search

XTLS / Xray-core

Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.
https://t.me/projectXray
Mozilla Public License 2.0
25.45k stars 3.94k forks source link

流量路由 #3130

Closed AnnaPetrovaWer closed 8 months ago

AnnaPetrovaWer commented 8 months ago

下午好,亲爱的朋友们! 我想咨询你们关于从一个服务器转发流量到另一个服务器问题的建议。

我有一个设置了REALITY的入口点,主服务器,它处理大部分流量,但我想在某些条件下将部分流量发送到另一个服务器,在那里处理,从主服务器转发。

我无法决定使用哪种传输/协议更好? 再用一个REALITY?SS?WG? 在性能提升和减少延迟及开销方面,哪个是最佳选择? 谢谢!

Good afternoon! I wanted to ask your advice regarding the issue of forwarding traffic from one server to another.

I have one entry point set up with REALITY, the main server that handles most of the traffic, but I want to send part of the traffic, under certain conditions, to another server, to be processed there, forwarding it from the main one.

I can't decide which transport/protocol is better to use? Another reality? SS? WG? What would be optimal in terms of performance and reducing latency and overhead? Thank you!

chika0801 commented 8 months ago

假设你这2个服务器在非中国大陆地区,我一直是在它们之间,使用的ss2022 tcp (不开udp over tcp)加mptcp(可选)

AnnaPetrovaWer commented 8 months ago

假设你这2个服务器在非中国大陆地区,我一直是在它们之间,使用的ss2022 tcp (不开udp over tcp)加mptcp(可选)

非常感谢您的回答,我亲爱的朋友!

我立即放弃了TLS连接(VLESS TLS/VMESS TLS等),因为TLS-in-TLS的原因,以避免流量被加密两次。

毕竟通过REALITY我已经绕过了审查,而且在VPS之间传输流量没有限制,且该流量已经被TLS打包。

如果您允许的话,我想问问您,为什么您推荐对SS22禁用UDP?

另外,如果不麻烦您的话,您能否指引我一些关于您提到的MPTCP的文档/指南/示例?

非常感谢! 希望这条消息找到您时一切安好。

chika0801 commented 8 months ago

你应该不是在中国大陆地区。

假设你的这2台服务器,也不在你自己所在的国家。

这样的情况,这2台服务器之间使用的协议,我也推荐用ss2022就可以了。

点击查看
VPS A ```json { "log": { "loglevel": "warning" }, "dns": { "servers": [ "https+local://8.8.8.8/dns-query" ] }, "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ { "domain": [ "geosite:netflix" ], "outboundTag": "singapore" }, { "domain": [ "geosite:openai" ], "outboundTag": "tokyo" }, { "ip": [ "geoip:cn" ], "outboundTag": "tokyo" }, { "ip": [ "geoip:private" ], "outboundTag": "block" } ] }, "inbounds": [ { "listen": "0.0.0.0", "port": 443, "protocol": "vless", "settings": { "clients": [ { "id": "honoka", "flow": "xtls-rprx-vision" }, { "id": "umi", "flow": "xtls-rprx-vision" } ], "decryption": "none" }, "streamSettings": { "network": "tcp", "security": "reality", "realitySettings": { "dest": "/dev/shm/nginx.sock", "xver": 1, "serverNames": [ "xxx.top", "www.xxx.top" ], "privateKey": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "shortIds": [ "xxxxxxxxxxxxxxxxxxxxxxxxxxx" ] } }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls", "quic" ] } } ], "outbounds": [ { "protocol": "freedom", "settings": { "domainStrategy": "ForceIPv4" }, "streamSettings": { "sockopt": { "tcpFastOpen": true } }, "tag": "direct" }, { "protocol": "blackhole", "tag": "block" }, { "protocol": "shadowsocks", "settings": { "servers": [ { "address": "xxxxxxxxxxxxxxxxx", "port": 80, "method": "2022-blake3-aes-128-gcm", "password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" } ] }, "streamSettings": { "sockopt": { "tcpMptcp": true, "tcpNoDelay": true } }, "tag": "singapore" }, { "protocol": "shadowsocks", "settings": { "servers": [ { "address": "xxxxxxxxxxxxxxxxx", "port": 80, "method": "2022-blake3-aes-128-gcm", "password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" } ] }, "tag": "tokyo" } ], "policy": { "levels": { "0": { "handshake": 2, "connIdle": 120 } } } } ``` VPS B ``` { "log": { "loglevel": "warning" }, "dns": { "servers": [ "https+local://1.1.1.1/dns-query" ] }, "inbounds": [ { "listen": "0.0.0.0", "port": 80, "protocol": "shadowsocks", "settings": { "method": "2022-blake3-aes-128-gcm", "password": "xxxxxxxxxxxxxxxxxxxxxxxxxxxx", "network": "tcp,udp" }, "streamSettings": { "sockopt": { "tcpMptcp": true, "tcpNoDelay": true } } } ], "outbounds": [ { "protocol": "freedom", "settings": { "domainStrategy": "ForceIPv4" }, "streamSettings": { "sockopt": { "tcpFastOpen": true } } } ] } ```

MPTCP 配置需在客户端(VPS A),服务端(VPS B)都加上对应参数,才能生效。如果一端的 Linux 内核版本不符合要求,即使你写了相应参数,应该不会生效。MPTCP功能也可以不加,是属于不用白不用,用了也不知道提升大不大的功能。 需要 Xray-core 版本 1.8.6 或更高 需要 Linux 内核版本 5.6 或更高

RPRX commented 8 months ago

这样的情况,这2台服务器之间使用的协议,我也推荐用ss2022就可以了。

前向安全警告

在性能提升和减少延迟及开销方面,哪个是最佳选择?

