有部分网站总是报protocol error

[GreatMichaelLee]

我用的是www.ebay.com做dest和serverName, 但是访问个别网站时总会报protocol error,比如香港政府网站，不知是何原因

但访问谷歌，油管，小鸟又完全正常。去掉代理访问www.gov.hk也正常。

[RPRX]

不发配置不发日志

[chika0801]

~不发配置不发日志~

发图不发种，菊花被人？

[ghost]

試試這個：進入(edge or chrome)://net-internals/#hsts 把dest的網址輸入到

Delete domain security policies
Input a domain name to delete its dynamic HSTS policy. (You cannot delete preloaded entries.):

Domain: 
example.com

點delete。顯示已刪除。 再輸入到

Query HSTS/PKP domain
Input a domain name to query the current HSTS/PKP set:

Domain: 
example.com

點query。顯示沒找到即可。

[GreatMichaelLee]

不是我不想发啊，老板们，主要是隐私信息mask烦，日志里有太多ip要处理，挺烦的，批量也烦。配置也是，要处理uuid, key等等，配置很普通了，就是一个reality出站，routing几个分流，入站一个socks, 没有dns模块，没搞什么特别花样

[chika0801]

开玩笑一下

[GreatMichaelLee]

試試這個：進入(edge or chrome)://net-internals/#hsts 把dest的網址輸入到

Delete domain security policies
Input a domain name to delete its dynamic HSTS policy. (You cannot delete preloaded entries.):

Domain: 
example.com

點delete。顯示已刪除。 再輸入到

Query HSTS/PKP domain
Input a domain name to query the current HSTS/PKP set:

Domain: 
example.com

點query。顯示沒找到即可。

然后还是一样。

[GreatMichaelLee]

我觉得跟网站有关系，但也说不上来和协议是否有关系，我打开Info.gov.hk没问题，但打开www.gov.hk就是报这个错，你们的能行吗，是不是跟网站tls证书有关系？配置是中国列表以外走代理，所以这两个都会走代理，换了几个不同的reality出战的 vps,都一样，有美国的香港的，新加坡的。

[ghost]

試試這個：進入(edge or chrome)://net-internals/#hsts 把dest的網址輸入到

Delete domain security policies
Input a domain name to delete its dynamic HSTS policy. (You cannot delete preloaded entries.):

Domain: 
example.com

點delete。顯示已刪除。 再輸入到

Query HSTS/PKP domain
Input a domain name to query the current HSTS/PKP set:

Domain: 
example.com

點query。顯示沒找到即可。

然后还是一样。

你輸ebay幹什麼？

[GreatMichaelLee]

試試這個：進入(edge or chrome)://net-internals/#hsts 把dest的網址輸入到

Delete domain security policies
Input a domain name to delete its dynamic HSTS policy. (You cannot delete preloaded entries.):

Domain: 
example.com

點delete。顯示已刪除。 再輸入到

Query HSTS/PKP domain
Input a domain name to query the current HSTS/PKP set:

Domain: 
example.com

點query。顯示沒找到即可。

然后还是一样。

你輸ebay幹什麼？

我reality配的dest就是www.ebay.com啊....www.hk.gov也试了，一样，不管用。

[ghost]

試試這個：進入(edge or chrome)://net-internals/#hsts 把dest的網址輸入到

Delete domain security policies
Input a domain name to delete its dynamic HSTS policy. (You cannot delete preloaded entries.):

Domain: 
example.com

點delete。顯示已刪除。 再輸入到

Query HSTS/PKP domain
Input a domain name to query the current HSTS/PKP set:

Domain: 
example.com

點query。顯示沒找到即可。

然后还是一样。

你輸ebay幹什麼？

我reality配的dest就是www.ebay.com啊....www.hk.gov也试了，一样，不管用。

那你還是聽R佬話吧

[RPRX]

不是我不想发啊，老板们，主要是隐私信息mask烦，日志里有太多ip要处理，挺烦的，批量也烦。配置也是，要处理uuid, key等等，配置很普通了，就是一个reality出站，routing几个分流，入站一个socks, 没有dns模块，没搞什么特别花样

理解不能，你想让我们帮你解决问题，你还嫌麻烦，不发配置不发日志，意思是就该我们花宝贵的时间帮你算命吗，我给过机会了

这类 issue 以后真的要直接 Close as not planned，不要手下留情 https://github.com/XTLS/Xray-core/issues/1813#issuecomment-1474707067

[GreatMichaelLee]

OK.

