search

XTLS / Xray-core

Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.
https://t.me/projectXray
Mozilla Public License 2.0
24.25k stars 3.81k forks source link

REALITY 访问同一网址进行的握手次数不一样,并有小概率SSL握手失败 #1771

Closed aisisi02 closed 1 year ago

aisisi02 commented 1 year ago

REALITY 访问同一网站进行的握手次数不一样,有小概率SSL握手失败。

测试环境: Debian bullseye 作为服务端,Windows 作为客户端,两端使用的 Xray-core 版本均为 Github Action 构建里的 Xray-core v1.8.0 #1173 。Xray-core 流量跑在通过 CERNET2 IPv6 环境搭载的 wireguard 隧道上,因此日志中看到的都是内网IP地址,连接测试过肯定是稳定的。

测试方式为 使用Windows下的 curl 7.87.0 (x86_64-w64-mingw32) ,命令

$ curl -x http://127.0.0.1:10829 https://www.google.com -vv >> /dev/null

SSL握手错误时的输出:

$ curl -x http://127.0.0.1:10829 https://www.google.com -vv >> /dev/null
*   Trying 127.0.0.1:10829...
* Connected to 127.0.0.1 (127.0.0.1) port 10829 (#0)
* allocate connect buffer
* Establish HTTP proxy tunnel to www.google.com:443
> CONNECT www.google.com:443 HTTP/1.1
> Host: www.google.com:443
> User-Agent: curl/7.87.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* CONNECT phase completed
* CONNECT tunnel established, response 200
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: D:/Git/mingw64/ssl/certs/ca-bundle.crt
*  CApath: none
* [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.google.com:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.google.com:443

以下配置文件已经将敏感信息模糊化处理

服务端配置:

{
    "log": {
        "loglevel": "debug",
        "access": "",
        "error": "",
        "dnsLog": true
    },
    "dns": {
        "hosts": {
            "keyword:scholar.google.com": "[2607:f8b0:4005:80c::200e]"
        }
    },
    "inbounds": [
        {
            "port": 2408,
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "<uuid>",
                        "flow": "xtls-rprx-vision",
                        "email": "priv-reality"
                    }
                ],
                "decryption": "none"
            },
            "streamSettings": {
                "network": "tcp",
                "security": "reality",
                "realitySettings": {
                    "show": true,
                    "dest": "<a nginx server ip>:<port>",  // 回落的网页搭载在我的一个 nginx 服务器上,同时支持 TLS1.2 和 TLS1.3
                    "xver": 0,
                    "serverNames": [
                        "<the above site server name>" // 这里的域名就是上面网页的域名
                    ],
                    "privateKey": "<privateKey>",
                    "minClientVer": "", //没填
                    "maxClientVer": "", //没填
                    "maxTimeDiff": 500,
                    "shortIds": [
                        "<shortIds>"
                    ]
                }
            },
            "sniffing": {
                "enabled": true,
                "destOverride": [
                    "http",
                    "tls"
                ]
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "shadowsocks",
            "settings": {
                "servers": [
                    {
                        "address": "<ss 落地机IP地址>", // 和这台服务器距离很近,rtt 在 10ms 以内,已经确定使用其他配置作为入站都可以正常从这里出站
                        "port": 0,
                        "password": "<password>",
                        "method": "aes-128-gcm",
                        "ivCheck": true
                    }
                ]
            },
            "tag": "relay-ss"
        },
        {
            "tag": "allow",
            "protocol": "freedom"
        },
        {
            "tag": "reject",
            "protocol": "blackhole"
        }
    ],
    "routing": {
        "domainStrategy": "IPOnDemand",
        "rules": [
            {
                "type": "field",
                "network": "tcp,udp",
                "ip": [
                    "geoip:cloudflare",
                    "geoip:cloudfront",
                    "geoip:fastly",
                    "ext:geoip-asn01.dat:akamai"
                ],
                "outboundTag": "relay-ss"
            },
            {
                "type": "field",
                "network": "tcp,udp",
                "ip": [
                    "geoip:hk",
                    "geoip:mo",
                    "geoip:sg"
                ],
                "outboundTag": "relay-hk"
            },
            {
                "type": "field",
                "network": "tcp,udp",
                "domain": [
                    "geosite:google",
                    "geosite:youtube"
                ],
                "outboundTag": "relay-ss"
            },
            {
                "type": "field",
                "network": "tcp,udp",
                "domain": [
                    "geosite:gfw",
                    "geosite:geolocation-!cn"
                ],
                "outboundTag": "relay-ss"
            },
            {
                "type": "field",
                "network": "tcp,udp",
                "domain": [
                    "geosite:cn",
                    "geosite:win-spy",
                    "geosite:win-extra"
                ],
                "outboundTag": "reject"
            },
            {
                "type": "field",
                "network": "tcp,udp",
                "ip": [
                    "geoip:private",
                    "geoip:cn"
                ],
                "outboundTag": "reject"
            }
        ]
    }
}

