qist
commented
1 year ago tls开启1.3 http 支持H2 站点才可以,dest也可以使用自己的证书 serverNames 可以任意域名建议使用你国内域名下载站点什么。
Closed Heclalava closed 4 months ago
qist
commented
1 year ago tls开启1.3 http 支持H2 站点才可以,dest也可以使用自己的证书 serverNames 可以任意域名建议使用你国内域名下载站点什么。
Heclalava
commented
1 year ago tls开启1.3 http 支持H2 站点才可以,dest也可以使用自己的证书 serverNames 可以任意域名建议使用你国内域名下载站点什么。
Any recommendations of domestic sites that meet the xray REALITY requirements for TLS?
What I understand from the documentation is that the dest and serverNames needed to be foreign websites. So if any probes or TLS chain attacks it would pull the TLS certificate of the the camoflauge website. Would a domestic site be suitable as a camoflauge website?
qist
commented
1 year ago 可以使用这个测试你vps 附近 站点 https://github.com/XTLS/RealiTLScanner dest 不建议使用国内的站点因为xray 会去连接dest配置的站点 serverNames 可以是任意域名 一个不存在的都可以。我一般使用的是游戏站点或者app商店这些站点。
Heclalava
commented
1 year ago 可以使用这个测试你vps 附近 站点
https://github.com/XTLS/RealiTLScannerdest 不建议使用国内的站点因为xray 会去连接dest配置的站点 serverNames 可以是任意域名 一个不存在的都可以。我一般使用的是游戏站点或者app商店这些站点。
Thanks, I will try and see if changing the dest and serverNames makes any difference to the issues I am experiencing and report back.
Heclalava
commented
1 year ago 可以使用这个测试你vps 附近 站点
https://github.com/XTLS/RealiTLScannerdest 不建议使用国内的站点因为xray 会去连接dest配置的站点 serverNames 可以是任意域名 一个不存在的都可以。我一般使用的是游戏站点或者app商店这些站点。
So I found a website that supports TLS v1.3 ALPN h2 in the same IP range as my VPS and I adjusted my configs accordingly. The proxy works, but no change to the issues in my original post unfortunately, so it doesn't seem to be the camoflauge website being the cause of the issue. Could anything else in the config cause this? Maybe the rules in Routing?
If not the config, maybe a bug in REALITY?
qist
commented
1 year ago 这里有个配置参考https://github.com/chika0801/Xray-examples/tree/main/VLESS-XTLS-uTLS-REALITY
Heclalava
commented
1 year ago 这里有个配置参考
https://github.com/chika0801/Xray-examples/tree/main/VLESS-XTLS-uTLS-REALITY
So I have adjusted my config.json accordingly. So it isn't a config issue. Same issues persist. If I connect to this server which has the xray core 1.8.3 installed on it, the issue persists even with a vmess TCP connection.
On another server with v2ray 5.7.0 going through a vmess TCP connection, I no longer experience these issues.
This leads me to believe it is the xray core itself.
chika0801
commented
1 year ago I have reviewed the configuration file you shared, and there are no issues with it. It is normal.
You're in Iran if you are (they have a heavy firewall blockage).
If you want to troubleshoot whether it is the destination URL chosen by dest as a factor, you can try the URLs of other sites. You can ping these sites on your local machine with an IP that is not from your country. As for the requirements of the dest site I think you are already clear.
There is another way to troubleshoot. Suppose your country does not use SNI URL whitelist blocking. You can use what we commonly known as the way to steal their own. This way you need to prepare a domain name of your own, first apply for a good certificate for this domain name. You can find an example configuration here: https://github.com/chika0801/Xray-examples/tree/main/VLESS-XTLS-uTLS-REALITY/steal_yourself .
You can check out https://github.com/XTLS/Xray-core/discussions/2256#discussioncomment-6295296 for suggestions on Dest target site selection.
Heclalava
commented
1 year ago I have reviewed the configuration file you shared, and there are no issues with it. It is normal.
You're in Iran if you are (they have a heavy firewall blockage).
If you want to troubleshoot whether it is the destination URL chosen by dest as a factor, you can try the URLs of other sites. You can ping these sites on your local machine with an IP that is not from your country. As for the requirements of the dest site I think you are already clear.
There is another way to troubleshoot. Suppose your country does not use SNI URL whitelist blocking. You can use what we commonly known as the way to steal their own. This way you need to prepare a domain name of your own, first apply for a good certificate for this domain name. You can find an example configuration here: https://github.com/chika0801/Xray-examples/tree/main/VLESS-XTLS-uTLS-REALITY/steal_yourself .
