search

v2fly / v2ray-core

A platform for building proxies to bypass network restrictions.
https://v2fly.org
MIT License
29.59k stars 4.66k forks source link

v2ray ws+tls 无法正常连线使用 #1613

Closed ghost closed 2 years ago

ghost commented 2 years ago

你正在使用哪个版本的 V2Ray?

V2Ray 4.44.0 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.17.3 linux/amd64)

你的使用场景是什么?

ws+tls 翻墙

root@:~# date
Wed Feb ** **:**:** CST 2022
root@:~# v2ray -test
V2Ray 4.44.0 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.17.3 linux/amd64)
A unified platform for anti-censorship.
2022/02/16 **:**:** Using default config:  /root/config.json
2022/02/16 **:**:** [Info] main/jsonem: Reading config: /root/config.json
Configuration OK.
root@:~# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
root@:~# service v2ray restart
root@:~# service nginx restart

你看到的异常现象是什么?

本地时间和主机时间一致。 服务器配置、运行无报错。 证书正常,使用中国网络直连打开自己的 https 网站正常。 服务器主机只有打开 ssh 80 443 端口。

PC 本机无法正常上网、报错:无法做到安全连接 v2rayNG 1.6.30 连线失败:context deadline exceeded v2rayNG 1.6.30 在使用 CF CND 翻墙时,报错:io:read/write on closed pipe

你期待看到的正常表现是怎样的?

正常连线,上网。 之前主机欠费停机了。续命完、用自动脚本 (https://github.com/v2fly/fhs-install-v2ray) 更新了一下 v2ray 4.43.0 到 4.44.0。 但不知道怎么回事不能用,就更新了下 OS ,重安装了一下 Server。 后面用旧配置文件内容,正常走流程配置出来,但还是不能使用。很困扰。

请附上你的配置

v2ray服务端配置:

// {
   "inbound": {
     "protocol": "vmess",
     "listen": "127.0.0.1",
   "port": 8964,
   "settings": {"clients": [
       {"id": "隐藏"}

     ]},

   "streamSettings": {
   "network": "ws",
   "wsSettings": {"path": "/隐藏"}
     }
   },

   "outbound": {"protocol": "freedom"}
}

客户端配置:

// {
    "api": {
        "services": [
            "ReflectionService",
            "HandlerService",
            "LoggerService",
            "StatsService"
        ],
        "tag": "QV2RAY_API"
    },
    "dns": {
        "servers": [
            "1.1.1.1",
            "8.8.8.8"
        ]
    },
    "fakedns": {
        "ipPool": "198.18.0.0/15",
        "poolSize": 65535
    },
    "inbounds": [
        {
            "listen": "127.0.0.1",
            "port": 15490,
            "protocol": "dokodemo-door",
            "settings": {
                "address": "127.0.0.1"
            },
            "sniffing": {
            },
            "tag": "QV2RAY_API_INBOUND"
        },
        {
            "listen": "127.0.0.1",
            "port": 8965,
            "protocol": "http",
            "settings": {
                "allowTransparent": true,
                "timeout": 300
            },
            "sniffing": {
            },
            "tag": "http_IN"
        },
        {
            "listen": "127.0.0.1",
            "port": 8964,
            "protocol": "socks",
            "settings": {
                "auth": "noauth",
                "ip": "127.0.0.1",
                "udp": true
            },
            "sniffing": {
            },
            "tag": "socks_IN"
        },
        {
            "listen": "127.0.0.1",
            "port": 12345,
            "protocol": "dokodemo-door",
            "settings": {
                "address": "",
                "followRedirect": true,
                "network": "tcp,udp",
                "port": 0,
                "timeout": 0
            },
            "sniffing": {
            },
            "streamSettings": {
                "sockopt": {
                    "tproxy": "tproxy"
                }
            },
            "tag": "tproxy_IN"
        }
    ],
    "log": {
        "loglevel": "error"
    },
    "outbounds": [
        {
            "_QV2RAY_USE_GLOBAL_FORWARD_PROXY_": false,
            "protocol": "vmess",
            "sendThrough": "0.0.0.0",
            "settings": {
                "vnext": [
                    {
                        "address": "隐藏",
                        "port": 443,
                        "users": [
                            {
                                "id": "隐藏"
                            }
                        ]
                    }
                ]
            },
            "streamSettings": {
                "kcpSettings": {
                    "readBufferSize": 1,
                    "tti": 20,
                    "writeBufferSize": 1
                },
                "network": "ws",
                "quicSettings": {
                    "security": ""
                },
                "security": "tls",
                "sockopt": {
                    "mark": 255
                },
                "tcpSettings": {
                    "header": {
                        "request": {
                            "headers": {
                            },
                            "path": [
                            ]
                        },
                        "response": {
                            "headers": {
                            }
                        },
                        "type": "none"
                    }
                },
                "tlsSettings": {
                    "serverName": "隐藏"
                },
                "wsSettings": {
                    "path": "/隐藏"
                }
            },
            "tag": "WS+CDN"
        },
        {
            "protocol": "freedom",
            "sendThrough": "0.0.0.0",
            "settings": {
                "domainStrategy": "UseIP",
                "redirect": ":0"
            },
            "streamSettings": {
                "sockopt": {
                    "mark": 255
                }
            },
            "tag": "DIRECT"
        },
        {
            "protocol": "blackhole",
            "sendThrough": "0.0.0.0",
            "settings": {
                "response": {
                    "type": "none"
                }
            },
            "streamSettings": {
                "sockopt": {
                    "mark": 255
                }
            },
            "tag": "BLACKHOLE"
        },
        {
            "protocol": "dns",
            "streamSettings": {
                "sockopt": {
                    "mark": 255
                }
            },
            "tag": "dns-out"
        }
    ],
    "policy": {
        "system": {
            "statsInboundDownlink": true,
            "statsInboundUplink": true,
            "statsOutboundDownlink": true,
            "statsOutboundUplink": true
        }
    },
    "routing": {
        "domainMatcher": "mph",
        "domainStrategy": "AsIs",
        "rules": [
            {
                "inboundTag": [
                    "QV2RAY_API_INBOUND"
                ],
                "outboundTag": "QV2RAY_API",
                "type": "field"
            },
            {
                "inboundTag": [
                    "tproxy_IN",
                    "socks_IN"
                ],
                "outboundTag": "dns-out",
                "port": "53",
                "type": "field"
            },
            {
                "ip": [
                    "geoip:private"
                ],
                "outboundTag": "DIRECT",
                "type": "field"
            },
            {
                "domain": [
                    "masiro.moe",
                    "masiro.me"
                ],
                "outboundTag": "BLACKHOLE",
                "type": "field"
            }
        ]
    },
    "stats": {
    }
}

请附上出错时软件输出的错误日志

服务器端错误日志:

// vim /var/log/v2ray/error.log 空文件、无日志。

客户端错误日志:

// 
V2Ray 4.44.0 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.17.3 linux/amd64)
A unified platform for anti-censorship.
2022/02/ [Info] main/jsonem: Reading config: /home/隐藏/.config/qv2ray/generated/config.gen.json
2022/02/ 127.0.0.1:56932 accepted tcp:127.0.0.1:0 [QV2RAY_API]
2022/02/ 127.0.0.1:40474 accepted //aus5.mozilla.org:443 [WS+CDN]
2022/02/ 127.0.0.1:40476 accepted //profile.accounts.firefox.com:443 [WS+CDN]
2022/02/ tcp:127.0.0.1:56216 accepted tcp:www.youtube.com:443 [WS+CDN]
2022/02/ tcp:127.0.0.1:56218 accepted tcp:www.youtube.com:443 [WS+CDN]

请附上访问日志

// vim /var/log/v2ray/access.log  空文件,无日志

其它相关的配置文件(如 Nginx)和相关日志

nginx 服务端配置:

// 
server {
    ### 1:
    server_name www.隐藏;

    listen 80 reuseport fastopen=10;
    rewrite ^(.*) https://$server_name$1 permanent;
    if ($request_method  !~ ^(POST|GET)$) { return  501; }
    autoindex off;
    server_tokens off;
}

server {
    ### 2:
    ssl_certificate /etc/letsencrypt/live/www.隐藏/fullchain.pem;

    ### 3:
    ssl_certificate_key /etc/letsencrypt/live/www.隐藏/privkey.pem;

    ### 4:
    location /隐藏
    {
        proxy_pass http://127.0.0.1:8964;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_requests 10000;
        keepalive_timeout 2h;
        proxy_buffering off;
    }

    listen 443 ssl reuseport fastopen=10;
    server_name $server_name;
    charset utf-8;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_requests 10000;
    keepalive_timeout 2h;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_ecdh_curve secp384r1;
    ssl_prefer_server_ciphers off;

    ssl_session_cache shared:SSL:60m;
    ssl_session_timeout 1d;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 10s;

    if ($request_method  !~ ^(POST|GET)$) { return 501; }
    add_header X-Frame-Options DENY;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options nosniff;
    add_header Strict-Transport-Security max-age=31536000 always;
    autoindex off;
    server_tokens off;

    index index.html index.htm  index.php;
    location ~ .*\.(js|jpg|JPG|jpeg|JPEG|css|bmp|gif|GIF|png)$ { access_log off; }
    location / { index index.html; }
}

如果 V2Ray 无法启动,请附上 --test 命令的输出

如果 V2Ray 服务运行异常,请附上 journal 日志

ghost commented 2 years ago

已解决。 怎么解决的呢?具体来说新开了台主机又配置了一次,正好 domain 差不多也要续命了。と 自己没有排错、没有日志能看,所以不具备参考价值,本来没打算写,mail 也很久没看。

如果大家各自有什么问题的话直接新开 issue 就好啦。

ansemz commented 2 years ago

怎么解决的呀?

MomoPeking commented 2 years ago

已解决。

您好,我也遇到了和您非常類似的問題,請問應該如何解決呢?不勝感激!

MomoPeking commented 2 years ago

明白了,是2022年1月1日啟用了「VMess MD5 认证信息 淘汰机制」的問題。如欲解決,請參見https://www.v2fly.org/config/protocols/vmess.html#inboundconfigurationobject 或 youtube視頻:https://www.youtube.com/watch?v=BmfKwDClFlk

xiaokangwang commented 2 years ago

明白了,是2022年1月1日啟用了「VMess MD5 认证信息 淘汰机制」的問題。如欲解決,請參見https://www.v2fly.org/config/protocols/vmess.html#inboundconfigurationobject 或 youtube視頻:https://www.youtube.com/watch?v=BmfKwDClFlk

您好,這種情況下一般可以通過查看服務器日誌看到具體的錯誤原因。一般的說沒有具體的日誌信息就算是開發者也沒有辦法解決的。 看到您已經自行解決了問題就放心了。。。(那郵件這次就不另行回覆了)

MomoPeking commented 2 years ago

明白了⋯⋯非常感謝您!

Xiaokang Wang (Shelikhoo) @.***> 於 2022年2月22日 週二 上午3:18寫道:

明白了,是2022年1月1日啟用了「VMess MD5 认证信息 淘汰机制」的問題。如欲解決,請參見 https://www.v2fly.org/config/protocols/vmess.html#inboundconfigurationobject 或 youtube視頻:https://www.youtube.com/watch?v=BmfKwDClFlk

您好,這種情況下一般可以通過查看服務器日誌看到具體的錯誤原因。一般的說沒有具體的日誌信息就算是開發者也沒有辦法解決的。 看到您已經自行解決了問題就放心了。。。(那郵件這次就不另行回覆了)

— Reply to this email directly, view it on GitHub https://github.com/v2fly/v2ray-core/issues/1613#issuecomment-1047692180, or unsubscribe https://github.com/notifications/unsubscribe-auth/ANBI6WY2NG5GBIBNB7G7OUTU4NWJ5ANCNFSM5OQOM5AQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you commented.Message ID: @.***>