search

v2ray / v2ray-core

A platform for building proxies to bypass network restrictions.
https://www.v2ray.com/
MIT License
45.02k stars 8.95k forks source link

路由配置里域名直连不起作用,还有v2ray需要多次启动才可以启动端口转发 #724

Closed Dakai closed 6 years ago

Dakai commented 6 years ago

提交 Issue 之前请先阅读 Issue 指引,然后回答下面的问题,谢谢。 Please read the instruction and answer the following questions before submitting your issue. Thank you.

1) 你正在使用哪个版本的 V2Ray?(如果服务器和客户端使用了不同版本,请注明) What version of V2Ray are you using (If you deploy different version on server and client, please explicitly point out)? v2.50

2) 你的使用场景是什么?比如使用 Chrome 通过 Socks/VMess 代理观看 YouTube 视频。 What's your scenario of using V2Ray? E.g., Watching YouTube videos in Chrome via Socks/VMess proxy. 一台Debian服务器运行v2ray作为家庭路由使用,Debian上还运行dnsmasq作为DNS服务器。

3) 你看到的不正常的现象是什么? What did you see? 设置了路由配置里的域名直连没有起到作用(direct tag已经设置好),打开https://whatismyipaddress.com依然还是VPS的ip。

4) 你期待看到的正确表现是怎样的? What's your expectation? 按照设置打开https://whatismyipaddress.com应该是中国的ip。

5) 请附上你的配置文件(提交 Issue 前请隐藏服务器端IP地址)。 Please attach your configuration file (Mask IP addresses before submit this issue).

Server Configuration File(服务器端配置文件):
  "log" : {
    "access": "/var/log/v2ray/access.log",
    "error": "/var/log/v2ray/error.log",
    "loglevel": "warning"
  },
  "inbound": {
    "port": 39018,
    "protocol": "vmess",
    "settings": {
      "clients": [
        {
          "id": "My id",
          "level": 1,
          "alterId": 64
        }
      ],
      "detour":{
        "to":"dynamicPort"
      }
    },
    "streamSettings":{
      "network":"kcp"
    }
  },
  "inboundDetour":[
    {
      "protocol": "vmess",
      "port": "10000-20000",
      "tag": "dynamicPort",
      "settings": {
        "default": {
          "level": 1,
          "alterId": 32
        }
      },
      "allocate": {
        "strategy": "random",
        "concurrency": 2,
        "refresh": 3
      },
      "streamSettings": {
        "network": "kcp"
      }
    }
  ],
  "outbound": {
    "protocol": "freedom",
    "settings": {}
  },
  "outboundDetour": [
    {
      "protocol": "blackhole",
      "settings": {},
      "tag": "blocked"
    }
  ],
 "transport":{
      "tcpSettings":{
         "connectionReuse":true
      },
      "kcpSettings":{
         "mtu":1350,
         "tti":20,
         "uplinkCapacity":100,
         "downlinkCapacity":100,
         "congestion":false,
         "readBufferSize":5,
         "writeBufferSize":5,
         "header":{
            "type":"utp"
         }
      }
   }
}
Client Configuration File(客户端配置文件):
{
  "log": {
    "access": "/var/log/v2ray/access.log",
    "error": "/var/log/v2ray/error.log",
    "loglevel": "warning"
    },

  "outbound": {
    "protocol": "vmess",
    "settings":{
        "vnext":[
            {
                "address":"vps ip",
                "port": 39018,
                "users": [
                    {
                    "id": "my id",
                    "level": 1,
                    "alterId": 64,
                    "security":"aes-128-gcm"
                    }
                ]
            }
        ]
    },
    "streamSettings": {
        "network": "kcp"
      },
    "mux": {"enabled": true}
},

