Closed phantomedc closed 5 years ago
同问,使用proxifier进行正向代理似乎不可行
已解决,v2ray是支持二级代理的!前期还是自己对配置的理解不到位! reference v2ray/discussion#129
已解决,v2ray是支持二级代理的!前期还是自己对配置的理解不到位!
能不能贴下怎么配置呢?
已解决,v2ray是支持二级代理的!前期还是自己对配置的理解不到位!
能不能贴下怎么配置呢?
把你现在的配置和场景描述下
已解决,v2ray是支持二级代理的!前期还是自己对配置的理解不到位!
能不能贴下怎么配置呢?
把你现在的配置和场景描述下
您好,我上网需要先通过一个简单的无需用户名密码的socks5代理,请问我该如何配置? @phantomedc
已解决,v2ray是支持二级代理的!前期还是自己对配置的理解不到位!
能不能贴下怎么配置呢?
把你现在的配置和场景描述下
您好,我上网需要先通过一个简单的无需用户名密码的socks5代理,请问我该如何配置? @phantomedc
1.你的v2ray是基于朴素tcp吗? 2.无代理场景下的v2ray已经配置成功了吗?
已解决,v2ray是支持二级代理的!前期还是自己对配置的理解不到位!
能不能贴下怎么配置呢?
把你现在的配置和场景描述下
您好,我上网需要先通过一个简单的无需用户名密码的socks5代理,请问我该如何配置? @phantomedc
1.你的v2ray是基于朴素tcp吗? 2.无代理场景下的v2ray已经配置成功了吗?
1、v2ray是基于kcp协议的 2、无代理情况下v2ray配置成功,能正常运行 目前配置如下(该配置是V2rayN帮我生成的): { "log": { "access": "", "error": "", "loglevel": "warning" }, "inbounds": [ { "port": 1080, "listen": "127.0.0.1", "protocol": "socks", "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] }, "settings": { "auth": "noauth", "udp": true, "ip": null, "clients": null }, "streamSettings": null } ], "outbounds": [ { "tag": "proxy", "protocol": "vmess", "settings": { "vnext": [ { "address": "1.2.3.4", "port": 1234, "users": [ { "id": "aaa", "alterId": 64, "email": "b@c.com", "security": "aes-128-gcm" } ] } ], "servers": null, "response": null }, "streamSettings": { "network": "kcp", "security": "", "tlsSettings": null, "tcpSettings": null, "kcpSettings": { "mtu": 1350, "tti": 50, "uplinkCapacity": 12, "downlinkCapacity": 100, "congestion": false, "readBufferSize": 2, "writeBufferSize": 2, "header": { "type": "none", "request": null, "response": null } }, "wsSettings": null, "httpSettings": null, "quicSettings": null }, "mux": { "enabled": true } }, { "tag": "direct", "protocol": "freedom", "settings": { "vnext": null, "servers": null, "response": null }, "streamSettings": null, "mux": null }, { "tag": "block", "protocol": "blackhole", "settings": { "vnext": null, "servers": null, "response": { "type": "http" } }, "streamSettings": null, "mux": null } ], "dns": null, "routing": { "domainStrategy": "IPIfNonMatch", "rules": [] } }
已解决,v2ray是支持二级代理的!前期还是自己对配置的理解不到位!
能不能贴下怎么配置呢?
把你现在的配置和场景描述下
您好,我上网需要先通过一个简单的无需用户名密码的socks5代理,请问我该如何配置? @phantomedc
1.你的v2ray是基于朴素tcp吗? 2.无代理场景下的v2ray已经配置成功了吗?
