MUX not working (unexpected EOF)

[pulsarice]

Integrity requirements

• [X] I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
• [X] I searched issues and did not find any similar issues.

Version

1.8.11

Description

I have a domestic VPS and a foreign VPS. the interconnection between two servers is Reality-tcp-xtls-rprx-vision. If I enable MUX on the interconnection, the connection fails.

Reproduction Method

To investigate the matter, I created a minimal environment on my home PC using two VMs. I didn't use any 3rd party panel to run xray. I edited config files manually and started xray from terminal.

VM1 connects to VM2 via two outbounds (one without mux and the other with mux enabled, all the other parameters of outbounds are the same).

on my Domestic VPS I don't have both outbounds simultaneously, this is done here to show both cases in a single config.

users connect to VM1 in order to access VM2: user1 is routed through reality with mux off. user2 is routed through reality with mux on.

user1's connection succeeds, but user2's fails.

It's interesting that when I try to test and connect to the foreign VPS or VM2 directly from V2rayN (xray 1.8.11) with MUX enabled, the connection works. But I'm not sure how V2rayN sets MUX parameters.

Client config

VM1:

{
  "log": {
    "loglevel": "debug",
    "error": "./error.log",
    "access": "./access.log"
  },
  "routing": {
    "domainStrategy": "AsIs",
    "rules": [
    {
        "type": "field",
        "user": [
          "user1"
        ],
        "outboundTag": "VM2-fromVM1"
      },
      {
        "type": "field",
        "user": [
          "user2"
        ],
        "outboundTag": "VM2-fromVM1-MUX"
      }
    ]
  },
  "inbounds": [
    {
      "listen": null,
      "port": 443,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "email": "user1",
            "flow": "",
            "id": "5926ca57-f500-497f-d703-d4ce401dc9a9"
          },
          {
            "email": "user2",
            "flow": "",
            "id": "a3033726-0a8d-4d59-8e08-3e76faa2beda"
          }
        ],
        "decryption": "none"
      },
      "streamSettings": {
        "network": "tcp",
        "security": "none"
        },
      "tag": "inbound-443",
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ]
      }
    }
  ],
  "outbounds": [
    {
      "tag": "direct",
      "protocol": "freedom",
      "settings": {
        "domainStrategy": "UseIP"
      }
    },
    {
      "tag": "VM2-fromVM1",
      "protocol": "vless",
      "settings": {
        "vnext": [
          {
            "address": "192.168.187.130",
            "port": 443,
            "users": [
              {
                "id": "4c184b98-5cc7-4276-9a1a-26d0ae5e3909",
                "flow": "xtls-rprx-vision",
                "encryption": "none"
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "security": "reality",
        "realitySettings": {
          "publicKey": "39cQeDJ0Z6e3IAfdvzYsl1RB2JBFkEDWDA6y0HK0b3w",
          "fingerprint": "firefox",
          "serverName": "domain.tld",
          "shortId": "8c28d37ae6",
          "spiderX": "/iiututjjlkjioowhadh"
        }
      }
    },
    {
      "tag": "VM2-fromVM1-MUX",
      "protocol": "vless",
      "settings": {
        "vnext": [
          {
            "address": "192.168.187.130",
            "port": 443,
            "users": [
              {
                "id": "4c184b98-5cc7-4276-9a1a-26d0ae5e3909",
                "flow": "xtls-rprx-vision",
                "encryption": "none"
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "security": "reality",
        "realitySettings": {
          "publicKey": "39cQeDJ0Z6e3IAfdvzYsl1RB2JBFkEDWDA6y0HK0b3w",
          "fingerprint": "firefox",
          "serverName": "domain.tld",
          "shortId": "8c28d37ae6",
          "spiderX": "/iiututjjlkjioowhadh"
        }
      },
      "mux": {
        "enabled": true,
        "concurrency": 8,
        "xudpConcurrency": 16,
        "xudpProxyUDP443": "reject"
      }
    }
  ]
}

Server config

VM2:

{
  "log": {
    "loglevel": "debug",
    "error": "./error.log",
    "access": "./access.log"
  },
  "inbounds": [
    {
      "listen": null,
      "port": 443,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "email": "fromVM1",
            "flow": "xtls-rprx-vision",
            "id": "4c184b98-5cc7-4276-9a1a-26d0ae5e3909"
          }
        ],
        "decryption": "none"
      },
      "streamSettings": {
        "network": "tcp",
        "realitySettings": {
          "dest": "127.0.0.1:8001",
          "privateKey": "QLol5YTeD6HH0jHKhCryYr5ksXnfZRTCndHXVprtYwg",
          "serverNames": [
            "domain.tld"
          ],
          "shortIds": [
            "8c28d37ae6"
          ],
          "show": false,
          "xver": 1
        },
        "security": "reality"
      },
      "tag": "inbound-443",
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ]
      }
    }
  ],
  "outbounds": [
    {
      "tag": "direct",
      "protocol": "freedom",
      "settings": {
        "domainStrategy": "UseIP"
      }
    },
    {
      "tag": "blocked",
      "protocol": "blackhole",
      "settings": {}
    }
  ]
}