  "outboundDetour": [
    {
        "protocol":"freedom",
        "settings":{
        },
        "tag":"direct"
     }
  ],
  "inbound": { 
       "protocol": "dokodemo-door", //Dnsmasq查询转发
       "port": 5353,
       "settings": {
         "address": "8.8.8.8",
         "port": 53,
         "network": "udp",
         "timeout": 0,
         "followRedirect": false
 }
     },
  "inboundDetour": [ 
    {
    "protocol": "dokodemo-door", //所有流量转发到1060端口,路由功能
    "port":1060,
    "settings":{
        "network": "tcp",
        "timeout": 30,
        "followRedirect": true
        }
    },
    {
            "protocol":"socks", //socks代理
            "port":8080,
            "settings":{
                    "auth":"noauth",
                    "udp":false,
                    "ip":"127.0.0.1"
                    }
            }
],
  "routing": {
       "strategy":"rules",
      "settings":{
         "domainStrategy":"IPIfNonMatch",
         "rules":[
            {
               "type":"field",
               "port":"1-52",
               "outboundTag":"direct"
            },
            {
               "type":"field",
               "port":"54-79",
               "outboundTag":"direct"
            },
            {
               "type":"field",
               "port":"81-442",
               "outboundTag":"direct"
            },
            {
               "type":"field",
               "port":"444-65535",
               "outboundTag":"direct"
            },
            **{
                "type":"field", //这里配置不起作用,其余的路由配置没有问题
                "domain":[
                        "whatismyipaddress.com"
                ],
                "outboundTag":"direct"
           },**
            {
               "type":"chinasites",
               "outboundTag":"direct"
            },
            {
               "type":"field",
               "ip":[
                  "0.0.0.0/8",
                  "10.0.0.0/8",
                  "100.64.0.0/10",
                  "127.0.0.0/8",
                  "169.254.0.0/16",
                  "172.16.0.0/12",
                  "192.0.0.0/24",
                  "192.0.2.0/24",
                  "192.168.0.0/16",
                  "198.18.0.0/15",
                  "198.51.100.0/24",
                  "203.0.113.0/24",
                  "::1/128",
                  "fc00::/7",
                  "fe80::/10"
               ],
               "outboundTag":"direct"
            },
            {
               "type":"chinaip",
               "outboundTag":"direct"
            }
         ]
      }
  },
   "transport":{
      "tcpSettings":{
         "connectionReuse":true
      },
      "kcpSettings":{
         "mtu":1350,
         "tti":20,
         "uplinkCapacity":100,
         "downlinkCapacity":100,
         "congestion":false,
         "readBufferSize":5,
         "writeBufferSize":5,
         "header":{
            "type":"utp"
         }
      }
   }
}

6) 请附上出错时软件输出的日志。在 Linux 中,日志通常在 /var/log/v2ray/error.log 文件中。 Please attach the log file, especially the bottom lines if the file is large. Log file is usually /var/log/v2ray/error.log on Linux.

Server Log File(服务器端日志):
2017/11/22 00:30:57 [Warning]Core: V2Ray started
Client Log File(客户端日志):
2017/11/21 20:27:19 [Warning]Core: V2Ray started
2017/11/21 20:30:06 [Warning]failed to handler mux client connection > Proxy|VMess|Outbound: connection ends > context canceled
2017/11/21 20:30:11 [Warning]failed to handler mux client connection > Proxy|VMess|Outbound: connection ends > context canceled
2017/11/21 20:31:25 [Warning]failed to handler mux client connection > Proxy|VMess|Outbound: connection ends > context canceled
2017/11/21 20:31:27 [Warning]failed to handler mux client connection > Proxy|VMess|Outbound: connection ends > io: read/write on closed pipe
2017/11/21 20:31:36 [Warning]failed to handler mux client connection > Proxy|VMess|Outbound: connection ends > context canceled
2017/11/21 20:33:29 [Warning]failed to handler mux client connection > Proxy|VMess|Outbound: connection ends > context canceled
2017/11/21 20:33:42 [Warning]failed to handler mux client connection > Proxy|VMess|Outbound: connection ends > context canceled
2017/11/21 20:33:43 [Warning]failed to handler mux client connection > Proxy|VMess|Outbound: connection ends > context canceled
2017/11/21 20:33:56 [Warning]failed to handler mux client connection > Proxy|VMess|Outbound: connection ends > context canceled
2017/11/21 20:34:26 [Warning]failed to handler mux client connection > Proxy|VMess|Outbound: connection ends > context canceled
2017/11/21 20:34:29 [Warning]failed to handler mux client connection > Proxy|VMess|Outbound: connection ends > context canceled
2017/11/21 20:35:01 [Warning]failed to handler mux client connection > Proxy|VMess|Outbound: connection ends > context canceled
2017/11/21 20:36:54 [Warning]failed to handler mux client connection > Proxy|VMess|Outbound: connection ends > context canceled
2017/11/21 20:40:21 [Warning]failed to handler mux client connection > Proxy|VMess|Outbound: connection ends > context canceled
2017/11/21 20:45:31 [Warning]failed to handler mux client connection > Proxy|VMess|Outbound: connection ends > context canceled