You can check out #2256 (comment) for suggestions on Dest target site selection.
I am in China.
I think the issue is with xray core itself to be honest, I think it is triggering security systems of online services. I have an identical setup for a TCP configuration on a VPS with v2ray and a VPS with xray. All my issues happen with the xray VPS and not the v2ray VPS. I am going to replace the TCP config on my test server today (the one with REALITY on) to test with the v2ray core instead of xray core and see if my issues resolve.
The easiest way to get this resolved I think is to pass the APK of this streaming service on to one of the devs to test. They will see it won't work at all if the VPS has xray core installed, but works fine if the v2ray core is used.
EDIT: Replace xray core with v2ray core on the test server and setup for a TCP connection and everything works as expected. This leads me to believe there is an issue with the xray core.
chika0801
commented
1 year ago I'm also in China, using vps outside of China, using REALITY technology, and I'm not experiencing the phenomena you're reflecting. And I haven't received any other feedback in xray's telegram group that is similar to yours. So I can't give you any other suggestions or opinions on possible causes. I'd like to ask if the network line you purchased to China is optimized for China? My own vps is good line quality for my broadband network operator.
Heclalava
commented
1 year ago I'm also in China, using vps outside of China, using REALITY technology, and I'm not experiencing the phenomena you're reflecting. And I haven't received any other feedback in xray's telegram group that is similar to yours. So I can't give you any other suggestions or opinions on possible causes. I'd like to ask if the network line you purchased to China is optimized for China? My own vps is good line quality for my broadband network operator.
Yeah I get good speeds and connection from my VPS (it isn't a CN2/GIA). It is just that any config I use in xray I experience these issues, be it REALITY, TCP, I even setup a WS + TLS to test and all the same. I have found a good dest website for REALITY that meets all the criteria (it even has OSCP Stapling). And all these issues persit.
As soon as I switch to a config that utilises v2ray on the same server, then all the issues disappear. So something about the exit traffic on the VPS once processed by xray core is triggering firewalls on various online services. I have no idea how to diagnose that further.
Heclalava
commented
1 year ago I'm also in China, using vps outside of China, using REALITY technology, and I'm not experiencing the phenomena you're reflecting. And I haven't received any other feedback in xray's telegram group that is similar to yours. So I can't give you any other suggestions or opinions on possible causes. I'd like to ask if the network line you purchased to China is optimized for China? My own vps is good line quality for my broadband network operator.
Here is a link to the streaming app download: https://www.mediafire.com/file/pds2kaxz4uyrbvy/MovieHD.apk/file
I would be curious if you can get this streaming or search for titles on any configuration using xray core on your VPS.
chika0801
commented
1 year ago I opened this URL and it looked like in the picture and I downloaded the MovieHD.apk file.
I am using the configuration of the VLESS Vision REALITY combination. What problems do you have? I don't seem to have a problem opening this URL here.
Heclalava
commented
1 year ago
I opened this URL and it looked like in the picture and I downloaded the MovieHD.apk file.
I am using the configuration of the VLESS Vision REALITY combination. What problems do you have? I don't seem to have a problem opening this URL here.
So you can downoad the APK. If you install that, see if you can search for movies or series in the app or if anything will stream. When I search for anything with xray core I get a message no internet connection and a retry button. Try stream something and nothing will play.
Use v2ray core and everything works as expected.
If a streaming app can detect the the xray connection as being a problem and block the connection, how long until the GFW can detect it?
chika0801
commented
1 year ago I downloaded that APK file you mentioned and installed it. Then my environment is that I use the luci-app-ssr-plus plugin on my openwrt router to proxy all network access traffic, the type of proxy protocol Xray REALITY. i can search movies and play movies in the software you mentioned, that software is working fine.
chika0801
commented
1 year ago If a streaming app can detect the the xray connection as being a problem and block the connection, how long until the GFW can detect it?
I don't think these programs check what proxy service you are using.
Heclalava
commented
1 year ago I downloaded that APK file you mentioned and installed it. Then my environment is that I use the luci-app-ssr-plus plugin on my openwrt router to proxy all network access traffic, the type of proxy protocol Xray REALITY. i can search movies and play movies in the software you mentioned, that software is working fine.
That is really weird it won't work on my network. I have the FancySS plugin on Merlin Koolshare Asus router. I have also tested with v2rayNG with my mobile data and nothing works if I use a VPS with xray core. Soon as I switch to a VPS with v2ray core it works.
This was the guide I used to setup xray reality. https://cscot.pages.dev/2023/03/02/Xray-REALITY-tutorial/
I followed the instruction above to find a dest website best suited to my VPS IP address. Even with a TCP config and using xray still won't work.
