search

v2fly / v2ray-core

A platform for building proxies to bypass network restrictions.
https://v2fly.org
MIT License
28.21k stars 4.51k forks source link

UDP relay/proxying in SOCKS5 mode does not work #2944

Open Kein opened 3 months ago

Kein commented 3 months ago

What version of V2Ray are you using?

v5.14.1

What's your scenario of using V2Ray?

Bypass RU/CIS blackbox DPI that throttles any traffic it does not like.

What problems have you encountered?

Unable to upload pictures on some resources, namely Discord

What's your expectation?

it just works, like Shadowsocks.

Please attach your configuration here

CLIENT:

{
    "inbounds": [
        {
            "port": 1083,
            "listen": "127.0.0.1",
            "protocol": "socks",
            "settings": {
                "udp": true
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "vmess",
            "settings": {
                "vnext": [
                    {
                        "address": "ipv4.ipv4.ipv4.ipv4",
                        "port": 49533,
                        "users": [
                            {
                                "id": "3571dcec-073c-4c0a-8bab-0d84351be678"
                            }
                        ]
                    }
                ]
            }
        },
        {
            "protocol": "freedom",
            "tag": "direct"
        }
    ],
    "routing": {
        "domainStrategy": "IPOnDemand",
        "rules": [
            {
                "type": "field",
                "ip": [
                    "geoip:private"
                ],
                "outboundTag": "direct"
            }
        ]
    }
}

SERVER:

{
    "inbounds": [
        {
            "port": 1081,
            "protocol": "vmess",
            "settings": {
                "clients": [
                    {
                        "id": "3571dcec-073c-4c0a-8bab-0d84351be678"
                    }
                ]
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom"
        }
    ]
}

Please attach error logs here

SERVER

error.log

2024/03/20 21:27:01 IP.IP.IP.IP:53136 accepted tcp:discord.com:443
2024/03/20 21:27:04 IP.IP.IP.IP:53140 accepted tcp:discord-attachments-uploads-prd.storage.googleapis.com:443
2024/03/20 21:27:12 IP.IP.IP.IP:53155 accepted tcp:gateway.discord.gg:443
2024/03/20 21:27:12 IP.IP.IP.IP:53157 accepted tcp:gateway.discord.gg:443

CLIENT

access.log

2024/03/20 20:59:55 tcp:127.0.0.1:64517 accepted tcp:cdn.discordapp.com:443
2024/03/20 20:59:55 tcp:127.0.0.1:64516 accepted tcp:cdn.discordapp.com:443
2024/03/20 21:00:26 tcp:127.0.0.1:64533 accepted tcp:discord.com:443
2024/03/20 21:05:10 tcp:127.0.0.1:64739 accepted tcp:media.discordapp.net:443
2024/03/20 21:08:01 tcp:127.0.0.1:64833 accepted tcp:discord.com:443
2024/03/20 21:08:15 tcp:127.0.0.1:64845 accepted tcp:cdn.discordapp.com:443
2024/03/20 21:08:21 tcp:127.0.0.1:64847 accepted tcp:images-ext-1.discordapp.net:443
2024/03/20 21:08:21 tcp:127.0.0.1:64849 accepted tcp:media.discordapp.net:443
2024/03/20 21:08:46 tcp:127.0.0.1:64853 accepted tcp:images-ext-2.discordapp.net:443
2024/03/20 21:16:29 tcp:127.0.0.1:65137 accepted tcp:cdn.discordapp.com:443

