search

apernet / hysteria

Hysteria is a powerful, lightning fast and censorship resistant proxy.
https://v2.hysteria.network/
MIT License
14.98k stars 1.67k forks source link

[请求帮助] 家宽使用UDP大概1小时会封UDP? #545

Open leohougmail opened 1 year ago

leohougmail commented 1 year ago

问题详情

电信1G家宽,openwrt+passwall,多个服务器上都装了hihy,使用中发现一段时间之后整个路由器的所有hihy结点会完全连不上。比如server A的hihy如果连不上了,server B C D的都连不上,但是ABCD的trojan是可以连的,同时用手机客户端又可以链接ABCD的hihy,怀疑是不是电信ISP在做什么手脚?但是连不上的时候,服务器端还是会收到家宽发来的请求包,并且提示UDP错误

请问是否有其他朋友遇到类似现象

服务端安装信息或者一键脚本信息

latest

VPS 信息

Oracle

服务端配置

n/a

服务端日志

hysteria 实时日志,等级:info,按Ctrl+C退出: 2023-01-15T12:41:22+08:00 [INFO] [src:SRCIP:35055] [session:1] [error:timeout: no recent network activity] UDP error 2023-01-15T12:41:22+08:00 [INFO] [src:SRCIP:35055] [dst:api.telegram.org:443] [error:timeout: no recent network activity] TCP error 2023-01-15T12:41:22+08:00 [INFO] [src:SRCIP:35055] [dst:encrypted-tbn0.gstatic.com:443] [error:timeout: no recent network activity] TCP error 2023-01-15T12:41:22+08:00 [INFO] [src:SRCIP:35055] [dst:www.gstatic.com:443] [error:timeout: no recent network activity] TCP error 2023-01-15T12:41:22+08:00 [INFO] [src:SRCIP:35055] [dst:fonts.gstatic.com:443] [error:timeout: no recent network activity] TCP error 2023-01-15T12:41:22+08:00 [INFO] [src:SRCIP:35055] [dst:www.youtube.com:443] [error:timeout: no recent network activity] TCP error 2023-01-15T12:41:22+08:00 [INFO] [src:SRCIP:35055] [dst:www.google.com:443] [error:timeout: no recent network activity] TCP error 2023-01-15T12:41:22+08:00 [INFO] [src:SRCIP:35055] [dst:encrypted-tbn1.gstatic.com:443] [error:timeout: no recent network activity] TCP error 2023-01-15T12:41:22+08:00 [INFO] [src:SRCIP:35055] [dst:div.show:443] [error:timeout: no recent network activity] TCP error 2023-01-15T12:41:22+08:00 [INFO] [src:SRCIP:35055] [error:timeout: no recent network activity] Client disconnected

客户端安装信息

latest

客户端配置

na

客户端运行环境(操作系统)

openwrt

客户端日志

na

haruue commented 1 year ago

这种的应该是 GFW 把入境方向, 目标地址是你家宽 IP 的 UDP 包丢弃了(你的家宽 IP 被反向墙了)。 能提供一下服务端配置吗(可以在粘贴过来之后把配置文件里包含的密码换成 password )?

leohougmail commented 1 year ago

这种的应该是 GFW 把入境方向, 目标地址是你家宽 IP 的 UDP 包丢弃了(你的家宽 IP 被反向墙了)。 能提供一下服务端配置吗(可以在粘贴过来之后把配置文件里包含的密码换成 password )?

=========客户端配置==========

{ "server": "xxxxxxxx:30348,50000-51000", "protocol": "udp", "up_mbps": 33, "down_mbps": 550, "http": { "listen": "127.0.0.1:10809", "timeout" : 300, "disable_udp": false }, "socks5": { "listen": "127.0.0.1:10808", "timeout": 300, "disable_udp": false }, "obfs": "", "alpn": "h3", "acl": "acl/routes.acl", "mmdb": "acl/Country.mmdb", "auth_str": "xxxxxxxx", "server_name": "xxxxxxxx", "insecure": false, "recv_window_conn": 43253760, "recv_window": 173015040, "disable_mtu_discovery": true, "resolver": "https://223.5.5.5/dns-query", "retry": 3, "retry_interval": 3, "quit_on_disconnect": false, "handshake_timeout": 15, "idle_timeout": 30, "fast_open": true, "hop_interval": 120 }

======= hihyServer.json ======== root@veronica /etc/hihy/conf # cat hihyServer.json { "listen": ":30348", "protocol": "udp", "disable_udp": false, "cert": "/root/cert/fullchain.cer", "key": "/root/cert/veronica.key", "auth": { "mode": "password", "config": { "password": "XXXXXXXXX" } }, "alpn": "h3", "acl": "/etc/hihy/acl/hihyServer.acl", "recv_window_conn": 43253760, "recv_window_client": 173015040, "max_conn_client": 4096, "disable_mtu_discovery": true, "resolve_preference": "46", "resolver": "https://8.8.8.8:443/dns-query" }

