search

XTLS / Xray-core

Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.
https://t.me/projectXray
Mozilla Public License 2.0
25.45k stars 3.94k forks source link

proxy/vless/outbound:XTLS 目前仅支持 TCP、mKCP 和 DomainSocket。 #1688

Closed mhnhh123 closed 1 year ago

mhnhh123 commented 1 year ago

xray版本是1.75 服务端 { "log": { "loglevel": "warning" }, "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ { "type": "field", "domain": [ "geosite:category-ads-all" ], "outboundTag": "block" }, { "type": "field", "ip": [ "geoip:cn" ], "outboundTag": "block" } ] }, "inbounds": [ { "listen": "0.0.0.0", "port": 443, "protocol": "vless", "settings": { "clients": [ { "id": "mhnhh123", "flow": "xtls-rprx-vision" } ], "decryption": "none" }, "streamSettings": { "network": "tcp", "security": "reality", "realitySettings": { "show": false, "dest": "8006", "xver": 1, "serverNames": [ "dd.mhnhh.com" ], "privateKey": "9MascsLz6UyX9r9aGXMvd-wxPTgVnY7rCy7L61oZGH0", "shortIds": [ "" ] } }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] } } ], "outbounds": [ { "protocol": "freedom", "tag": "direct" }, { "protocol": "blackhole", "tag": "block" } ], "policy": { "levels": { "0": { "handshake": 3, "connIdle": 180 } } } } 客户端 { "log": { "loglevel": "warning" }, "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ { "type": "field", "domain": [ "geosite:category-ads-all" ], "outboundTag": "block" }, { "type": "field", "domain": [ "geosite:category-games@cn" ], "outboundTag": "direct" }, { "type": "field", "domain": [ "geosite:geolocation-!cn" ], "outboundTag": "proxy" }, { "type": "field", "domain": [ "geosite:cn", "geosite:private" ], "outboundTag": "direct" }, { "type": "field", "ip": [ "geoip:cn", "geoip:private" ], "outboundTag": "direct" } ] }, "inbounds": [ { "listen": "127.0.0.1", "port": 10808, "protocol": "socks", "settings": { "udp": true }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] } }, { "listen": "127.0.0.1", "port": 10809, "protocol": "http", "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] } } ], "outbounds": [ { "protocol": "vless", "settings": { "vnext": [ { "address": "x.x.x.x", "port": 14443, "users": [ { "id": "mhnhh123", "flow": "xtls-rprx-vision", "encryption": "none" } ] } ] }, "streamSettings": { "network": "tcp", "security": "reality", "realitySettings": { "fingerprint": "chrome", "serverName": "dd.mhnhh.com", "publicKey": "nZHoemu5zMjSMl8JspKjQoohiDx1D1bwBwt3RNKcSxI", "shortId": "", "spiderX": "" } }, "tag": "proxy" }, { "protocol": "freedom", "tag": "direct" }, { "protocol": "blackhole", "tag": "block" } ] } nginx.conf user nginx; worker_processes auto;

error_log /var/log/nginx/error.log notice; pid /var/run/nginx.pid;

events { worker_connections 1024; }

http { log_format main '[$time_local] $remote_addr "$http_referer" "$http_user_agent"'; access_log /var/log/nginx/access.log main;

server {
    listen 80;
    return 301 https://$host$request_uri;
}

server {
    listen 127.0.0.1:8006 ssl http2 proxy_protocol;
    set_real_ip_from 127.0.0.1;

    ssl_certificate /etc/ssl/private/fullchain.cer; 
    ssl_certificate_key /etc/ssl/private/private.key; 

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers TLS13_AES_128_GCM_SHA256:TLS13_AES_256_GCM_SHA384:TLS13_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305;

    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;

    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 1.1.1.1 valid=60s;
    resolver_timeout 2s;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    location / {
        resolver 1.1.1.1;
        set $example https://www.lovelive-anime.jp;
        proxy_pass $example;
        proxy_ssl_server_name on;
    }
}

