VLESS + vision + uTLS 的错误

描述问题

无法连接到 VLESS + vision + uTLS，日志：

[Warning] [969176808] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: XTLS only supports TLS and REALITY directly for now: utls.UTLSClientConnection

如何复现

https://github.com/dyhkwong/v2ray-core/blob/38e38beeddb75c6fe5790316b9b0f7c43140214a/proxy/vless/outbound/outbound.go#L166

这里的 uTLS 断言会失败，因为 https://github.com/dyhkwong/v2ray-core/blob/38e38beeddb75c6fe5790316b9b0f7c43140214a/transport/internet/tls/utls/utls.go#L93 返回的不是指针。

尝试改为：

            } else if utlsConn, ok := iConn.(utls.UTLSClientConnection); ok {

错误变为：

[Info] [2566714534] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: connection ends > proxy/vless/outbound: failed to transfer response payload > readfrom tcp 127.0.0.1:2088->127.0.0.1:51012: local error: tls: bad record MAC

curl 输出：

 curl -x "socks5h://127.0.0.1:2088" -v https://www.google.com
*   Trying 127.0.0.1:2088...
* Connected to 127.0.0.1 (127.0.0.1) port 2088
* SOCKS5 connect to www.google.com:443 (remotely resolved)
* SOCKS5 request granted.
* Connected to 127.0.0.1 (127.0.0.1) port 2088
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / x25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=www.google.com
*  start date: Jun 24 07:42:34 2024 GMT
*  expire date: Sep 16 07:42:33 2024 GMT
*  subjectAltName: host "www.google.com" matched cert's "www.google.com"
*  issuer: C=US; O=Google Trust Services; CN=WR2
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha384WithRSAEncryption
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://www.google.com/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: www.google.com]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.8.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: www.google.com
> User-Agent: curl/8.8.0
> Accept: */*
> 
* Request completely sent off
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 0
* Failed receiving HTTP2 data: 56(Failure when receiving data from the peer)
* Connection #0 to host 127.0.0.1 left intact
curl: (56) OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 0

复现配置：

{
    "inbounds": [
        {
            "listen": "127.0.0.1",
            "port": 2088,
            "protocol": "socks",
            "settings": {
                "auth": "noauth",
                "udp": true
            },
            "sniffing": {
                "destOverride": [
                    "http",
                    "tls",
                    "quic"
                ],
                "enabled": true,
                "metadataOnly": false,
                "routeOnly": true
            },
            "tag": "socks"
        }
    ],
    "log": {
        "loglevel": "debug"
    },
    "outbounds": [
        {
            "domainStrategy": "AsIs",
            "protocol": "vless",
            "settings": {
                "packetEncoding": "xudp",
                "vnext": [
                    {
                        "address": "myaddress",
                        "port": 0,
                        "users": [
                            {
                                "encryption": "none",
                                "flow": "xtls-rprx-vision",
                                "id": "uuid"
                            }
                        ]
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "tls",
                "tcpSettings": {},
                "tlsSettings": {
                    "allowInsecure": true,
                    "fingerprint": "hellogolang",
                    "serverName": "mydomain"
                }
            },
            "tag": "proxy-global-10"
        },
        {
            "protocol": "freedom",
            "tag": "direct"
        },
        {
            "protocol": "freedom",
            "tag": "bypass"
        },
        {
            "protocol": "blackhole",
            "tag": "block"
        },
        {
            "protocol": "dns",
            "proxySettings": {
                "tag": "proxy-global-10",
                "transportLayer": true
            },
            "settings": {
                "address": "1.1.1.1",
                "network": "tcp",
                "port": 53,
                "userLevel": 1
            },
            "tag": "dns-out"
        }
    ],
    "policy": {
        "levels": {
            "1": {
                "connIdle": 30
            }
        },
        "system": {
            "statsOutboundDownlink": true,
            "statsOutboundUplink": true
        }
    }
}

dyhkwong / Exclave

VLESS + vision + uTLS 的错误 #50

描述问题

如何复现