search

v2ray / v2ray-core

A platform for building proxies to bypass network restrictions.
https://www.v2ray.com/
MIT License
45.32k stars 8.94k forks source link

服务端不加TLS可以使用加了之后不能连接了,不知道TLS配置哪里出错了 #1738

Closed YourNames closed 5 years ago

YourNames commented 5 years ago

提交 Issue 之前请先阅读 Issue 指引,然后回答下面的问题,谢谢。 除非特殊情况,请完整填写所有问题。不按模板发的 issue 将直接被关闭。 如果你遇到的问题不是 V2Ray 的 bug,比如你不清楚要如何配置,请使用Discussion进行讨论。

1) 你正在使用哪个版本的 V2Ray?(如果服务器和客户端使用了不同版本,请注明) V2Ray 4.19.1 (Let's Fly) Custom 2) 你的使用场景是什么?比如使用 Chrome 通过 Socks/VMess 代理观看 YouTube 视频。 chrome通过SwitchyOmega代理上网 3) 你看到的不正常的现象是什么?(请描述具体现象,比如访问超时,TLS 证书错误等) 未连接到互联网 代理服务器出现问题,或者地址有误。 请试试以下办法:

联系系统管理员 检查代理服务器地址 运行 Windows 网络诊断 ERR_PROXY_CONNECTION_FAILED 4) 你期待看到的正确表现是怎样的?

5) 请附上你的配置(提交 Issue 前请隐藏服务器端IP地址)。

服务器端配置:

    // 在这里附上服务器端配置文件
{
    "log": {
        "loglevel": "warning",
        "access": "/var/log/v2ray/access.log",
        "error": "/var/log/v2ray/error.log"
    },
    "inbounds": [
        {
            "port": 26134,
            "listen": "127.0.0.1",
            "protocol": "vmess",
            "settings": {
                "clients": [
                    {
                        "id": "3161e166-2d6c-473d-9b45-c92d29835a3e",
                        "level": 1,
                        "alterId": 64
                    }
                ]
            },
            "streamSettings": {
                "network": "ws",
                "wsSettings": {
                    "path": "/ray"
                }
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom",
            "settings": {}
        },
        {
            "protocol": "blackhole",
            "settings": {},
            "tag": "blocked"
        }
    ],
    "routing": {
        "rules": [
            {
                "type": "field",
                "ip": [
                    "geoip:private"
                ],
                "outboundTag": "blocked"
            }
        ]
    }
}

客户端配置:

    // 在这里附上客户端配置
{
  "log": {
    "loglevel": "warning", // 日志级别
    "access": "D:\\v2ray\\access.log",  // 这是 Windows 系统的路径
    "error": "D:\\v2ray\\error.log"
  },
  "inbounds": [
    {
      "port": 1080, // 监听端口
      "listen": "127.0.0.1",
      "protocol": "socks", // 入口协议为 SOCKS 5
      "sniffing": {
        "enabled": true,
        "destOverride": ["http", "tls"]
      },
      "settings": {
        "auth": "noauth",
        "udp": false
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "vmess", // 出口协议
      "settings": {
        "vnext": [
          {
            "address": "www.zgqnmlgb.xyz", // 服务器地址,请修改为你自己的服务器 IP 或域名
            "port": 443,  // 服务器端口
            "users": [
              {
                "id": "3161e166-2d6c-473d-9b45-c92d29835a3e",  // 用户 ID,必须与服务器端配置相同
                "alterId": 64 // 此处的值也应当与服务器相同
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "security": "tls",
        "wsSettings": {
          "path": "/ray"
        }
      }
    }
  ]
}

6) 请附上出错时软件输出的错误日志。在 Linux 中,日志通常在 /var/log/v2ray/error.log 文件中。

服务器端错误日志:

    // 在这里附上服务器端日志
2019/06/09 23:45:35 [Warning] v2ray.com/core: V2Ray 4.19.1 started
2019/06/10 01:22:22 [Warning] v2ray.com/core: V2Ray 4.19.1 started
2019/06/10 01:34:11 [Warning] v2ray.com/core: V2Ray 4.19.1 started
2019/06/10 11:30:28 [Warning] v2ray.com/core: V2Ray 4.19.1 started
2019/06/10 11:33:31 [Warning] v2ray.com/core: V2Ray 4.19.1 started
2019/06/10 11:53:43 [Warning] v2ray.com/core/transport/internet/websocket: failed to serve http for WebSocket > accept tcp [::]:26134: use of closed network connection
2019/06/10 11:53:43 [Warning] v2ray.com/core: V2Ray 4.19.1 started
2019/06/10 15:44:49 [Warning] v2ray.com/core/transport/internet/websocket: failed to serve http for WebSocket > accept tcp 127.0.0.1:26134: use of closed network connection
2019/06/10 15:44:49 [Warning] v2ray.com/core: V2Ray 4.19.1 started
2019/06/10 19:43:19 [Warning] v2ray.com/core/transport/internet/websocket: failed to serve http for WebSocket > accept tcp 127.0.0.1:26134: use of closed network connection
2019/06/10 19:43:19 [Warning] v2ray.com/core: V2Ray 4.19.1 started

客户端错误日志:

    // 在这里附上客户端日志
2019/06/10 22:37:18 [Warning] [2548761443] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/websocket: failed to dial WebSocket > v2ray.com/core/transport/internet/websocket: failed to dial to (wss://www.zgqnmlgb.xyz/ray):  > x509: certificate is valid for zgqnmlgb.xyz, not www.zgqnmlgb.xyz] > v2ray.com/core/common/retry: all retry attempts failed

7) 请附上访问日志。在 Linux 中,日志通常在 /var/log/v2ray/access.log 文件中。

    // 在这里附上服务器端日志
2019/06/10 11:28:04 123.14.93.60:4277 rejected  v2ray.com/core/proxy/vmess/encoding: failed to read request header > remote error: tls: bad certificate
2019/06/10 11:28:05 123.14.93.60:4279 rejected  v2ray.com/core/proxy/vmess/encoding: failed to read request header > remote error: tls: bad certificate
2019/06/10 11:29:40 123.14.93.60:4304 rejected  v2ray.com/core/proxy/vmess/encoding: failed to read request header > remote error: tls: bad certificate
2019/06/10 11:29:41 123.14.93.60:4306 rejected  v2ray.com/core/proxy/vmess/encoding: failed to read request header > remote error: tls: bad certificate

8) 其它相关的配置文件(如 Nginx)和相关日志。 nginx配置: user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf;

events { worker_connections 768;

multi_accept on;

}

http { server { listen 443 ssl; ssl on; ssl_certificate /etc/v2ray/v2ray.crt; ssl_certificate_key /etc/v2ray/v2ray.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; server_name www.zgqnmlgb.xyz; location /ray { proxy_redirect off; proxy_pass http://127.0.0.1:26134/ray; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host;

    # Show realip in v2ray access.log
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

}

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

include /etc/nginx/mime.types;
default_type application/octet-stream;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

gzip on;
gzip_disable "msie6";

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

9) 如果 V2Ray 无法启动,请附上 --test 输出。 通常的命令为 /usr/bin/v2ray/v2ray --test --config /etc/v2ray/config.json。请按实际情况修改。

10) 如果 V2Ray 服务运行不正常,请附上 journal 日志。

通常的命令为 journalctl -u v2ray

请预览一下你填的内容再提交。

tjLEIIQM3 commented 5 years ago

可以用就是没有错咯。 因为nginx把https/wss转换成http/ws了,所以服务器端的v2ray-core不需要加tls。 而客户端和nginx之间是通过https/wss交换信息,所以需要加tls。

YourNames commented 5 years ago

我这个服务端没有加tls,在nginx加了tls,然后客户端也加了tls不能连接服务,客户端报错信息,服务端也报错不知道怎么解决好,网上相关信息很少,然后如果服务端不加tls也不用nginx,客户端也不用tls,就可以连接,不知道是为什么,然后还用了websocket,不知道和它有啥关系??希望大家帮帮忙,社区相关信息好少啊。

chenjie commented 5 years ago

参考这篇教程:https://toutyrater.github.io/advanced/wss_and_web.html

tjLEIIQM3 commented 5 years ago

客户端日志显示,证书和域名对不上所以无法连接。 可以在客户端添加以下配置忽略安全检查。

{
  "outbounds": [
    {
      "tlsSettings": {
        "allowInsecure": true
      }
    }
  ]
}