So now I am really clueless as to what the issue could be and why it won't work my end.
qist
commented
1 year ago @Heclalava 你客户端用的那个代理APP。dns做好配置么。你的服务端配置是没什么问题的。还有你能不能调试一下看看访问不了的站点返回的什么,日志有什么,猜测没意义。我一直用这个都没出现过任何问题。当然我客户端都是用的是clash Meta 多端统一。
Heclalava
commented
1 year ago 你客户端用的那个代理APP。dns做好配置么。你的服务端配置是没什么问题的。还有你能不能调试一下看看访问不了的站点返回的什么,日志有什么,猜测没意义。我一直用这个都没出现过任何问题。当然我客户端都是用的是clash Meta 多端统一。
Do you mean the log on the VPS? I see the log is set to warning in the config. When I access /var/log/Xray/access.log and /var/log/Xray/error.log both of them are empty on my VPS.
I checked the router logs and no information coming up.
Below is my router DNS config inside FancySS.
dhcp-option=6,192.168.0.49 is to use my Pi-hole on my network for ad and telemetry blocking.
I will try and see if I can pull any logs from my phone going through mobile data.
Heclalava
commented
1 year ago I made a video to demonstrate. First test is xray reality, you can see in the android app the search will not work (says no connection, I prove there is a connection by streaming on youtube). I switch to a TCP connection on the same server but with v2ray core instead and retest and you can see it works. So I am not sure what more info to pull. As per previous message of mine all logs on the server are empty. Router has no useful logs either.
chika0801
commented
1 year ago I took the video you posted. You tested it this way, without using the plugin on the router to proxy.
Use for example sing-box on your system to turn on TUN mode so your Android emulator can be proxied.
I'm not sure if the problem is above the proxy plugin on your router, so I suggest you try a different client to see if the phenomenon recurs in order to locate where the failure point is.
For example, if you keep the proxy profile on your VPS unchanged and you have problems using it on your router, and at this point you are using the proxy software on your phone with a 5G network but no problems, you can locate that the problem is on top of your router proxy plugin.
Heclalava
commented
1 year ago I took the video you posted. You tested it this way, without using the plugin on the router to proxy.
Use for example sing-box on your system to turn on TUN mode so your Android emulator can be proxied.
I'm not sure if the problem is above the proxy plugin on your router, so I suggest you try a different client to see if the phenomenon recurs in order to locate where the failure point is.
For example, if you keep the proxy profile on your VPS unchanged and you have problems using it on your router, and at this point you are using the proxy software on your phone with a 5G network but no problems, you can locate that the problem is on top of your router proxy plugin.
This was in my router that I was using xray/v2ray the android emulator would go through the proxy as my PC is connected to the router. The problem is every device I use xray. Wether in my router, v2rayNG on my android phone, v2rayA on my Linux PC. Doesn't make a difference which device, if on mobile data or wifi. As long as I am using xray I have these problems, but on v2ray not. v2ray was that TCP route I showed in the video, xray was that reality route.
I have both v2ray and xray installed side by side on the VPS, just the configs are written differently for each.
If you use that streaming app are you able to search for movies and tv series while using xray? Actually search for something by using the search bar like I did in the video, not just selecting something that comes up on initial loading of the app.
chika0801
commented
1 year ago I have no other suggestions to help you with this strange problem you are experiencing.
Heclalava
commented
1 year ago I have no other suggestions to help you with this strange problem you are experiencing.
Thanks I will continue to test, try with debugging on the log and see if anything specifically comes up in the logs.
