search

XTLS / Xray-core

Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.
https://t.me/projectXray
Mozilla Public License 2.0
24.69k stars 3.86k forks source link

今天发现了一个奇怪的现象,请各位大佬帮我分析一下 #3168

Closed movlight closed 6 months ago

movlight commented 6 months ago

之前xray部署到了gcp,今天上网连上不到几分钟服务端连不上,并且用其他设备浏览器无法访问服务端reality代理后的网页。后来换了节点没几分钟再次连接这个服务端仍然能连接上但过几分钟又连不上了,由于当时证书我偷的是1.1.1.1且域名是我随便码的,浏览器正常访问服务端443reality代理后cf那边返回的都是403,可今天返回的却是421,这让我觉得很奇怪... 由于这个服务端貌似没有配置log(log=null)所以没有看到服务端日志什么情况

客户端环境我这边是用一个小主机,配置不高,系统win server,里面有一个v2rayn版本是5.39(但xray内核是1.8.8)用作外网代理,上网的设备都是通过这个小主机来上外网并且上外网的设备无法连接国内网络(只能访问内网IP)除此以外又加了个定时脚本设定五分钟重启一次v2rayn和Xray内核(主要担心死机问题)

客户端和服务端版本是1.8.8,服务端部署当时是用[Xray-install]里面命令安装和更新的。配置是VLESS-XTLS-Vision-REALITY,之前套用的x-ui面板里的配置外加自己改了一些。

目前我把服务端升级到了1.8.9 截止码完这段话还没有发现无法连接问题,但我的同配置另一个服务器(只是这个服务端IP只有IPv6)却没有任何无法连接的问题。麻烦大佬帮我分析一下

下面是当时服务端的配置文件:

`{
  "log": null,
  "routing": {
    "rules": [
      {
        "inboundTag": [
          "api"
        ],
        "outboundTag": "api",
        "type": "field"
      },
      {
        "ip": [
          "geoip:private"
        ],
        "outboundTag": "blocked",
        "type": "field"
      },
      {
        "outboundTag": "blocked",
        "protocol": [
          "bittorrent"
        ],
        "type": "field"
      }
    ]
  },
  "dns": null,
  "inbounds": [
    {
      "listen": "127.0.0.1",
      "port": 62789,
      "protocol": "dokodemo-door",
      "settings": {
        "address": "127.0.0.1"
      },
      "streamSettings": null,
      "tag": "api",
      "sniffing": null
    },
    {
      "listen": null,
      "port": 443,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "****",
            "email": "****",
            "flow": "xtls-rprx-vision"
          }
        ],
        "decryption": "none",
        "fallbacks": []
      },
      "streamSettings": {
        "network": "tcp",
        "security": "reality",
        "realitySettings": {
          "show": false,
          "dest": "1.1.1.1:443",
          "xver": 0,
          "serverNames": [
            "****.***"
          ],
          "privateKey": "****",
          "publicKey": "****",
          "minClient": "",
          "maxClient": "",
          "maxTimediff": 0,
          "shortIds": [
            "",
            "***",
            "***",
            "***",
            "***"
          ]
        },
        "tcpSettings": {
          "header": {
            "type": "none"
          },
          "acceptProxyProtocol": false
        }
      },
      "tag": "inbound-443",
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls",
          "quic"
        ]
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "settings": {}
    },
    {
      "protocol": "blackhole",
      "settings": {},
      "tag": "blocked"
    }
  ],
  "transport": null,
  "policy": {
    "levels": {
      "0": {
        "handshake": 10,
        "connIdle": 100,
        "uplinkOnly": 2,
        "downlinkOnly": 3,
        "statsUserUplink": true,
        "statsUserDownlink": true,
        "bufferSize": 10240
      }
    },
    "system": {
      "statsInboundDownlink": true,
      "statsInboundUplink": true
    }
  },

  "stats": {},
  "reverse": null,
  "fakeDns": null
}`

这是客户端配置:

{
  "policy": {
    "system": {
      "statsOutboundUplink": true,
      "statsOutboundDownlink": true
    }
  },
  "log": {
    "access": "",
    "error": "",
    "loglevel": "warning"
  },
  "inbounds": [
    {
      "tag": "socks",
      "port": 10810,
      "listen": "0.0.0.0",
      "protocol": "socks",
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ],
        "routeOnly": true
      },
      "settings": {
        "auth": "noauth",
        "udp": false,
        "allowTransparent": false
      }
    },
    {
      "tag": "http",
      "port": 10811,
      "listen": "0.0.0.0",
      "protocol": "http",
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ],
        "routeOnly": true
      },
      "settings": {
        "auth": "noauth",
        "udp": false,
        "allowTransparent": false
      }
    },
    {
      "tag": "api",
      "port": 9090,
      "listen": "127.0.0.1",
      "protocol": "dokodemo-door",
      "settings": {
        "udp": false,
        "address": "127.0.0.1",
        "allowTransparent": false
      }
    }
  ],
  "outbounds": [
    {
      "tag": "proxy",
      "protocol": "vless",
      "settings": {
        "vnext": [
          {
            "address": "****",
            "port": 443,
            "users": [
              {
                "id": "****",
                "alterId": 0,
                "email": "****",
                "security": "auto",
                "encryption": "none",
                "flow": "xtls-rprx-vision"
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "security": "reality",
        "realitySettings": {
          "serverName": "****",
          "fingerprint": "chrome",
          "show": false,
          "publicKey": "****",
          "shortId": "",
          "spiderX": ""
        }
      },
      "mux": {
        "enabled": false,
        "concurrency": -1
      }
    },
    {
      "tag": "direct",
      "protocol": "freedom",
      "settings": {
        "domainStrategy": "AsIs",
        "userLevel": 0
      }
    },
    {
      "tag": "block",
      "protocol": "blackhole",
      "settings": {
        "response": {
          "type": "http"
        }
      }
    }
  ],
  "stats": {},
  "api": {
    "tag": "api",
    "services": [
      "StatsService"
    ]
  },
  "dns": {
    "servers": [
      "https://1.1.1.1/dns-query",
      "tls://8.8.8.8"
    ]
  },
  "routing": {
    "domainStrategy": "AsIs",
    "rules": [
      {
        "type": "field",
        "inboundTag": [
          "api"
        ],
        "outboundTag": "api"
      },
      {
        "type": "field",
        "outboundTag": "block",
        "domain": [
          "geosite:category-ads-all"
        ]
      },
      {
        "type": "field",
        "outboundTag": "block",
        "domain": [
          "geosite:cn"
        ]
      },
      {
        "type": "field",
        "outboundTag": "block",
        "ip": [
          "geoip:private",
          "geoip:cn"
        ]
      },
      {
        "type": "field",
        "port": "0-65535",
        "outboundTag": "proxy"
      }
    ]
  }
}
chika0801 commented 6 months ago

猜测可能是之前有ISS许多人来说用甲骨文的VPS,时通时不通这方面的原因。

建议你实在要用GCP的VPS,换其它协议组合搭一下,如果能复现,证明不是协议组合的锅。

或你用买的VPS商家的机器再搭一下,没复现,就证明是GCP的VPS IP说不清楚的黑。

movlight commented 6 months ago

猜测可能是之前有ISS许多人来说用甲骨文的VPS,时通时不通这方面的原因。

建议你实在要用GCP的VPS,换其它协议组合搭一下,如果能复现,证明不是协议组合的锅。

或你用买的VPS商家的机器再搭一下,没复现,就证明是GCP的VPS IP说不清楚的黑。

感谢大佬回复,回头我试试