1、v2ray是基于kcp协议的 2、无代理情况下v2ray配置成功,能正常运行 目前配置如下(该配置是V2rayN帮我生成的): { "log": { "access": "", "error": "", "loglevel": "warning" }, "inbounds": [ { "port": 1080, "listen": "127.0.0.1", "protocol": "socks", "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] }, "settings": { "auth": "noauth", "udp": true, "ip": null, "clients": null }, "streamSettings": null } ], "outbounds": [ { "tag": "proxy", "protocol": "vmess", "settings": { "vnext": [ { "address": "1.2.3.4", "port": 1234, "users": [ { "id": "aaa", "alterId": 64, "email": "b@c.com", "security": "aes-128-gcm" } ] } ], "servers": null, "response": null }, "streamSettings": { "network": "kcp", "security": "", "tlsSettings": null, "tcpSettings": null, "kcpSettings": { "mtu": 1350, "tti": 50, "uplinkCapacity": 12, "downlinkCapacity": 100, "congestion": false, "readBufferSize": 2, "writeBufferSize": 2, "header": { "type": "none", "request": null, "response": null } }, "wsSettings": null, "httpSettings": null, "quicSettings": null }, "mux": { "enabled": true } }, { "tag": "direct", "protocol": "freedom", "settings": { "vnext": null, "servers": null, "response": null }, "streamSettings": null, "mux": null }, { "tag": "block", "protocol": "blackhole", "settings": { "vnext": null, "servers": null, "response": { "type": "http" } }, "streamSettings": null, "mux": null } ], "dns": null, "routing": { "domainStrategy": "IPIfNonMatch", "rules": [] } }
你的inbouds中需要增加一个dokodemo-door的协议,将vmess的vnext指向你的dokodemo-door监听的端口,然后你在outbounds需要增加你socks5代理的配置,最后在路由层将v2ray从应用接收到的数据从你的socks5的tag转发出去。以下是基于tsl+ws+web的配置仅供参考,重点在dokodemo-door和你的二级代理的配置。
{
"log": {
"error": "error.log",
"loglevel": "warn"
},
"outbounds": [{
"protocol": "vmess",
"settings": {
"vnext": [{
"address": "127.0.0.1",
"port": 8081, //
"users": [{
"id": "x-xxxx-xxxx-xxxx-xxxx",
"alterId": xxx,
"security": "auto"
}]
}]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {
"serverName": "domain.me"
},
"wsSettings": {
"path": "/",
"headers": {
"Host": "domain.me"
}
}
},
"mux": {
"enabled": true
},
"tag":"v2ray"
}, {
"protocol": "freedom",
"settings": {},
"tag": "direct"
},{
"protocol": "socks",
"settings": {
"servers": [{
"address":"127.0.0.1",
"port":1081
}]
},
"tag": "your socks5 proxy server"
}],
"inbounds": [{
"port": 2333,
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": false,
"ip": "127.0.0.1"
},
"tag":"socks_proxy"
}, {
"port": 6666,
"protocol": "http",
"settings": {
"auth": "noauth",
"udp": false,
"ip": "127.0.0.1"
},
"tag":"http_proxy"
},{
"port": 8081,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp",
"address": "your actual v2ray server address",
"port": v2ray server port
},
"tag": "bridge"
}],
"routing": {
"domainStrategy": "IPOnDemand",
"rules": [{
"type": "field",
"inboundTag": ["http_proxy"],
"outboundTag": "v2ray",
"domain":["geosite:geolocation-!cn"]
}]
}
}
@phantomedc 请问你上面这个配置文件是不是直接使用socks5作为中转的啊?有几个问题请教一下
@phantomedc 我想加入socks5地址:123.123.123.123;端口:12345;ID:abcdef;PWD:147852@abc 应该怎么写呢?下面的配置是由v2rayN 自动生成,服务器信息都改掉了。 { "policy": null, "log": { "access": "", "error": "", "loglevel": "warning" }, "inbounds": [ { "tag": "proxy", "port": 1080, "listen": "127.0.0.1", "protocol": "socks", "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] }, "settings": { "auth": "noauth", "udp": true, "ip": null, "address": null, "clients": null }, "streamSettings": null } ], "outbounds": [ { "tag": "proxy", "protocol": "vmess", "settings": { "vnext": [ { "address": "xyz.mkv", "port": 23333, "users": [ { "id": "xxxx-xxxx-xxxx-xxxx", "alterId": 64, "email": "111@qq.com", "security": "auto" } ] } ], "servers": null, "response": null }, "streamSettings": { "network": "ws", "security": "tls", "tlsSettings": { "allowInsecure": true, "serverName": "xyz.mkv" }, "tcpSettings": null, "kcpSettings": null, "wsSettings": { "connectionReuse": true, "path": "/KOF", "headers": { "Host": "xyz.mkv" } }, "httpSettings": null, "quicSettings": null }, "mux": { "enabled": true } }, { "tag": "direct", "protocol": "freedom", "settings": { "vnext": null, "servers": null, "response": null }, "streamSettings": null, "mux": null }, { "tag": "block", "protocol": "blackhole", "settings": { "vnext": null, "servers": null, "response": { "type": "http" } }, "streamSettings": null, "mux": null } ], "stats": null, "api": null, "dns": null, "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ { "type": "field", "port": null, "inboundTag": "api", "outboundTag": "api", "ip": null, "domain": null } ] } }
@phantomedc 请问你上面这个配置文件是不是直接使用socks5作为中转的啊?有几个问题请教一下
- 有验证的Socks5要加哪些语句?
- vmess的信息应该填在哪里?能否注释一下? 不好意思,懂得不是很多,只能伸手一下,麻烦了!