Heclalava
commented
1 year ago Jun 30 14:16:56 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:56 [Info] [974419144] app/dispatcher: sniffed domain: appmoviehd.info Jun 30 14:16:56 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:56 [Debug] app/dns: domain appmoviehd.info will use DNS in order: [UDP:9.9.9.9:53 UDP:208.67.222.222:53 localhost] Jun 30 14:16:56 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:56 [Debug] app/dns: UDP:9.9.9.9:53 querying DNS for: appmoviehd.info. Jun 30 14:16:56 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:56 [Debug] transport/internet/udp: dispatch request to: udp:9.9.9.9:53 Jun 30 14:16:56 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:56 [Debug] transport/internet/udp: dispatch request to: udp:9.9.9.9:53 Jun 30 14:16:56 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:56 [Info] app/dns: UDP:9.9.9.9:53 got answer: appmoviehd.info. TypeA -> [104.26.4.188 172.67.74.203 104.26.5.188] 3.648293ms Jun 30 14:16:56 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:56 [Debug] app/dns: UDP:9.9.9.9:53 updating IP records for domain:appmoviehd.info. Jun 30 14:16:56 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:56 [Info] app/dns: UDP:9.9.9.9:53 got answer: appmoviehd.info. TypeAAAA -> [[2606:4700:20::681a:5bc] [2606:4700:20::ac43:4acb] [2606:4700:20::681a:4bc]] 3.672754ms Jun 30 14:16:56 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:56 [Debug] app/dns: UDP:9.9.9.9:53 updating IP records for domain:appmoviehd.info. Jun 30 14:16:56 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:56 [Info] [974419144] app/dispatcher: default route for tcp:appmoviehd.info:443 Jun 30 14:16:56 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:56 [Info] [974419144] transport/internet/tcp: dialing TCP to tcp:appmoviehd.info:443 Jun 30 14:16:56 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:56 [Debug] transport/internet: dialing to tcp:appmoviehd.info:443 Jun 30 14:16:56 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:56 116.52.106.117:33442 accepted tcp:104.26.4.188:443 [direct] Jun 30 14:16:56 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:56 [Info] [974419144] proxy/freedom: connection opened to tcp:appmoviehd.info:443, local endpoint [2a0c:8a41:1100::8da6:bfa]:53356, remote endpoint [2606:4700:20::ac43:4acb]: Jun 30 14:16:57 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:57 [Info] [974419144] proxy/vless/encoding: XtlsFilterTls found tls 1.3! 2895 TLS_AES_128_GCM_SHA256 Jun 30 14:16:57 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:57 [Info] [974419144] proxy/vless/encoding: XtlsPadding 2895 177 0 Jun 30 14:16:57 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:57 [Info] [974419144] proxy/vless/encoding: Xtls Unpadding new block0 0 content 64 padding 1254 0 Jun 30 14:16:57 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:57 [Info] [974419144] proxy/vless/encoding: Xtls Unpadding new block0 0 content 466 padding 488 2 Jun 30 14:16:57 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:57 [Info] [974419144] proxy/vless/encoding: XtlsRead readV Jun 30 14:16:57 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:57 [Info] [974419144] proxy/vless/encoding: XtlsPadding 1616 172 2 Jun 30 14:16:57 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:57 [Info] [974419144] proxy/vless/encoding: XtlsWrite writeV 0 1793 0 Jun 30 14:16:58 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:58 [Info] [2202478316] transport/internet/tcp: dialing TCP to tcp:91.108.56.137:443 Jun 30 14:16:58 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:58 [Debug] transport/internet: dialing to tcp:91.108.56.137:443 Jun 30 14:16:58 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:58 [Info] [2202478316] proxy/freedom: connection opened to tcp:91.108.56.137:443, local endpoint 185.178.164.60:40358, remote endpoint 91.108.56.137:443 Jun 30 14:16:58 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:58 [Info] [2202478316] proxy/vless/encoding: XtlsPadding 258 90 0 Jun 30 14:16:59 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:59 [Info] [2202478316] proxy/vless/encoding: Xtls Unpadding new block0 0 content 313 padding 217 0 Jun 30 14:16:59 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:59 [Info] [3113253005] proxy/vless/inbound: firstLen = 340 Jun 30 14:16:59 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:59 [Info] [3113253005] proxy/vless/inbound: received request for tcp:142.250.179.131:80 Jun 30 14:16:59 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:59 [Info] [3113253005] proxy/vless/encoding: Xtls Unpadding new block0 16 content 113 padding 162 0 Jun 30 14:16:59 