============== hihy.conf ===========

root@veronica /etc/hihy/conf # cat hihy.conf remarks:veronica serverAddress:XXXXXXXX serverPort:30348 portHoppingStatus:true portHoppingStart:50000 portHoppingEnd:51000

leohougmail commented 1 year ago

GFW还有这种功能,那影响范围应该不止某一个地区的ISP了吧? 如果反向被封了,是否能从VPS上ping通我的家宽? 我刚才又出现这个情况,但是同时VPS上是可以ping我家宽的 2023-01-15T14:08:22+08:00 [INFO] [src:MYHOMEIP:59927] [dst:www.youtube.com:443] [error:timeout: no recent network activity] TCP error 2023-01-15T14:08:22+08:00 [INFO] [src:MYHOMEIP:59927] [dst:rr3---sn-o097znsk.googlevideo.com:443] [error:timeout: no recent network activity] TCP error 2023-01-15T14:08:22+08:00 [INFO] [src:MYHOMEIP:59927] [dst:i.ytimg.com:443] [error:timeout: no recent network activity] TCP error 2023-01-15T14:08:22+08:00 [INFO] [src:MYHOMEIP:59927] [dst:rr4---sn-o097znze.googlevideo.com:443] [error:timeout: no recent network activity] TCP error 2023-01-15T14:08:22+08:00 [INFO] [src:MYHOMEIP:59927] [error:timeout: no recent network activity] Client disconnected 2023-01-15T14:08:25+08:00 [INFO] [src:MYHOMEIP:36345] [session:0] [error:timeout: no recent network activity] UDP error 2023-01-15T14:08:25+08:00 [INFO] [src:MYHOMEIP:36345] [session:1] [error:timeout: no recent network activity] UDP error 2023-01-15T14:08:25+08:00 [INFO] [src:MYHOMEIP:36345] [dst:api.telegram.org:443] [error:timeout: no recent network activity] TCP error 2023-01-15T14:08:25+08:00 [INFO] [src:MYHOMEIP:36345] [dst:www.youtube.com:443] [error:timeout: no recent network activity] TCP error 2023-01-15T14:08:25+08:00 [INFO] [src:MYHOMEIP:36345] [error:timeout: no recent network activity] Client disconnected

=== ping from vps to home === root@veronica ~ # ping MYHOMEIP PING MYHOMEIP (MYHOMEIP) 56(84) bytes of data. 64 bytes from MYHOMEIP (MYHOMEIP): icmp_seq=1 ttl=53 time=130 ms 64 bytes from MYHOMEIP (MYHOMEIP): icmp_seq=2 ttl=53 time=130 ms 64 bytes from MYHOMEIP (MYHOMEIP): icmp_seq=3 ttl=53 time=130 ms 64 bytes from MYHOMEIP (MYHOMEIP): icmp_seq=4 ttl=53 time=130 ms 64 bytes from MYHOMEIP (MYHOMEIP): icmp_seq=5 ttl=53 time=131 ms 64 bytes from MYHOMEIP (MYHOMEIP): icmp_seq=6 ttl=53 time=130 ms

youngxlover commented 1 year ago

我有一模一样的情况,甲骨文美西线路用了几天一切安好,大约几天后,突然某天早上就开始不行了。这个节点主要就是看看油管。hop interval 60s。其他宽带,手机移动,都可以连,速度一切正常。就是这条特定的家宽不行了。同一个节点 ,trojan, vless均正常。 之前没有用端口跳跃的时候,用了不少时间hy,反而没出现过这个情况。

用的是openclash,刚排查了一下,好像是mosdns的锅,我关掉mosdns, openclash改回默认dns设置,这个节点就正常了。

tkszhzy commented 1 year ago

The openwrt dropped the hysteria udp packet . openwrt keneral’s version?

Please dail up ISP by windows , and test hysteria windows .

xi8964 commented 1 year ago

这几天开始大面积封锁UDP的端口号了

WillGhost commented 1 year ago

确实有这个问题。 楼主启用随机端口了吗? 家里PT一直跑着就没事。 这个情况在12月份出现过。 后来自己好了

xi8964 commented 1 year ago

随机端口打开应该不会,应该是运营商检测到大流量

kilvn commented 1 year ago

深圳电信,openwrt下passwall,开不开端口跳跃都会在十几秒后出现 [error:timeout: no recent network activity] TCP error

之前没问题的,就是前几天开始,一直不行了

pppoex commented 1 year ago

OpenWRT关闭 网络-防火墙-启用SYN-flood防御 试试,我这样就解决了

kilvn commented 1 year ago

OpenWRT关闭 网络-防火墙-启用SYN-flood防御 试试,我这样就解决了

本来就没开啊

ghost commented 1 year ago

今天测试移动商宽被间歇性的封了回程udp

mkevinstever commented 1 year ago

For this case, you can set SNI to some famous website domain in your config file for prevent. I believe some ISP in china has high level traffic analysis system independ to GFW.

woodlyer commented 1 year ago

why don't set obfs?

https://hysteria.network/zh/docs/quick-start/

可选的 obfs 选项使用提供的密码对协议进行混淆,这样协议会被识别为未知 UDP 流量而不是 Hysteria/QUIC,
可以用来绕过针对性的 DPI 屏蔽或者 QoS。
zdfdreamfactory commented 1 year ago

同样的问题,如果开了BT下载一段时间,hysteria和tuic就没法用了,需要过一段时间才恢复,也许是UDP触发了电信的Qos策略?

ghost commented 1 year ago

现在白天封,半夜解开 1

cccp6 commented 9 months ago

why don't set obfs?

https://hysteria.network/zh/docs/quick-start/

可选的 obfs 选项使用提供的密码对协议进行混淆,这样协议会被识别为未知 UDP 流量而不是 Hysteria/QUIC,
可以用来绕过针对性的 DPI 屏蔽或者 QoS。

Obfs doesn't not help in most cases as it's a general QoS for all udp traffic by ISP. That's why we still in desperate need of faketcp.

xiaorong61 commented 4 months ago

试试类似的 TUIC 协议

molezz commented 3 months ago

试试类似的 TUIC 协议

tuic也会封端口