XTLS Switch

AnnaPetrovaWer commented 8 months ago

这样的情况,这2台服务器之间使用的协议,我也推荐用ss2022就可以了。

前向安全警告

在性能提升和减少延迟及开销方面,哪个是最佳选择?

XTLS Switch

非常感谢您的回复! 我们怀着忐忑的心情等待seed和switch的发布,但在它们推出之前,您能否分享您的丰富经验,帮助我在选择连接运输时避免犯错误? 如果您要解决这样的问题,您会选择什么?

AnnaPetrovaWer commented 8 months ago

@chika0801 非常感谢您的回复!

RPRX commented 8 months ago

这种短平快场景人们总是会想到 SS,但其实 REALITY 也不用证书且比 SS 更安全(但前者多一个 RTT),而 XTLS 比 SS 性能更好

AnnaPetrovaWer commented 8 months ago

这种短平快场景人们总是会想到 SS,但其实 REALITY 也不用证书且比 SS 更安全(但前者多一个 RTT),而 XTLS 比 SS 性能更好

非常感谢您的回复,我很感激您抽出时间来!

从您的信息中,我了解到我的最明显的解决方案并不总是最正确的。

如果您允许,我还有另一个问题要问。 遗憾的是,我的知识水平不允许我阅读您产品的代码,而且由于缺乏技术知识,我可能会错过许多事情。

但在您的消息之前,我一直认为对我来说,最重要的是通过我的设备到VPS的审查级别,因为之后就无所谓了,因为没有边界。

因此,为了绕过封锁,在客户端->服务器的路线上,我总是使用REALITY,加上一些您之前在其他消息中写过的小技巧。

在您的消息之前,我以为,如果需要转发流量,由于客户端的流量已经通过TLS加密,那么将它以最快的方式转发到另一个VPS将是最佳解决方案,为此我使用了WG或SS而没有加密(毕竟数据已经加密了吗?)

我没有在两台服务器之间使用REALITY,因为我认为,由于我们每次都必须进行握手,这也是额外的操作开销。

也许我在某处犯了错误,如果您有时间,作为一个更有经验的人,您可以指出我的错误吗? 谢谢,我很欣赏您的工作和对社区的贡献!

chika0801 commented 8 months ago

The journey from your country, to the country where your VPS is located, is a journey through which you can use a combination like VLESS+VISION+REALITY due to the internet censorship firewalls in your country.

For the journey from your VPS's country to your other VPS's country, you can use the old SS protocol for this journey, or you can use a combination of REALITY-related protocols for this journey.

Which one to use depends on the country where your VPS is located whether you want to get a higher high full rank or not.

Since SS the protocol was invented a long time ago, he expresses the meaning that people can easily associate with SS the protocol.

As for whether to use SS or REALITY related protocol combinations, it depends on your actual needs, for me, I only forward netflix openai domains on VPS A to VPS B, so I use SS.

Translated with DeepL.com (free version)

AnnaPetrovaWer commented 8 months ago

The journey from your country, to the country where your VPS is located, is a journey through which you can use a combination like VLESS+VISION+REALITY due to the internet censorship firewalls in your country.

For the journey from your VPS's country to your other VPS's country, you can use the old SS protocol for this journey, or you can use a combination of REALITY-related protocols for this journey.

Which one to use depends on the country where your VPS is located whether you want to get a higher high full rank or not.

Since SS the protocol was invented a long time ago, he expresses the meaning that people can easily associate with SS the protocol.

As for whether to use SS or REALITY related protocol combinations, it depends on your actual needs, for me, I only forward netflix openai domains on VPS A to VPS B, so I use SS.

我想再次对您和您的社区表示感谢,感谢您花时间帮助我理解这个问题!

是的,确实,我的国家只有在地方提供商的层面上存在封锁,一旦我越过这个障碍,我就可以随意使用任何东西。

确实,我的任务是从主服务器仅重定向特定的流量部分,在主服务器到辅助服务器的路径上,线路上没有任何障碍和过滤。因此,我试图寻找一个最小化开销的方案。

我看到了您的详细回答和配置示例,我想我会选择这个方案!

只是当我看到尊敬的RPRX的消息时,我想听听他作为专家的意见,以免我因无知而错过了什么!

再次感谢您抽出时间!❤️🤝

chika0801 commented 8 months ago

你用的翻译软件,翻译后的中文,让我们阅读后,感觉到意思的表达很自然。机器翻译的感受不多。

chika0801 commented 8 months ago

You may close this one question in time, which is a good habit.