search

felix-fly / v2ray-padavan-doh

k2p路由器使用padavan(N56U/改华硕)固件安装配置v2ray的进阶流程
111 stars 45 forks source link

k2p使用v2024.1.3版,是我设置哪里不对吗? #75

Closed jpinglove closed 8 months ago

jpinglove commented 8 months ago

大佬你好,k2p使用v2024.1.3版,一切配置好之并保存到闪存后重启. xray似乎没有接管流量,只有通过指定IP端口才能接管; 但还是不能科学. ssh连接路由,修改config.json开启debug级别日志. 然后手动执行 /etc/storage/xray/check.sh 2>&1 看日志输出

Xray 1.8.6 (Xray, Penetrates Everything.) Custom (go1.21.4 linux/mipsle) A unified platform for anti-censorship. 2024/01/27 15:43:49 [Info] infra/conf/serial: Reading config: /etc/storage/xray/config.json 2024/01/27 15:43:49 [Debug] app/log: Logger started 2024/01/27 15:43:49 [Info] app/dns: DNS: created UDP client initialized for 1.1.1.1:53 2024/01/27 15:43:49 [Info] app/dns: DNS: created UDP client initialized for 8.8.8.8:53 2024/01/27 15:43:49 [Debug] app/proxyman/inbound: creating stream worker on 0.0.0.0:12345 2024/01/27 15:43:49 [Info] transport/internet/udp: listening UDP on 0.0.0.0:1053 2024/01/27 15:43:49 [Info] transport/internet/tcp: listening TCP on 0.0.0.0:12345 2024/01/27 15:43:49 [Info] transport/internet/udp: listening UDP on 0.0.0.0:12345 2024/01/27 15:43:49 [Warning] core: Xray 1.8.6 started 只输出到这里就没有了. 然后浏览器使用SwitchyOmega新建一个socks5代理指向K2P的地址192.168.2.1和端口12345.这种方式内外都不好用. 这时会有日志输出,但连不上网, k2p是我用来做2级中继路由client+ap,wan方式.

============= 指定IP和端口后的日志 ========================== 2024/01/28 03:02:43 [Debug] [526213964] proxy/dokodemo: processing connection from: 192.168.2.137:38163 2024/01/28 03:02:43 [Debug] [811554884] proxy/dokodemo: processing connection from: 192.168.2.137:38162 2024/01/28 03:02:43 [Info] [526213964] proxy/dokodemo: received request for 192.168.2.137:38163 2024/01/28 03:02:43 [Info] [811554884] proxy/dokodemo: received request for 192.168.2.137:38162 2024/01/28 03:02:43 [Info] [526213964] app/dispatcher: default route for tcp:192.168.2.1:12345 2024/01/28 03:02:43 [Info] [811554884] app/dispatcher: default route for tcp:192.168.2.1:12345 2024/01/28 03:02:43 [Info] [526213964] transport/internet/websocket: creating connection to tcp:[我的域名]:10127 2024/01/28 03:02:43 [Info] [811554884] transport/internet/websocket: creating connection to tcp:[我的域名]:10127 2024/01/28 03:02:43 192.168.2.137:38163 accepted tcp:192.168.2.1:12345 2024/01/28 03:02:43 192.168.2.137:38162 accepted tcp:192.168.2.1:12345 2024/01/28 03:02:43 [Debug] transport/internet: dialing to tcp:[我的域名]:10127 2024/01/28 03:02:43 [Debug] transport/internet: dialing to tcp:[我的域名]:10127 2024/01/28 03:02:45 [Info] [811554884] proxy/vmess/outbound: tunneling request to tcp:192.168.2.1:12345 via [我的域名]:10127 2024/01/28 03:02:45 [Info] [526213964] proxy/vmess/outbound: tunneling request to tcp:192.168.2.1:12345 via [我的域名]:10127 2024/01/28 03:02:46 [Info] [811554884] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: connection ends > websocket: close 1000 (normal) 2024/01/28 03:02:46 [Info] [811554884] app/proxyman/inbound: connection ends > proxy/dokodemo: connection ends > proxy/dokodemo: failed to transport response > io: read/write on closed pipe 2024/01/28 03:02:46 [Info] [526213964] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: connection ends > websocket: close 1000 (normal) 2024/01/28 03:02:46 [Info] [526213964] app/proxyman/inbound: connection ends > proxy/dokodemo: connection ends > proxy/dokodemo: failed to transport response > io: read/write on closed pipe 2024/01/28 03:02:46 [Debug] [988352031] proxy/dokodemo: processing connection from: 192.168.2.137:38164 2024/01/28 03:02:46 [Info] [988352031] proxy/dokodemo: received request for 192.168.2.137:38164 2024/01/28 03:02:46 [Info] [988352031] app/dispatcher: default route for tcp:192.168.2.1:12345 2024/01/28 03:02:46 [Info] [988352031] transport/internet/websocket: creating connection to tcp:[我的域名]:101272024/01/28 03:02:46 192.168.2.137:38164 accepted tcp:192.168.2.1:12345 2024/01/28 03:02:46 [Debug] transport/internet: dialing to tcp:[我的域名]:10127 2024/01/28 03:02:47 [Info] [988352031] proxy/vmess/outbound: tunneling request to tcp:192.168.2.1:12345 via [我的域名]:10127 2024/01/28 03:02:47 [Debug] [237870076] proxy/dokodemo: processing connection from: 192.168.2.137:38165 2024/01/28 03:02:47 [Info] [237870076] proxy/dokodemo: received request for 192.168.2.137:38165 2024/01/28 03:02:47 [Info] [237870076] app/dispatcher: default route for tcp:192.168.2.1:12345 2024/01/28 03:02:47 192.168.2.137:38165 accepted tcp:192.168.2.1:12345 2024/01/28 03:02:47 [Info] [237870076] transport/internet/websocket: creating connection to tcp:[我的域名]:10127 2024/01/28 03:02:47 [Debug] transport/internet: dialing to tcp:[我的域名]:10127 2024/01/28 03:02:47 [Info] [988352031] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: connection ends > websocket: close 1000 (normal) 2024/01/28 03:02:47 [Info] [988352031] app/proxyman/inbound: connection ends > proxy/dokodemo: connection ends > proxy/dokodemo: failed to transport response > io: read/write on closed pipe 2024/01/28 03:02:48 [Debug] [3158142628] proxy/dokodemo: processing connection from: 192.168.2.137:38166 2024/01/28 03:02:48 [Info] [3158142628] proxy/dokodemo: received request for 192.168.2.137:38166 2024/01/28 03:02:48 [Info] [3158142628] app/dispatcher: default route for tcp:192.168.2.1:12345 2024/01/28 03:02:48 192.168.2.137:38166 accepted tcp:192.168.2.1:12345 ============= 日志结束 ==========================