} 报错 配置成功

[Custom] racknerd 启动服务(2023/2/21 20:44:32)... Xray 1.7.5 (Xray, Penetrates Everything.) Custom (go1.20 windows/amd64) A unified platform for anti-censorship. 2023/02/21 20:44:33 [Info] infra/conf/serial: Reading config: C:\Users\Lenovo\Desktop\v2rayN-Core\guiConfigs\config.json 2023/02/21 20:44:33 [Warning] core: Xray 1.7.5 started 2023/02/21 20:44:33 127.0.0.1:59699 accepted http://149.154.165.120:80/api [proxy] 2023/02/21 20:44:33 127.0.0.1:59700 accepted http://91.108.56.123:80/api [proxy] 2023/02/21 20:44:33 127.0.0.1:59701 accepted http://149.154.165.120:80/api [proxy] 2023/02/21 20:44:33 127.0.0.1:59697 accepted //91.108.56.123:443 [proxy] 2023/02/21 20:44:33 127.0.0.1:59696 accepted //149.154.165.120:443 [proxy] 2023/02/21 20:44:33 127.0.0.1:59698 accepted //149.154.165.120:443 [proxy] 2023/02/21 20:44:33 127.0.0.1:59703 accepted //149.154.165.120:443 [proxy] 2023/02/21 20:44:33 127.0.0.1:59702 accepted //91.108.56.113:443 [proxy] 2023/02/21 20:44:33 127.0.0.1:59714 accepted http://91.108.56.123:80/api [proxy] 2023/02/21 20:44:33 127.0.0.1:59707 accepted http://91.108.56.113:80/api [proxy] 2023/02/21 20:44:33 127.0.0.1:59708 accepted http://149.154.165.120:80/api [proxy] 2023/02/21 20:44:33 127.0.0.1:59715 accepted http://91.108.56.123:80/api [proxy] 2023/02/21 20:44:33 127.0.0.1:59716 accepted http://91.108.56.123:80/api [proxy] 2023/02/21 20:44:33 127.0.0.1:59717 accepted http://91.108.56.113:80/api [proxy] 2023/02/21 20:44:33 127.0.0.1:59704 accepted //91.108.56.123:443 [proxy] 2023/02/21 20:44:33 127.0.0.1:59712 accepted //91.108.56.123:443 [proxy] 2023/02/21 20:44:33 127.0.0.1:59711 accepted //91.108.56.113:443 [proxy] 2023/02/21 20:44:33 127.0.0.1:59713 accepted //91.108.56.123:443 [proxy] 2023/02/21 20:44:33 127.0.0.1:59705 accepted //91.108.56.123:443 [proxy] 2023/02/21 20:44:33 127.0.0.1:59709 accepted //91.108.56.113:443 [proxy] 2023/02/21 20:44:33 127.0.0.1:59710 accepted //91.108.56.123:443 [proxy] 2023/02/21 20:44:33 127.0.0.1:59706 accepted //91.108.56.123:443 [proxy] 2023/02/21 20:44:33 127.0.0.1:59721 accepted http://91.108.56.123:80/api [proxy] 2023/02/21 20:44:33 127.0.0.1:59718 accepted http://91.108.56.123:80/api [proxy] 2023/02/21 20:44:33 127.0.0.1:59719 accepted http://91.108.56.113:80/api [proxy] 2023/02/21 20:44:33 127.0.0.1:59720 accepted http://91.108.56.123:80/api [proxy] 2023/02/21 20:44:33 127.0.0.1:59725 accepted http://149.154.175.50:80/api [proxy] 2023/02/21 20:44:33 127.0.0.1:59724 accepted http://149.154.175.57:80/api [proxy] 2023/02/21 20:44:33 127.0.0.1:59722 accepted //149.154.175.57:443 [proxy] 2023/02/21 20:44:33 127.0.0.1:59723 accepted //149.154.175.50:443 [proxy] 2023/02/21 20:44:33 [Warning] [4030330604] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: XTLS only supports TCP, mKCP and DomainSocket for now. 2023/02/21 20:44:33 [Warning] [2603141934] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: XTLS only supports TCP, mKCP and DomainSocket for now. 2023/02/21 20:44:33 [Warning] [806713294] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: XTLS only supports TCP, mKCP and DomainSocket for now. 2023/02/21 20:44:33 [Warning] [1059026757] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: XTLS only supports TCP, mKCP and DomainSocket for now. 2023/02/21 20:44:33 [Warning] [1059026757] proxy/http: failed to read response from 149.154.165.120:80 > io: read/write on closed pipe 2023/02/21 20:44:33 127.0.0.1:59758 accepted //149.154.165.120:443 [proxy] 2023/02/21 20:44:33 [Warning] [121582691] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: XTLS only supports TCP, mKCP and DomainSocket for now. 2023/02/21 20:44:33 [Warning] [3666179473] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: XTLS only supports TCP, mKCP and DomainSocket for now. 2023/02/21 20:44:33 [Warning] [1629766580] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: XTLS only supports TCP, mKCP and DomainSocket for now. 2023/02/21 20:44:33 [Warning] [3666179473] proxy/http: failed to read response from 91.108.56.113:80 > io: read/write on closed pipe 2023/02/21 20:44:33 [Warning] [1656114383] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: XTLS only supports TCP, mKCP and DomainSocket for now. 2023/02/21 20:44:33 [Warning] [1629766580] proxy/http: failed to read response from 149.154.165.120:80 > io: read/write on closed pipe 2023/02/21 20:44:33 [Warning] [1656114383] proxy/http: failed to read response from 149.154.165.120:80 > io: read/write on closed pipe 2023/02/21 20:44:33 [Warning] [1313893300] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: XTLS only supports TCP, mKCP and DomainSocket for now. 2023/02/21 20:44:33 [Warning] [4017055796] app/proxyman/outbound: failed to process outbound traffic >