客户端配置

{
    "log": {
        "access": "",
        "error": "",
        "loglevel": "debug"
    },
    "inbounds": [
        {
            "tag": "socks",
            "port": 10828,
            "listen": "127.0.0.1",
            "protocol": "socks",
            "sniffing": {
                "enabled": true,
                "destOverride": [
                    "http",
                    "tls"
                ]
            },
            "settings": {
                "auth": "noauth",
                "udp": true,
                "allowTransparent": false
            }
        },
        {
            "tag": "http",
            "port": 10829,
            "listen": "127.0.0.1",
            "protocol": "http",
            "sniffing": {
                "enabled": true,
                "destOverride": [
                    "http",
                    "tls"
                ]
            },
            "settings": {
                "auth": "noauth",
                "udp": true,
                "allowTransparent": false
            }
        }
    ],
    "outbounds": [
        {
            "tag": "proxy",
            "protocol": "vless",
            "settings": {
                "vnext": [
                    {
                        "address": "172.16.3.1",
                        "port": 2408,
                        "users": [
                            {
                                "id": "<uuid>",
                                "flow": "xtls-rprx-vision",
                                "encryption": "none"
                            }
                        ]
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "reality",
                "realitySettings": {
                    "show": true,
                    "fingerprint": "chrome",
                    "serverName": "<a nginx site server name>",
                    "publicKey": "<publicKey>",
                    "shortId": "<shortId>",
                    "spiderX": ""
                }
            }
        },
        {
            "tag": "direct",
            "protocol": "freedom",
            "settings": {
                "domainStrategy": "UseIP",
                "userLevel": 0
            }
        },
        {
            "tag": "block",
            "protocol": "blackhole",
            "settings": {
                "response": {
                    "type": "http"
                }
            }
        }
    ],
    "dns": {
        "servers": [
            "127.0.0.1",
            "tcp://223.5.5.5",
            "tcp://119.29.29.29",
            {
                "address": "tcp://1.1.1.1",
                "domains": [
                    "geosite:geolocation-!cn",
                    "geosite:greatfire",
                    "geosite:gfw"
                ]
            }
        ],
        "tag": "dns_inbound"
    },
    "routing": {
        "domainStrategy": "IPIfNonMatch",
        "domainMatcher": "linear",
        "rules": [
            {
                "type": "field",
                "inboundTag": [],
                "outboundTag": "proxy",
                "domain": [
                    "geosite:google",
                    "geosite:gfw"
                ]
            },
            {
                "type": "field",
                "inboundTag": [],
                "outboundTag": "direct",
                "domain": [
                    "geosite:cn",
                    "geosite:category-games@cn",
                    "geosite:win-update"
                ]
            },
            {
                "type": "field",
                "inboundTag": [],
                "outboundTag": "direct",
                "ip": [
                    "geoip:cn"
                ]
            },
            {
                "type": "field",
                "inboundTag": [],
                "outboundTag": "direct",
                "ip": [
                    "geoip:private",
                    "223.5.5.5",
                    "119.29.29.29"
                ]
            },
            {
                "type": "field",
                "inboundTag": [],
                "outboundTag": "proxy",
                "ip": [
                    "1.1.1.1"
                ]
            }
        ]
    }
}

客户端连接失败日志:

2023/03/10 23:03:24 [Info] [3773511906] proxy/http: request to Method [CONNECT] Host [www.google.com:443] with URL [//www.google.com:443]
2023/03/10 23:03:24 [Info] [3773511906] app/dispatcher: taking detour [proxy] for [tcp:www.google.com:443]
2023/03/10 23:03:24 127.0.0.1:12239 accepted //www.google.com:443 [http -> proxy]
2023/03/10 23:03:24 [Info] [3773511906] transport/internet/tcp: dialing TCP to tcp:172.16.3.1:2408
2023/03/10 23:03:24 [Debug] transport/internet: dialing to tcp:172.16.3.1:2408
2023/03/10 23:03:24 [Info] [3193195583] app/proxyman/inbound: connection ends > proxy/http: connection ends > context canceled
REALITY localAddr: 172.16.3.5:12241     hello.sessionId[:16]: [1 8 0 0 100 11 70 188 208 32 187 219 191 165 251 166]
REALITY localAddr: 172.16.3.5:12241     hello.sessionId: [22 203 26 63 31 115 235 139 200 32 60 39 31 22 59 91 63 145 172 60 43 182 186 11 109 190 228 196 96 60 200 49]
REALITY localAddr: 172.16.3.5:12241     uConn.AuthKey: [129 123 65 20 9 143 92 219 169 4 123 4 169 25 42 254 131 157 165 22 27 159 93 164 194 12 22 224 252 81 188 134]
REALITY localAddr: 172.16.3.5:12241     uConn.Verified: false
REALITY localAddr: 172.16.3.5:12241     req.UserAgent(): Chrome
2023/03/10 23:03:24 [Info] [3773511906] transport/internet/tcp: dialing TCP to tcp:172.16.3.1:2408
2023/03/10 23:03:24 [Debug] transport/internet: dialing to tcp:172.16.3.1:2408
REALITY localAddr: 172.16.3.5:12241     DialTLSContext
REALITY localAddr: 172.16.3.5:12242     hello.sessionId[:16]: [1 8 0 0 100 11 70 188 208 32 187 219 191 165 251 166]
REALITY localAddr: 172.16.3.5:12242     hello.sessionId: [189 174 58 222 119 230 246 229 29 19 114 218 87 225 207 69 197 27 170 181 82 61 197 5 65 80 192 245 130 104 184 170]
REALITY localAddr: 172.16.3.5:12242     uConn.AuthKey: [126 231 176 107 42 188 162 159 228 32 92 24 59 239 210 107 146 40 11 141 164 179 47 167 198 196 79 114 16 49 77 149]
REALITY localAddr: 172.16.3.5:12242     uConn.Verified: false
REALITY localAddr: 172.16.3.5:12242     req.UserAgent(): Chrome
REALITY localAddr: 172.16.3.5:12242     DialTLSContext
REALITY localAddr: 172.16.3.5:12241     req.Referer(): https://<fallback server domain name>/
REALITY localAddr: 172.16.3.5:12241     len(body): 3694
REALITY localAddr: 172.16.3.5:12241     len(paths): 1
2023/03/10 23:03:25 [Info] [3773511906] transport/internet/tcp: dialing TCP to tcp:172.16.3.1:2408
2023/03/10 23:03:25 [Debug] transport/internet: dialing to tcp:172.16.3.1:2408
REALITY localAddr: 172.16.3.5:12243     hello.sessionId[:16]: [1 8 0 0 100 11 70 189 208 32 187 219 191 165 251 166]
REALITY localAddr: 172.16.3.5:12243     hello.sessionId: [56 64 52 34 227 81 32 175 133 205 50 163 223 67 177 125 212 17 167 52 244 76 95 219 154 249 84 111 112 137 42 171]
REALITY localAddr: 172.16.3.5:12243     uConn.AuthKey: [168 212 76 184 247 13 115 244 186 171 83 71 162 109 91 192 23 31 201 130 103 248 241 203 66 253 231 254 26 127 185 91]