是我的设置哪里有问题吗?请赐教.

felix-fly commented 8 months ago

这里配置dokodemo-door是接收iptables转发的流量实现的透明代理,并不是socks,配置socks参考官方的例子 https://www.v2ray.com/en/welcome/start.html

jpinglove commented 8 months ago

您说的对,是我配置的问题. 我按您给的连接配置socks5, 就可以通过指定端口的方式用socks科学了.

但是大佬,我用您的iptables.sh 脚本执行时,通过逐句一条一条手动执行, 发现当执行到 iptables -t mangle -A PREROUTING -p tcp -m set --match-set gw dst -j TPROXY --on-port 12345 --tproxy-mark 1 iptables -t mangle -A PREROUTING -p udp -m set --match-set gw dst -j TPROXY --on-port 12345 --tproxy-mark 1 这2句时, 会出现 2条 "iptables: No chain/target/match by that name."的提示. iptables转发设置失败, 当然也就不能科学了.

========================================== K2P:/etc/storage/smartdns # ls ad.hosts check.sh gw.hosts iptables.sh my.conf K2P:/etc/storage/smartdns # sh iptables.sh iptables: No chain/target/match by that name. iptables: No chain/target/match by that name. K2P:/etc/storage/smartdns # iptables --list Chain INPUT (policy DROP) target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc ACCEPT icmp -- anywhere anywhere icmp !echo-request REJECT all -- anywhere anywhere match-set ad dst reject-with icmp-port-unreachable

Chain FORWARD (policy DROP) target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate DNAT

Chain OUTPUT (policy ACCEPT) target prot opt source destination

Chain bfplimit (0 references) target prot opt source destination

Chain upnp (0 references) target prot opt source destination

Chain vpnlist (0 references) target prot opt source destination

K2P:/etc/storage/smartdns #

====================================================== iptables.sh内容未改动过, 后现就算启动smartdns还不能正确转发. 麻烦大佬再指点一下.

felix-fly commented 8 months ago

可能是固件没带TPROXY模块,用REDIRECT试试

iptables -t nat -A PREROUTING -p tcp -m set --match-set gw dst -j REDIRECT --to-port 12345
iptables -t nat -A OUTPUT -p tcp -m set --match-set gw dst -j REDIRECT --to-port 12345

xray配置也改下

{
    "port": 12345,
    "protocol": "dokodemo-door",
    "settings": {"network": "tcp", "followRedirect": true}
}
jpinglove commented 8 months ago

感谢大佬这么快回复,我按您发的改了一下xray的config 和iptables.sh的内容,现在iptables不报错了,但还是不能接管流量.

K2P:/etc/storage/smartdns # ls ad.hosts check.sh gw.hosts iptables.sh my.conf K2P:/etc/storage/smartdns # sh ./iptables.sh K2P:/etc/storage/smartdns # sh ./check.sh K2P:/etc/storage/smartdns # K2P:/etc/storage/smartdns # /usr/bin/xray -config=/etc/storage/xray/config.json Xray 1.8.6 (Xray, Penetrates Everything.) Custom (go1.21.4 linux/mipsle) A unified platform for anti-censorship. 2024/01/30 04:33:31 [Info] infra/conf/serial: Reading config: /etc/storage/xray/config.json 2024/01/30 04:33:31 [Debug] app/log: Logger started 2024/01/30 04:33:31 [Info] app/dns: DNS: created UDP client initialized for 1.1.1.1:53 2024/01/30 04:33:31 [Info] app/dns: DNS: created UDP client initialized for 8.8.8.8:53 2024/01/30 04:33:31 [Debug] app/proxyman/inbound: creating stream worker on 0.0.0.0:1080 2024/01/30 04:33:31 [Debug] app/proxyman/inbound: creating stream worker on 0.0.0.0:12345 2024/01/30 04:33:31 [Info] transport/internet/tcp: listening TCP on 0.0.0.0:1080 2024/01/30 04:33:31 [Info] transport/internet/udp: listening UDP on 0.0.0.0:1080 2024/01/30 04:33:31 [Info] transport/internet/udp: listening UDP on 0.0.0.0:1053 2024/01/30 04:33:31 [Info] transport/internet/tcp: listening TCP on 0.0.0.0:12345 2024/01/30 04:33:31 [Warning] core: Xray 1.8.6 started

可能是我太菜了,我暂时用socks.

felix-fly commented 8 months ago

iptables转发是在主路由进行的,无线中继实际上是两台设备,想实现透明代理的话可以参考我的旁路由模式摸索着看 https://github.com/felix-fly/openwrt-raspberry/blob/master/guide.md

jpinglove commented 8 months ago

好的,谢谢大佬,我先弄弄看着. 有效果再报告.