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:59 [Info] [3113253005] app/dispatcher: sniffed domain: www.google.com.tw Jun 30 14:16:59 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:59 [Debug] app/dns: domain www.google.com.tw will use DNS in order: [UDP:9.9.9.9:53 UDP:208.67.222.222:53 localhost] Jun 30 14:16:59 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:59 [Debug] app/dns: UDP:9.9.9.9:53 cache HIT www.google.com.tw -> [108.177.127.94 2a00:1450:4013:c1a::5e] Jun 30 14:16:59 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:59 [Info] [3113253005] app/dispatcher: default route for tcp:www.google.com.tw:80 Jun 30 14:16:59 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:59 [Info] [3113253005] transport/internet/tcp: dialing TCP to tcp:www.google.com.tw:80 Jun 30 14:16:59 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:59 [Debug] transport/internet: dialing to tcp:www.google.com.tw:80 Jun 30 14:16:59 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:59 116.52.106.117:33446 accepted tcp:142.250.179.131:80 [direct] Jun 30 14:16:59 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:59 [Info] [3113253005] proxy/freedom: connection opened to tcp:www.google.com.tw:80, local endpoint [2a0c:8a41:1100::8da6:bfa]:45592, remote endpoint [2a00:1450:4013:c07::5e] Jun 30 14:16:59 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:59 [Info] [3113253005] proxy/vless/encoding: XtlsPadding 103 158 0 Jun 30 14:16:59 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:59 [Info] [1170986678] proxy/vless/inbound: firstLen = 128 Jun 30 14:16:59 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:59 [Info] [1170986678] proxy/vless/inbound: received request for tcp:1.1.1.1:53 Jun 30 14:16:59 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:59 [Info] [1170986678] proxy/vless/encoding: Xtls Unpadding new block0 16 content 46 padding 17 0 Jun 30 14:16:59 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:59 [Info] [1170986678] app/dispatcher: default route for tcp:1.1.1.1:53 Jun 30 14:16:59 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:59 [Info] [1170986678] transport/internet/tcp: dialing TCP to tcp:1.1.1.1:53 Jun 30 14:16:59 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:59 [Debug] transport/internet: dialing to tcp:1.1.1.1:53 Jun 30 14:16:59 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:59 116.52.106.117:33448 accepted tcp:1.1.1.1:53 [direct] Jun 30 14:16:59 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:59 [Info] [1170986678] proxy/freedom: connection opened to tcp:1.1.1.1:53, local endpoint 185.178.164.60:64740, remote endpoint 1.1.1.1:53 Jun 30 14:16:59 ONEVPS230625013549 xray[2634]: 2023/06/30 14:16:59 [Info] [1170986678] proxy/vless/encoding: XtlsPadding 190 98 0 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3993381739] proxy/vless/inbound: firstLen = 1186 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3993381739] proxy/vless/inbound: received request for tcp:104.26.10.12:443 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3993381739] proxy/vless/encoding: Xtls Unpadding new block0 16 content 559 padding 782 0 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3993381739] proxy/vless/encoding: XtlsFilterTls found tls client hello! 559 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3993381739] app/dispatcher: sniffed domain: api-explorer.aioz.network Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Debug] app/dns: domain api-explorer.aioz.network will use DNS in order: [UDP:9.9.9.9:53 UDP:208.67.222.222:53 localhost] Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Debug] app/dns: UDP:9.9.9.9:53 cache HIT api-explorer.aioz.network -> [172.67.68.18 104.26.11.12 104.26.10.12 2606:4700:20::681a:a0c 2606:4700:20::681a:b0c 2606:4700:20:: Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3993381739] app/dispatcher: default route for tcp:api-explorer.aioz.network:443 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3993381739] transport/internet/tcp: dialing TCP to tcp:api-explorer.aioz.network:443 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Debug] transport/internet: dialing to tcp:api-explorer.aioz.network:443 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 116.52.106.117:33449 accepted tcp:104.26.10.12:443 [direct] Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3993381739] proxy/freedom: connection opened to tcp:api-explorer.aioz.network:443, local endpoint [2a0c:8a41:1100::8da6:bfa]:41874, remote endpoint [2606:4700:20:: Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3993381739] proxy/vless/encoding: XtlsFilterTls found tls 1.3! 