[RPRX]

你要理解，我们不知道你怎么配的，只能靠猜，是 Vision 还是 H2 还是 gRPC，是不是路由配错了，之类的，这不就开始算命了吗

[GreatMichaelLee]

这是v2ray NG 的配置（手机端一样是访问不了www.gov.hk) { "log": { "loglevel": "warning" }, "dns": { "hosts": { "geosite:category-ads-all": "127.0.0.1", "dns.google": "8.8.8.8", "dns.alidns.com": "223.5.5.5", "dns.pub": "119.29.29.29", "domain:googleapis.cn": "googleapis.com" }, "servers": [ { "address": "https://1.1.1.1/dns-query", "domains": [ "geosite:geolocation-!cn" ], "expectIPs": [ "geoip:!cn" ] }, "8.8.8.8", { "address": "https://1.12.12.12/dns-query", "domains": [ "geosite:cn", "geosite:icloud", "geosite:category-games@cn" ], "skipFallback": true, "port": 443, "expectIPs": [ "geoip:cn" ] }, { "address": "localhost", "skipFallback": true } ] }, "inbounds": [ { "settings": { "udp": true, "auth": "noauth", "userLevel": 8 }, "listen": "127.0.0.1", "protocol": "socks", "port": 10808, "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] }, "tag": "socks" }, { "settings": { "userLevel": 8 }, "listen": "127.0.0.1", "protocol": "http", "port": 10809, "tag": "http" }, { "settings": { "address": "1.1.1.1", "network": "tcp,udp", "port": 53 }, "listen": "127.0.0.1", "protocol": "dokodemo-door", "port": 10853, "tag": "dns-in" } ], "routing": { "balancers": [ { "tag": "balancer_1", "selector": [ "NETFLIX", "OPENAI" ] } ], "rules": [ { "type": "field", "outboundTag": "dns-out", "inboundTag": [ "dns-in" ] }, { "type": "field", "outboundTag": "default", "domain": [ "domain:googleapis.cn" ] }, { "type": "field", "outboundTag": "direct", "domain": [ "geosite:cn" ] }, { "type": "field", "domain": [ "geosite:netflix" ], "outboundTag": "NETFLIX" }, { "type": "field", "domain": [ "geosite:disney" ], "outboundTag": "DISNEY" }, { "type": "field", "domain": [ "openai.com" ], "outboundTag": "OPENAI" }, { "type": "field", "outboundTag": "block", "domain": [ "geosite:category-ads-all" ] }, { "ip": [ "geoip:private" ], "type": "field", "outboundTag": "direct" }, { "ip": [ "geoip:cn" ], "type": "field", "outboundTag": "direct" }, { "type": "field", "outboundTag": "direct", "domain": [ "geosite:cn", "geosite:tld-cn" ] }, { "type": "field", "network": "tcp,udp", "domain": [ "geosite:geolocation-!cn" ], "balancerTag": "balancer_1" } ], "domainStrategy": "IPIfNonMatch", "domainMatcher": "mph" }, "outbounds": [ { "settings": { "vnext": [ { "address": "vps1 ip", "users": [ { "level": 8, "security": "auto", "encryption": "none", "id": "uuid", "flow": "xtls-rprx-vision" } ], "port": 443 } ] }, "streamSettings": { "realitySettings": { "publicKey": "my public key", "spiderX": "/", "serverName": "www.ebay.com", "shortId": "03", "fingerprint": "ios" }, "network": "tcp", "tcpSettings": { "header": { "type": "none" } }, "security": "reality" }, "mux": { "enabled": false, "concurrency": 8 }, "protocol": "vless", "tag": "default" }, { "settings": { "vnext": [ { "address": "vps1 ip", "users": [ { "level": 8, "security": "auto", "encryption": "none", "id": "uuid", "flow": "xtls-rprx-vision" } ], "port": 443 } ] }, "streamSettings": { "realitySettings": { "publicKey": "my public key", "spiderX": "/", "serverName": "www.ebay.com", "shortId": "03", "fingerprint": "ios" }, "network": "tcp", "tcpSettings": { "header": { "type": "none" } }, "security": "reality" }, "mux": { "enabled": false, "concurrency": 8 }, "protocol": "vless", "tag": "NETFLIX" }, { "settings": { "vnext": [ { "address": "vps2 ip", "users": [ { "level": 8, "security": "auto", "encryption": "none", "id": "uuid", "flow": "xtls-rprx-vision" } ], "port": 443 } ] }, "streamSettings": { "realitySettings": { "publicKey": "my public key", "spiderX": "/", "serverName": "www.ebay.com", "shortId": "03", "fingerprint": "ios" }, "network": "tcp", "tcpSettings": { "header": { "type": "none" } }, "security": "reality" }, "mux": { "enabled": false, "concurrency": 8 }, "protocol": "vless", "tag": "DISNEY" }, { "settings": { "vnext": [ { "address": "vps2 ip", "users": [ { "level": 8, "security": "auto", "encryption": "none", "id": "uuid", "flow": "xtls-rprx-vision" } ], "port": 443 } ] }, "streamSettings": { "realitySettings": { "publicKey": "my public key", "spiderX": "/", "serverName": "www.ebay.com", "shortId": "03", "fingerprint": "ios" }, "network": "tcp", "tcpSettings": { "header": { "type": "none" } }, "security": "reality" }, "mux": { "enabled": false, "concurrency": 8 }, "protocol": "vless", "tag": "OPENAI" }, { "settings": {}, "protocol": "freedom", "tag": "direct" }, { "settings": { "response": { "type": "http" } }, "protocol": "blackhole", "tag": "block" }, { "protocol": "dns", "tag": "dns-out" } ], "stats": {}, "policy": { "system": { "statsOutboundUplink": true, "statsOutboundDownlink": true }, "levels": { "8": { "handshake": 2, "connIdle": 120, "downlinkOnly": 1, "uplinkOnly": 1 } } } }

