search

XTLS / Xray-core

Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.
https://t.me/projectXray
Mozilla Public License 2.0
25.88k stars 3.98k forks source link

v24.9.30的socks5无法连接warp开启的socks5代理 #3913

Closed phoenixxie0 closed 1 month ago

phoenixxie0 commented 1 month ago

完整性要求

描述

v24.9.30的socks5无法连接warp开启的socks5代理。通过curl测试,warp开启的socks5代理工作正常,但是xray无法连接。奇怪的是,socks5代理测试了是正常的。xray的配置也没有修改过。

重现方式

路由设置出口位socks对应的出口,网络不通

客户端配置


N/A

服务端配置


   "outbounds": [
        {
            "protocol": "freedom", 
            "settings": {
                "domainStrategy": "UseIPv6v4"
            }, 
            "tag": "direct"
        }, 
        {
            "protocol": "freedom", 
            "settings": {
                "domainStrategy": "UseIPv6"
            }, 
            "tag": "ipv6"
        }, 
        {
            "protocol": "socks", 
            "settings": {
                "servers": [
                    {
                        "address": "127.0.0.1",
                        "port": 40000
                    }
                ]
            }, 
            "tag": "warp-socks5"
        }, 
        {
            "protocol": "blackhole", 
            "settings": { }, 
            "tag": "blocked"
        }
    ], 
    "routing": {
        "domainStrategy": "IPIfNonMatch", 
        "domainMatcher": "hybrid", 
        "rules": [
            {
                "type": "field", 
                "domain": [
                    "geosite:category-ads"
                ], 
                "outboundTag": "blocked"
            }, 
            {
                "type": "field",
                "ip": [
                    "8.8.8.8",
                    "8.8.4.4",
                    "1.1.1.1",
                    "1.0.0.1"
                ],
                "networks": "tcp,udp",
                "portList": [53,443,853],
                "outboundTag": "direct"
            },
            {
                "type": "field",
                "domain": [
                    "dns.google",
                    "dns.adguard.com",
                    "dns.rubyfish.cn"
                ], 
                "networks": "tcp,udp",
                "portList": [53,443,853],
                "outboundTag": "direct"
            },
            {
                "type": "field",
                "domain": [
                    "geosite:youtube"
                ], 
                "networks": "tcp,udp",
                "outboundTag": "direct"
            },
            {
                "type": "field",
                "ip": [
                    //"geoip:cloudflare",
                    "geoip:netflix",
                    "geoip:cn"
                ],
                "outboundTag": "warp-socks5"
            },
            {
                "type": "field", 
                "domain": [
                    "geosite:cloudflare",
                    "geosite:cn",
                    "geosite:netflix", 
                    "geosite:google-cn",
                    "geosite:google",
                    "geosite:facebook",
                    //"geosite:instagram",
                    "geosite:twitter",
                    "geosite:category-porn",
                    "geosite:tiktok",
                    "geosite:openai"
                ], 
                "outboundTag": "warp-socks5"
            }
        ]
    },
    "observatory": {
        "probeInterval": "36s",
        "subjectSelector": [
            "warp-wireguard",
            "warp-socks5"
        ],
        "probeURL": "https://www.google.com/generate_204",
        "probeInterval": "1m"
    }
}

