search

XTLS / Xray-core

Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.
https://t.me/projectXray
Mozilla Public License 2.0
25.56k stars 3.95k forks source link

REALITY 配置问题, 两边服务都能跑起来,但是服务端一直拒绝连接 #1675

Closed picklefan closed 1 year ago

picklefan commented 1 year ago

搞了一下午要崩溃了,大佬能帮看下问题在哪吗

服务端日志error.log


2023/02/19 04:32:19 [Info] transport/internet/tcp: REALITY: processed invalid connection
2023/02/19 04:32:20 [Info] transport/internet/tcp: REALITY: processed invalid connection
2023/02/19 04:32:20 [Info] transport/internet/tcp: REALITY: processed invalid connection
2023/02/19 04:32:20 [Info] transport/internet/tcp: REALITY: processed invalid connection
2023/02/19 04:32:20 [Info] transport/internet/tcp: REALITY: processed invalid connection
2023/02/19 04:32:20 [Info] transport/internet/tcp: REALITY: processed invalid connection
2023/02/19 04:32:20 [Info] transport/internet/tcp: REALITY: processed invalid connection
2023/02/19 04:32:20 [Info] transport/internet/tcp: REALITY: processed invalid connection

客户端日志error.log

(aaa.bbb.ccc是我vps地址,我替换掉了)

[Info] [2737532523] transport/internet/tcp: dialing TCP to tcp:aaa.bbb.ccc.kfc:443
2023/02/19 01:32:17 [Debug] transport/internet: dialing to tcp:aaa.bbb.ccc.kfc:443
2023/02/19 01:32:17 [Info] [2581654025] transport/internet/tcp: dialing TCP to tcp:aaa.bbb.ccc.kfc:443
2023/02/19 01:32:17 [Debug] transport/internet: dialing to tcp:aaa.bbb.ccc.kfc:443
2023/02/19 01:32:18 [Info] [89749494] transport/internet/tcp: dialing TCP to tcp:aaa.bbb.ccc.kfc:443
2023/02/19 01:32:18 [Debug] transport/internet: dialing to tcp:aaa.bbb.ccc.kfc:443
2023/02/19 01:32:18 [Warning] [2737532523] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [REALITY: processed invalid connection dial tcp aaa.bbb.ccc.kfc:443: operation was canceled] > common/retry: all retry attempts failed
2023/02/19 01:32:18 [Warning] [2581654025] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [REALITY: processed invalid connection dial tcp aaa.bbb.ccc.kfc:443: operation was canceled] > common/retry: all retry attempts failed
2023/02/19 01:32:18 [Warning] [89749494] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [REALITY: processed invalid connection dial tcp aaa.bbb.ccc.kfc:443: operation was canceled] > common/retry: all retry attempts failed

客户端xray配置

(客户端原来是透明代理,为了排查把iptables删了,xray只有一个socks5入口)

{
    "tag": "proxy",
    "protocol": "vless",
    "settings": {
      "vnext": [
        {
          "address": "aaa.bbb.ccc.ddd",
          "port": 443,
          "users": [
            {
              "id": "2a0e7d41-6380-4f7b-96f9-cf754eb6a212",
              "encryption": "none",
              "flow": "xtls-rprx-vision"
            }
          ]
        }
      ]
    },
    "streamSettings": {
      "network": "tcp",
      "security": "reality",
      "sockopt": {
        "mark": 2 
      },
      "realitySettings": {
        "publicKey": "aLJ0ChrV9Y3UKK9dHN1pcwsymfFjheY-3e-8OLsuFyw",
        "shortIds": [""],
        "serverNames": ["www.microsoft.com"],
        "fingerprint": "randomized"
        //"spiderX": "/"
      }
    }
  }

服务端配置

(key是用xray x25519生成的,shortID不知道是什么,客户端不填/8字节/8byte的string都试过了,服务端errorlog一模一样,servername也换过很多了,Dest是抓的serverName的ip填的)