就按照我上面写的,从头到尾看一下,我是已经写了英文的注释的,你可以直接往里面填就可以了,唯一区别是你需要在socks代理的outbound那里增加一个代理的用户名和密码,这个你去v2ray官方文档看就可以了。
@phantomedc 我把你写的dokodemo那段,复制了再改,然后执行的时候发现语法上都没通过…… 好几个都是 [] 或者 {} 后面有没有逗号导致( ╯□╰ )
你这个是6666走8081跳任意门 但是socks的2333根本就没碰到. 是我看到不仔细还是怎么了...
任意门就是个端口转发 你转了一次相当于没转一样 好吧我没看第一楼
我看不懂哇 入站http 6666被你转到v2ray 而v2ray又跳到任意门 跟没跳不是一个样么 你造了个分身出来... 那你这出站s5的1081干啥的 他也没被调用啊
原来是这样啊 任意门就是把出站代理变换成入站然后就可以被路由调用了. 不过你这个样例好像没写好 你是直接把入站转到vnext出站的.....我说的中间楼里面的... 应该是那个信息过期了...
现在不用detour开头的配置那么麻烦 直接路由转发一下就ok 配置原封不动 直接加任意门然后 vnext走任意门本地ip 路由直接写任意门进 s5 tag出就ok了 这个配置最简洁.
请问能否给一个范例什么的?
建立任意门 { "listen":"127.0.0.1", "port": xxx, 任意门端口 "protocol": "dokodemo-door", "settings": { "network": "tcp", "address": "xxxxx", 服务器地址 是v2的就写v2的 是ss的就写ss的 "port": xxx }, "tag": "bridge" }, 地址端口填服务器的 vnext里面地址端口填任意门的 配置和原来不变 就是端口和地址是任意门的了
路由用这个 { "type": "field", "inboundTag": "bridge", "outboundTag": "出站标签" },
出站里面加代理 用什么代理写什么 多加一个然后写个标签 和路由控制里面的对应即可. 注意多加的代理必须附加到后面 否则v2自动默认走第一个
好的,谢谢!有空我去测试一下。
@kxmp 谢谢,proxySettings果然不足,终于以这种映射下级 vps v2ray 端口的方式级连 ws_tls 成功:tun -> vps1.v2ray.dokodemo-door -> vps2.v2ray -> www
,实际操作上的补充:
wss://ip:port/path/
)。
[Warning] [xxxx] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/websocket: failed to dial WebSocket > v2ray.com/core/transport/internet/websocket: failed to dial to (wss://vps1.domain.name:port/path/): > dial tcp: lookup vps1.domain.name on [::1]:53: read udp [::1]:xxxxx->[::1]:53: read: connection refused
我都不知道proxySettings是干啥的 用了之后没啥效果. 可能他只能用于vmess和vmess之间?(猜的)
对的 路由我写的是规则里面的一个 没写完整的(不过对于已经有路由规则的直接复制过去就ok). 不熟悉的可以参考楼上.
感觉目前 vmess + ws + tls 方式加前置代理比较麻烦/反直觉,不像纯的 vmess 直接加 proxySettings
就可以了,可能要用 dokodemo-door
再操作一下
折腾了半天也不行,最后 Linux/macOS 用 proxychains,Windows 用 proxifier 暴力添加前置代理,亲测可行,嫌麻烦的同学可以试试/凑合用用
@Phuker 请问proxychains是另一个软件么?然后在这个里面填写前置代理,最后从这个工具中启动你需要的软件?
@Phuker 请问proxychains是另一个软件么?然后在这个里面填写前置代理,最后从这个工具中启动你需要的软件?
