search

v2ray / v2ray-core

A platform for building proxies to bypass network restrictions.
https://www.v2ray.com/
MIT License
45.43k stars 8.95k forks source link

当allowInsecure为false时出现错误 #1230

Closed NonXZhu closed 6 years ago

NonXZhu commented 6 years ago

中文: 提交 Issue 之前请先阅读 Issue 指引,然后回答下面的问题,谢谢。 除非特殊情况,请完整填写所有问题。不按模板发的 issue 将直接被关闭。

1) 你正在使用哪个版本的 V2Ray?(如果服务器和客户端使用了不同版本,请注明) 3.3.5 2) 你的使用场景是什么?比如使用 Chrome 通过 Socks/VMess 代理观看 YouTube 视频。 访问网页 3) 你看到的不正常的现象是什么?(请描述具体现象,比如访问超时,TLS 证书错误等)

allowInsecure为false时无法访问

4) 你期待看到的正确表现是怎样的?

allowInsecure为false时应能够正常运行

5) 请附上你的配置(提交 Issue 前请隐藏服务器端IP地址)。

服务器端配置:
{
  "log": {
      "access": "/var/log/v2ray/access.log",
      "error": "/var/log/v2ray/error.log",
      "loglevel": "warning"
  },
  "policy": {
    "levels": {
      "0": {
        "bufferSize": 5120
      }
    }
  },
  "inbound": {
    "port": ****,
    "listen":"127.0.0.1",
    "protocol": "vmess",
    "settings": {
      "clients": [
        {
          "id": "********-****-****-****-************",
          "alterId": **,
          "level": 0,
          "email": "******@***.com"
        },
        {
          "id": "********-****-****-****-************",
          "alterid": **,
          "level": 0
        }
      ],
      "disableInsecureEncryption": true
    },
    "streamSettings":{
      "network":"ws",
      "security": "auto",
      "wsSettings": {
         "path": "******"
     }
    }
  },
  "outbound": {
    "protocol": "freedom",
    "settings": {}
  }
}
客户端配置:
{
  "log": {
    "access": "",
    "error": "",
    "loglevel": "warning"
  },
  "inbound": {
    "port": 1080,
    "listen": "127.0.0.1",
    "protocol": "socks",
    "settings": {
      "auth": "noauth",
      "udp": true,
      "ip": "127.0.0.1"
    }
  },
  "outbound": {
    "tag": "agentout",
    "protocol": "vmess",
    "settings": {
      "vnext": [
        {
          "address": "*****",
          "port": 443,
          "users": [
            {
              "id": "********-****-****-****-************",
              "alterId": ***,
              "email": "t@t.tt",
              "security": "auto"
            }
          ]
        }
      ]
    },
    "streamSettings": {
      "network": "ws",
      "security": "tls",
      "tlsSettings": {
        "allowInsecure": false
      },
      "wsSettings": {
        "connectionReuse": true,
        "path": "/******/",
        "headers": {
          "Host": "****************"
        }
      }
    },
    "mux": {
      "enabled": true
    }
  },
  "outboundDetour": [
    {
      "protocol": "freedom",
      "settings": {
        "response": null
      },
      "tag": "direct"
    },
    {
      "protocol": "blackhole",
      "settings": {
        "response": {
          "type": "http"
        }
      },
      "tag": "blockout"
    }
  ],
  "dns": {
    "servers": [
      "8.8.8.8",
      "8.8.4.4",
      "localhost"
    ]
  },
  "routing": {
    "strategy": "rules",
    "settings": {
      "domainStrategy": "IPIfNonMatch",
      "rules": [
        {
          "type": "field",
          "port": null,
          "outboundTag": "direct",
          "ip": null,
          "domain": [
            "geosite:cn"
          ]
        },
        {
          "type": "field",
          "port": null,
          "outboundTag": "direct",
          "ip": [
            "geoip:cn"
          ],
          "domain": null
        },
        {
          "type": "field",
          "port": null,
          "outboundTag": "direct",
          "ip": [
            "0.0.0.0/8",
            "10.0.0.0/8",
            "100.64.0.0/10",
            "127.0.0.0/8",
            "169.254.0.0/16",
            "172.16.0.0/12",
            "192.0.0.0/24",
            "192.0.2.0/24",
            "192.168.0.0/16",
            "198.18.0.0/15",
            "198.51.100.0/24",
            "203.0.113.0/24",
            "::1/128",
            "fc00::/7",
            "fe80::/10"
          ],
          "domain": null
        }
      ]
    }
  }
}

6) 请附上出错时软件输出的错误日志。在 Linux 中,日志通常在 /var/log/v2ray/error.log 文件中。

服务器端错误日志:
2018/08/11 01:55:50 [Warning] Transport|Internet|WebSocket: failed to serve http for WebSocket > accept tcp 127.0.0.1:*****: use of closed network connection

不过↑↑↑↑↑↑这个错误信息和客户端的没什么关联,之后测试了几遍 客户端错误日志:

2018/08/11 16:54:06 [Warning] failed to handler mux client connection > 
Proxy|VMess|Outbound: failed to find an available destination > 
Retry: [Transport|Internet|WebSocket: failed to dial WebSocket > 
Transport|Internet|WebSocket: failed to dial to (wss://**.**.*服务器IP*.**/****/):  > 
x509: cannot validate certificate for **.*服务器IP*.**.** because it doesn't contain any IP SANs] > 
Retry: all retry attempts failed

7) 请附上访问日志。在 Linux 中,日志通常在 /var/log/v2ray/access.log 文件中。

2018/08/11 04:52:50 tcp:**.*客户端IP*.**.**:50610 accepted udp:8.8.8.8:53
2018/08/11 04:53:22 tcp:**.*客户端IP*.**.**:50610 accepted udp:8.8.8.8:53
2018/08/11 04:53:40 tcp:**.*客户端IP*.**.**:50610 accepted udp:8.8.8.8:53
2018/08/11 04:53:43 tcp:**.*客户端IP*.**.**:50762 accepted tcp:91.108.56.130:80
2018/08/11 04:53:45 tcp:**.*客户端IP*.**.**:50762 accepted tcp:91.108.56.130:80

8) 其它相关的配置文件(如 Nginx)和相关日志。 Nginx配置文件:

server {
        listen       443 ssl http2 default_server;
        listen       [::]:443 ssl http2 default_server;
        server_name  losangeles.nonx.pro;

        ssl on;
        ssl_certificate "/home/NonX/crt/domain.crt";
        ssl_certificate_key "/home/NonX/crt/domain.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

        location /vmess/ {
            proxy_redirect off;
            proxy_pass http://127.0.0.1:24242;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_intercept_errors on;
        }
        error_page 404 /404.html;
            location = /40x.html {
        }
        error_page 500 502 503 504 /50x.html;
           location = /50x.html {
        }
}
kdrx commented 6 years ago

首先你得有一个通过CA认证的SSL证书,其次你要在客户端设置nameserver为你认证证书的域名。 另外你nginx分流的地址也要使用域名。 如果你不懂我说的是什么,请直接设置服务器和客户端的的允许不安全证书选项全部设置为allow即可。

NonXZhu commented 6 years ago

我服务器好像没有问题,客户端改了一些 我把address写了域名:

"address": "losangeles.nonx.pro"

然后tlsSettings的serverName留空:

"tlsSettings": {
        "serverName": "",
        "allowInsecure": false
      }

最后就成功了,速度还快了不少。