REALITY localAddr: 172.16.3.5:12242     req.Referer(): https://<fallback server domain name>/
REALITY localAddr: 172.16.3.5:12242     len(body): 3694
REALITY localAddr: 172.16.3.5:12242     len(paths): 1
REALITY localAddr: 172.16.3.5:12243     uConn.Verified: false
REALITY localAddr: 172.16.3.5:12243     req.UserAgent(): Chrome
REALITY localAddr: 172.16.3.5:12243     DialTLSContext
2023/03/10 23:03:26 [Info] [3773511906] transport/internet/tcp: dialing TCP to tcp:172.16.3.1:2408
2023/03/10 23:03:26 [Debug] transport/internet: dialing to tcp:172.16.3.1:2408
REALITY localAddr: 172.16.3.5:12245     hello.sessionId[:16]: [1 8 0 0 100 11 70 190 208 32 187 219 191 165 251 166]
REALITY localAddr: 172.16.3.5:12245     hello.sessionId: [224 15 114 72 128 164 177 140 29 148 143 231 12 113 124 249 140 236 10 178 42 160 89 250 181 69 141 54 240 30 39 87]
REALITY localAddr: 172.16.3.5:12245     uConn.AuthKey: [236 190 253 156 239 12 114 21 128 129 137 126 209 57 27 73 9 126 73 32 196 69 249 185 225 72 82 84 231 156 8 137]
REALITY localAddr: 172.16.3.5:12243     req.Referer(): https://<fallback server domain name>/
REALITY localAddr: 172.16.3.5:12243     len(body): 3694
REALITY localAddr: 172.16.3.5:12243     len(paths): 1
REALITY localAddr: 172.16.3.5:12245     uConn.Verified: false
REALITY localAddr: 172.16.3.5:12245     req.UserAgent(): Chrome
REALITY localAddr: 172.16.3.5:12245     DialTLSContext
2023/03/10 23:03:27 [Info] [3773511906] transport/internet/tcp: dialing TCP to tcp:172.16.3.1:2408
2023/03/10 23:03:27 [Debug] transport/internet: dialing to tcp:172.16.3.1:2408
REALITY localAddr: 172.16.3.5:12245     req.Referer(): https://<fallback server domain name>/
REALITY localAddr: 172.16.3.5:12245     len(body): 3694
REALITY localAddr: 172.16.3.5:12245     len(paths): 1
REALITY localAddr: 172.16.3.5:12247     hello.sessionId[:16]: [1 8 0 0 100 11 70 191 208 32 187 219 191 165 251 166]
REALITY localAddr: 172.16.3.5:12247     hello.sessionId: [216 86 222 173 254 169 53 90 158 70 53 210 111 244 117 7 62 228 24 111 13 84 51 175 116 156 242 253 113 196 47 89]
REALITY localAddr: 172.16.3.5:12247     uConn.AuthKey: [50 14 66 166 178 52 55 236 59 36 77 36 107 64 66 222 217 195 134 62 173 38 42 115 222 130 118 133 233 192 156 67]
REALITY localAddr: 172.16.3.5:12247     uConn.Verified: false
REALITY localAddr: 172.16.3.5:12247     req.UserAgent(): Chrome
REALITY localAddr: 172.16.3.5:12247     DialTLSContext
REALITY localAddr: 172.16.3.5:12247     req.Referer(): https://<fallback server domain name>/
REALITY localAddr: 172.16.3.5:12247     len(body): 3694
REALITY localAddr: 172.16.3.5:12247     len(paths): 1
2023/03/10 23:03:28 [Warning] [3773511906] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [REALITY: processed invalid connection] > common/retry: all retry attempts failed
2023/03/10 23:03:28 [Info] [3773511906] app/proxyman/inbound: connection ends > proxy/http: connection ends > io: read/write on closed pipe