@Yamazaki-wu 是的
https://github.com/rofl0r/proxychains-ng
在原来的 v2ray 命令行前面加上 proxychains 的命令:
proxychains4 -q -f /PATH/TO/proxychains.conf v2ray -config=/PATH/TO/v2ray.json
这个是个 Unix/Linux 的工具,Windows 上好像没有
大佬能否分享一下ws+tls使用无需用户名和密码的局域网http代理的配置文件呢?ws+tls已经配置成功了
@phantomedc 我跟你的配置类似,服务器测WS+TLS+V2RAY,客户端用V2RAYN。客户端直接连接服务器已经验证工作正常。客户端在另一个环境(有一个HTTP代理,需要用户名和密码)中,客户端RAY2N的配置文件中,依照二级代理的模式给OUTBOUND增加了一级前置代理,实验失败,还在继续尝试,RAY2N客户端配置如下,请大侠和大家指教指点迷津:
"outbounds": [
{
"tag": "proxy",
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "v2ray server IP address",
"port": v2ray server port,
"users": [
{
"id": "11111-22222-33333-44444-5555",
"alterId": 64,
"email": "abc@cde.fgh",
"security": "auto"
}
]
}
],
"servers": null,
"response": null
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {
"allowInsecure": false,
"serverName": "www.myowndomainname.com"
},
"tcpSettings": null,
"kcpSettings": null,
"wsSettings": {
"connectionReuse": true,
"path": "/superlooooooooooooooooooooooongrandom_id",
"headers": {
"Host": "www.myowndomainname.com"
}
},
"httpSettings": null,
"quicSettings": null
},
"mux": {
"enabled": true,
"concurrency": 8
},
"proxySettings": {
"tag": "http_proxy"
}
},
{
"tag": "http_proxy",
"protocol": "http",
"settings": {
"servers": [
{
"address": "192.168.8.1",
"port": 58888,
"users": [
{
"user": "myusername",
"pass": "mypassword"
}
]
}
]
}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"vnext": null,
"servers": null,
"response": null
},
"streamSettings": null,
"mux": null
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"vnext": null,
"servers": null,
"response": {
"type": "http"
}
},
"streamSettings": null,
"mux": null
}
],
通过参考高人大侠的解说,怀疑真的是有这个冲突:proxySettings 和 streamSettings有冲突: 官方文档在出站协议里面明确写明了: “proxySettings: ProxySettingsObject 出站代理配置。当出站代理生效时,此出站协议的streamSettings将不起作用。” 也就是说,除了非TLS、无HTTP伪装的TCP协议外,其他都是不行的。 总之一句话,WS+TLS+V2RAY的场景下,是不能使用链式代理proxySettings的。 打算把这个问题提交到v2core 的issue区,看看开发组有没有大侠可以核实以及解决这个问题。
大佬能否分享一下ws+tls使用无需用户名和密码的局域网http代理的配置文件呢?ws+tls已经配置成功了
经过我的测试,确认了streamSettings 和 proxySettings是有冲突,也就是说像这篇文章https://ailitonia.com/archives/v2ray%E5%AE%8C%E5%85%A8%E9%85%8D%E7%BD%AE%E6%8C%87%E5%8D%97/comment-page-1/#outboundproxy%E2%80%9D 评论中所说: 官方文档在出站协议里面明确写明了:“proxySettings: ProxySettingsObject 出站代理配置。当出站代理生效时,此出站协议的streamSettings将不起作用。” 也就是说,除了非TLS、无HTTP伪装的TCP协议外,其他都是不行的。 已经验证过不使用ws+tls的基础V2RAY场景,这种链式代理是工作正常的https://github.com/v2ray/discussion/issues/651 已经提交了一个feature request @ https://github.com/v2ray/v2ray-core/issues/2455.
大佬能否分享一下ws+tls使用无需用户名和密码的局域网http代理的配置文件呢?ws+tls已经配置成功了
经过我的测试,确认了streamSettings 和 proxySettings是有冲突,也就是说像这篇文章https://ailitonia.com/archives/v2ray%E5%AE%8C%E5%85%A8%E9%85%8D%E7%BD%AE%E6%8C%87%E5%8D%97/comment-page-1/#outboundproxy%E2%80%9D 评论中所说: 官方文档在出站协议里面明确写明了:“proxySettings: ProxySettingsObject 出站代理配置。当出站代理生效时,此出站协议的streamSettings将不起作用。” 也就是说,除了非TLS、无HTTP伪装的TCP协议外,其他都是不行的。 已经验证过不使用ws+tls的基础V2RAY场景,这种链式代理是工作正常的v2ray/discussion#651 已经提交了一个feature request @ #2455.
proxySettings本来就只支持朴素TCP的代理,官方文档一直都是这么说的,不然为什么上面一圈人还在纠结前置代理如何配置呢…当你使用ws+tls的时候,就需要考虑使用sreamSettings 和 dokodemo-door实现前置代理。
大佬能否分享一下ws+tls使用无需用户名和密码的局域网http代理的配置文件呢?ws+tls已经配置成功了
经过我的测试,确认了streamSettings 和 proxySettings是有冲突,也就是说像这篇文章https://ailitonia.com/archives/v2ray%E5%AE%8C%E5%85%A8%E9%85%8D%E7%BD%AE%E6%8C%87%E5%8D%97/comment-page-1/#outboundproxy%E2%80%9D 评论中所说: 官方文档在出站协议里面明确写明了:“proxySettings: ProxySettingsObject 出站代理配置。当出站代理生效时,此出站协议的streamSettings将不起作用。” 也就是说,除了非TLS、无HTTP伪装的TCP协议外,其他都是不行的。 已经验证过不使用ws+tls的基础V2RAY场景,这种链式代理是工作正常的v2ray/discussion#651 已经提交了一个feature request @ #2455.
