vless+tls+ws

[karafen]

Hi guys! Recently there was a problem with connecting the xray vless+tls+ws cloudflare cdn on all clients is this error:

[Warning] [3963568036] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://xxxx.info/xxxx/): > read tcp 192.168.0.230:51605->188.114.99.160:443: wsarecv: An existing connection was forcibly closed by the remote host. transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://xxxx.info/xxxx/): > read tcp 192.168.0.230:51606->188.114.99.160:443: wsarecv: An existing connection was forcibly closed by the remote host. transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://xxxx.info/xxxx/): > read tcp 192.168.0.230:51608->188.114.99.160:443: wsarecv: An existing connection was forcibly closed by the remote host. transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://xxxx.info/xxxx/): > read tcp 192.168.0.230:51613->188.114.99.160:443: wsarecv: An existing connection was forcibly closed by the remote host. transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://xxxx.info/xxxx/): > read tcp 192.168.0.230:51619->188.114.99.160:443: wsarecv: An existing connection was forcibly closed by the remote host.] > common/retry: all retry attempts failed.

`server config:

{ "log": { "access": "/var/log/xray/access.log", "error": "/var/log/xray/error.log", "loglevel": "warning" }, "inbounds": [ { "port": 20712, "listen": "127.0.0.1", "tag": "VLESS-in", "protocol": "VLESS", "settings": { "clients": [ { "id": "my-u-u-i-d", "alterId": 0 } ], "decryption": "none" }, "streamSettings": { "network": "ws", "wsSettings": { "path": "/xxxx/" } } } ], "outbounds": [ { "protocol": "freedom", "settings": {}, "tag": "direct" }, { "protocol": "blackhole", "settings": {}, "tag": "blocked" } ], "dns": { "servers": [ "https+local://1.1.1.1/dns-query", "1.1.1.1", "1.0.0.1", "8.8.8.8", "8.8.4.4", "localhost" ] }, "routing": { "domainStrategy": "AsIs", "rules": [ { "type": "field", "inboundTag": [ "VLESS-in" ], "outboundTag": "direct" } ] } }

client config:

{ "log": { "access": "", "error": "", "loglevel": "warning" }, "inbounds": [ { "tag": "socks", "port": 10808, "listen": "127.0.0.1", "protocol": "socks", "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] }, "settings": { "auth": "noauth", "udp": true, "allowTransparent": false } }, { "tag": "http", "port": 10809, "listen": "127.0.0.1", "protocol": "http", "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] }, "settings": { "auth": "noauth", "udp": true, "allowTransparent": false } } ], "outbounds": [ { "tag": "proxy", "protocol": "vless", "settings": { "vnext": [ { "address": "akkl.info", "port": 443, "users": [ { "id": "my-u-u-i-d", "alterId": 0, "email": "t@t.tt", "security": "auto", "encryption": "none", "flow": "" } ] } ] }, "streamSettings": { "network": "ws", "security": "tls", "tlsSettings": { "allowInsecure": false, "serverName": "xxxx.info" }, "wsSettings": { "path": "/xxxx/", "headers": { "Host": "xxxx.info" } } }, "mux": { "enabled": false, "concurrency": -1 } }, { "tag": "direct", "protocol": "freedom", "settings": {} }, { "tag": "block", "protocol": "blackhole", "settings": { "response": { "type": "http" } } } ], "routing": { "domainStrategy": "IPIfNonMatch", "domainMatcher": "linear", "rules": [ { "type": "field", "inboundTag": [ "api" ], "outboundTag": "api", "enabled": true }, { "type": "field", "outboundTag": "proxy", "domain": [ "geosite:google" ], "enabled": true }, { "type": "field", "outboundTag": "direct", "domain": [ "geosite:cn" ], "enabled": true }, { "type": "field", "outboundTag": "direct", "ip": [ "geoip:private", "geoip:cn" ], "enabled": true }, { "type": "field", "outboundTag": "block", "domain": [ "geosite:category-ads-all" ], "enabled": true } ] } }

nginx config

   server {
listen 443 ssl http2;
listen [::]:443 http2;
    ssl_certificate       /ssl/xray.crt;
    ssl_certificate_key   /ssl/xray.key;
    ssl_protocols         TLSv1.2 TLSv1.3;
    ssl_ecdh_curve        X25519:P-256:P-384:P-521;
    server_name           xxxx.info;
    index index.html index.htm;
    root  /www/xray_web;
    error_page 400 = /400.html;
    if ($host !~ ^(xxxx.info|www.xxxx.info)$ ) {return 444;}

    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security "max-age=63072000" always;

location /xxxx/
    {
        proxy_redirect off;
proxy_pass http://127.0.0.1:20712;
        proxy_http_version 1.1;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
    }

} server { listen 80; listen [::]:80; server_name xxxx.info; return 301 https://$http_host$request_uri; } `

[ghost]

What is the Cloudflare Proxy status for xxxx.info?

What is the Cloudflare SSL/TLS encryption mode for xxxx.info?

[karafen]

What is the Cloudflare Proxy status for xxxx.info?

What is the Cloudflare SSL/TLS encryption mode for xxxx.info? Cloudflare Proxy status for xxxx.info = ON Cloudflare **SSL/TLS** encryption mode forxxxx.info = FULL(strict)

But even if the cloudflare proxy status is off in dns-only mode, the error is similar. Vless+tls+ws configuration works only with the shadowrocket iOS client if you switch the TUNNEL-TCP-TLS mode to the network position (TLS 1.3/At least iOS 12/Faster/Higher Memory.), but the android and luci-app-passwall OpenWrt clients don't have this option to switch mode so these clients don't work with vless+tls+ws ((

[54601]

I have the same problem, any idea how to fix them?