内网穿透（反向代理）不能与Websocket同时使用

Tonny-Gu commented 2 years ago

你正在使用哪个版本的 V2Ray？

V2Ray 4.45.0 (Latest)
Xray 1.5.5 (Latest)

均使用Docker安装，加入参数--net host

你的使用场景是什么？

使用WS(S)的tunnel作为portal和bridge之间通信的方法

你看到的异常现象是什么？

当V2Ray使用以下组合时，内网穿透的工作情况为：

VMess：正常
VMess / VMessAEAD / VLess + WS / WSS：无法工作

V2Ray和Xray两个实现均存在此问题

你期待看到的正常表现是怎样的？

内网穿透可以与任意Stream Setting组合使用

请附上你的配置

以下内容为本地测试VMess + WS的配置

服务端配置：

{
    "log": {
        "loglevel": "debug"
    },
    "reverse": {
        "portals": [
            {
                "tag": "portal",
                "domain": "rproxy.reserved.domain.com"
            }
        ]
    },
    "inbounds": [
        {
            "tag": "external",
            "port": 8880,
            "protocol": "vmess",
            "settings": {
                "clients": [
                    {
                        "id": "[HIDE]",
                        "alterId": 1
                    }
                ]
            },
            "streamSettings": {
                "network": "ws",
                "wsSettings": {
                    "path": "[HIDE]"
                }
            }
        }
    ],
    "routing": {
        "rules": [
            {
                "type": "field",
                "inboundTag": [
                    "external"
                ],
                "outboundTag": "portal"
            }
        ]
    }
}

客户端配置：

{
    "log": {
        "loglevel": "debug"
    },
    "reverse": {
        "bridges": [
            {
                "tag": "bridge",
                "domain": "rproxy.reserved.domain.com"
            }
        ]
    },
    "outbounds": [
        {
            "tag": "tunnel",
            "protocol": "vmess",
            "settings": {
                "vnext": [
                    {
                        "address": "localhost",
                        "port": 8880,
                        "users": [
                            {
                                "alterId": 1,
                                "id": "[HIDE]"
                            }
                        ]
                    }
                ],
                "streamSettings": {
                    "network": "ws",
                    "wsSettings": {
                        "path": "[HIDE]"
                    }
                }
            }
        },
        {
            "protocol": "freedom",
            "settings": {},
            "tag": "out"
        }
    ],
    "routing": {
        "rules": [
            {
                "type": "field",
                "inboundTag": [
                    "bridge"
                ],
                "domain": [
                    "full:rproxy.reserved.domain.com"
                ],
                "outboundTag": "tunnel"
            },
            {
                "type": "field",
                "inboundTag": [
                    "bridge"
                ],
                "outboundTag": "out"
            }
        ]
    }
}

另外也测试过VMessAEAD (alterID=1)和VLess，问题仍然存在

请附上出错时软件输出的错误日志

服务器端错误日志：

(无异常)

V2Ray 4.45.0 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.18.1 linux/amd64)
A unified platform for anti-censorship.
2022/05/05 15:51:55 [Info] main/jsonem: Reading config: /etc/v2ray/config.json
2022/05/05 15:51:55 [Debug] app/log: Logger started
2022/05/05 15:51:55 [Debug] app/proxyman/inbound: creating stream worker on 0.0.0.0:8880
2022/05/05 15:51:55 [Info] transport/internet/websocket: listening TCP(for WS) on 0.0.0.0:8880
2022/05/05 15:51:55 [Warning] V2Ray 4.45.0 started

客户端错误日志：

V2Ray 4.45.0 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.18.1 linux/amd64)
A unified platform for anti-censorship.
2022/05/05 15:51:56 [Info] main/jsonem: Reading config: /etc/v2ray/config.json
2022/05/05 15:51:56 [Debug] app/log: Logger started
2022/05/05 15:51:56 [Warning] V2Ray 4.45.0 started
2022/05/05 15:51:56 [Info] app/dispatcher: taking detour [tunnel] for [tcp:rproxy.reserved.domain.com:0]
2022/05/05 15:51:56 [Info] transport/internet/tcp: dialing TCP to tcp:localhost:8880
2022/05/05 15:51:56 [Info] proxy/vmess/outbound: tunneling request to tcp:rproxy.reserved.domain.com:0 via tcp:localhost:8880
2022/05/05 15:52:00 [Info] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: connection ends > proxy/vmess/outbound: failed to read header > proxy/vmess/encoding: unexpected response header. Expecting 191 but actually 67
2022/05/05 15:52:00 [Info] common/mux: unexpected EOF > common/mux: failed to read metadata > io: read/write on closed pipe
2022/05/05 15:52:02 [Info] app/dispatcher: taking detour [tunnel] for [tcp:rproxy.reserved.domain.com:0]
2022/05/05 15:52:02 [Info] transport/internet/tcp: dialing TCP to tcp:localhost:8880
2022/05/05 15:52:02 [Info] proxy/vmess/outbound: tunneling request to tcp:rproxy.reserved.domain.com:0 via tcp:localhost:8880
2022/05/05 15:52:06 [Info] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: connection ends > proxy/vmess/outbound: failed to read header > proxy/vmess/encoding: unexpected response header. Expecting 36 but actually 46

Tonny-Gu commented 2 years ago

@AkinoKaede 已更新

AkinoKaede commented 2 years ago

The config is wrong, streamSettings is not a sub-item of settings.