proxySettings本来就只支持朴素TCP的代理,官方文档一直都是这么说的,不然为什么上面一圈人还在纠结前置代理如何配置呢…当你使用ws+tls的时候,就需要考虑使用sreamSettings 和 dokodemo-door实现前置代理。
你说的对。我之前先入为主 没有认识到官方文档说的proxySettings和streamSettings冲突。 在ws+tls情况下,看你上面的修改 @nzy0x00 的配置文件中利用了任意门,我还在消化: 你在routing中指定 inboundTag 是 http_proxy ( 即在inbounds中定义的在端口6666监听HTTP协议),把这些数据流指向 outboundTag=v2ray (outbounds中定义的,其vnext指向输出到127.0.0.1:8081,即创建的任意门监听的入口8081). 但是此后,任意门dokodemo-door就端口转发到了"your actual v2ray server address": v2ray server port, "tag":"bridge". 但是routing中没有为这个dokodemo-door的数据"bridge"指向"your socks5 proxy server",这是我没看懂的地方。配置文件的说明文章中说“列表中的第一个元素作为主出站协议。当路由匹配不存在或没有匹配成功时,流量由主出站协议发出。” 也就是说路由匹配不存在或没有匹配成功,那么由主出站协议发出,而上文的配置文件中的主出站协议却是ws_tls_v2ray部分,所以。。。。我有点迷惑。
我自己的情况也想采用dokodemo-door: 首先inbounds中定义有两个,一个是正常在127.0.0.1:1080监听的正常数据流,"tag": "plain_data". 另一个是自由门,在127.0.0.1: 2080监听的vmess转发过来的数据,其服务器和端口填写为真正的外部VPS服务器的地址和端口,"tag":"dokodemo-door_data".
outbounds中也定义两个,一个是正常把收到的源数据进行ws_tls_v2ray处理的部分, "tag":"ws_tls_v2ray", 其vmess指向的是自由门 127.0.0.1:2080. 另一个是把收到的数据转发给HTTP代理(需要的用户名和密码写明),"tag":"http_proxy_with_usrpwd"。
然后在routing中指定:把v2ray经过ws+tls包装后的数据流vmess指向dokodemo-door, 由dokodemo-door再发给真正的服务器和端口。然后在routing部分把从自由门收到的数据指向HTTP前置代理.
(初步起草然后去验证):
"routing": {
"domainStrategy": "AsIs",,
"rules": [
{
"type": "field",
"inboundTag": ["plain_data"],
"outboundTag": "ws_tls_v2ray" ##vmess会指向dokodemo-door
},
{
"type": "filed",
"inboundTag": ["dokodemo-door_data"], ##其实内容是指向真正VPS服务器和端口的ws_tls_v2ray结果
"outboundTag": "http_proxy_with_usrpwd"
}]
}
如果有什么误解,还请不吝赐教。谢谢. 2020-05-04依照上述思路,验证成功。附验证通过的客户端配置文件如下
{
"policy": null,
"log": {
"access": "/var/log/v2ray/Vaccess.log",
"error": "/var/log/v2ray/Verror.log",
"loglevel": "debug"#正常运行时改为error
},
"inbounds": [
{
"tag": "plain_data",
"port": 1080,
"listen": "127.0.0.1",
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"ip": null,
"address": null,
"clients": null
},
"streamSettings": null
},
{
"tag": "dokodemo_door_data",
"protocol": "dokodemo-door",
"port": 8080,
"listen": "127.0.0.1",
"settings": {
"address": "真实V2RAY服务器IP地址",
"port": 真实V2RAY服务器端口号,
"network": "tcp,udp"
}
}
],
"outbounds": [
{
"tag": "ws_tls_v2ray",
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "127.0.0.1",
"port": 8080,
"users": [
{
"id": "11111111-222222222-333333-44444444-5555555555",
"alterId": 0,
"email": "testtesttest@testtesttest@test.test",
"security": "auto"
}
]
}
],
"servers": null,
"response": null
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {
"allowInsecure": false,
"serverName": "www.自己实际的域名.com"
},
"tcpSettings": null,
"kcpSettings": null,
"wsSettings": {
"connectionReuse": true,
"path": "/verylooooooooooooooooooooooooooooooooooograndomid",
"headers": {
"Host": "www.自己实际的域名.com"
}
},
"httpSettings": null,
"quicSettings": null
},
"mux": {
"enabled": true,
"concurrency": 8
}
},
{
"tag": "http_proxy_with_usrpwd",
"protocol": "http",
"settings": {
"servers": [
{
"address": "HTTP代理服务器IP地址",
"port": HTTP代理服务器端口号,
"users": [
{
"user": "HTTP代理服务器用户名",
"pass": "HTTP代理服务器密码"
}
]
}
]
}
}
],
"routing": {
"domainStrategy": "rules",
"rules": [
{
"type": "field",
"inboundTag": ["plain_data"],
"outboundTag": "ws_tls_v2ray"
},
{
"type": "field",
"inboundTag": ["dokodemo_door_data"],
"outboundTag": "http_proxy_with_usrpwd"
}
]
}
}
大佬能否分享一下ws+tls使用无需用户名和密码的局域网http代理的配置文件呢?ws+tls已经配置成功了
经过我的测试,确认了streamSettings 和 proxySettings是有冲突,也就是说像这篇文章https://ailitonia.com/archives/v2ray%E5%AE%8C%E5%85%A8%E9%85%8D%E7%BD%AE%E6%8C%87%E5%8D%97/comment-page-1/#outboundproxy%E2%80%9D 评论中所说: 官方文档在出站协议里面明确写明了:“proxySettings: ProxySettingsObject 出站代理配置。当出站代理生效时,此出站协议的streamSettings将不起作用。” 也就是说,除了非TLS、无HTTP伪装的TCP协议外,其他都是不行的。 已经验证过不使用ws+tls的基础V2RAY场景,这种链式代理是工作正常的v2ray/discussion#651 已经提交了一个feature request @ #2455.