客户端日志


N/A

服务端日志


2024/10/15 07:08:37 from DNS accepted https://dns.google/dns-query [local]
2024/10/15 07:08:37 from DNS accepted https://1.0.0.1/dns-query [local]
2024/10/15 07:08:38 from 116.253.137.113:13370 accepted tcp:github.com:443 [xtls-port >> direct]
2024/10/15 07:08:39 from 116.253.137.113:13377 accepted tcp:alive.github.com:443 [xtls-port >> direct]
2024/10/15 07:08:42 from 116.253.137.113:13386 accepted tcp:1.0.0.1:853 [xtls-port -> direct]
2024/10/15 07:08:46 from 116.253.137.113:13403 accepted tcp:www.gstatic.com:80 [xtls-port -> warp-socks5]
2024/10/15 07:08:46 from 124.226.36.48:49586 accepted tcp:www.gstatic.com:80 [xtls-port -> warp-socks5]
2024/10/15 07:08:48 from 116.253.137.113:13425 accepted tcp:www.cloudflare.com:443 [xtls-port -> warp-socks5]
2024/10/15 07:08:48 from 116.253.137.113:13435 accepted tcp:1.0.0.1:853 [xtls-port -> direct]
2024/10/15 07:08:49 from 116.253.137.113:13436 accepted tcp:www.cloudflare.com:443 [xtls-port -> warp-socks5]
2024/10/15 07:08:49 from 116.253.137.113:13449 accepted tcp:edge.microsoft.com:443 [xtls-port >> direct]
2024/10/15 07:08:54 from 116.253.137.113:13466 accepted tcp:1.0.0.1:853 [xtls-port -> direct]
2024/10/15 07:08:54 from 116.253.137.113:13468 accepted tcp:www.cloudflare.com:443 [xtls-port -> warp-socks5]
2024/10/15 07:08:55 from 116.253.137.113:13471 accepted tcp:www.cloudflare.com:443 [xtls-port -> warp-socks5]


2024/10/15 07:08:29 [Warning] core: Xray 24.9.30 started
2024/10/15 07:08:29 [Info] app/dispatcher: taking platform initialized detour [warp-socks5] for [tcp:www.google.com:443]
2024/10/15 07:08:29 [Info] transport/internet/tcp: dialing TCP to tcp:127.0.0.1:40000
2024/10/15 07:08:29 [Debug] transport/internet: dialing to tcp:127.0.0.1:40000
2024/10/15 07:08:29 [Info] app/proxyman/outbound: app/proxyman/outbound: failed to process outbound traffic > proxy/socks: failed to establish connection to server > proxy/socks: server rejects request: 1
2024/10/15 07:08:29 [Warning] app/observatory: the outbound warp-socks5 is dead: GET request failed:app/observatory: outbound failed to relay connection > Get "https://www.google.com/generate_204": io: read/write on closed pipewith outbound handler report underlying connection failed > app/observatory: underlying connection error > app/proxyman/outbound: failed to process outbound traffic > proxy/socks: failed to establish connection to server > proxy/socks: server rejects request: 1
2024/10/15 07:08:30 [Info] [579496748] proxy/vless/inbound: firstLen = 379
2024/10/15 07:08:30 [Info] [579496748] proxy/vless/inbound: received request for tcp:91.108.56.172:443
2024/10/15 07:08:30 [Info] [579496748] app/dispatcher: default route for tcp:91.108.56.172:443
2024/10/15 07:08:30 [Info] [579496748] transport/internet/tcp: dialing TCP to tcp:91.108.56.172:443
2024/10/15 07:08:30 [Debug] [579496748] transport/internet: dialing to tcp:91.108.56.172:443
2024/10/15 07:08:30 [Info] [579496748] proxy: Xtls Unpadding new block, content 241 padding 73 command 0
2024/10/15 07:08:30 [Info] [955127124] proxy/vless/inbound: firstLen = 462
2024/10/15 07:08:34 [Info] [1810899743] proxy/vless/inbound: received request for tcp:android.apis.google.com:443
2024/10/15 07:08:34 [Info] [1810899743] app/dispatcher: taking detour [warp-socks5] for [tcp:android.apis.google.com:443]
2024/10/15 07:08:34 [Info] [1810899743] transport/internet/tcp: dialing TCP to tcp:127.0.0.1:40000
2024/10/15 07:08:34 [Debug] [1810899743] transport/internet: dialing to tcp:127.0.0.1:40000
2024/10/15 07:08:34 [Info] [1810899743] proxy: Xtls Unpadding new block, content 543 padding 151 command 0
2024/10/15 07:08:34 [Info] [1810899743] proxy: XtlsFilterTls found tls client hello! 543
2024/10/15 07:08:34 [Info] [1810899743] app/proxyman/outbound: app/proxyman/outbound: failed to process outbound traffic > proxy/socks: failed to establish connection to server > proxy/socks: server rejects request: 1
2024/10/15 07:08:34 [Info] [1810899743] app/proxyman/inbound: connection ends > proxy/vless/inbound: connection ends > io: read/write on closed pipe
2024/10/15 07:08:35 [Info] [788149435] proxy/vless/inbound: firstLen = 1186
2024/10/15 07:08:35 [Info] [788149435] proxy/vless/inbound: received request for tcp:android.apis.google.com:443
2024/10/15 07:08:35 [Info] [788149435] app/dispatcher: taking detour [warp-socks5] for [tcp:android.apis.google.com:443]
2024/10/15 07:08:35 [Info] [788149435] transport/internet/tcp: dialing TCP to tcp:127.0.0.1:40000
2024/10/15 07:08:35 [Debug] [788149435] transport/internet: dialing to tcp:127.0.0.1:40000
2024/10/15 07:08:35 [Info] [788149435] proxy: Xtls Unpadding new block, content 575 padding 529 command 0
2024/10/15 07:08:35 [Info] [788149435] proxy: XtlsFilterTls found tls client hello! 575
2024/10/15 07:08:35 [Info] [788149435] app/proxyman/outbound: app/proxyman/outbound: failed to process outbound traffic > proxy/socks: failed to establish connection to server > proxy/socks: server rejects request: 1
2024/10/15 07:08:35 [Info] [788149435] app/proxyman/inbound: connection ends > proxy/vless/inbound: connection ends > io: read/write on closed pipe
RPRX commented 1 month ago