"inbounds": [
        {
            "tag": "VLESS-TCP-Reality",
            "protocol": "vless",
            "listen":"0.0.0.0",
            "port":443,
            "settings": {
                "client":{
                    "id": "2a0e7d41-6380-4f7b-96f9-cf754eb6a212",
                    "flow": "xtls-rprx-vision"
                },
                "decryption": "none"
            },
            "streamSettings": {
              "network": "tcp",
              "security": "reality",
              "realitySettings": {
                "show": false,
                "privateKey":"R6xEek-WTsP90wyi8X1uhkjVscuqY5bf9jOEqCOPV6k",
                "shortIds": ["7788"],
                "Dest": "23.35.196.245:443",
                "type": "tcp",
                "serverNames": ["www.microsoft.com"]
                //"fingerprint": "randomized",
                //"spiderX": "/"
              }
            }
          }
    ],
limetw commented 1 year ago

乖,r佬知道你是在疯狂暗示。

picklefan commented 1 year ago

我不是啊,我这个配置真的一直这样连不上,你是不是也觉得我配置没问题. 那我重启一下vps看看

wyx2685 commented 1 year ago

shortID写个8位的两边写一样

ReAllTh commented 1 year ago

其实我也一直不明白服务端 realitySettings 里面那个 Dest 该填什么...

picklefan commented 1 year ago

shortID写个8位的两边写一样

试过了,没有用,77889912这种试过很多

picklefan commented 1 year ago

其实我也一直不明白服务端 realitySettings 里面那个 Dest 该填什么...

我一直以为是serverName里面的一个ip, 所以我都是本地dig一下,然后选一个

o0HalfLife0o commented 1 year ago

客户端用shortId serverName,没有s,值是字符串,shortid是8位或16位字母数字

csryt commented 1 year ago

@o0HalfLife0o 看服务端报错,我测试的时候乱用字符串服务端会报错的。

csryt commented 1 year ago

@o0HalfLife0o 印象中是得八位数字

picklefan commented 1 year ago

客户端用shortId serverName,没有s,值是字符串,shortid是8位或16位字母数字

真的, 改了之后, 服务端终于有access log了, 不过我的配置似乎还是有点问题,目前报错

2023/02/19 05:45:53 [Info] [3433587326] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:14171 > proxy/vless/encoding: invalid request user id
2023/02/19 05:45:53 [Info] [110563686] proxy/vless/inbound: firstLen = 149
2023/02/19 05:45:53 [Info] [110563686] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:14172 > proxy/vless/encoding: invalid request user id
2023/02/19 05:45:54 [Info] [2356926536] proxy/vless/inbound: firstLen = 315
2023/02/19 05:45:54 [Info] [2356926536] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:14174 > proxy/vless/encoding: invalid request user id
2023/02/19 05:45:54 [Info] [2972372293] proxy/vless/inbound: firstLen = 532
2023/02/19 05:45:54 [Info] [2972372293] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:14177 > proxy/vless/encoding: invalid request user id
2023/02/19 05:45:54 [Info] [3493429218] proxy/vless/inbound: firstLen = 313
2023/02/19 05:45:54 [Info] [3493429218] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:14175 > proxy/vless/encoding: invalid request user id
2023/02/19 05:45:54 [Info] [3890738642] proxy/vless/inbound: firstLen = 201
2023/02/19 05:45:54 [Info] [3890738642] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:14176 > proxy/vless/encoding: invalid request user id

我再看看, 配置成功了我把配置发上来参考

cross-hello commented 1 year ago

shortid maybe should be set to eight-byte. Screenshot_2023_0219_185559

picklefan commented 1 year ago

shortid maybe should be set to eight-byte. Screenshot_2023_0219_185559

I did, on both client and server like this "shortId": "9F3A2B4C5D6E7F80",, still nothing changed in the error log which says:

2023/02/19 06:16:42 [Info] [4096422307] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:17124 > proxy/vless/encoding: invalid request user id
2023/02/19 06:16:43 [Info] [1835208278] proxy/vless/inbound: firstLen = 540
2023/02/19 06:16:43 [Info] [1835208278] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:17127 > proxy/vless/encoding: invalid request user id
2023/02/19 06:16:43 [Info] [713352930] proxy/vless/inbound: firstLen = 213
2023/02/19 06:16:43 [Info] [713352930] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:17126 > proxy/vless/encoding: invalid request user id
2023/02/19 06:16:44 [Info] [301853249] proxy/vless/inbound: firstLen = 347
2023/02/19 06:16:44 [Info] [301853249] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:17128 > proxy/vless/encoding: invalid request user id
2023/02/19 06:16:44 [Info] [3590958526] proxy/vless/inbound: firstLen = 1186
2023/02/19 06:16:44 [Info] [3590958526] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:17129 > proxy/vless/encoding: invalid request user id

