search

chika0801 / sing-box-examples

sing-box 配置示例
https://github.com/SagerNet/sing-box
1.8k stars 298 forks source link

shadowtls v3 in server and the client #99

Closed SinaMombeiny closed 8 months ago

SinaMombeiny commented 8 months ago

Hello i set these up for sing-box, but only Telegram works. Please help and give me the all json file 🙏

in server

{
  "dns": {
  "servers": [
    {
      "address": "tcp://76.76.2.2",
      "detour": "dns"
    }
  ],
  "strategy": "prefer_ipv6"
},
  "inbounds": [
      {
          "type": "shadowtls",
          "listen": "::",
          "listen_port": 443,
          "detour": "shadowsocks-in",
          "version": 3,
          "users": [
              {
                  "password": "pass1"
              }
          ],
          "handshake": {
              "server": "www.apple.com",
              "server_port": 443
          },
          "strict_mode": true
      },
      {
          "type": "shadowsocks",
          "tag": "shadowsocks-in",
          "listen": "127.0.0.1",
          "method": "2022-blake3-chacha20-poly1305",
          "password": "pass2", 
          "multiplex": {
              "enabled": true
          }
      }
  ],
  "outbounds": [
      {
    "type": "direct"
  },
  {
    "type": "direct",
    "tag": "dns"
  },
  {
    "type": "block",
    "tag": "block"
  }
  ],
"route": {
  "geoip": {
    "path": "geoip.db",
    "download_url": "https://github.com/SagerNet/sing-geoip/releases/latest/download/geoip.db",
    "download_detour": "direct"
  },
  "geosite": {
    "path": "geosite.db",
    "download_url": "https://github.com/SagerNet/sing-geosite/releases/latest/download/geosite.db",
    "download_detour": "direct"
  },
  "rules": [
    {
      "geoip": [
        "cn",
        "ir",
        "private"
      ],
      "outbound": "block"
    },
    {
      "geosite": [
        "category-ads-all"
      ],
      "outbound": "block"
    },
    {
      "ip_cidr": [
        "0.0.0.0/8",
        "10.0.0.0/8",
        "100.64.0.0/10",
        "127.0.0.0/8",
        "169.254.0.0/16",
        "224.0.0.0/3",
        "172.16.0.0/12",
        "192.0.0.0/24",
        "192.0.2.0/24",
        "192.168.0.0/16",
        "198.18.0.0/15",
        "198.51.100.0/24",
        "203.0.113.0/24",
        "::1/128",
        "fc00::/7",
        "ff00::/8",
        "fe80::/10"
      ],
      "outbound": "block"
    },
    {
      "outbound": "block",
      "network": "udp",
      "port": [135, 137, 138, 139, 5353]
    },
    {
      "outbound": "block",
      "source_ip_cidr": ["224.0.0.0/3", "ff00::/8"]
    },
    {
      "network": "tcp",
      "port": [
        25,
        587,
        465,
        2525
      ],
      "outbound": "block"
    },
    {
      "domain": [
        "http://harwebsitikemikhaidblockshe.com",
        "http://harwebsitikemikhaidblockshe.com",
        "http://icecyber.org"
      ],
      "outbound": "block"
    }
  ]
}
}

in client

{
  "log": {
    "disabled": true,
    "level": "panic"
  },
  "dns": {
    "servers": [
      {
        "address": "https://freedns.controld.com/p2",
        "strategy": "prefer_ipv6",
        "address_resolver": "dns",
        "detour": "proxy",
        "tag": "dns-remote"
      },
      {
        "address": "local",
        "detour": "proxy",
        "tag": "dns"
      }
    ],
      "fakeip": {
        "enabled": true,
        "inet4_range": "198.18.0.0/15",
        "inet6_range": "fc00::/64"
      },
      "independent_cache": true
  },
  "outbounds": [
    {
        "type": "shadowsocks",
        "detour": "shadowtls-out",
        "method": "2022-blake3-chacha20-poly1305",
        "password": "pass2",
        "multiplex": {
            "enabled": true
        }
    },
    {
        "type": "shadowtls",
        "tag": "shadowtls-out",
        "server": "my-server",
        "server_port": 443,
        "version": 3,
        "password": "pass1",
        "tls": {
            "enabled": true,
            "server_name": "www.apple.com",
            "utls": {
                "enabled": true,
                "fingerprint": "safari"
            }
        }
    },
    {
      "tag": "direct",
      "type": "direct"
    },
    {
      "tag": "bypass",
      "type": "direct"
    },
    {
      "tag": "block",
      "type": "block"
    },
    {
      "tag": "dns-remote",
      "type": "dns"
    }
  ],
  "inbounds": [
    {
      "tag": "tun-in",
      "type": "tun",
      "auto_route": true,
      "domain_strategy": "prefer_ipv6",
      "endpoint_independent_nat": true,
      "sniff_override_destination": true,
      "inet4_address": "172.19.0.1/28",
      "inet6_address": "fdfe:dcba:9876::1/126",
      "interface_name": "sing-box",
      "mtu": 9000,
      "sniff": true,
      "stack": "gvisor",
      "strict_route": true
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-remote"
      },
      {
        "outbound": "bypass",
        "geoip": ["private"],
        "domain_keyword": [
          "captive.apple.com",
          "push.apple.com",
          "gateway.push.apple.com",
          "feedback.push.apple.com",
          "albert.apple.com"
        ]
      }
    ]
  }
}
chika0801 commented 8 months ago

"sniff_override_destination": false,

Modify it this way and try it.

chika0801 commented 8 months ago 
  "inbounds": [
      {
          "type": "shadowtls",
          "listen": "::",
          "listen_port": 443,
  "sniff": true, // this
  "sniff_override_destination": true, // this
          "detour": "shadowsocks-in",
          "version": 3,
          "users": [
              {
                  "password": "pass1"
              }
          ],
          "handshake": {
              "server": "www.apple.com",
              "server_port": 443
          },
          "strict_mode": true
      },

If you still have problems after client-side modification, try to add the face parameter in the server-side configuration to see if it can be solved.