关于这个设置的详细说明可以看https://v2ray.com/chapter_02/05_transport.html#tlsobject

然后nginx的配置也有点可疑之处: proxy_pass http://127.0.0.1:26134/ray; 不确定是否需要后面的/ray(只是怀疑)

v2ray.com官方手册其实已经很全面了,只是排版让人看得头都大了,如果不是从3.x过来估计我也看不懂。

YourNames commented 5 years ago

添加客户端忽略检查还有nginx的配置更改之后,然后无法连接,客户端报错: 2019/06/12 12:04:34 [Warning] [3915878596] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/websocket: failed to dial WebSocket > v2ray.com/core/transport/internet/websocket: failed to dial to (wss://www.zgqnmlgb.xyz/ray): > x509: certificate is valid for zgqnmlgb.xyz, not www.zgqnmlgb.xyz] > v2ray.com/core/common/retry: all retry attempts failed

kslr commented 5 years ago

x509: certificate is valid for zgqnmlgb.xyz, not www.zgqnmlgb.xyz

你需要签泛域名,或者包含www 以及直接使用zgqnmlgb.xyz

YourNames commented 5 years ago

这是客户端去掉www之后直接用域名zgqnmlgb.xyz后的报错: 2019/06/12 12:15:05 [Warning] [3820000047] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/websocket: failed to dial WebSocket > v2ray.com/core/transport/internet/websocket: failed to dial to (wss://zgqnmlgb.xyz/ray): 400 Bad Request: too many Host headers > websocket: bad handshake] > v2ray.com/core/common/retry: all retry attempts failed 客户端域名加上www之后的报错: 2019/06/12 12:18:32 [Warning] [3655868104] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/websocket: failed to dial WebSocket > v2ray.com/core/transport/internet/websocket: failed to dial to (wss://www.zgqnmlgb.xyz/ray): > x509: certificate is valid for zgqnmlgb.xyz, not www.zgqnmlgb.xyz] > v2ray.com/core/common/retry: all retry attempts failed 但是我觉得错误应该和域名没有关系。直接在浏览器里面输入www.zgqnmlgb.xyz域名显示的是nginx的欢迎页面。

kslr commented 5 years ago

400 Bad Request: too many Host headers > websocket: bad handshake

我想你可能多写了一个host

联动 https://github.com/v2ray/v2ray-core/issues/1588

YourNames commented 5 years ago

我的客户端里面只写了一个host,我贴一下配置: 客户端配置:

    {
  "log": {
    "loglevel": "warning", // 日志级别
    "access": "D:\\v2ray\\access.log", // 这是 Windows 系统的路径
    "error": "D:\\v2ray\\error.log"
  },
  "inbounds": [
    {
      "port": 1080, 
      "listen": "127.0.0.1",
      "protocol": "socks", 
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ]
      },
      "settings": {
        "auth": "noauth",
        "udp": false
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "vmess", 
      "settings": {
        "vnext": [
          {
            "address": "www.zgqnmlgb.xyz", 
            "port": 443, 
            "users": [
              {
                "id": "3161e166-2d6c-473d-9b45-c92d29835a3e", 
                "alterId": 64 
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "security": "tls",
        "wsSettings": {
          "path": "/ray"
        }
      },
      "tlsSettings": {
        "allowInsecure": true
      }
    }
  ]
}
kslr commented 5 years ago

指nginx,建议你看完联动

YourNames commented 5 years ago

感谢 已经排除了问题了 已经可以连接服务了 thanks。

rainbowshine521 commented 5 years ago

感谢 已经排除了问题了 已经可以连接服务了 thanks。

你好,可否共享一下你的配置参考呢?

chenjie commented 5 years ago

@rainbowshine521 我写了个一键脚本,自动安装三件套的,可以试试。另外,配置文件可以参考这里