chika0801
commented
1 year ago 建议把dest的网址换成其它的,比如当地的旅游局,博物馆
Closed uheee closed 3 months ago
chika0801
commented
1 year ago 建议把dest的网址换成其它的,比如当地的旅游局,博物馆
uheee
commented
1 year ago 建议把dest的网址换成其它的,比如当地的旅游局,博物馆
可以了,感谢
chika0801
commented
1 year ago 好奇问下,你是在哪个博客教程上看的写www.microsot.com?
你好像把微软的官方网址拼错了 www.microsot.com 少了soft f
uheee
commented
1 year ago 好奇问下,你是在哪个博客教程上看的写www.microsot.com?
你好像把微软的官方网址拼错了 www.microsot.com 少了soft f
哈哈,才发现这个问题,可能是改多了最后拼错了
uheee
commented
1 year ago 建议把dest的网址换成其它的,比如当地的旅游局,博物馆
还是不行,才发现是后面加的vision回落兜底了,试了microsoft.com.sg之类都不行,博物馆这些没有tls1.3更不行吧
uheee
commented
1 year ago 完整的服务端配置:
{
"log": {
"loglevel": "debug"
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"ip": [
"geoip:cn"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "snowind",
"flow": "xtls-rprx-vision",
"level": 0
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"show": true,
"dest": 8443,
"serverNames": [
"www.nhb.gov.sg",
"www.microsoft.com",
"www.microsoft.com.sg"
],
"privateKey": "OC3SK-kTL2xaW6fHumuyeEbm3cn9SiBSkjKuBLV79mc",
"shortIds": [
"3f4d573ec4ce481c"
]
}
}
},
{
"port": 8443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "snowind",
"flow": "xtls-rprx-vision",
"level": 0
}
],
"decryption": "none",
"fallbacks": [
{
"dest": "nginx:5000"
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/letsencrypt/live/**/fullchain.pem",
"keyFile": "/etc/letsencrypt/live/**/privkey.pem"
}
],
"alpn": [
"http/1.1"
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}
意思是你这台新加坡AWS从没连通过吗?
是的话,要不你先配置简单化原则,比如用 https://github.com/chika0801/Xray-examples/tree/main/VLESS-XTLS-uTLS-REALITY 这里的配置,暂时不改公私钥 dest网址短ID都行,它写了客户端填法的。去WIN上,手机上都填填客户端信息看通得了不。
你VPS端口通不通你自己会排查嘛
你如果不想这样查,再找台其它商家的VPS,你配置不变,搭下再在客户端连连看。反正就是排除法了。
qist
commented
1 year ago xver 配置下吧,使用本地端口改成1 使用外部tls 使用0
lxhao61
commented
1 year ago 完整的服务端配置:
{ "log": { "loglevel": "debug" }, "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ { "type": "field", "ip": [ "geoip:cn" ], "outboundTag": "block" } ] }, "inbounds": [ { "port": 443, "protocol": "vless", "settings": { "clients": [ { "id": "snowind", "flow": "xtls-rprx-vision", "level": 0 } ], "decryption": "none" }, "streamSettings": { "network": "tcp", "security": "reality", "realitySettings": { "show": true, "dest": 8443, "serverNames": [ "www.nhb.gov.sg", "www.microsoft.com", "www.microsoft.com.sg" ], "privateKey": "OC3SK-kTL2xaW6fHumuyeEbm3cn9SiBSkjKuBLV79mc", "shortIds": [ "3f4d573ec4ce481c" ] } } }, { "port": 8443, "protocol": "vless", "settings": { "clients": [ { "id": "snowind", "flow": "xtls-rprx-vision", "level": 0 } ], "decryption": "none", "fallbacks": [ { "dest": "nginx:5000" } ] }, "streamSettings": { "network": "tcp", "security": "tls", "tlsSettings": { "certificates": [ { "certificateFile": "/etc/letsencrypt/live/**/fullchain.pem", "keyFile": "/etc/letsencrypt/live/**/privkey.pem" } ], "alpn": [ "http/1.1" ] } }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] } } ], "outbounds": [ { "protocol": "freedom", "tag": "direct" }, { "protocol": "blackhole", "tag": "block" } ] }
以上配置修改见如下:
"fallbacks": [
{
"dest": "nginx:5000"
}
]如上改成如下:
"fallbacks": [
{
"alpn": "h2", //h2回落匹配
"dest": 82 //h2回落端口
}, //对应Nginx版本小于v1.25.1配置,否则删除。
{
"dest": 81 //http/1.1回落端口或h2回落与http/1.1回落共用端口(对应Nginx版本不小于v1.25.1配置,回落共用端口修改为88。)
}
] "alpn": [
"http/1.1"
]删除如上或修改为如下(默认配置):
"alpn": [
"h2",
"http/1.1"
]意思是你这台新加坡AWS从没连通过吗?