服务器连接失败日志:

Mar 10 15:03:24 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12241
Mar 10 15:03:24 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12241        hs.clientHello.sessionId: [22 203 26 63 31 115 235 139 200 32 60 39 31 22 59 91 63 145 172 60 43 182 186 11 109 190 228 196 96 60 200 49]
Mar 10 15:03:24 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12241        hs.c.AuthKey: [129 123 65 20 9 143 92 219 169 4 123 4 169 25 42 254 131 157 165 22 27 159 93 164 194 12 22 224 252 81 188 134]
Mar 10 15:03:24 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12241        hs.c.ClientVer: [1 8 0]
Mar 10 15:03:24 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12241        hs.c.ClientTime: 2023-03-10 15:03:24 +0000 UTC
Mar 10 15:03:24 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12241        hs.c.ClientShortId: [208 32 187 219 191 165 251 166]
Mar 10 15:03:24 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12241        hs.c.conn == conn: false
Mar 10 15:03:25 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12242
Mar 10 15:03:25 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12242        hs.clientHello.sessionId: [189 174 58 222 119 230 246 229 29 19 114 218 87 225 207 69 197 27 170 181 82 61 197 5 65 80 192 245 130 104 184 170]
Mar 10 15:03:25 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12242        hs.c.AuthKey: [126 231 176 107 42 188 162 159 228 32 92 24 59 239 210 107 146 40 11 141 164 179 47 167 198 196 79 114 16 49 77 149]
Mar 10 15:03:25 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12242        hs.c.ClientVer: [1 8 0]
Mar 10 15:03:25 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12242        hs.c.ClientTime: 2023-03-10 15:03:24 +0000 UTC
Mar 10 15:03:25 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12242        hs.c.ClientShortId: [208 32 187 219 191 165 251 166]
Mar 10 15:03:25 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12242        hs.c.conn == conn: false
Mar 10 15:03:25 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12243
Mar 10 15:03:25 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12243        hs.clientHello.sessionId: [56 64 52 34 227 81 32 175 133 205 50 163 223 67 177 125 212 17 167 52 244 76 95 219 154 249 84 111 112 137 42 171]
Mar 10 15:03:25 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12243        hs.c.AuthKey: [168 212 76 184 247 13 115 244 186 171 83 71 162 109 91 192 23 31 201 130 103 248 241 203 66 253 231 254 26 127 185 91]
Mar 10 15:03:25 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12243        hs.c.ClientVer: [1 8 0]
Mar 10 15:03:25 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12243        hs.c.ClientTime: 2023-03-10 15:03:25 +0000 UTC
Mar 10 15:03:25 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12243        hs.c.ClientShortId: [208 32 187 219 191 165 251 166]
Mar 10 15:03:25 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12243        hs.c.conn == conn: false
Mar 10 15:03:26 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12245
Mar 10 15:03:26 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12245        hs.clientHello.sessionId: [224 15 114 72 128 164 177 140 29 148 143 231 12 113 124 249 140 236 10 178 42 160 89 250 181 69 141 54 240 30 39 87]
Mar 10 15:03:26 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12245        hs.c.AuthKey: [236 190 253 156 239 12 114 21 128 129 137 126 209 57 27 73 9 126 73 32 196 69 249 185 225 72 82 84 231 156 8 137]
Mar 10 15:03:26 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12245        hs.c.ClientVer: [1 8 0]
Mar 10 15:03:26 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12245        hs.c.ClientTime: 2023-03-10 15:03:26 +0000 UTC
Mar 10 15:03:26 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12245        hs.c.ClientShortId: [208 32 187 219 191 165 251 166]
Mar 10 15:03:26 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12245        hs.c.conn == conn: false
Mar 10 15:03:27 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12247
Mar 10 15:03:27 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12247        hs.clientHello.sessionId: [216 86 222 173 254 169 53 90 158 70 53 210 111 244 117 7 62 228 24 111 13 84 51 175 116 156 242 253 113 196 47 89]
Mar 10 15:03:27 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12247        hs.c.AuthKey: [50 14 66 166 178 52 55 236 59 36 77 36 107 64 66 222 217 195 134 62 173 38 42 115 222 130 118 133 233 192 156 67]
Mar 10 15:03:27 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12247        hs.c.ClientVer: [1 8 0]
Mar 10 15:03:27 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12247        hs.c.ClientTime: 2023-03-10 15:03:27 +0000 UTC
Mar 10 15:03:27 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12247        hs.c.ClientShortId: [208 32 187 219 191 165 251 166]
Mar 10 15:03:27 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12247        hs.c.conn == conn: false
Mar 10 15:04:27 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12220        handled: false
Mar 10 15:04:27 N4KwlH xray[3032707]: 2023/03/10 15:04:27 [Info] transport/internet/tcp: REALITY: processed invalid connection
Mar 10 15:04:32 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12226        handled: false
Mar 10 15:04:32 N4KwlH xray[3032707]: 2023/03/10 15:04:32 [Info] transport/internet/tcp: REALITY: processed invalid connection
Mar 10 15:04:33 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12228        handled: false
Mar 10 15:04:33 N4KwlH xray[3032707]: 2023/03/10 15:04:33 [Info] transport/internet/tcp: REALITY: processed invalid connection
Mar 10 15:04:37 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12234        handled: false
Mar 10 15:04:37 N4KwlH xray[3032707]: 2023/03/10 15:04:37 [Info] transport/internet/tcp: REALITY: processed invalid connection
Mar 10 15:04:37 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12235        handled: false
Mar 10 15:04:37 N4KwlH xray[3032707]: 2023/03/10 15:04:37 [Info] transport/internet/tcp: REALITY: processed invalid connection
Mar 10 15:04:40 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12241        handled: false
Mar 10 15:04:40 N4KwlH xray[3032707]: 2023/03/10 15:04:40 [Info] transport/internet/tcp: REALITY: processed invalid connection
Mar 10 15:04:40 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12242        handled: false
Mar 10 15:04:40 N4KwlH xray[3032707]: 2023/03/10 15:04:40 [Info] transport/internet/tcp: REALITY: processed invalid connection
Mar 10 15:04:41 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12243        handled: false
Mar 10 15:04:41 N4KwlH xray[3032707]: 2023/03/10 15:04:41 [Info] transport/internet/tcp: REALITY: processed invalid connection
Mar 10 15:04:42 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12245        handled: false
Mar 10 15:04:42 N4KwlH xray[3032707]: 2023/03/10 15:04:42 [Info] transport/internet/tcp: REALITY: processed invalid connection
Mar 10 15:04:43 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12247        handled: false
Mar 10 15:04:43 N4KwlH xray[3032707]: 2023/03/10 15:04:43 [Info] transport/internet/tcp: REALITY: processed invalid connection