218 TLS_AES_128_GCM_SHA256 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3993381739] proxy/vless/encoding: XtlsPadding 218 1109 0 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3993381739] proxy/vless/encoding: Xtls Unpadding new block0 0 content 64 padding 1107 0 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3993381739] proxy/vless/encoding: Xtls Unpadding new block0 0 content 612 padding 595 2 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3993381739] proxy/vless/encoding: XtlsRead readV Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3113253005] app/proxyman/inbound: connection ends > proxy/vless/inbound: connection ends > context canceled Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3993381739] proxy/vless/encoding: XtlsPadding 1071 62 2 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3993381739] proxy/vless/encoding: XtlsWrite writeV 0 1138 0 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3826776765] proxy/vless/inbound: firstLen = 1034 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3826776765] proxy/vless/inbound: received request for tcp:216.58.208.106:443 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3826776765] proxy/vless/encoding: Xtls Unpadding new block0 16 content 517 padding 452 0 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3826776765] proxy/vless/encoding: XtlsFilterTls found tls client hello! 517 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3826776765] app/dispatcher: sniffed domain: securetoken.googleapis.com Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Debug] app/dns: domain securetoken.googleapis.com will use DNS in order: [UDP:9.9.9.9:53 UDP:208.67.222.222:53 localhost] Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Debug] app/dns: UDP:9.9.9.9:53 querying DNS for: securetoken.googleapis.com. Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Debug] transport/internet/udp: dispatch request to: udp:9.9.9.9:53 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] app/dns: UDP:9.9.9.9:53 got answer: securetoken.googleapis.com. TypeA -> [173.194.69.95 108.177.126.95 142.251.31.95 108.177.119.95 74.125.128.95 108.177.127.95 173 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Debug] app/dns: UDP:9.9.9.9:53 updating IP records for domain:securetoken.googleapis.com. Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] app/dns: UDP:9.9.9.9:53 got answer: securetoken.googleapis.com. TypeAAAA -> [[2a00:1450:4013:c00::5f] [2a00:1450:4013:c01::5f] [2a00:1450:4013:c05::5f] [2a00:1450:4 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Debug] app/dns: UDP:9.9.9.9:53 updating IP records for domain:securetoken.googleapis.com. Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3826776765] app/dispatcher: default route for tcp:securetoken.googleapis.com:443 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3826776765] transport/internet/tcp: dialing TCP to tcp:securetoken.googleapis.com:443 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Debug] transport/internet: dialing to tcp:securetoken.googleapis.com:443 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 116.52.106.117:33452 accepted tcp:216.58.208.106:443 [direct] Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3826776765] proxy/freedom: connection opened to tcp:securetoken.googleapis.com:443, local endpoint [2a0c:8a41:1100::8da6:bfa]:31530, remote endpoint [2a00:1450:401 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3826776765] proxy/vless/encoding: XtlsFilterTls found tls 1.3! 4687 TLS_AES_128_GCM_SHA256 Jun 30 14:17:00 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:00 [Info] [3826776765] proxy/vless/encoding: XtlsPadding 4687 250 0 Jun 30 14:17:01 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:01 [Info] [3826776765] proxy/vless/encoding: Xtls Unpadding new block0 0 content 64 padding 1071 0 Jun 30 14:17:01 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:01 [Info] [3826776765] proxy/vless/encoding: Xtls Unpadding new block0 0 content 763 padding 476 2 Jun 30 14:17:01 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:01 [Info] [3826776765] proxy/vless/encoding: XtlsRead readV Jun 30 14:17:01 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:01 [Info] [3826776765] proxy/vless/encoding: XtlsPadding 2407 164 2 Jun 30 14:17:01 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:01 [Info] [3826776765] proxy/vless/encoding: XtlsWrite writeV 0 2576 0 Jun 30 14:17:02 ONEVPS230625013549 xray[2634]: 2023/06/30 14:17:02 [Info] [1170986678] app/proxyman/inbound: connection ends > proxy/vless/inbound: connection ends > context canceled
Logs from when I initate the connection to that app untill I finish trying to search and have pressed the retry button a few times.
qist