error.log

2024/03/20 23:27:01 [Info] [3606843234] proxy/socks: TCP Connect request to tcp:discord.com:443
2024/03/20 23:27:01 [Info] [3606843234] app/dispatcher: sniffed domain: discord.com for tcp:discord.com:443
2024/03/20 23:27:01 [Warning] [3606843234] app/dispatcher: default route for tcp:discord.com:443
2024/03/20 23:27:01 [Info] [3606843234] transport/internet/tcp: dialing TCP to tcp:IP.IP.IP.IP:7230
2024/03/20 23:27:01 [Info] [3606843234] proxy/vmess/outbound: tunneling request to tcp:discord.com:443 via IP.IP.IP.IP:7230
2024/03/20 23:27:04 [Info] [59542471] proxy/socks: TCP Connect request to tcp:discord-attachments-uploads-prd.storage.googleapis.com:443
2024/03/20 23:27:04 [Info] [59542471] app/dispatcher: sniffed domain: discord-attachments-uploads-prd.storage.googleapis.com for tcp:discord-attachments-uploads-prd.storage.googleapis.com:443
2024/03/20 23:27:04 [Warning] [59542471] app/dispatcher: default route for tcp:discord-attachments-uploads-prd.storage.googleapis.com:443
2024/03/20 23:27:04 [Info] [59542471] transport/internet/tcp: dialing TCP to tcp:IP.IP.IP.IP:7230
2024/03/20 23:27:04 [Info] [59542471] proxy/vmess/outbound: tunneling request to tcp:discord-attachments-uploads-prd.storage.googleapis.com:443 via IP.IP.IP.IP:7230
2024/03/20 23:27:11 [Info] [1286445698] proxy/socks: TCP Connect request to tcp:gateway.discord.gg:443
2024/03/20 23:27:11 [Info] [1286445698] app/dispatcher: sniffed domain: gateway.discord.gg for tcp:gateway.discord.gg:443
2024/03/20 23:27:11 [Warning] [1286445698] app/dispatcher: default route for tcp:gateway.discord.gg:443
2024/03/20 23:27:11 [Info] [1286445698] transport/internet/tcp: dialing TCP to tcp:IP.IP.IP.IP:7230
2024/03/20 23:27:11 [Info] [1286445698] proxy/vmess/outbound: tunneling request to tcp:gateway.discord.gg:443 via IP.IP.IP.IP:7230
2024/03/20 23:27:11 [Info] [1678666279] proxy/socks: TCP Connect request to tcp:gateway.discord.gg:443
2024/03/20 23:27:11 [Info] [1678666279] app/dispatcher: sniffed domain: gateway.discord.gg for tcp:gateway.discord.gg:443
2024/03/20 23:27:11 [Warning] [1678666279] app/dispatcher: default route for tcp:gateway.discord.gg:443
2024/03/20 23:27:11 [Info] [1678666279] transport/internet/tcp: dialing TCP to tcp:IP.IP.IP.IP:7230
2024/03/20 23:27:12 [Info] [1678666279] proxy/vmess/outbound: tunneling request to tcp:gateway.discord.gg:443 via IP.IP.IP.IP:7230
2024/03/20 23:27:42 [Info] [723866385] proxy/socks: TCP Connect request to tcp:www.steamtrades.com:443
2024/03/20 23:27:42 [Info] [723866385] app/dispatcher: sniffed domain: www.steamtrades.com for tcp:www.steamtrades.com:443
2024/03/20 23:27:42 [Warning] [723866385] app/dispatcher: default route for tcp:www.steamtrades.com:443
2024/03/20 23:27:42 [Info] [723866385] transport/internet/tcp: dialing TCP to tcp:IP.IP.IP.IP:7230
2024/03/20 23:27:42 [Info] [723866385] proxy/vmess/outbound: tunneling request to tcp:www.steamtrades.com:443 via IP.IP.IP.IP:7230
2024/03/20 23:27:52 [Info] [723866385] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: connection ends > context canceled

Other configurations (such as Nginx) and logs here

N/A

Additional info

V2ray used in standalone in SOCKS5 mode. Firefox 123 in FULL SOCKS5 mode (including UDP proxying of DNS)

ANY attempt tp upload any picture on Discord from local PC fails. Upload works on something like imgur.com without issues. Switching to Shadowsocks on the SAME VPS and the same client pc works flawlessly. The issue appears to be with v2ray SOCKS implementation (?, it is lacking?)

Kein commented 3 months ago

So yeah, it looks like SOCKS5 protocol is poorly imlplemented. Disabling "settings": { "udp": false } and

"sniffing":
        {
          "enabled": false,
          "destOverride": ["http", "tls"]
        },

fixes the issue because it appears to be unable to rely UDP packets as a proper SOCKS proxy (including proxying DNS queries, as per Firefox capability). Even if it did I assume it would not be shaped by vmess anyway.

Which leaves v2ray standalone to be typical TCP-only half-working SOCKS5 proxy (essential;ly a HTTP proxy) whcih is real shame, in a year of our lord 2024. I suppose without Shadowsocks on top of v2ray (as a pluggable transport) it is not very unusable, but then you have to ask yourself why use v2ray with shadowsocks when you have CLOACK plugin for the latter.

Kein commented 3 months ago

Actually, I've tested this more without UDP mode and can confirm this has nothing to do with UDP - it just fails with Discord uploads at all.

dyhkwong commented 3 months ago

It is almost impossible to use SOCKS5 UDP Associate without transparent proxy method because in the real world almost no software that supports SOCKS5 actually supports SOCKS5 UDP Associate (including but not limiting to Chrome/Firefox). And your log shows nothing about UDP traffic. If you can fix something by turning off sniffing, usually it means that some traffic has mismatched SNI (or HTTP Host, or something recognized as them) and destination.

Kein commented 3 months ago

If you can fix something by turning off sniffing, usually it means that some traffic has mismatched SNI (or HTTP Host, or something recognized as them) and destination.

I actually can't, I was wrong. It was just a coincidence that the bug did not appear after I disabled sniffing and UDP and restarted proxy. Right now I'm running with both of these options enabled and it works, but randomly the bug re-appears. It is not related to any of the settings I've tried, it is a fundamental issue of the v2ray vmess protocol it seems.

The worst part, as you have seen, logs in debug mode show nothing. The file upload just silently fails. It is definitely v2ray issue, because if I switch to Shadowsocks in the same session it immediately start working without a hitch.