RPRX commented 1 year ago

Xray 1.7.5 (Xray, Penetrates Everything.) Custom (go1.20 windows/amd64)

o0HalfLife0o commented 1 year ago

https://github.com/XTLS/Xray-core/actions/runs/4209833887

RPRX commented 1 year ago

@mhnhh123 希望你能明白,issue 区主要是发 bug 用的,不会用的问题请进 Project X 群,请群友帮忙解决

Extreme-Icer commented 1 year ago

@mhnhh123 希望你能明白,issue 区主要是发 bug 用的,不会用的问题请进 Project X 群,请群友帮忙解决

请问R佬 vision流控它支持mKCP不( 我盯上了那个模拟dns流量的pr(现已合并)

cross-hello commented 1 year ago

Support, if don't misunderstand title 😎

Feb 26, 2023 21:44:43 Extreme_Ice @.***>:

@mhnhh123[https://github.com/mhnhh123] 希望你能明白,issue 区主要是发 bug 用的,不会用的问题请进 Project X 群,请群友帮忙解决

请问R佬 vision流控它支持mKCP不( 我盯上了那个模拟dns流量的pr(现已合并)

— Reply to this email directly, view it on GitHub[https://github.com/XTLS/Xray-core/issues/1688#issuecomment-1445365618], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AKGBAYH5CO3LLHXHOG74Q53WZNM4VANCNFSM6AAAAAAVDAGNHI]. You are receiving this because you are subscribed to this thread.[Tracking image][https://github.com/notifications/beacon/AKGBAYDHRXOAHUSFEBP223DWZNM4VA5CNFSM6AAAAAAVDAGNHKWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTSWE2DXE.gif]

RPRX commented 1 year ago

Vision 理论上支持 mKCP,实际上需要改几行代码才能正常用 mKCP,和不能用于中转是同一个小问题,所以我并不打算修好它

Extreme-Icer commented 1 year ago

Vision 理论上支持 mKCP,实际上需要改几行代码才能正常用 mKCP,和不能用于中转是同一个小问题,~所以我并不打算修好它~

所以我说盯上了那个伪装DNS流量的pr 希望借此绕过校园网登陆验证

RPRX commented 1 year ago

都已经是 UDP 了,用普通 TLS 就行,用 Vision 的意义不大,除了性能好点,但都 mKCP 了应该不在乎性能 吧

Extreme-Icer commented 1 year ago

都已经是 UDP 了,用普通 TLS 就行,用 Vision 的意义不大,除了性能好点,但都 mKCP 了应该不在乎性能 吧

就目前 vision确实够用了,但是那个校园网贼难破,nslookup时好时坏,正好有人pr了dns流量伪装,所以想用vision防封+mkcp传输层 不过既然伪装dns流量那adguard就寄了。 如果懒得修可以往后放放(

RPRX commented 1 year ago

Vision 防封是因为解决了 TLS in TLS,mKCP 是 UDP,混淆一下,再伪装成 DNS 流量,外观早就不是 TCP TLS 了,起不到防封作用

MUX over TLS over mKCP,又有 TLS 的安全级别,延迟又低,不香吗,这样看来可能会给 mKCP 加 REALITY

RPRX commented 1 year ago

回复群里:QUIC 没队头阻塞,再暴力发包的话确实更优,但他是要伪装成 DNS 流量,Xray-core 的 QUIC 貌似还没这功能,得加

Extreme-Icer commented 1 year ago

Vision 防封是因为解决了 TLS in TLS,mKCP 是 UDP,混淆一下,再伪装成 DNS 流量,外观早就不是 TCP TLS 了,起不到防封作用

MUX over TLS over mKCP,又有 TLS 的安全级别,延迟又低,不香吗,~这样看来可能会给 mKCP 加 REALITY~

我回去翻看了下sduoduo233的pr,说不止vmess,其他支持mkcp的也可,既然说到了vision不适合用于此,是不是我得换其他的vless流控才能搞定mkcp

RPRX commented 1 year ago

@Extreme-Icer 我的意思是,不要流控,MUX over VLESS over TLS over mKCP,再伪装成 DNS 流量即可

Extreme-Icer commented 1 year ago

@Extreme-Icer 我的意思是,不要流控,MUX over VLESS over TLS over mKCP,再伪装成 DNS 流量即可

谢谢R佬,我刚想补充这个

testcaoy7 commented 1 year ago

@RPRX 请问,相较于“伪装”,能不能发送真实的DNS包,比如,将数据编码后放入TXT记录应答即可

RPRX commented 1 year ago

@RPRX 请问,相较于“伪装”,能不能发送真实的DNS包,比如,将数据编码后放入TXT记录应答即可

可以,但它相较于“伪装”并不会更防封,因为它们特征都很明显,想封都能封