跟uuid没关系也没关系,这个报错不知道是什么

cross-hello commented 1 year ago

Are you sure

"9F3A2B4C5D6E7F80" is eight-bytes? 🤭

Feb 19, 2023 19:28:06 picklefan @.***>:

shortid maybe should be set to eight-byte. [https://user-images.githubusercontent.com/42733664/219943703-45736658-39a7-4b7a-8f6a-33aa649a0be3.png][Screenshot_2023_0219_185559][https://user-images.githubusercontent.com/42733664/219943703-45736658-39a7-4b7a-8f6a-33aa649a0be3.png]

I did, on both client and server like this "shortId": "9F3A2B4C5D6E7F80",, still nothing changed in the error log which says:

*2023/02/19 06:16:42 [Info] [4096422307] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:17124 > proxy/vless/encoding: invalid request user id

2023/02/19 06:16:43 [Info] [1835208278] proxy/vless/inbound: firstLen = 540

2023/02/19 06:16:43 [Info] [1835208278] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:17127 > proxy/vless/encoding: invalid request user id

2023/02/19 06:16:43 [Info] [713352930] proxy/vless/inbound: firstLen = 213

2023/02/19 06:16:43 [Info] [713352930] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:17126 > proxy/vless/encoding: invalid request user id

2023/02/19 06:16:44 [Info] [301853249] proxy/vless/inbound: firstLen = 347

2023/02/19 06:16:44 [Info] [301853249] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:17128 > proxy/vless/encoding: invalid request user id

2023/02/19 06:16:44 [Info] [3590958526] proxy/vless/inbound: firstLen = 1186

2023/02/19 06:16:44 [Info] [3590958526] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:17129 > proxy/vless/encoding: invalid request user id

* 跟uuid没关系也没关系,这个报错不知道是什么

— Reply to this email directly, view it on GitHub[https://github.com/XTLS/Xray-core/issues/1675#issuecomment-1435962702], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AKGBAYD4HWHVXV7U3MYQNS3WYH7ULANCNFSM6AAAAAAVA35X7M]. You are receiving this because you commented.[Tracking image][https://github.com/notifications/beacon/AKGBAYBKUNVO2SBMCCN6EB3WYH7ULA5CNFSM6AAAAAAVA35X7OWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTSVS4GU4.gif]

wyx2685 commented 1 year ago

你这个报错是vless的配置有问题,和reality没关系 "settings": { "clients":[{ "id": "2a0e7d41-6380-4f7b-96f9-cf754eb6a212", "flow": "xtls-rprx-vision" }], "decryption": "none" }

xianren78 commented 1 year ago

你这个报错是vless的配置有问题,和reality没关系 "settings": { "clients":[{ "id": "2a0e7d41-6380-4f7b-96f9-cf754eb6a212", "flow": "xtls-rprx-vision" }], "decryption": "none" }

client --> clients

ixxmu commented 1 year ago

这是新特性泄漏啊

picklefan commented 1 year ago

破案了,破案了,感谢大家的帮助!

问题主要是由server和client 两边配置语法问题导致的,server端都是加s,而且用的array[ " "],

客户端都是直接string" "

比如"shortIds": [" "], "shortId":" "

我的REALITY成功配置运行,斜面贴下我的配置:

客户端

{
    "tag": "proxy",
    "protocol": "vless",
    "settings": {
      "vnext": [
        {
          "address": "your_vps_ip",
          "port": 443,
          "users": [
            {
              "id": "6d0ddb31-ee86-4ba2-875a-b81d0f6f8efc",
              "encryption": "none",
              "flow": "xtls-rprx-vision"
            }
          ]
        }
      ]
    },
    "streamSettings": {
      "network": "tcp",
      "security": "reality",
      "sockopt": {
        "mark": 2 
      },
      "realitySettings": {
        "publicKey": "aLJ0ChrV9Y3UKK9dHN1pcwsymfFjheY-3e-8OLsuFyw",
        "shortId": "3f4d573ec4ce481c",
        "serverName": "www.microsoft.com",
        "fingerprint": "randomized"
        //"spiderX": "/"
      }
    }
  }