大部分情况下是遇到单个连接多次握手

客户端多次握手日志:

2023/03/10 23:08:21 [Info] [3470566800] proxy/http: request to Method [CONNECT] Host [www.google.com:443] with URL [//www.google.com:443]
2023/03/10 23:08:21 [Info] [3470566800] app/dispatcher: taking detour [proxy] for [tcp:www.google.com:443]
2023/03/10 23:08:21 [Info] [3470566800] transport/internet/tcp: dialing TCP to tcp:172.16.3.1:2408
2023/03/10 23:08:21 [Debug] transport/internet: dialing to tcp:172.16.3.1:2408
2023/03/10 23:08:21 127.0.0.1:12494 accepted //www.google.com:443 [http -> proxy]
REALITY localAddr: 172.16.3.5:12496     hello.sessionId[:16]: [1 8 0 0 100 11 71 229 208 32 187 219 191 165 251 166]
REALITY localAddr: 172.16.3.5:12496     hello.sessionId: [58 128 249 90 128 83 95 147 29 5 105 36 74 46 127 116 73 8 125 234 176 89 33 191 58 46 207 211 14 164 229 70]
REALITY localAddr: 172.16.3.5:12496     uConn.AuthKey: [173 17 6 214 17 183 251 66 170 180 18 6 70 149 119 226 88 106 29 100 209 166 188 176 109 75 87 12 161 158 225 10]
REALITY localAddr: 172.16.3.5:12496     uConn.Verified: false
REALITY localAddr: 172.16.3.5:12496     req.UserAgent(): Chrome
REALITY localAddr: 172.16.3.5:12496     DialTLSContext
2023/03/10 23:08:21 [Info] [3470566800] transport/internet/tcp: dialing TCP to tcp:172.16.3.1:2408
2023/03/10 23:08:21 [Debug] transport/internet: dialing to tcp:172.16.3.1:2408
REALITY localAddr: 172.16.3.5:12497     hello.sessionId[:16]: [1 8 0 0 100 11 71 230 208 32 187 219 191 165 251 166]
REALITY localAddr: 172.16.3.5:12497     hello.sessionId: [252 33 110 224 234 18 99 243 176 139 121 136 204 126 242 91 188 79 131 147 175 185 89 99 7 189 18 150 53 38 7 169]
REALITY localAddr: 172.16.3.5:12497     uConn.AuthKey: [92 190 195 121 134 191 47 241 253 46 146 170 179 53 7 82 158 11 113 88 57 123 39 222 151 163 161 207 35 38 68 46]
REALITY localAddr: 172.16.3.5:12497     uConn.Verified: true
2023/03/10 23:08:22 [Info] [3470566800] proxy/vless/outbound: tunneling request to tcp:www.google.com:443 via 172.16.3.1:2408
2023/03/10 23:08:22 [Info] [3470566800] proxy/vless/encoding: XtlsFilterTls found tls client hello! 517
2023/03/10 23:08:22 [Info] [3470566800] proxy/vless/encoding: XtlsPadding 517 438 0
REALITY localAddr: 172.16.3.5:12496     req.Referer(): https://<fallback server domain name>/
REALITY localAddr: 172.16.3.5:12496     len(body): 3694
REALITY localAddr: 172.16.3.5:12496     len(paths): 1
2023/03/10 23:08:22 [Info] [3470566800] proxy/vless/encoding: Xtls Unpadding new block0 16 content 4303 padding 146 0
2023/03/10 23:08:22 [Info] [3470566800] proxy/vless/encoding: XtlsFilterTls found tls 1.3! 1163 TLS_AES_256_GCM_SHA384
2023/03/10 23:08:22 [Info] [3470566800] proxy/vless/encoding: XtlsPadding 80 993 0
2023/03/10 23:08:22 [Info] [3470566800] proxy/vless/encoding: XtlsPadding 46 1223 2
2023/03/10 23:08:22 [Info] [3470566800] proxy/vless/encoding: XtlsWrite writeV 0 1274 0
2023/03/10 23:08:22 [Info] [3470566800] proxy/vless/encoding: Xtls Unpadding new block0 0 content 648 padding 546 2
2023/03/10 23:08:22 [Info] [3470566800] proxy/vless/encoding: XtlsRead readV
2023/03/10 23:08:24 [Info] [3470566800] app/proxyman/inbound: connection ends > proxy/http: connection ends > context canceled