看起来这是mux错误,但是平时我用的时候也没有问题,只是最近需要一些网站直连,发现设置不起作用,也没发现配置错误,只好来发Issue,另外, v2ray客户端启动的时候,经常只启动监听到两个端口:

service v2ray status
Nov 21 20:27:19 debian systemd[1]: Started V2Ray Service.
Nov 21 20:27:19 debian v2ray[23597]: V2Ray v2.50 (One for all) 20171117
Nov 21 20:27:19 debian v2ray[23597]: An unified platform for anti-censorship.
Nov 21 20:27:19 debian v2ray[23597]: 2017/11/21 20:27:19 [Debug]App|Proxyman|Inbound: creating tcp worker on 0.0.0.0:1060
Nov 21 20:27:19 debian v2ray[23597]: 2017/11/21 20:27:19 [Debug]App|Proxyman|Inbound: creating tcp worker on 0.0.0.0:8080

但是根据我的配置,应该是输出为以下信息才是正确的,不然dnsmasq查询不了(没有转发5353端口),有时需要 service v2ray restart多次才能正确启动端口转发。

Nov 21 20:27:19 debian systemd[1]: Started V2Ray Service.
Nov 21 20:27:19 debian v2ray[23597]: V2Ray v2.50 (One for all) 20171117
Nov 21 20:27:19 debian v2ray[23597]: An unified platform for anti-censorship.
Nov 21 20:27:19 debian v2ray[23597]: 2017/11/21 20:27:19 [Debug]App|Proxyman|Inbound: creating tcp worker on 0.0.0.0:1060
Nov 21 20:27:19 debian v2ray[23597]: 2017/11/21 20:27:19 [Debug]App|Proxyman|Inbound: creating tcp worker on 0.0.0.0:8080
Nov 21 20:27:19 debian v2ray[23597]: 2017/11/21 20:27:19 [Info]Transport|Internet|UDP: listening UDP on 0.0.0.0:5353
Nov 21 20:27:19 debian v2ray[23597]: 2017/11/21 20:27:19 [Info]Transport|Internet|TCP: listening TCP on 0.0.0.0:1060
Nov 21 20:27:19 debian v2ray[23597]: 2017/11/21 20:27:19 [Info]Transport|Internet|TCP: listening TCP on 0.0.0.0:8080
DarienRaymond commented 6 years ago

把 loglevel 设成 debug,然后再访问一下 whatismyipaddress.com,看一下具体接收到的是什么信息。

Dakai commented 6 years ago

谢谢,改成debug后,和这个域名相关的内容如下:

2017/11/22 08:34:32 [Debug]Proxy|Dokodemo: processing connection from: 192.168.10.150:58902
2017/11/22 08:34:32 [Info]App|Dispatcher|Default: default route for tcp:104.16.16.96:443 //这个就是whatismyipadress.com的ip地址
2017/11/22 08:34:32 [Info]App|Proxyman|Mux: dispatching request to tcp:104.16.16.96:443 //可以看到建立了Mux数据流连接到whatismyipadress.com,没有走direct路线
2017/11/22 08:34:32 [Info]Transport|Internet|TCP: dailing TCP to tcp:173.244.217.42:4000 //以下应该没有关系了,端口4000经过分析好像是Resilio Sync(BT Sync)的连接端口。
2017/11/22 08:34:32 [Info]Transport|Internet|TCP: dailing TCP to tcp:173.244.217.42:4000
2017/11/22 08:34:32 [Info]App|Proxyman|Outbound: failed to process outbound traffic > Proxy|Freedom: connection ends > context canceled
2017/11/22 08:34:32 [Info]App|Proxyman|Inbound: connection ends > Proxy|Dokodemo: connection ends > context canceled
2017/11/22 08:34:32 [Info]App|Proxyman|Inbound: connection ends > Proxy|Dokodemo: connection ends > context canceled
2017/11/22 08:34:32 [Debug]Proxy|Dokodemo: processing connection from: 192.168.10.4:31883 //局域网上另一台机器的连接
2017/11/22 08:34:32 [Info]App|Dispatcher|Default: taking detour [direct] for [tcp:192.168.10.118:8080] //socks代理连接
2017/11/22 08:34:32 [Info]Proxy|Freedom: opening connection to tcp:192.168.10.118:8080
2017/11/22 08:34:32 [Info]Transport|Internet|TCP: dailing TCP to tcp:192.168.10.118:8080
2017/11/22 08:34:32 [Info]Proxy|Socks: TCP Connect request to tcp:209.95.56.60:4000 
2017/11/22 08:34:32 [Info]App|Dispatcher|Default: taking detour [direct] for [tcp:209.95.56.60:4000] //这里是美国的ip,端口是4000走了direct连接,所以看来路由功能在这里是正常的。
2017/11/22 08:34:32 [Info]Proxy|Freedom: opening connection to tcp:209.95.56.60:4000
2017/11/22 08:34:32 [Info]Transport|Internet|TCP: dailing TCP to tcp:209.95.56.60:4000
2017/11/22 08:34:32 [Info]Transport|Internet|TCP: dailing TCP to tcp:209.95.56.60:4000
2017/11/22 08:34:32 [Info]Transport|Internet|TCP: dailing TCP to tcp:209.95.56.60:4000
2017/11/22 08:34:32 [Info]Transport|Internet|TCP: dailing TCP to tcp:209.95.56.60:4000
2017/11/22 08:34:32 [Info]App|Proxyman|Outbound: failed to process outbound traffic > Proxy|Freedom: failed to open connection to tcp:173.244.217.42:4000 > Retry: [dial tcp 173.244.217.42:4000: getsockopt: connection refused] > Retry: all retry attempts failed
2017/11/22 08:34:32 [Info]App|Proxyman|Inbound: connection ends > Proxy|Socks: connection ends > Proxy|Socks: failed to transport all TCP response > io: read/write on closed pipe
2017/11/22 08:34:33 [Info]Transport|Internet|TCP: dailing TCP to tcp:209.95.56.60:4000

看了error.log之后发现v2ray是通过ip或端口判断走代理还是direct outbound,和官方网站路由配置里的规则不符合,是否是因为我没有使用v2ray自带的dns服务器的原因?:

"IPIfNonMatch": 当域名没有匹配任何规则时,将域名解析成 IP(A 记录或 AAAA 记录)再次进行匹配;

DarienRaymond commented 6 years ago

你的访问地址传进来就是 IP 了,所以域名匹配不起作用。你的浏览器需要开启远程DNS之类的选项。

betterdoitnow commented 6 years ago

@Dakai 或者你试试看客户端inbound(detour)里面加上 "domainOverride": ["http", "tls"] 试试看?

Dakai commented 6 years ago

@betterdoitnow 好了,加上domainOverride就可以直连了!感谢!V2ray配置能力真心强大

cheungcon commented 6 years ago

@Dakai 我复制了你的客户端和服务端的配置文件, 在我VPS 上面, 查询状态的时候, 出现了错误信息. 服务端错误信息: ● v2ray.service - V2Ray Service Loaded: loaded (/lib/systemd/system/v2ray.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2017-11-23 14:26:05 HKT; 3h 3min ago Main PID: 20392 (v2ray) CGroup: /system.slice/v2ray.service └─20392 /usr/bin/v2ray/v2ray -config /etc/v2ray/config.json

Nov 23 14:26:05 localhost systemd[1]: Started V2Ray Service. Nov 23 14:26:05 localhost v2ray[20392]: V2Ray v2.50 (One for all) 20171117 Nov 23 14:26:05 localhost v2ray[20392]: An unified platform for anti-censorship. Nov 23 14:26:05 localhost v2ray[20392]: failed to parse json config: Ext|Tools|Conf|Serial: failed to read config file > json: cannot unmarshal string into Go value of type conf.Config2017/11/23 14:26:05 [Warning]Core: V2Ray started

