OpenWrt官方源v2ray-core init.d 运行脚本问题

[YolineWu]

安装的版本，OpenWrt官方源v2ray-core 5.16.0-1：

直接运行命令 v2ray run -config /etc/v2ray/config.json 可以正常运行，在 config.json 中配置的日志文件中能看到启动日志：

使用安装后自动生成的 init.d /etc/init.d/v2ray start 脚本运行，终端没输出，在 config.json 中配置的日志文件没有日志打印 ，然后再运行 /etc/init.d/v2ray status 输出 active with no instances：

init.d 脚本：

#!/bin/sh /etc/rc.common

USE_PROCD=1
START=99

CONF="v2ray"
PROG="/usr/bin/v2ray"

start_service() {
    config_load "$CONF"

    local enabled
    config_get_bool enabled "enabled" "enabled" "0"
    [ "$enabled" -eq "1" ] || return 1

    local confdir
    local conffiles
    local datadir
    local format

    config_get confdir "config" "confdir"
    config_get conffiles "config" "conffiles"
    config_get datadir "config" "datadir" "/usr/share/v2ray"
    config_get format "config" "format" "json"
    config_get_bool memconservative "config" "memconservative" "1"

    procd_open_instance "$CONF"
    procd_set_param command "$PROG" run
    [ -n "$confdir" ] && procd_append_param command -confdir "$confdir"
    [ -n "$conffiles" ] && {
        for i in $conffiles
        do
            procd_append_param command -config "$i"
        done
    }
    [ -n "$format" ] && procd_append_param command -format "$format"
    procd_set_param env v2ray.local.asset="$datadir"
    [ "$memconservative" -eq "1" ] && procd_append_param env V2RAY_CONF_GEOLOADER="memconservative"
    procd_set_param file $conffiles

    procd_set_param limits core="unlimited"
    procd_set_param limits nofile="1000000 1000000"
    procd_set_param stdout 1
    procd_set_param stderr 1
    procd_set_param respawn

    procd_close_instance
}

reload_service() {
    stop
    start
}

service_triggers() {
    procd_add_reload_trigger "$CONF"
}

OpenWrt系统信息：

*v2ray配置信息＊:

{
  "log": {
    "access": "/var/log/v2ray/access.log",
    "error": "/var/log/v2ray/error.log",
    "loglevel": "debug"
  },
  "dns": {
    "servers": [
      "8.8.8.8",
      "1.1.1.1",
      {
        "address": "223.5.5.5",
        "domains": [
          "geosite:cn",
          "ntp.org",
         ...
          "friendlyelec.com.cn"
        ]
      }
    ]
  },
  "inbounds": [
    {
      "tag": "all-in",
      "port": 12345,
      "protocol": "dokodemo-door",
      "settings": {
        "network": "tcp,udp",
        "followRedirect": true
      },
      "sniffing": {
        "enabled": true,
        "destOverride": ["http", "tls"]
      },
      "streamSettings": {
        "sockopt": {
          "tproxy": "tproxy",
          "mark": 255
        }
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "trojan",
      "settings": {
        "servers": [
          {
            "address": "xxx.com",
            "port": 443,
            "password": "xxx",
            "email": "xxx@xxx.com",
            "level": 0
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "security": "tls",
        "tlsSettings": {
          "serverName": "xxx.com"
        },
        "wsSettings": {
          "path": "/admin"
        },
        "sockopt": {
          "mark": 255
        }
      },
      "tag": "proxy"
    },
    {
      "tag": "direct",
      "protocol": "freedom",
      "settings": {
        "domainStrategy": "UseIP"
      },
      "streamSettings": {
        "sockopt": {
          "mark": 255
        }
      }
    },
    {
      "tag": "block",
      "protocol": "blackhole",
      "settings": {
        "response": {
          "type": "http"
        }
      }
    },
    {
      "tag": "dns-out",
      "protocol": "dns",
      "streamSettings": {
        "sockopt": {
          "mark": 255
        }
      }
    }
  ],
  "routing": {
    "domainStrategy": "IPIfNonMatch",
    "rules": [
      {
        "type": "field",
        "inboundTag": ["all-in"],
        "port": 53,
        "network": "udp",
        "outboundTag": "dns-out"
      },
      {
        "type": "field",
        "inboundTag": ["all-in"],
        "port": 123,
        "network": "udp",
        "outboundTag": "direct"
      },
      {
        "type": "field",
        "ip": [
          "223.5.5.5"
        ],
        "outboundTag": "direct"
      },
      {
        "type": "field",
        "ip": [
          "8.8.8.8",
          "1.1.1.1"
        ],
        "outboundTag": "proxy"
      },
      {
        "type": "field",
        "domain": ["geosite:category-ads-all"],
        "outboundTag": "block"
      },
      {
        "type": "field",
        "protocol": ["bittorrent"],
        "outboundTag": "direct"
      },
      {
        "type": "field",
        "domain": [
          "ntp.org",
         ...
          "friendlyelec.com.cn"
        ],
        "outboundTag": "direct"
      },
      {
        "type": "field",
        "outboundTag": "proxy",
        "domain": [
          "geosite:google",
          "geosite:facebook",
          "geosite:twitter",
          "geosite:telegram",
          "github.io",
          ...
          "googleapis.com"
        ]
      },
      {
        "type": "field",
        "ip": ["geoip:private", "geoip:cn"],
        "outboundTag": "direct"
      },
      {
        "type": "field",
        "domain": ["geosite:cn"],
        "outboundTag": "direct"
      },
      {
        "type": "field",
        "ip": ["geoip:private", "geoip:cn"],
        "outboundTag": "direct"
      }
    ]
  }
}