commented
1 year ago 下面是我的配:
# conf_ver: 20220701
# by: hq450
# --------------------------------------------------------------------------------------------------
# 1. 此smartdns配置文件用于进阶DNS设定中,主DNS方案为smartdns方案时,smartdns配置-2
# 3. 如果不懂如何配置,请不要随意修改,不然可能导致本地DNS污染,或者DNS无法解析,导致无法科学上网。
# 4. 如果修改请确保配置文件的监听端口为7913,修改配置后,你需要重启整个科学上网插件,才能让新配置生效。
# 5. smartdns相关文档请参考:https://github.com/pymumu/smartdns#smartdns
# --------------------------------------------------------------------------------------------------
# 监听端口:7913
bind [::]:7913
# conf
conf-file /tmp/smart_cdn.conf
conf-file /tmp/smart_gfw.conf
# 缓存大小
cache-size 16384
# 开启域名预获取
prefetch-domain yes
# 启用过期缓存服务
serve-expired yes
#缓存持久化
cache-persist no
# 测速模式选择
speed-check-mode tcp:443,ping
# 禁用IPV6解析
force-AAAA-SOA no
# force specific qtype return soa
force-qtype-SOA 65 28
# 设置 TTL
rr-ttl 1800
# 日志记录
log-level info
log-file /tmp/smartdns.log
log-size 128k
log-num 1
# 证书文件
ca-file /etc/ssl/certs/ca-certificates.crt
# 国内上游服务器 (默认为114dns,当运营商DNS存在时自动替换为运营商DNS)
server-https https://dns.alidns.com/dns-query -group chn
server-https https://dns.pub/dns-query -group chn
server-https https://doh.360.cn/dns-query -group chn
# 国外上游服务器
server-https https://dns.google/dns-query -group gfw
server-https https://dns.cloudflare.com/dns-query -group gfw
server-https https://dns.quad9.net/dns-query -group gfw
可以使用v2rayN 配置测试通过后正常然后导入
视频没任何问题
Heclalava
commented
1 year ago 下面是我的配:
# conf_ver: 20220701 # by: hq450 # -------------------------------------------------------------------------------------------------- # 1. 此smartdns配置文件用于进阶DNS设定中,主DNS方案为smartdns方案时,smartdns配置-2 # 3. 如果不懂如何配置,请不要随意修改,不然可能导致本地DNS污染,或者DNS无法解析,导致无法科学上网。 # 4. 如果修改请确保配置文件的监听端口为7913,修改配置后,你需要重启整个科学上网插件,才能让新配置生效。 # 5. smartdns相关文档请参考:https://github.com/pymumu/smartdns#smartdns # -------------------------------------------------------------------------------------------------- # 监听端口:7913 bind [::]:7913 # conf conf-file /tmp/smart_cdn.conf conf-file /tmp/smart_gfw.conf # 缓存大小 cache-size 16384 # 开启域名预获取 prefetch-domain yes # 启用过期缓存服务 serve-expired yes #缓存持久化 cache-persist no # 测速模式选择 speed-check-mode tcp:443,ping # 禁用IPV6解析 force-AAAA-SOA no # force specific qtype return soa force-qtype-SOA 65 28 # 设置 TTL rr-ttl 1800 # 日志记录 log-level info log-file /tmp/smartdns.log log-size 128k log-num 1 # 证书文件 ca-file /etc/ssl/certs/ca-certificates.crt # 国内上游服务器 (默认为114dns,当运营商DNS存在时自动替换为运营商DNS) server-https https://dns.alidns.com/dns-query -group chn server-https https://dns.pub/dns-query -group chn server-https https://doh.360.cn/dns-query -group chn # 国外上游服务器 server-https https://dns.google/dns-query -group gfw server-https https://dns.cloudflare.com/dns-query -group gfw server-https https://dns.quad9.net/dns-query -group gfw
可以使用v2rayN 配置测试通过后正常然后导入
视频没任何问题
Thanks for sharing your config. I tried your DNS configuration my side, made no difference to resolving my issues. Still can't upload files to Discord, can't search for anything in that streaming app. I don't believe it is a DNS issue as the DNS config I normally use works fine when I use a v2ray config.
Also when using v2rayNG on my phone you don't have access to such advanced DNS config, only local and foreign DNS. Phone is the same issue.
Heclalava
commented
1 year ago 下面是我的配:
# conf_ver: 20220701 # by: hq450 # -------------------------------------------------------------------------------------------------- # 1. 此smartdns配置文件用于进阶DNS设定中,主DNS方案为smartdns方案时,smartdns配置-2 # 3. 如果不懂如何配置,请不要随意修改,不然可能导致本地DNS污染,或者DNS无法解析,导致无法科学上网。 # 4. 如果修改请确保配置文件的监听端口为7913,修改配置后,你需要重启整个科学上网插件,才能让新配置生效。 # 5. smartdns相关文档请参考:https://github.com/pymumu/smartdns#smartdns # -------------------------------------------------------------------------------------------------- # 监听端口:7913 bind [::]:7913 # conf conf-file /tmp/smart_cdn.conf conf-file /tmp/smart_gfw.conf # 缓存大小 cache-size 16384 # 开启域名预获取 prefetch-domain yes # 启用过期缓存服务 serve-expired yes #缓存持久化 cache-persist no # 测速模式选择 speed-check-mode tcp:443,ping # 禁用IPV6解析 force-AAAA-SOA no # force specific qtype return soa force-qtype-SOA 65 28 # 设置 TTL rr-ttl 1800 # 日志记录 log-level info log-file /tmp/smartdns.log log-size 128k log-num 1 # 证书文件 ca-file /etc/ssl/certs/ca-certificates.crt # 国内上游服务器 (默认为114dns,当运营商DNS存在时自动替换为运营商DNS) server-https https://dns.alidns.com/dns-query -group chn server-https https://dns.pub/dns-query -group chn server-https https://doh.360.cn/dns-query -group chn # 国外上游服务器 server-https https://dns.google/dns-query -group gfw server-https https://dns.cloudflare.com/dns-query -group gfw server-https https://dns.quad9.net/dns-query -group gfw
Just a couple questions which version of FancySS are you using. I am using HND V8 Full.