proxySettings本来就只支持朴素TCP的代理,官方文档一直都是这么说的,不然为什么上面一圈人还在纠结前置代理如何配置呢…当你使用ws+tls的时候,就需要考虑使用sreamSettings 和 dokodemo-door实现前置代理。
你说的对。我之前先入为主 没有认识到官方文档说的proxySettings和streamSettings冲突。 在ws+tls情况下,看你上面的修改 @nzy0x00 的配置文件中利用了任意门,我还在消化: 你在routing中指定 inboundTag 是 http_proxy ( 即在inbounds中定义的在端口6666监听HTTP协议),把这些数据流指向 outboundTag=v2ray (outbounds中定义的,其vnext指向输出到127.0.0.1:8081,即创建的任意门监听的入口8081). 但是此后,任意门dokodemo-door就端口转发到了"your actual v2ray server address": v2ray server port, "tag":"bridge". 但是routing中没有为这个dokodemo-door的数据"bridge"指向"your socks5 proxy server",这是我没看懂的地方。配置文件的说明文章中说“列表中的第一个元素作为主出站协议。当路由匹配不存在或没有匹配成功时,流量由主出站协议发出。” 也就是说路由匹配不存在或没有匹配成功,那么由主出站协议发出,而上文的配置文件中的主出站协议却是ws_tls_v2ray部分,所以。。。。我有点迷惑。
我自己的情况也想采用dokodemo-door: 首先inbounds中定义有两个,一个是正常在127.0.0.1:1080监听的正常数据流,"tag": "plain_data". 另一个是自由门,在127.0.0.1: 2080监听的vmess转发过来的数据,其服务器和端口填写为真正的外部VPS服务器的地址和端口,"tag":"dokodemo-door_data".
outbounds中也定义两个,一个是正常把收到的源数据进行ws_tls_v2ray处理的部分, "tag":"ws_tls_v2ray", 其vmess指向的是自由门 127.0.0.1:2080. 另一个是把收到的数据转发给HTTP代理(需要的用户名和密码写明),"tag":"http_proxy_with_usrpwd"。
然后在routing中指定:把v2ray经过ws+tls包装后的数据流vmess指向dokodemo-door, 由dokodemo-door再发给真正的服务器和端口。然后在routing部分把从自由门收到的数据指向HTTP前置代理. (初步起草然后去验证):
"routing": { "domainStrategy": "AsIs",, "rules": [ { "type": "field", "inboundTag": ["plain_data"], "outboundTag": "ws_tls_v2ray" ##vmess会指向dokodemo-door }, { "type": "filed", "inboundTag": ["dokodemo-door_data"], ##其实内容是指向真正VPS服务器和端口的ws_tls_v2ray结果 "outboundTag": "http_proxy_with_usrpwd" }] }
如果有什么误解,还请不吝赐教。谢谢. 2020-05-04依照上述思路,验证成功。附验证通过的客户端配置文件如下
{ "policy": null, "log": { "access": "/var/log/v2ray/Vaccess.log", "error": "/var/log/v2ray/Verror.log", "loglevel": "debug"#正常运行时改为error }, "inbounds": [ { "tag": "plain_data", "port": 1080, "listen": "127.0.0.1", "protocol": "socks", "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] }, "settings": { "auth": "noauth", "udp": true, "ip": null, "address": null, "clients": null }, "streamSettings": null }, { "tag": "dokodemo_door_data", "protocol": "dokodemo-door", "port": 8080, "listen": "127.0.0.1", "settings": { "address": "真实V2RAY服务器IP地址", "port": 真实V2RAY服务器端口号, "network": "tcp,udp" } } ], "outbounds": [ { "tag": "ws_tls_v2ray", "protocol": "vmess", "settings": { "vnext": [ { "address": "127.0.0.1", "port": 8080, "users": [ { "id": "11111111-222222222-333333-44444444-5555555555", "alterId": 0, "email": "testtesttest@testtesttest@test.test", "security": "auto" } ] } ], "servers": null, "response": null }, "streamSettings": { "network": "ws", "security": "tls", "tlsSettings": { "allowInsecure": false, "serverName": "www.自己实际的域名.com" }, "tcpSettings": null, "kcpSettings": null, "wsSettings": { "connectionReuse": true, "path": "/verylooooooooooooooooooooooooooooooooooograndomid", "headers": { "Host": "www.