是的话,要不你先配置简单化原则,比如用 https://github.com/chika0801/Xray-examples/tree/main/VLESS-XTLS-uTLS-REALITY 这里的配置,暂时不改公私钥 dest网址短ID都行,它写了客户端填法的。去WIN上,手机上都填填客户端信息看通得了不。
你VPS端口通不通你自己会排查嘛
你如果不想这样查,再找台其它商家的VPS,你配置不变,搭下再在客户端连连看。反正就是排除法了。
AWS能通,端口没问题,浏览器访问443能回落到nginx欢迎页面上,vision+tls方式也能正常使用。
试了下你给我的配置,我几乎把配置一模一样抄下来了还是不行。
uheee
commented
1 year ago 完整的服务端配置:
{ "log": { "loglevel": "debug" }, "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ { "type": "field", "ip": [ "geoip:cn" ], "outboundTag": "block" } ] }, "inbounds": [ { "port": 443, "protocol": "vless", "settings": { "clients": [ { "id": "snowind", "flow": "xtls-rprx-vision", "level": 0 } ], "decryption": "none" }, "streamSettings": { "network": "tcp", "security": "reality", "realitySettings": { "show": true, "dest": 8443, "serverNames": [ "www.nhb.gov.sg", "www.microsoft.com", "www.microsoft.com.sg" ], "privateKey": "OC3SK-kTL2xaW6fHumuyeEbm3cn9SiBSkjKuBLV79mc", "shortIds": [ "3f4d573ec4ce481c" ] } } }, { "port": 8443, "protocol": "vless", "settings": { "clients": [ { "id": "snowind", "flow": "xtls-rprx-vision", "level": 0 } ], "decryption": "none", "fallbacks": [ { "dest": "nginx:5000" } ] }, "streamSettings": { "network": "tcp", "security": "tls", "tlsSettings": { "certificates": [ { "certificateFile": "/etc/letsencrypt/live/**/fullchain.pem", "keyFile": "/etc/letsencrypt/live/**/privkey.pem" } ], "alpn": [ "http/1.1" ] } }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] } } ], "outbounds": [ { "protocol": "freedom", "tag": "direct" }, { "protocol": "blackhole", "tag": "block" } ] }以上配置修改见如下:
"fallbacks": [ { "dest": "nginx:5000" } ]如上改成如下:
"fallbacks": [ { "alpn": "h2", //h2回落匹配 "dest": 82 //h2回落端口 }, //对应Nginx版本小于v1.25.1配置,否则删除。 { "dest": 81 //http/1.1回落端口或h2回落与http/1.1回落共用端口(对应Nginx版本不小于v1.25.1配置,回落共用端口修改为88。) } ]"alpn": [ "http/1.1" ]删除如上或修改为如下(默认配置):
"alpn": [ "h2", "http/1.1" ]
应该不是回落的问题吧,回落工作正常,是reality一直在报错
lxhao61
commented
1 year ago REALITY Vision应用要求目标网站必须支持TLSv1.3与HTTP/2!你转发给XTLS Vision应用(套娃),但你XTLS Vision应用的alpn禁用了h2,当然REALITY Vision应用一直在报错。 另外上述配置的域名修改为自己的(偷自己证书)。
uheee
commented
1 year ago REALITY Vision应用要求目标网站必须支持TLSv1.3与HTTP/2!你转发给XTLS Vision应用(套娃),但你XTLS Vision应用的alpn禁用了h2,当然REALITY Vision应用一直在报错。 另外上述配置的域名修改为自己的(偷自己证书)。
81 82 88端口是什么?我的nginx是1.25.1
chika0801
commented
1 year ago 看你基础一般,https://github.com/XTLS/Xray-core/issues/2251#issuecomment-1605326402 就这给你说了,从最简单的来
uheee
commented
1 year ago 看你基础一般,#2251 (comment) 就这给你说了,从最简单的来
已经是完全copy了,passwall目前还是一败涂地,明天换台电脑用v2rayN试试吧
chika0801
commented
1 year ago 看你基础一般,#2251 (comment) 就这给你说了,从最简单的来
已经是完全copy了,passwall目前还是一败涂地,明天换台电脑用v2rayN试试吧
一般调试时,服务端假设搭好,你不会只在一个客户端试吧,比如你现在passwall死活连不上。
应该早点换其它比如v2rayN NG上试试。
和再找其它VPS试试。多找样本原则 。
lxhao61
commented
1 year ago REALITY Vision应用要求目标网站必须支持TLSv1.3与HTTP/2!你转发给XTLS Vision应用(套娃),但你XTLS Vision应用的alpn禁用了h2,当然REALITY Vision应用一直在报错。 另外上述配置的域名修改为自己的(偷自己证书)。
81 82 88端口是什么?我的nginx是1.25.1
自己定义的 Nginx 的 HTTP/1.1 server、H2C server 及两者共用监听端口。Nginx 配置情况如下:
#........<省略>........