Client log

VM1:

***access log
2024/05/17 04:19:56 192.168.187.1:6096 accepted tcp:www.google.com:443 [inbound-443 -> VM2-fromVM1] email: user1
2024/05/17 04:20:18 192.168.187.1:6101 accepted tcp:www.google.com:443 [inbound-443 -> VM2-fromVM1-MUX] email: user2

***error log
2024/05/17 04:19:44 [Debug] app/log: Logger started
2024/05/17 04:19:44 [Debug] app/proxyman/inbound: creating stream worker on 0.0.0.0:443
2024/05/17 04:19:44 [Info] transport/internet/tcp: listening TCP on 0.0.0.0:443
2024/05/17 04:19:44 [Warning] core: Xray 1.8.11 started
2024/05/17 04:19:56 [Info] [3439013659] proxy/vless/inbound: firstLen = 213
2024/05/17 04:19:56 [Info] [3439013659] proxy/vless/inbound: received request for tcp:www.google.com:443
2024/05/17 04:19:56 [Info] [3439013659] app/dispatcher: sniffed domain: www.google.com
2024/05/17 04:19:56 [Info] [3439013659] app/dispatcher: taking detour [VM2-fromVM1] for [tcp:www.google.com:443]
2024/05/17 04:19:56 [Info] [3439013659] transport/internet/tcp: dialing TCP to tcp:192.168.187.130:443
2024/05/17 04:19:56 [Debug] transport/internet: dialing to tcp:192.168.187.130:443
2024/05/17 04:19:56 [Info] [3439013659] proxy/vless/outbound: tunneling request to tcp:www.google.com:443 via 192.168.187.130:443
2024/05/17 04:19:56 [Info] [3439013659] proxy: XtlsFilterTls found tls client hello! 176
2024/05/17 04:19:56 [Info] [3439013659] proxy: XtlsPadding 176 1097 0
2024/05/17 04:19:57 [Info] [3439013659] proxy: Xtls Unpadding new block, content 4198 padding 3 command 0
2024/05/17 04:19:57 [Info] [3439013659] proxy: XtlsFilterTls short server hello, tls 1.2 or older? 1163 68
2024/05/17 04:19:57 [Info] [3439013659] proxy: XtlsFilterTls found tls 1.2! 1163
2024/05/17 04:19:57 [Info] [3439013659] proxy: XtlsPadding 93 1102 0
2024/05/17 04:19:57 [Info] [3439013659] proxy: Xtls Unpadding new block, content 295 padding 894 command 0
2024/05/17 04:19:57 [Info] [3439013659] proxy: XtlsPadding 81 1023 1
2024/05/17 04:19:57 [Info] [3439013659] proxy: Xtls Unpadding new block, content 213 padding 847 command 1
2024/05/17 04:19:57 [Info] [3439013659] app/proxyman/inbound: connection ends > proxy/vless/inbound: connection ends > proxy/vless/inbound: failed to transfer request payload > read tcp 192.168.187.129:443->192.168.187.1:6096: read: connection reset by peer
***user2 tries to connect:
2024/05/17 04:20:18 [Info] [4139579939] proxy/vless/inbound: firstLen = 442
2024/05/17 04:20:18 [Info] [4139579939] proxy/vless/inbound: received request for tcp:www.google.com:443
2024/05/17 04:20:18 [Info] [4139579939] app/dispatcher: sniffed domain: www.google.com
2024/05/17 04:20:18 [Info] [4139579939] app/dispatcher: taking detour [VM2-fromVM1-MUX] for [tcp:www.google.com:443]
2024/05/17 04:20:18 [Info] [4139579939] common/mux: dispatching request to tcp:www.google.com:443
2024/05/17 04:20:18 [Info] transport/internet/tcp: dialing TCP to tcp:192.168.187.130:443
2024/05/17 04:20:18 [Debug] transport/internet: dialing to tcp:192.168.187.130:443
2024/05/17 04:20:18 [Info] proxy/vless/outbound: tunneling request to tcp:v1.mux.cool:9527 via 192.168.187.130:443
2024/05/17 04:20:18 [Info] proxy: XtlsFilterTls found tls client hello! 432
2024/05/17 04:20:18 [Info] proxy: XtlsPadding 27 1343 0
2024/05/17 04:20:18 [Info] proxy: XtlsPadding 405 806 0
2024/05/17 04:20:28 [Info] [4139579939] app/proxyman/inbound: connection ends > proxy/vless/inbound: connection ends > proxy/vless/inbound: failed to transfer request payload > read tcp 192.168.187.129:443->192.168.187.1:6101: read: connection reset by peer
2024/05/17 04:20:28 [Info] [4139579939] common/mux: failed to fetch all input > io: read/write on closed pipe
2024/05/17 04:20:28 [Info] proxy: XtlsPadding 6 1390 0
2024/05/17 04:20:28 [Info] failed to handler mux client connection > proxy/vless/outbound: connection ends > proxy/vless/outbound: failed to decode response header > proxy/vless/encoding: failed to read response version > EOF
2024/05/17 04:20:28 [Info] common/mux: failed to read metadata > io: read/write on closed pipe

