Fail to detect internet connection

[mahmoodn]

Using 5.3.0, the server side configuration according tot he example is:

{
  "inbounds": [
    {
      "port": 16823, // Server listening port
      "protocol": "vmess",    // Major incoming protocol
      "settings": {
        "clients": [
          {
            "id": "MY_UUID",  // UUID, must to be kept the same between server and client.
            "alterId": 64
          }
        ]
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",  // Majoy outcoming protocol.
      "settings": {}
    }
  ]
}

The client configuration is

​​

{
  "inbounds": [
    {
      "port": 1080, // Listening port
      "protocol": "socks", // Incoming protocol is SOCKS 5
      "sniffing": {
        "enabled": true,
        "destOverride": ["http", "tls"]
      },
      "settings": {
        "auth": "noauth"  // Authorisation setting of socks protocol. Here, noauth means no authorisation, beacuse in general socks only used in client side, so no need to authorise.
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "vmess", // Outcoming protocol
      "settings": {
        "vnext": [
          {
            "address": "​MY_IP", // Server address, yoou need to edit this to your own IP address/domian. 
            "port": 16823,  // Server listenning port.
            "users": [
              {
                "id": "MY_UUID",  // UUID, must be as same as server side
                "alterId": 64 // AlterID should be as same as server side
              }
            ]
          }
        ]
      }
    }
  ]
}

As you can see server side is fine.

# v2ray version
V2Ray 5.3.0 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.20 linux/amd64)
A unified platform for anti-censorship.
# systemctl restart v2ray
# systemctl status v2ray
● v2ray.service - V2Ray Service
     Loaded: loaded (/etc/systemd/system/v2ray.service; enabled; vendor preset: enabled)
    Drop-In: /etc/systemd/system/v2ray.service.d
             └─10-donot_touch_single_conf.conf
     Active: active (running) since Mon 2023-02-27 08:53:52 UTC; 5min ago
       Docs: https://www.v2fly.org/
   Main PID: 1931 (v2ray)
      Tasks: 6 (limit: 1030)
     Memory: 9.2M
        CPU: 75ms
# ss -lnpt | grep v2ray
LISTEN 0      4096               *:16823            *:*    users:(("v2ray",pid=1931,fd=3))

When I import the client configuration file into V2rayNG (android app), I click on connect and it says successful. However, when I tap "test connection", it says:

Fail to detect internet connection: context deadline exceeded.

The internet connection is fine, because without v2 websites are reachable on my Android phone. Any idea about that?

[mydogshitgold]

Here is a checklist

• [ ] 1. Server respons to ping
• [ ] 2. Server respons to TCP SYN
• [ ] 3. Server has a firewall, such as UFW, and port 16823 is open
• [ ] 4. Your connection to server via VMESS over TCP is not blocked by whatever national firewall you are behind
• [ ] 5. Or your corporate firewall is to be blamed

If you server is indeed blocking connections to port 16823 you can in most case open it by running sudo ufw allow 16823. Also check the firewall of your cloud provider or CDN.

Finally, VMESS over plain TCP is mostly dead meat. I think you want at least VMESS over TLS.

[mahmoodn]

I changed the client config to "destOverride": ["tls"]. As you can see below, ufw settings are fine.

# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
# ufw allow 16823
Rules updated
Rules updated (v6)
# ufw status
Status: active

To                         Action      From
--                         ------      ----
16823                      ALLOW       Anywhere
16823 (v6)                 ALLOW       Anywhere (v6)
# ss -lnpt | grep v2ray
LISTEN 0      4096               *:16823            *:*    users:(("v2ray",pid=562,fd=3))
# systemctl restart v2ray
#

How can I check 1 and 2 in the checklist? When I use my computer (using the same network as my phone), I can ping the server via command line. I have an older V2 virtual machine on a cloud (the same cloud provider) and it works. But I am not able to make 5.3.0 working now.

[mahmoodn]

BTW, the following log files are empty means that the client doesn't reach the server.

# cat /var/log/v2ray/access.log
# cat /var/log/v2ray/error.log
2023/02/27 08:33:53 [Warning] V2Ray 5.3.0 started

[mydogshitgold]

"destOverride" is used to correct destination addresses, and have nothing to do with this connection issue.

1. Use ping command. On Android, you can use Termux to access it.
2. Run curl and tcpdump, look for normal and complete TCP handshake

Are you sure you are using VMESS over TCP? It's easy meat for suppressive firewalls.

[mydogshitgold]

BTW, the following log files are empty means that the client doesn't reach the server.

Check if normal connection, like HTTP or SSH, to your server can be made. If not, you server has been blocked.

[mahmoodn]

I can SSH to the server via my computer.

Are you sure you are using VMESS over TCP? It's easy meat for suppressive firewalls.

How can I check that? I already pasted the server and client in the first post. Which item should I check?

[mydogshitgold]

The configuration you posted uses VMESS over plain TCP, which could easily be targeted by firewalls. A common practice is to use VMESS with TLS, which should be more resistant to blocking.

If you can connect to your server by normal means, but not by VMESS, then TLS may help.

You can look for answers at https://guide.v2fly.org/advanced/tls.html.

[mahmoodn]

OK I am following that guide for TLS. It seems that a domain name is mandatory. Am I right? Does that mean in case of having a VM with valid IP, that is not enough?

[mydogshitgold]

Domain name is required for valid TLS certificates and CDN, not required for self-signed certificates.

Regular domain names are cheap. eu.org and nom.za offer free domains. afriad.org offer free subdomains (cannot be used with CDN).

[mahmoodn]

OK I will try and come back later. Thanks.