dns" : { "servers" : [ "1.1.1.1", "223.5.5.5", "8.8.8.8", "119.29.29.29", "114.114.114.114" ] }, "routing" : { "settings" : { "rules" : [ { "type" : "field", "inboundTag" : [ "bridge" ],//将inboundTag “bridge”绑定到outboundTag “transit2”上 "outboundTag" : "transit2"//将dokodemo-door监听到的信息发送给transit2服务器,这里一定是transit2,如果有n个转发服务器,这里一定是最后一个transitn },//这是逻辑最绕的一部分。白话说就是 “客户端手上拿了个苹果交给主传入,主传入又把苹果交给主传出(本机回环127.0.0.1的50001端口),苹果在本机回环的50001端口被dokodemo-door抢走(监听)并要送给transit2,但是transit2说必须先把苹果先交给transit1(proxySettings的设置),由transit1把苹果给transit2.... { "type" : "field", "domain" : [ "dropbox", "github", "google", "tumblr", "twitter", "domain:facebook.com", "domain:youtube.com", "domain:twitter.com" ], "outboundTag" : "proxy" }, { "type" : "field", "ip" : [ "125.209.222.0\/24", "149.154.167.0\/24", "149.154.175.0\/24", "91.108.56.0\/24" ], "outboundTag" : "proxy" }, { "type" : "field", "domain" : [ "geosite:cn" ], "outboundTag" : "direct" }, { "type" : "field", "ip" : [ "geoip:cn", "geoip:private" ], "outboundTag" : "direct" }, { "type" : "field", "ip" : [ "192.168.1.0\/24", "192.168.0.0\/24" ], "outboundTag" : "direct" }, { "type" : "field", "domain" : [ "domain:doubleclick.net" ], "outboundTag" : "block" } ], "domainStrategy" : "AsIs" }, "strategy" : "rules" } } 下面再给出一个类似的例子,依旧实现“客户端 <-> 中转服务器1 <-> 中转服务器2 <-> 翻墙服务器”的路径,只不过翻墙服务器换成http/2的。 config.json { "log" : { "access" : "", "loglevel" : "none", "error" : "" }, "inboundDetour" : [ { "port" : 50001, "listen" : "127.0.0.1", "protocol" : "dokodemo-door", "settings" : { "port" : 443, "network" : "tcp,udp", "address" : "翻墙服务器的域名" }, "tag" : "bridge" }, { "port" : 1080, "listen" : "127.0.0.1", "protocol" : "socks", "settings" : { "auth" : "noauth", "timeout" : 0, "udp" : true } } ], "outboundDetour" : [ { "protocol" : "vmess", "settings" : { "vnext" : [ { "users" : [ { "id" : "中转服务器1的用户UUID", "alterId" : 64 } ], "address" : "中转服务器1的ip地址", "port" : 443 } ] }, "tag" : "transit1" }, { "protocol" : "vmess", "settings" : { "vnext" : [ { "users" : [ { "id" : "中转服务器2的用户UUID", "alterId" : 64 } ], "address" : "中转服务器2的ip地址", "port" : 443 } ] }, "tag" : "transi2", "proxySettings" : { "tag" : "transit1" }
[ ] },
{ "protocol" : "freedom", "settings" : {
}, "tag" : "direct" }, { "protocol" : "blackhole", "settings" : {
}, "tag" : "block" } ], "dns" : { "servers" : [ "223.5.5.5", "8.8.8.8", "1.1.1.1", "119.29.29.29", "114.114.114.114" ] }, "inbound" : { "port" : 8081, "listen" : "127.0.0.1", "protocol" : "http", "settings" : { "allowTransparent" : true, "timeout" : 360 } }, "outbound" : { "mux": { "concurrency": 8, "enabled": true }, "protocol" : "vmess", "settings" : { "vnext" : [ { "users" : [ { "id" : "翻墙服务器的用户UUID", "alterId" : 64, "security": "auto" } ], "address" : "127.0.0.1", "port" : 50001 } ] }, "streamSettings" : { "security" : "tls", "httpSettings" : { "path" : "\/rayhttp2",//翻墙服务器http2的path "host" : [ "翻墙服务器的域名" ] }, "network" : "h2",//http2 "tlsSettings" : { "serverName" : "翻墙服务器的域名", "allowInsecure" : false }//这里一定要有tlsSettings,serverName要填写翻墙服务器的域名,否则http/2连不通 }, "tag" : "proxy" }, "routing" : { "settings" : { "rules" : [ { "type" : "field", "inboundTag" : [ "bridge" ], "outboundTag" : "transit2" }, { "type" : "field", "domain" : [ "domain:doubleclick.net" ], "outboundTag" : "block" }, { "type" : "field", "ip" : [ "149.154.167.0\/24", "149.154.175.0\/24", "91.108.56.0\/24", "125.209.222.0\/24" ], "outboundTag" : "proxy" }, { "type" : "field", "domain" : [ "twitter", "domain:twimg.com", "domain:t.co", "google", "domain:xvideos.com"//:) ], "outboundTag" : "proxy" }, { "type" : "field", "ip" : [ "geoip:cn", "geoip:private" ], "outboundTag" : "direct" }, { "type" : "field", "domain" : [ "geosite:cn" ], "outboundTag" : "direct" } ], "domainStrategy" : "AsIs" }, "strategy" : "rules" } } 这类在客户端配置实现多级中转(链式代理)的优点在于一旦服务器安装好V2Ray就不需要再动服务器了,所有信息都在本地,除非你手机丢了,别人看不到你其他服务器的信息。一旦链路上任何一个服务器出现故障,可以随意丢弃,修改本地客户端的配置即可。 小结:上面介绍了两大类V2Ray中转的思路。由于中转并不是大众需求,也不可能提供一键部署,还请各位自己对照着实践一下,有问题先尝试自己解决,实在解决不了到Project V的电报群里沟通。