对 init.d 的脚本不熟悉，自动生成的脚本是否有问题？还是我运行命令有问题？我应该修改或新建新的运行脚本吗？

[ecrasy]

直接運行v2ray 而不是指定init.d的v2ray

不建議單獨使用v2ray 可以考慮配合luci端passwall或者v2raya一起使用

[YolineWu]

直接運行v2ray 而不是指定init.d的v2ray

不建議單獨使用v2ray 可以考慮配合luci端passwall或者v2raya一起使用

目前新建了一个新的 init.d 脚本解决了这个问题：

#!/bin/sh /etc/rc.common

USE_PROCD=1
START=99

start_service() {
        procd_open_instance
        procd_set_param command /usr/bin/v2ray run -config=/etc/v2ray/config.json
        procd_set_param stdout 1
        procd_set_param stderr 1
        procd_set_param respaw
        procd_close_instance
}

reload_service() {
        stop
        start
}

对于安装时自动生成的 init.d 脚本是否是有问题呢？如果有问题，是否应该修复一下？

而v2raya我试过，配置是方便，但配置起来没有直接配置v2ray灵活，所以就放弃了。至于passwall不太了解，是否可以使用v2ray原本的config.json文件？

我目前做的是透明代理，看了些v2ray透明代理的教程，拼成了下面的 nftables 规则：

table ip v2ray {
    chain prerouting {
        type filter hook prerouting priority 0 ;
        ip daddr { 127.0.0.1/32, 224.0.0.0/4, 255.255.255.255/32 } return # 回环地址，保留ip地址，广播地址不代理
        meta l4proto tcp ip daddr 192.168.0.0/16 return # 局域网地址TCP不代理
        ip daddr 192.168.0.0/16 udp dport != 53 return # 直连局域网，53 端口除外（因为要使用 V2Ray 的 DNS)
        mark 0x000000ff return # v2ray 直连出口流量
        meta l4proto { tcp, udp } meta mark set 0x00000001 tproxy to 127.0.0.1:12345 accept # 其他TCP和UDP流量转发至v2ray
    }

    chain output {
        type route hook output priority 0 ;
        ip daddr { 127.0.0.1/32, 224.0.0.0/4, 255.255.255.255/32 } return # 回环地址，保留ip地址，广播地址直连
        meta l4proto tcp ip daddr 192.168.0.0/16 return # 局域网地址TCP直连
        ip daddr 192.168.0.0/16 udp dport != 53 return # 局域网直连，53 端口除外（因为要使用 V2Ray 的 DNS)
        meta mark 0x000000ff  return # 已有 v2ray 处理过的流量
        meta l4proto { tcp, udp } meta mark set 0x00000001 accept # 本机被标记为1的流量转发到prerouting
    }
}

# 新建 DIVERT 规则，避免已有连接的包二次通过 TPROXY，理论上有一定的性能提升
table ip filter {
  chain divert {
      type filter hook prerouting priority -150 ;
      meta l4proto tcp socket transparent 0x00000001 meta mark set 0x00000001 accept
  }
}

用起来貌似没什么问题，但由于对nftables规则不熟悉，也不知道有没有潜在问题，希望有大佬帮忙看一下。另外还有个头疼的问题，access.log打印出来的日志都是ip形式的，没有域名，不容易查看哪些域名走了代理，哪些走直连，希望有大佬给个解决建议。

[nie11kun]

access.log 日志问题只需要在 inbound 中配置 sniffing 即可

"sniffing": {
                "enabled": true,
                "destOverride": [
                    "http",
                    "tls",
                    "fakedns"
                ],
                "metadataOnly": false
            },

[YolineWu]

access.log 日志问题只需要在 inbound 中配置 sniffing 即可

"sniffing": {
                "enabled": true,
                "destOverride": [
                    "http",
                    "tls",
                    "fakedns"
                ],
                "metadataOnly": false
            },

不行，还是只有IP