qist
commented
1 year ago 你节点是用域名还是ip 我用的版本是v5的 fancyss_arm_full 建议先关闭路由代理然后本地测试好,确认没问题在找路由上面插件的问题。如果本地都出现这个问题你怎么也解决不了啊。
Heclalava
commented
1 year ago @qist It can use either, I have changed to gRPC to see if that makes a difference to my problem, but no luck. Currently using an IP. I still can't get rid of the red X on the foreign routing. Tried various DNS configs and no luck. I wonder if I should try the 32 bit FancySS instead of the 64 bit.
qist
commented
1 year ago @Heclalava 你用v2rayN 先测试没问题就确认是你的FancySS 问题。然后你可以试着更换版本。不然没意义,外网节点测试是谷歌台湾站点。
qist
commented
1 year ago @Heclalava 你这么好的设备可以使用MerlinClash也不错。
Heclalava
commented
1 year ago @Heclalava 你这么好的设备可以使用MerlinClash也不错。
Well still trying to see if I can get my issues resolved. I have tried older versions of Fancyss. Different firmware versions for the router. I need to try an older version of xray. I still need to test my TCP config on 1.7.5 to see if that fixes the issues. To be honest I am not a fan of clash. Terrible UI and design.
Heclalava
commented
1 year ago
This is further to issues experienced. REALITY triggers online security systems.
Heclalava
commented
1 year ago So I installed xray REALITY on another server.
The foreign connection test in the router works, all my other issues I was experiencing with the other VPS don't happen with this new VPS.
Both have an identical install, some OS, same setup.
So what can it be about the problem VPS that would be causing these issues?
qist
commented
1 year ago 的确可能是你vps ip 被污染的问题。
Heclalava
commented
1 year ago 的确可能是你vps ip 被污染的问题。
That was my first initial thought when I first had problems. I actually contacted the VPS supplier and had the IP changed. Problems still persisted. Checking online the IP isn't in any blacklists. Also on this problem VPS the issues does't happen when I use v2ray core, only when using xray core. On this new server everything works fine on both v2ray and xray. I have both installed side by side. So I find this a very bizarre situation. Would be nice to get to the bottom of the cause though.
qist
commented
1 year ago 那你试着把maxTimeDiff 改大一点 maxTimeDiff: 70000
Heclalava
commented
1 year ago 70000
This makes no difference unfortunately on the problem VPS.
ghost
commented
1 year ago I'm also in China, using vps outside of China, using REALITY technology, and I'm not experiencing the phenomena you're reflecting. And I haven't received any other feedback in xray's telegram group that is similar to yours. So I can't give you any other suggestions or opinions on possible causes. I'd like to ask if the network line you purchased to China is optimized for China? My own vps is good line quality for my broadband network operator.
@chika0801
I'm from Iran and I also have this problem. Everthing on browser works fine. Telegram, YouTube, and Twitter app also work fine. But, when I switch to Instagram and GitHub app, my download speed reduces to zero as if I don't have Internet connection. However, I don't think the problem is with xray. I believe the problem is with VPS's DNS. I haven't been able to solve this problem.
ghost
commented
1 year ago @qist @Heclalava
Excuse me, which web panel is this?
qist
commented
1 year ago @alidxdydz 这个是梅林路由器上面的 github 地址: https://github.com/hq450/fancyss
ghost
commented
1 year ago @alidxdydz 这个是梅林路由器上面的 github 地址:
https://github.com/hq450/fancyss
Got it. Thank you.
Heclalava
commented
1 year ago
@qist @Heclalava
Excuse me, which web panel is this?
It's the FancySS plugin for routers flashed with Merlin Koolshare firmware.
cary-sas
commented
1 year ago 对于梅林的插件,你可以测试如下,把有问题的网址添加到 “黑名单”, 如果还不行再试试“游戏模式”。
Keroronsk
commented
9 months ago I'm using XRay Reality v1.8.1 and can confirm problems with Discord image uploading. It's working fine with NekoRay in TUN mode, but not in PROXY mode.
I have xray 1.8.3 installed and running on a Debian 10 VPS. For the most part the internet works well and bypasses censorship, however I am detecting lots of little issues, such as the following:
All the above can be resolved if I switch to a vmess configuration on the same server. Below is my config:
I get the feeling that servers/websites are blocking access to the VPS. I don't know if it is because of the way the TLS is shaped by REALITY or if maybe it is the camoflauge website being masqueraded that these servers/websites are detecting when probing the connection, and hence blocking access to their server.
Would using a different camoflauge website other than www.microsoft.com fix this? I have tried choosing A+ servers from https://www.ssllabs.com/ssltest/ and putting them in to the configs, but then the proxy just doesn't work at all.
Some help with this issue would be appreciated. Thanks.