这是server段配置：就发vps1的吧，vps2一样，都是模板 { "log": { "error": "/etc/xray-ui/error.log", "loglevel": "warning" }, "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ { "inboundTag": [ "api" ], "outboundTag": "api", "type": "field" }, { "type": "field", "domain": [ "geosite:category-ads-all", "geosite:geolocation-cn" ], "outboundTag": "blocked" }, { "ip": [ "geoip:cn", "geoip:private" ], "outboundTag": "blocked", "type": "field" } ] }, "dns": null, "inbounds": [ { "listen": "127.0.0.1", "port": 62789, "protocol": "dokodemo-door", "settings": { "address": "127.0.0.1" }, "streamSettings": null, "tag": "api", "sniffing": null }, { "listen": null, "port": 443, "protocol": "vless", "settings": { "clients": [ { "id": "uuid", "flow": "xtls-rprx-vision" } ], "decryption": "none", "fallbacks": [] }, "streamSettings": { "network": "tcp", "security": "reality", "realitySettings": { "show": false, "dest": "www.ebay.com:443", "xver": 0, "serverNames": [ "ebay.com", "www.ebay.com" ], "privateKey": "my private key", "minClientVer": "", "maxClientVer": "", "maxTimeDiff": 5000, "shortIds": [ "01", "02", "03" ] }, "tcpSettings": { "header": { "type": "none" } } }, "tag": "inbound-443", "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] } } ], "outbounds": [ { "protocol": "freedom", "settings": {} }, { "protocol": "blackhole", "settings": { "response": { "type": "http" } }, "tag": "blocked" } ], "transport": null, "policy": { "system": { "statsInboundDownlink": true, "statsInboundUplink": true }, "levels": { "0": { "handshake": 2, "connIdle": 120 } } }, "api": { "services": [ "HandlerService", "LoggerService", "StatsService" ], "tag": "api" }, "stats": {}, "reverse": null, "fakeDns": null }

[RPRX]

把路由全删了试试，如果还不行，再把 Vision 换成 gRPC 试试

[RPRX]

那啥，hello.sessionId 和 uConn.AuthKey 是要码掉的

[RPRX]

发一下服务端的日志

[RPRX]

你发的第一个日志我就看到了客户端没问题，你删掉吧

此外我要把 Show 打开时输出的密文 SessionID 删掉，AuthKey 只留一半