Server log

VM2:

***access log
2024/05/17 04:19:56 192.168.187.129:38204 accepted tcp:www.google.com:443 [inbound-443 >> direct] email: fromVM1
***error log
2024/05/17 04:19:39 [Debug] app/log: Logger started
2024/05/17 04:19:39 [Debug] app/proxyman/inbound: creating stream worker on 0.0.0.0:443
2024/05/17 04:19:39 [Info] transport/internet/tcp: listening TCP on 0.0.0.0:443
2024/05/17 04:19:39 [Warning] core: Xray 1.8.11 started
2024/05/17 04:19:56 [Info] [2586560247] proxy/vless/inbound: firstLen = 1186
2024/05/17 04:19:56 [Info] [2586560247] proxy/vless/inbound: received request for tcp:www.google.com:443
2024/05/17 04:19:56 [Info] [2586560247] proxy: Xtls Unpadding new block, content 176 padding 1097 command 0
2024/05/17 04:19:56 [Info] [2586560247] proxy: XtlsFilterTls found tls client hello! 176
2024/05/17 04:19:56 [Info] [2586560247] app/dispatcher: sniffed domain: www.google.com
2024/05/17 04:19:56 [Info] [2586560247] app/dispatcher: default route for tcp:www.google.com:443
2024/05/17 04:19:56 [Info] [2586560247] proxy/freedom: dialing to tcp:142.251.179.103:443
2024/05/17 04:19:56 [Info] [2586560247] transport/internet/tcp: dialing TCP to tcp:142.251.179.103:443
2024/05/17 04:19:56 [Debug] transport/internet: dialing to tcp:142.251.179.103:443
2024/05/17 04:19:56 [Info] [2586560247] proxy/freedom: connection opened to tcp:www.google.com:443, local endpoint 192.168.187.130:34188, remote endpoint 142.251.179.103:443
2024/05/17 04:19:57 [Info] [2586560247] proxy: XtlsFilterTls short server hello, tls 1.2 or older? 4198 68
2024/05/17 04:19:57 [Info] [2586560247] proxy: XtlsFilterTls found tls 1.2! 4198
2024/05/17 04:19:57 [Info] [2586560247] proxy: XtlsPadding 4198 3 0
2024/05/17 04:19:57 [Info] [2586560247] proxy: Xtls Unpadding new block, content 93 padding 1102 command 0
2024/05/17 04:19:57 [Info] [2586560247] proxy: XtlsPadding 295 894 0
2024/05/17 04:19:57 [Info] [2586560247] proxy: Xtls Unpadding new block, content 81 padding 1023 command 1
2024/05/17 04:19:57 [Info] [2586560247] proxy: XtlsPadding 213 847 1
2024/05/17 04:19:58 [Info] [2586560247] app/proxyman/inbound: connection ends > proxy/vless/inbound: connection ends > context canceled
***user2 tries to connect:
2024/05/17 04:20:18 [Info] [609737682] proxy/vless/inbound: firstLen = 1186
2024/05/17 04:20:18 [Info] [609737682] proxy/vless/inbound: received request for tcp:v1.mux.cool:0
2024/05/17 04:20:18 [Info] [609737682] proxy: Xtls Unpadding new block, content 27 padding 1343 command 0
2024/05/17 04:20:18 [Info] [609737682] proxy: Xtls Unpadding new block, content 405 padding 806 command 0
2024/05/17 04:20:18 [Info] [609737682] proxy: XtlsFilterTls found tls client hello! 405
2024/05/17 04:20:18 [Info] [609737682] common/mux: received request for tcp:www.google.com:443
2024/05/17 04:20:18 [Info] [609737682] common/mux: unexpected EOF > common/mux: failed to process data > common/mux: unexpected network TCP
2024/05/17 04:20:28 [Info] [609737682] proxy: Xtls Unpadding new block, content 6 padding 1390 command 0
2024/05/17 04:20:28 [Info] [609737682] app/proxyman/inbound: connection ends > proxy/vless/inbound: connection ends > proxy/vless/inbound: failed to transfer request payload > io: read/write on closed pipe

[Fangliding]

vision does not support mux

[fathipours]

Is a Reality configuration without Vision secure? I want to enable MUX randomly on my configs , and I think MUX will delay the detection of the configuration.