listen 127.0.0.1:82 http2; #H2C server本地监听端口(版本小于v1.25.1配置,否则删除。)
listen 127.0.0.1:81; #HTTP/1.1 server本地监听端口(版本小于v1.25.1配置,否则删除。)
#listen 127.0.0.1:88; #H2C server及HTTP/1.1 server本地监听端口(版本不小于v1.25.1配置,去掉注释后启用。)
#http2 on; #版本不小于v1.25.1配置,去掉注释后启用。
#........<省略>........备注: 1、Nginx 支持 H2C server 需要 Nginx 包含 http_v2_module 模块。 2、Nginx 版本不小于 v1.25.1 才支持 H2C server 与 HTTP/1.1 server 共用一个端口或一个进程。若 Nginx 版本小于 v1.25.1,回落须分成 h2 回落与 http/1.1 回落分别对应 Nginx 的 H2C server 与 HTTP/1.1 server。
uheee
commented
1 year ago 看你基础一般,#2251 (comment) 就这给你说了,从最简单的来
已经是完全copy了,passwall目前还是一败涂地,明天换台电脑用v2rayN试试吧
一般调试时,服务端假设搭好,你不会只在一个客户端试吧,比如你现在passwall死活连不上。
应该早点换其它比如v2rayN NG上试试。
和再找其它VPS试试。多找样本原则 。
v2rayN测试报错
app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [remote error: tls: handshake failure] > common/retry: all retry attempts failed添加了一个全新的东京地区的AWS VPS也一样
qist
commented
1 year ago 改成这样把:
{
"log": {
"loglevel": "debug"
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"ip": [
"geoip:cn"
],
"outboundTag": "block"
}
]
},
"inbounds": [
{
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "snowind",
"flow": "xtls-rprx-vision",
"level": 0
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"show": true,
"dest": 8443,
"xver": 1,
"serverNames": [
"www.nhb.gov.sg",
"www.microsoft.com",
"www.microsoft.com.sg"
],
"privateKey": "OC3SK-kTL2xaW6fHumuyeEbm3cn9SiBSkjKuBLV79mc",
"shortIds": [
"3f4d573ec4ce481c"
]
}
}
},
{
"port": 8443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "snowind",
"flow": "xtls-rprx-vision",
"level": 0
}
],
"decryption": "none",
"fallbacks": [
{
"dest": "nginx:5000"
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"minVersion": "1.3",
"maxVersion": "1.3",
"cipherSuites": "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"certificates": [
{
"certificateFile": "/etc/letsencrypt/live/**/fullchain.pem",
"keyFile": "/etc/letsencrypt/live/**/privkey.pem"
}
],
"alpn": [
"h2",
"http/1.1"
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}
usrbad
commented
1 year ago Got the same error. It's just stopped working in one time. Connection from mobile, laptop, the same error - REALITY: processed invalid connection
HOW I fixed that:
In server's config.json I've changed "dest" from "www.microsoft.com:443" to another website "www.samsung.com:443"
and systemctl restart xray
Works fine now. But why that happened? Microsoft banned my server's IP? I don't think so, because it happened to my 2 servers in one time. Seems some problems with microsoft 🤔
sg-qwt
commented
1 year ago Got the same error. It's just stopped working in one time. Connection from mobile, laptop, the same error - REALITY: processed invalid connection HOW I fixed that: In server's config.json I've changed
"dest"from"www.microsoft.com:443"to another website"www.samsung.com:443"andsystemctl restart xrayWorks fine now. But why that happened? Microsoft banned my server's IP? I don't think so, because it happened to my 2 servers in one time. Seems some problems with microsoft thinking
Exact same thing happened to me with microsoft around same time, changed sni to samsung works again. Maybe something happened at microsoft end?