看了下代码 Socks5 客户端的部分似乎动,换成 v1.8.24 试试

Fangliding commented 1 month ago

image 还费事去装了个 warp cli 无法复现

KobeArthurScofield commented 1 month ago

Socks5 客户端代码最近的更改是回滚了 77d0419aca2fe9b5b07db694be6b8a2e28a38252 如果还有问题建议找出最新的没有问题的版本,提供一下使用环境信息或者抓包

phoenixxie0 commented 1 month ago

image 还费事去装了个 warp cli 无法复现

warp的版本是多少,我用的2024.9.346.0,然后使用curl测试 curl -sx socks5h://127.0.0.1:40000 https://www.cloudflare.com/cdn-cgi/trace 不行, curl -sx socks5://127.0.0.1:40000 https://www.cloudflare.com/cdn-cgi/trace 正常。 似乎是远程解析不能了的问题?

Fangliding commented 1 month ago

image 还费事去装了个 warp cli 无法复现

warp的版本是多少,我用的2024.9.346.0,然后使用curl测试 curl -sx socks5h://127.0.0.1:40000 https://www.cloudflare.com/cdn-cgi/trace 不行, curl -sx socks5://127.0.0.1:40000 https://www.cloudflare.com/cdn-cgi/trace 正常。 似乎是远程解析不能了的问题?

稍微搜了一下 是不支持 https://community.cloudflare.com/t/warp-socks5-proxy-mode-should-support-udp/502374 不是xray的问题

phoenixxie0 commented 1 month ago

image 还费事去装了个 warp cli 无法复现

warp的版本是多少,我用的2024.9.346.0,然后使用curl测试 curl -sx socks5h://127.0.0.1:40000 https://www.cloudflare.com/cdn-cgi/trace 不行, curl -sx socks5://127.0.0.1:40000 https://www.cloudflare.com/cdn-cgi/trace 正常。 似乎是远程解析不能了的问题?

稍微搜了一下 是不支持 https://community.cloudflare.com/t/warp-socks5-proxy-mode-should-support-udp/502374 不是xray的问题

xray的socks出口需要远程解析? 另外我看了发现2024.9.346.0版本的socks5代理方式确实存在问题

Fangliding commented 1 month ago

image 还费事去装了个 warp cli 无法复现

warp的版本是多少,我用的2024.9.346.0,然后使用curl测试 curl -sx socks5h://127.0.0.1:40000 https://www.cloudflare.com/cdn-cgi/trace 不行, curl -sx socks5://127.0.0.1:40000 https://www.cloudflare.com/cdn-cgi/trace 正常。 似乎是远程解析不能了的问题?

稍微搜了一下 是不支持 https://community.cloudflare.com/t/warp-socks5-proxy-mode-should-support-udp/502374 不是xray的问题

xray的socks出口需要远程解析? 另外我看了发现2024.9.346.0版本的socks5代理方式确实存在问题

得看具体配置 总之就是得把dns请求用doh一类的玩意发出去

我们只处理xray本身的问题(如果有)

phoenixxie0 commented 1 month ago

image 还费事去装了个 warp cli 无法复现

warp的版本是多少,我用的2024.9.346.0,然后使用curl测试 curl -sx socks5h://127.0.0.1:40000 https://www.cloudflare.com/cdn-cgi/trace 不行, curl -sx socks5://127.0.0.1:40000 https://www.cloudflare.com/cdn-cgi/trace 正常。 似乎是远程解析不能了的问题?

稍微搜了一下 是不支持 https://community.cloudflare.com/t/warp-socks5-proxy-mode-should-support-udp/502374 不是xray的问题

xray的socks出口需要远程解析? 另外我看了发现2024.9.346.0版本的socks5代理方式确实存在问题

得看具体配置 总之就是得把dns请求用doh一类的玩意发出去

我们只处理xray本身的问题(如果有)

是的,我清楚,我这是陈述已经发现问题所在。以便后续有人遇到同样问题可以参照此issue。 https://community.cloudflare.com/t/cloudflare-warp-version-2024-9-346-0-proxy-mode-issue/720751/14

malagebidi commented 1 month ago

同样的问题,我先把warp回滚了试试

lp123sun commented 1 month ago

cloudflare-warp-2024.9.346的问题,降级到cloudflare-warp-2024.6.497就可以了。

saymyname77 commented 1 month ago

新版cf有问题,次新版本:https://pkg.cloudflareclient.com/pool/bookworm/main/c/cloudflare-warp/cloudflare-warp_2024.6.497-1_amd64.deb

istarkov commented 2 weeks ago

I did downgrade to cloudflare-warp-2024.6.497, no luck. (Started to connect but sites are not working)

Anyone have working config? Mine is broken even with downgraded warp. (below user blabla@gmail.com can't open any site)

CONFIG ```json { "log": { "loglevel": "warning" }, "outbounds": [ { "protocol": "freedom", "tag": "freedom" }, { "protocol": "blackhole", "tag": "Reject", "settings": { "response": { "type": "http" } } }, { "tag": "warp", "protocol": "socks", "settings": { "servers": [ { "address": "127.0.0.1", "port": 4000 } ] } } ], "routing": { "rules": [ { "type": "field", "outboundTag": "Reject", "inboundTag": ["vless-reality"], "domain": ["geosite:category-ads-all"] }, { "type": "field", "outboundTag": "warp", "inboundTag": ["vless-reality"], "user": ["blabla@gmail.com"] } ] }, "dns": { "servers": [ "1.1.1.1", "8.8.4.4", "8.8.8.8", "https+local://1.1.1.1/dns-query", "https+local://8.8.8.8/dns-query" ] }, "inbounds": [ { "tag": "vless-reality", "port": 443, "protocol": "vless", "settings": { "clients": [ { "id": "some-id", "flow": "xtls-rprx-vision", "userLevel": 0, "email": "blabla@gmail.com" }, { "id": "some-id-2", "flow": "xtls-rprx-vision", "userLevel": 0, "email": "blabla2@gmail.com" } ], "decryption": "none" }, "streamSettings": { "network": "tcp", "security": "reality", "realitySettings": { "dest": "speed.cloudflare.com:443", "serverNames": ["speed.cloudflare.com"], "privateKey": "private-key", "shortIds": ["", "ff"], "show": true } }, "sniffing": { "enabled": true, "destOverride": ["http", "tls", "quic"], "routeOnly": true } } ] } ```

cc @malagebidi @saymyname77 @lp123sun

probably some DNS config or like is the issue. Tried to disable udp on dns etc.