Patch

29,34c29,34
<                 ]
<             },
<             "streamSettings": {
<                 "network": "ws",
<                 "wsSettings": {
<                     "path": "[HIDE]"
---
>                 ],
>                 "streamSettings": {
>                     "network": "ws",
>                     "wsSettings": {
>                         "path": "[HIDE]"
>                     }

Full Config

{
    "log": {
        "loglevel": "debug"
    },
    "reverse": {
        "bridges": [
            {
                "tag": "bridge",
                "domain": "rproxy.reserved.domain.com"
            }
        ]
    },
    "outbounds": [
        {
            "tag": "tunnel",
            "protocol": "vmess",
            "settings": {
                "vnext": [
                    {
                        "address": "localhost",
                        "port": 8880,
                        "users": [
                            {
                                "alterId": 1,
                                "id": "[HIDE]"
                            }
                        ]
                    }
                ]
            },
            "streamSettings": {
                "network": "ws",
                "wsSettings": {
                    "path": "[HIDE]"
                }
            }
        },
        {
            "protocol": "freedom",
            "settings": {},
            "tag": "out"
        }
    ],
    "routing": {
        "rules": [
            {
                "type": "field",
                "inboundTag": [
                    "bridge"
                ],
                "domain": [
                    "full:rproxy.reserved.domain.com"
                ],
                "outboundTag": "tunnel"
            },
            {
                "type": "field",
                "inboundTag": [
                    "bridge"
                ],
                "outboundTag": "out"
            }
        ]
    }
}

y0umu commented 2 years ago

The config is wrong, streamSettings is not a sub-item of settings.

Patch

29,34c29,34
<                 ]
<             },
<             "streamSettings": {
<                 "network": "ws",
<                 "wsSettings": {
<                     "path": "[HIDE]"
---
>                 ],
>                 "streamSettings": {
>                     "network": "ws",
>                     "wsSettings": {
>                         "path": "[HIDE]"
>                     }

Full Config

{
    "log": {
        "loglevel": "debug"
    },
    "reverse": {
        "bridges": [
            {
                "tag": "bridge",
                "domain": "rproxy.reserved.domain.com"
            }
        ]
    },
    "outbounds": [
        {
            "tag": "tunnel",
            "protocol": "vmess",
            "settings": {
                "vnext": [
                    {
                        "address": "localhost",
                        "port": 8880,
                        "users": [
                            {
                                "alterId": 1,
                                "id": "[HIDE]"
                            }
                        ]
                    }
                ]
            },
            "streamSettings": {
                "network": "ws",
                "wsSettings": {
                    "path": "[HIDE]"
                }
            }
        },
        {
            "protocol": "freedom",
            "settings": {},
            "tag": "out"
        }
    ],
    "routing": {
        "rules": [
            {
                "type": "field",
                "inboundTag": [
                    "bridge"
                ],
                "domain": [
                    "full:rproxy.reserved.domain.com"
                ],
                "outboundTag": "tunnel"
            },
            {
                "type": "field",
                "inboundTag": [
                    "bridge"
                ],
                "outboundTag": "out"
            }
        ]
    }
}

I have a similar problem when tunneling through a firewall using websocket. I have applied this 'corrected' version, but I still keep getting something like:

2022/08/07 21:08:20 [Info] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: connection ends > proxy/vless/outbound: failed to decode response header > proxy/vless/encoding: failed to read response version > EOF

The funny part is that, I got the same error even I did not start up the server side v2ray nor httpd at all. This could mean that the traffic never left the client machine.

y0umu commented 2 years ago

Although it may sound like a dirty workaround, it is fully possible to make use of the tunnel v2ray establishes to expose ports behind NAT with the help of 3rd party reverse proxies that support tunneling traffic through a socks5 / http proxy. Here is a sample configuration with frpc:

frpc.ini:

[common]
; Keep in mind that this 127.0.0.1 refers to the node running server side V2Ray! (i.e. the 'exit node' of the tunnel)
server_addr = 127.0.0.1
server_port = 7000
; This address points to a proxy. It can be a local V2Ray with websocket outbound.
http_proxy = socks5://127.0.0.1:17906
log_file = console

[web]
type = tcp
local_ip = 127.0.0.1
local_port = 8080
remote_port = 80

Tonny-Gu commented 2 years ago

@y0umu As far as I remember, the corrected config is working in my case. If you are seeking an alternative solution, I would actually recommend GOSTv3, which is easy to deploy and supports tunneling through various protocols, such as socks5 / http / ssh / private protocol (named Relay) over websocket + tls.

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 120 days with no activity. Remove stale label or comment or this will be closed in 5 days

v2fly / v2ray-core