客户端: V2Ray v2.50 (One for all) 20171117 An unified platform for anti-censorship. 2017/11/23 17:32:06 [Debug]App|Proxyman|Inbound: creating tcp worker on 0.0.0.0:1060 2017/11/23 17:32:06 [Debug]App|Proxyman|Inbound: creating tcp worker on 0.0.0.0:1080 Failed to start listen udp 0.0.0.0:5353: bind: Only one usage of each socket address (protocol/network address/port) is normally permitted.

无法确认哪里出现了问题, 望指引. 感谢...

DarienRaymond commented 6 years ago

服务器的json配置格式有问题

Dakai commented 6 years ago

@cheungcon 你复制粘贴的时候是否把注释去掉了?json文件不能有注释,这里是我为了方便后加上去的。 你可以用jq工具检查来检查json文件的语法,命令是 jq . /etc/v2ray/config.json。 另外,这个配置文件是要和Dnsmasq和iptable设置配合使用的,否则没有任何作用,你的客户端输出提示应该是5353端口被占用了,我这边本来也是avahi-deamon进程使用着5353端口的,我懒得改dnsmasq的配置文件就把avahi进程停止了。还有要用iptable把所有流量转发到1060端口,路由器上把dns和路由都指向客户端所在机器ip,才能正常使用v2ray。

cheungcon commented 6 years ago

非常感谢 DaKai

Sent from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10

From: Dakai notifications@github.com Sent: Thursday, November 23, 2017 8:53:44 PM To: v2ray/v2ray-core Cc: cheungcon; Mention Subject: Re: [v2ray/v2ray-core] 路由配置里域名直连不起作用,还有v2ray需要多次启动才可以启动端口转发 (#724)

@cheungconhttps://github.com/cheungcon 你复制粘贴的时候是否把注释去掉了?json文件不能有注释,这里是我为了方便后加上去的。 你可以用jqhttps://stedolan.github.io/jq/download/工具检查来检查json文件的语法,命令是 jq . /etc/v2ray/config.json。 另外,这个配置文件是要和Dnsmasq和iptable设置配合使用的,否则没有任何作用,你的客户端输出提示应该是5353端口被占用了,我这边本来也是avahi-deamon进程使用着5353端口的,我懒得改dnsmasq的配置文件就把avahi进程停止了。还有要用iptable把所有流量转发到1060端口,路由器上把dns和路由都指向客户端所在机器ip,才能正常使用v2ray。

― You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/v2ray/v2ray-core/issues/724#issuecomment-346610873, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AgWeT9bBI0pf87I3p3PAeb_ceS5sithEks5s5WrYgaJpZM4Qmv7d.

kdrx commented 6 years ago

@Dakai 你到底是使用用浏览器+socks5代理,还是网关用iptable转发的方案fq的啊? 如果是前者,chrome这种默认就是远程dns解析的,应该按照域名路由是起作用的。 如果是后者,策略路由里面的按域名路由应该没有用,因为iptable只能处理ip地址,你确定该种方案使用了domainOverride选项后就能按域名分流了吗?

Dakai commented 6 years ago

@kdrx 是网关用Iptables转发所有tcp流量到v2ray的inboundDetour 1060端口,这个方案使用了domainOverride之后确实能按域名分流了

cheungcon commented 6 years ago

@Dakai 能否可以把Dnsmasq和iptables的配置发我一下, 我无法配置正常我服务器上的设置. 感谢. 我邮箱justin.japl@outlook.com

Dakai commented 6 years ago

@cheungcon 写了篇配置的详细文章,你可以参考一下:https://dakai.github.io/2017/11/27/v2ray.html 不过,这个配置我前段时间一直用得很好,最近有断流的情况,估计是动态端口也会遇到被屏蔽的,现在已经换到tls+websocket模式了,但dnsmasq和iptables配置没变。

cheungcon commented 6 years ago

非常详细,, 谢谢!! 已经搞掂.