lxsq
commented
1 year ago Got the same error. It's just stopped working in one time. Connection from mobile, laptop, the same error - REALITY: processed invalid connection HOW I fixed that: In server's config.json I've changed
"dest"from"www.microsoft.com:443"to another website"www.samsung.com:443"andsystemctl restart xrayWorks fine now. But why that happened? Microsoft banned my server's IP? I don't think so, because it happened to my 2 servers in one time. Seems some problems with microsoft thinkingExact same thing happened to me with microsoft around same time, changed sni to samsung works again. Maybe something happened at microsoft end?
Yes indeed. Microsoft disabled TLS 1.3.
chika0801
commented
1 year ago Got the same error. It's just stopped working in one time. Connection from mobile, laptop, the same error - REALITY: processed invalid connection HOW I fixed that: In server's config.json I've changed
"dest"from"www.microsoft.com:443"to another website"www.samsung.com:443"andsystemctl restart xrayWorks fine now. But why that happened? Microsoft banned my server's IP? I don't think so, because it happened to my 2 servers in one time. Seems some problems with microsoft 🤔
Samsung has this URL, guessing it might have an SSL certificate for the IP. At this time, you in the server-side configuration of the "serverNames" parameter, fill in their own arbitrary URL, or leave it blank. Client "serverNames" parameter corresponds to fill in the same content. The clients will be able to connect.
This part of the situation has been mentioned in Xray's telegram channel. The link is https://t.me/projectXtls/77 . I also learned something new through this Samsung URL.
chika0801
commented
1 year ago REALITY 隐藏玩法:任意 SNI、无 SNI https://github.com/XTLS/Xray-core/discussions/1988#discussioncomment-5736999
This arbitrary SNI, no SNI usage is mentioned by the authors as having distinct characteristics and is not recommended for a large number of people.
Mydong
commented
1 year ago 找了好久原因,原来是www.microsoft.com的问题。也是无语了!!!!! 修改为其他域名就恢复了。
diaoboom
commented
1 year ago Got the same error. It's just stopped working in one time. Connection from mobile, laptop, the same error - REALITY: processed invalid connection HOW I fixed that: In server's config.json I've changed
"dest"from"www.microsoft.com:443"to another website"www.samsung.com:443"andsystemctl restart xrayWorks fine now. But why that happened? Microsoft banned my server's IP? I don't think so, because it happened to my 2 servers in one time. Seems some problems with microsoft thinkingExact same thing happened to me with microsoft around same time, changed sni to samsung works again. Maybe something happened at microsoft end?
Yes indeed. Microsoft disabled TLS 1.3.
这是啥网站/软件呢 谢谢
PeakGymnast
commented
1 year ago Got the same error. It's just stopped working in one time. Connection from mobile, laptop, the same error - REALITY: processed invalid connection HOW I fixed that: In server's config.json I've changed
"dest"from"www.microsoft.com:443"to another website"www.samsung.com:443"andsystemctl restart xrayWorks fine now. But why that happened? Microsoft banned my server's IP? I don't think so, because it happened to my 2 servers in one time. Seems some problems with microsoft thinkingExact same thing happened to me with microsoft around same time, changed sni to samsung works again. Maybe something happened at microsoft end?
Yes indeed. Microsoft disabled TLS 1.3.
这是啥网站/软件呢 谢谢
擅用Google,Google搜索tls check,第一个网站就是这个🤣🤣🤣
frankang
commented
11 months ago 遇到相同问题,也是通过换dest解决。但奇怪的是
donnyxray
commented
11 months ago I had this problem. In my case the server time did not match the client time.
Stalker457
commented
10 months ago I had this problem. In my case the server time did not match the client time.
Same problem, after seeing your reply I synchronized the client and server time and now everything works fine.
heruv1m
commented
8 months ago I had same issue. My mistake - different dest sites on client and server. So I just set microsoft.com on both sides on it works well
VPS是AWS lightsail新加坡机房,系统debian 11,内核5.10,docker方式部署的teddysun/xray:1.8.3
服务端配置:
客户端为前置路由FriendlyElec NanoPi R2S,系统OpenWrt 22.03.2,内核5.15.78,用的passwall服务
客户端配置:
连接时服务端日志:
vision方式可以正常使用。