服务端多次握手日志:

Mar 10 15:08:21 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12496
Mar 10 15:08:21 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12496        hs.clientHello.sessionId: [58 128 249 90 128 83 95 147 29 5 105 36 74 46 127 116 73 8 125 234 176 89 33 191 58 46 207 211 14 164 229 70]
Mar 10 15:08:21 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12496        hs.c.AuthKey: [173 17 6 214 17 183 251 66 170 180 18 6 70 149 119 226 88 106 29 100 209 166 188 176 109 75 87 12 161 158 225 10]
Mar 10 15:08:21 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12496        hs.c.ClientVer: [1 8 0]
Mar 10 15:08:21 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12496        hs.c.ClientTime: 2023-03-10 15:08:21 +0000 UTC
Mar 10 15:08:21 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12496        hs.c.ClientShortId: [208 32 187 219 191 165 251 166]
Mar 10 15:08:21 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12496        hs.c.conn == conn: false
Mar 10 15:08:22 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12497
Mar 10 15:08:22 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12497        hs.clientHello.sessionId: [252 33 110 224 234 18 99 243 176 139 121 136 204 126 242 91 188 79 131 147 175 185 89 99 7 189 18 150 53 38 7 169]
Mar 10 15:08:22 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12497        hs.c.AuthKey: [92 190 195 121 134 191 47 241 253 46 146 170 179 53 7 82 158 11 113 88 57 123 39 222 151 163 161 207 35 38 68 46]
Mar 10 15:08:22 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12497        hs.c.ClientVer: [1 8 0]
Mar 10 15:08:22 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12497        hs.c.ClientTime: 2023-03-10 15:08:22 +0000 UTC
Mar 10 15:08:22 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12497        hs.c.ClientShortId: [208 32 187 219 191 165 251 166]
Mar 10 15:08:22 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12497        hs.c.conn == conn: true
Mar 10 15:08:22 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12497        len(s2cSaved): 2896        Server Hello: 127
Mar 10 15:08:22 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12497        len(s2cSaved): 2769        Change Cipher Spec: 6
Mar 10 15:08:22 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12497        len(s2cSaved): 2763        Encrypted Extensions: 55
Mar 10 15:08:22 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12497        len(s2cSaved): 2708        Certificate: 4403
Mar 10 15:08:22 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12497        len(s2cSaved): 3908        Certificate: 4403
Mar 10 15:08:22 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12497        len(s2cSaved): 4594        Certificate: 4403
Mar 10 15:08:22 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12497        len(s2cSaved): 191        Certificate Verify: 133
Mar 10 15:08:22 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12497        len(s2cSaved): 58        Finished: 58
Mar 10 15:08:22 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12497        hs.handshake() err: <nil>
Mar 10 15:08:22 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12497        hs.readClientFinished() err: <nil>
Mar 10 15:08:22 N4KwlH xray[3032707]: REALITY remoteAddr: 172.16.3.5:12497        handled: true
Mar 10 15:08:22 N4KwlH xray[3032707]: 2023/03/10 15:08:22 [Info] [3205042291] proxy/vless/inbound: firstLen = 1031
Mar 10 15:08:22 N4KwlH xray[3032707]: 2023/03/10 15:08:22 [Info] [3205042291] proxy/vless/inbound: received request for tcp:www.google.com:443
Mar 10 15:08:22 N4KwlH xray[3032707]: 2023/03/10 15:08:22 [Info] [3205042291] proxy/vless/encoding: Xtls Unpadding new block0 16 content 517 padding 438 0
Mar 10 15:08:22 N4KwlH xray[3032707]: 2023/03/10 15:08:22 [Info] [3205042291] proxy/vless/encoding: XtlsFilterTls found tls client hello! 517
Mar 10 15:08:22 N4KwlH xray[3032707]: 2023/03/10 15:08:22 [Info] [3205042291] app/dispatcher: sniffed domain: www.google.com
Mar 10 15:08:22 N4KwlH xray[3032707]: 2023/03/10 15:08:22 [Debug] app/dns: domain www.google.com will use DNS in order: [localhost]
Mar 10 15:08:22 N4KwlH xray[3032707]: 2023/03/10 15:08:22 [Info] app/dns: Localhost got answer: www.google.com -> [2607:f8b0:4007:813::2004 172.217.14.68]
Mar 10 15:08:22 N4KwlH xray[3032707]: 2023/03/10 15:08:22 [Info] [3205042291] app/dispatcher: taking detour [relay-ss] for [tcp:www.google.com:443]
Mar 10 15:08:22 N4KwlH xray[3032707]: 2023/03/10 15:08:22 [Info] [3205042291] transport/internet/tcp: dialing TCP to tcp:192.18.134.191:29800
Mar 10 15:08:22 N4KwlH xray[3032707]: 2023/03/10 15:08:22 [Debug] transport/internet: dialing to tcp:192.18.134.191:29800
Mar 10 15:08:22 N4KwlH xray[3032707]: 2023/03/10 15:08:22 localhost got answer: www.google.com -> [2607:f8b0:4007:813::2004, 172.217.14.68] 7.999514ms
Mar 10 15:08:22 N4KwlH xray[3032707]: 2023/03/10 15:08:22 172.16.3.5:12497 accepted tcp:www.google.com:443 [relay-ss] email: priv-reality
Mar 10 15:08:22 N4KwlH xray[3032707]: 2023/03/10 15:08:22 [Info] [3205042291] proxy/shadowsocks: tunneling request to tcp:www.google.com:443 via TCP:192.18.134.191:29800
Mar 10 15:08:22 N4KwlH xray[3032707]: 2023/03/10 15:08:22 [Info] [3205042291] proxy/vless/encoding: XtlsFilterTls found tls 1.3! 4303 TLS_AES_256_GCM_SHA384
Mar 10 15:08:22 N4KwlH xray[3032707]: 2023/03/10 15:08:22 [Info] [3205042291] proxy/vless/encoding: XtlsPadding 4303 146 0
Mar 10 15:08:22 N4KwlH xray[3032707]: 2023/03/10 15:08:22 [Info] [3205042291] proxy/vless/encoding: Xtls Unpadding new block0 0 content 80 padding 993 0
Mar 10 15:08:22 N4KwlH xray[3032707]: 2023/03/10 15:08:22 [Info] [3205042291] proxy/vless/encoding: Xtls Unpadding new block0 0 content 46 padding 1223 2
Mar 10 15:08:22 N4KwlH xray[3032707]: 2023/03/10 15:08:22 [Info] [3205042291] proxy/vless/encoding: XtlsRead readV
Mar 10 15:08:22 N4KwlH xray[3032707]: 2023/03/10 15:08:22 [Info] [3205042291] proxy/vless/encoding: XtlsPadding 648 546 2
Mar 10 15:08:22 N4KwlH xray[3032707]: 2023/03/10 15:08:22 [Info] [3205042291] proxy/vless/encoding: XtlsWrite writeV 0 1199 0