自己实际的域名.com" } }, "httpSettings": null, "quicSettings": null }, "mux": { "enabled": true, "concurrency": 8 } }, { "tag": "http_proxy_with_usrpwd", "protocol": "http", "settings": { "servers": [ { "address": "HTTP代理服务器IP地址", "port": HTTP代理服务器端口号, "users": [ { "user": "HTTP代理服务器用户名", "pass": "HTTP代理服务器密码" } ] } ] } } ], "routing": { "domainStrategy": "rules", "rules": [ { "type": "field", "inboundTag": ["plain_data"], "outboundTag": "ws_tls_v2ray" }, { "type": "field", "inboundTag": ["dokodemo_door_data"], "outboundTag": "http_proxy_with_usrpwd" } ] } }
相当棒的解决办法!
我用的xray-tcp-xtls,照着设置了,跑不通,哪位老大能帮着看下
{ "log": { "access": "ccess.log", "error": "error.log", "loglevel": "debug" }, "inbounds": [ { "tag": "proxyin", "port": 1121, "listen": "127.0.0.1", "protocol": "http", "sniffing": { "enabled": true, "destOverride": [ // "http", "tls" ] }, "settings": { "auth": "noauth", "udp": true, "ip": null, "address": null, "clients": null }, "streamSettings": null }, { "tag": "dokodemo_door_data", "protocol": "dokodemo-door", "port": 8080, "listen": "1270.0.1", "settings": { "address": "XXX.XXX.XXX.XXX",//远程xray服务器 IP地址 "port": 443, //xray服务器端口 "network": "tcp,udp" } } ], "outbounds": [ { "tag": "proxyout",// "protocol": "vless", "settings": { "vnext": [ { "address": "127.0.0.1", "port": 8080, "users": [ { "id": "0ee0aa70-794a-4587-ba05-21f6fc16131d", "alterId": 0, "email": "t@t.tt", "security": "auto", "encryption": "none", "flow": "xtls-rprx-direct" } ] } ] }, "streamSettings": { "network": "tcp", "security": "xtls", "xtlsSettings": { "allowInsecure": false, "serverName": "westjoin.tk" } }, "mux": { "enabled": false, "concurrency": -1 } }, { "tag": "http_proxy_with_usrpwd", "protocol": "http", "settings": { "servers": [ { "address": "10.53.1.230", "port": 8008//, // "users": [ // { // "user": "username", // "pass": "password" // } // ] } ] } }//, ], "routing": { "domainStrategy": "rules", "rules": [ { "type": "field", "inboundTag": ["proxyin"], "outboundTag": "proxyout" }, { "type": "field", "inboundTag": ["dokodemo_door_data"], "outboundTag": "http_proxy_with_usrpwd" } ] } }
@phantomedc
您好: 在看完您的解答,进行了尝试,但是有些疑问且失败了多次,向您请教。
【基础环境】
-windows 7
-v2ray 4.26.0 , h2s --> v0.2.11
【目标】
现在有环境,需要配置代理才可以上网 代理A 10.173.110.10:3128 (http 协议)
目标使用 chrome ---> 访问 代理A ----> 访问远程vmess服务器 --> 访问谷歌
vmess:带有 ws + tls
【配置文件】
{ "inbounds": [ { "tag": "plain_data", "port": 1090, //留给本机socks使用 "listen": "127.0.0.1", "protocol": "socks", "settings": { "auth": "noauth", "udp": true, "ip": null } }, { "port": 10901, //留给本机http协议使用 "listen": "127.0.0.1", "protocol": "http", "settings": { "auth": "noauth", "udp": true, "ip": null } }, { "tag": "dokodemo_door_data", "protocol": "dokodemo-door", "port": 50001, //桥接端口 "listen": "127.0.0.1", "settings": { "address": "{vm_ip}", //脱敏,vm服务器ip "port": 2443, //vm服务器 端口 "network": "tcp" } } ], "outbounds": [ { "tag": "ws_tls_v2ray", "protocol": "vmess", "settings": { "vnext": [ { "address": "127.0.0.1", "port": 50001, //桥接端口 "users": [ { "id": "xx-xxx-xxxxx-xxxx-xxx-xxx-xxx", //脱敏 "alterId": 2, //脱敏 "email": "x@x.xx", //脱敏 "security": "auto" //脱敏 } ] } ] }, "streamSettings": { "network": "ws", "security": "tls", "tlsSettings": { "serverName": "{vm_host.com}" //脱敏vm服务器主机名 }, "wsSettings": { "path": "/v2ray", "headers": { "Host": "{vm_host.com}" //脱敏vm服务器主机名 } } } }, { "tag": "h2s", "protocol": "socks", "settings": { "servers": [ { "address": "127.0.0.1", "port": 1088 //h2s 使用的端口 } ] } } ], "routing": { "domainStrategy": "rules", "rules": [ { "type": "field", "inboundTag": [ "plain_data" ], "outboundTag": "ws_tls_v2ray" }, { "type": "field", "inboundTag": [ "dokodemo_door_data" ], "outboundTag": "h2s" } ] } }
{ "bind": "127.0.0.1:1088", "upstreams": [ { "address": "10.173.110.10:3128" } ], "timeout": "20s", "retries": 3 }
附件亦附上文件
但是出现了
2021/04/19 22:37:28.312443 Listening on 127.0.0.1:1088
2021/04/19 22:37:28.429425 h2s: serve: handshake upstream: 403 Forbidden
2021/04/19 22:37:32.509964 h2s: serve: handshake upstream: 403 Forbidden
2021/04/19 22:37:32.603552 h2s: serve: handshake upstream: 403 Forbidden
2021/04/19 22:37:32.856664 h2s: serve: handshake upstream: 403 Forbidden
2021/04/19 22:37:32.888569 h2s: serve: handshake upstream: 403 Forbidden
且通过端口 127.0.0.1:1090(socks) 和 127.0.0.1:10901(http) 皆无法上网
请问 针对之前的方向 这两个配置是否正确?
我的方向对吗?
您还有更佳的方案吗?
万分感谢!
@YCUXTX 你这个403看起来很像是你们内部一级代理没有放行你的vm地址,vm是ws+tls的话,尝试通过你们的一级代理访问你的vm域名试试看。
@phantomedc 所以我的配置的对的,是吗? 只是我的一级代理 过滤了我远程的vm的ip?? 我在 https://github.com/Equim-chan/h2s/issues/1 #2761 关于 h2s 与 v2ray 进行代理链拼接的说明与讨论 #1 有看到您成功配置的回复,您可以分享一下您完整的配置吗(脱敏)? 万分感谢。
For Jesus’ sake, wasting so much time on this, here is the working version.
This should be working on most of enterprise network environment which usually behinds a http-proxy.
Network Topology
Services(port:8888) <--> Bridge-Node(Win) <--> HTTP-Proxy(Crop.) <--> Protal-Node(VPS) <--> V2RayN(7890) <--> Client(curl)
Vmess Vmess Vmess
C:\Windows\System32\drivers\etc\hosts
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
127.0.0.1 private.cloud.com # frp
Verify(On Client)
curl -v -x socks5h://127.0.0.1:7890 private.cloud.com:8888
Trying 127.0.0.1:7890...
TCP_NODELAY set
SOCKS5 communication to private.cloud.com:8888
SOCKS5 connect to private.cloud.com:8888 (remotely resolved)
SOCKS5 request granted.
Connected to 127.0.0.1 (127.0.0.1) port 7890 (#0)
GET / HTTP/1.1 Host: private.cloud.com:8888 User-Agent: curl/7.67.0 Accept: /
Mark bundle as not supporting multiuse < HTTP/1.1 301 Moved Permanently < Connection: close < Location: https://private.cloud.com:8888 <
Closing connection 0
Full Configuration Files
目前已经基于ws+tls完成了服务端的搭建,普通环境下使用正常,但是在需要前置代理的环境下,(如 在公司需要通过公司代理进行上网,在学校实验室需要通过学校代理进行上网),配置无法成功,研究了v2ray链式代理的特性,该特性需要每一级中转都需要配置v2ray,但是公司代理、学校代理,对于用户来说都是黑盒,通常都是类似squid等http或socks代理,在这种情况下,v2ray能否有一个比较友好的支持呢?目前的情况看,经过一个星期的配置与尝试,发现不可行。 思路是:通过dokodemo-door将流量转发到前置代理。 尝试配置如下: