search

v2fly / v2ray-core

A platform for building proxies to bypass network restrictions.
https://v2fly.org
MIT License
29.76k stars 4.68k forks source link

Shadowsocks不执行路由规则匹配 #2384

Closed mucunmjin closed 1 year ago

mucunmjin commented 1 year ago

你正在使用哪个版本的 V2Ray? version v4.45.2

你看到的异常现象是什么? 当inbounds protocol是vmess,vless路由规则netflix可以正常执行,但是inbounds protocol是shadowsocks时,没有经过路由规则netflix。

服务端配置:

// 在这里附上服务器端配置文件
{
    "log": {
        "access": "/var/log/v2ray/access.log",
        "error": "/var/log/v2ray/error.log",
        "loglevel": "warning"
    },
    "inbounds": [
        {
            "port": 20810,
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "***",
                        "level": 1,
                        "alterId": 233
                    }
                ],
                "decryption": "none"
            },
            "streamSettings": {
                "network": "ws"
            },
            "sniffing": {
                "enabled": true,
                "destOverride": [
                    "http",
                    "tls"
                ]
            }
        }
        ,
        {
            "port": 20811,
            "protocol": "vmess",
            "settings": {
                "clients": [
                    {
                        "id": "***",
                        "level": 1,
                        "alterId": 233
                    }
                ],
                "decryption": "none"
            },
            "streamSettings": {
                "network": "ws"
            },
            "sniffing": {
                "enabled": true,
                "destOverride": [
                    "http",
                    "tls"
                ]
            }
        },
        {
            "protocol": "shadowsocks",
            "port": 10801,
            "settings": {
                "method": "aes-256-gcm",
                "password": "***",
                "network": "tcp,udp",
                "level": 1,
                "ota": false
            }
        }
    ],
    "outbounds": [      
        {
            "protocol": "freedom",
            "settings": {
                "domainStrategy": "UseIP"
            },
            "tag": "direct"
        },      
        {
            "tag": "sgss",
            "protocol": "shadowsocks",
            "settings": {
                "servers": [
                    {                 
                      "address": "***.com",
                      "port": 10801,
                      "method": "aes-256-gcm",
                      "password": "***",
                      "ota": false,
                      "level": 0
                    }
                ]
            }
        },
        {
            "tag": "hinetss",
            "protocol": "shadowsocks",
            "settings": {
                "servers": [
                    {                 
                      "address": "***.com",
                      "port": 10801,
                      "method": "aes-256-gcm",
                      "password": "***",
                      "ota": false,
                      "level": 0
                    }
                ]
            }
        },
        {
            "protocol": "blackhole",
            "settings": {},
            "tag": "blocked"
        }   
    ],
    "dns": {
        "servers": [
            {
                "address": "***",
                "port": 53,
                "domains": [
                    "geosite:youtube"
                ]
            },
            "8.8.8.8",
            "1.1.1.1",
            "114.114.114.114",
            "8.8.4.4",
            "localhost"             
        ]
    },
    "routing": {
        "domainStrategy": "IPOnDemand",
        "rules": [
            {
                "type": "field",
                "ip": [
                    "0.0.0.0/8",
                    "10.0.0.0/8",
                    "100.64.0.0/10",
                    "127.0.0.0/8",
                    "169.254.0.0/16",
                    "172.16.0.0/12",
                    "192.0.0.0/24",
                    "192.0.2.0/24",
                    "192.168.0.0/16",
                    "198.18.0.0/15",
                    "198.51.100.0/24",
                    "203.0.113.0/24",
                    "::1/128",
                    "fc00::/7",
                    "fe80::/10"
                ],
                "outboundTag": "blocked"
            },
            {
                "type": "field",
                "domain": [                 
                    "geosite:netflix"
                ],              
                "outboundTag": "sgss"
            },
            {
                "type": "field",
                "domain": [
                    "domain:gamer2-cds.cdn.hinet.net",
                    "domain:gamer-cds.cdn.hinet.net",
                    "domain:gamer.com.tw",
                    "domain:ani.gamer.com.tw",
                    "domain:i2.bahamut.com.tw",
                    "domain:app-measurement.com",
                    "domain:api.gamer.com.tw"
                ],
                "outboundTag": "hinetss"
            },
            {
                "type": "field",
                "inboundTag": ["tg-in"],
                "outboundTag": "tg-out"
            }
            ,
            {
                "type": "field",
                "domain": [
                    "domain:epochtimes.com",
                    "domain:epochtimes.com.tw",
                    "domain:epochtimes.fr",
                    "domain:epochtimes.de",
                    "domain:epochtimes.jp",
                    "domain:epochtimes.ru",
                    "domain:epochtimes.co.il",
                    "domain:epochtimes.co.kr",
                    "domain:epochtimes-romania.com",
                    "domain:erabaru.net",
                    "domain:lagranepoca.com",
                    "domain:theepochtimes.com",
                    "domain:ntdtv.com",
                    "domain:ntd.tv",
                    "domain:ntdtv-dc.com",
                    "domain:ntdtv.com.tw",
                    "domain:minghui.org",
                    "domain:renminbao.com",
                    "domain:dafahao.com",
                    "domain:dongtaiwang.com",
                    "domain:falundafa.org",
                    "domain:wujieliulan.com",
                    "domain:ninecommentaries.com",
                    "domain:shenyun.com"
                ],
                "outboundTag": "blocked"
            }           
        ]
    },
    "transport": {
        "kcpSettings": {
            "uplinkCapacity": 100,
            "downlinkCapacity": 100,
            "congestion": true
        }
    }
}
mydogshitgold commented 1 year ago

What exactly is your problem? Can you be more precise? And please format your issues properly, they're very hard to read.

v4.45.2 is an old version released a year ago. The latest version is v5.4.0, please update your software and see if the issues are resolved.

mucunmjin commented 1 year ago

好的,格式好了。能否帮忙看看是否是配置错误,我也会更新最新版本试试,谢谢。

mydogshitgold commented 1 year ago

You don't have sniffing enabled for shadosocks inbound, and if the domains have already been resolved to IPs on the client side (esp. when using transparent proxy or socks4) , your server won't be able to check the requests against domain rules.

Try enabling sniffing for shadowsocks inbound and see if the problem persists.

Also try using IPIfNonMatch as the routing domainStrategy and put all IP rules at the end.

mucunmjin commented 1 year ago

非常感谢,shadowsocks增加sniffing后,可以正常经过路由规则了。谢谢。

mydogshitgold commented 1 year ago

I’m glad I could be of assistance. Please close this issue if the problem has been resolved.

mucunmjin commented 1 year ago

好的,非常感谢。