多次握手并不一定会发生,而且多次握手的次数在2-5次不等,如果第五次还不行就连接失败了

aptx17 commented 1 year ago

https://github.com/XTLS/Xray-core/issues/1689#issuecomment-1439447009

aisisi02 commented 1 year ago

感谢,看了一遍 RPRX 对 maxTimeDiff 参数的解释顿悟了。试了一下以上现象全部消失,这个参数调个 10000-60000 似乎挺合理。

frankang commented 6 months ago

我这边也是遇到相同问题(不过服务能正常用),一开始还以为是服务器日志没有配置对,把loglevel设置为none还是不停出现,后面才发现是error而不是日志(建议给它打上[ERROR]标签)。 看到这个issue后,把maxTimeDiff从原本的70000改到100000就正常了。

REALITY remoteAddr: client ip:port
REALITY remoteAddr: client ip:port  hs.c.AuthKey[:16]: [36 134 98 56 123 7 211 16 140 166 0 98 68 151 117 212]   AEAD: *aes.gcmAsm
REALITY remoteAddr: client ip:port  hs.c.ClientVer: [1 8 4]
REALITY remoteAddr: client ip:port  hs.c.ClientTime: 2024-02-18 08:23:39 +0800 CST
REALITY remoteAddr: client ip:port  hs.c.ClientShortId: [107 168 81 121 227 15 79 194]
REALITY remoteAddr: client ip:port  hs.c.conn == conn: true
REALITY remoteAddr: client ip:port  len(s2cSaved): 3613     Server Hello: 127
...
REALITY remoteAddr: client ip:port  hs.handshake() err: <nil>
REALITY remoteAddr: client ip:port  hs.readClientFinished() err: <nil>
REALITY remoteAddr: client ip:port  hs.c.handshakeStatus: 1