服务端

 "inbounds": [
        {
            "tag": "VLESS-TCP-Reality",
            "protocol": "vless",
            "listen":"0.0.0.0",
            "port":443,
            "settings": {
                "clients":[{
                    "id": "6d0ddb31-ee86-4ba2-875a-b81d0f6f8efc",
                    "flow": "xtls-rprx-vision"
                }],
                "decryption": "none"
            },
            "streamSettings": {
              "network": "tcp",
              "security": "reality",
              "realitySettings": {
                "show": false,
                "privateKey":"R6xEek-WTsP90wyi8X1uhkjVscuqY5bf9jOEqCOPV6k",
                "shortIds": ["3f4d573ec4ce481c"],
                "Dest": "23.35.196.245:443",
                "type": "tcp",
                "serverNames": ["www.microsoft.com"]
                //"fingerprint": "randomized",
                //"spiderX": "/"
              }
            }
          }
    ],
picklefan commented 1 year ago

你这个报错是vless的配置有问题,和reality没关系 "settings": { "clients":[{ "id": "2a0e7d41-6380-4f7b-96f9-cf754eb6a212", "flow": "xtls-rprx-vision" }], "decryption": "none" }

client --> clients

没错,抄的配置,我以前也不会注意这个,确实是这个问题,谢谢

Nirvanatin commented 1 year ago

可以请你列出每个步骤吗?请问你用的是那个客户软件?

ggomo8 commented 1 year ago

您好,小白弱弱的问下,请问xray x25519是咋生成key的?

chika0801 commented 1 year ago

您好,小白弱弱的问下,请问xray x25519是咋生成key的?

https://github.com/chika0801/Xray-examples/blob/main/VLESS-XTLS-uTLS-REALITY/README.md 下载内测的core替换175版本,ssh连上vps直接打 xray x25519 就行了(替换后重启下vps或xray程序)

ggomo8 commented 1 year ago

您好,小白弱弱的问下,请问xray x25519是咋生成key的?

https://github.com/chika0801/Xray-examples/blob/main/VLESS-XTLS-uTLS-REALITY/README.md 下载内测的core替换175版本,ssh连上vps直接打 xray x25519 就行了(替换后重启下vps或xray程序)

多谢大佬!

abcjeff commented 1 year ago

请问你的服务端配置中的 "Dest": "23.35.196.245:443", 这一行是什么意思,需要照抄吗,这个地址的意思是什么?

picklefan commented 1 year ago

https://xtls.github.io/config/transport.html#realityobject

https://github.com/XTLS/REALITY#vless-xtls-utls-reality-example-for-xray-core-%E4%B8%AD%E6%96%87

picklefan commented 1 year ago

请问你的服务端配置中的 "Dest": "23.35.196.245:443", 这一行是什么意思,需要照抄吗,这个地址的意思是什么?

在我上面的配置里

"Dest": "23.35.196.245:443" 的意思是 www.microsoft.com 其中一个IP地址,可以通过 nslookup www.microsoft.com 或者 dig www.microsoft.com 查询,dest 不必须为IP, 以上的第一个连接里面有解释

abcjeff commented 1 year ago

请问你的服务端配置中的 "Dest": "23.35.196.245:443", 这一行是什么意思,需要照抄吗,这个地址的意思是什么?

在我上面的配置里

"Dest": "23.35.196.245:443" 的意思是 www.microsoft.com 其中一个IP地址,可以通过 nslookup www.microsoft.com 或者 dig www.microsoft.com 查询,dest 不必须为IP, 以上的第一个连接里面有解释

哦我直接填的www.microsoft.com:443。我今天下午搞半天没成功,后来发现是客户端的问题,v2rayN 6.2的客户端有问题,死活连不上,后来换用官方的命令行的客户端,自己写好config.json一下就成功了。

yezige commented 4 months ago

"Dest": "23.35.196.245:443",

@picklefan 这个 DestD 大写吗?我怎么看文档不是大写的,我按你最后贴的配置来了,仍然报这个错

proxy/vless/outbound: failed to find an available destination > common/retry: [REALITY: processed invalid connection]