search

xiaorouji / openwrt-passwall2

1.35k stars 437 forks source link

[Feature Request]: Please add support for ShadowTLS #426

Closed mfat closed 10 months ago

mfat commented 1 year ago

描述你想要的新功能

Please add support for shadowTLS protocol.

描述你想要的解决方案

Shadow TLS notes can be added to the node types.

描述你考虑过的替代方案

No response

其他信息

No response

Gzxhwq commented 1 year ago

Already had ShadowTLS support by sing-box.

mfat commented 1 year ago

Thanks. I can't find any menu item for ShadowTLS. Should I configure manually?

Gzxhwq commented 1 year ago

Upgrade to the latest Passwall, install sing-box

Select node type: Sing-Box -> protocol: Shadowsocks/Vmess, then you should see the ShadowTLS option.

mfat commented 1 year ago

Thanks much! The config file I want to import looks like this: When I enable TLS, ShadowTLS options disappear:

{
    "dns": {
        "rules": [
        ],
        "servers": [
            {
                "address": "tls://1.1.1.1",
                "detour": "ss",
                "strategy": "ipv4_only",
                "tag": "dns-remote"
            }
        ]
    },
    "inbounds": [
        {
            "domain_strategy": "",
            "listen": "::",
            "listen_port": 2080,
            "sniff": true,
            "sniff_override_destination": false,
            "tag": "mixed-in",
            "type": "mixed"
        }
    ],
    "log": {
        "level": "info"
    },
    "outbounds": [
        {
            "detour": "shadowtls-out",
            "method": "chacha20-ietf-poly1305",
            "password": "aa27e45rgr1e4bfcd48df71ba96",
            "tag": "ss",
            "type": "shadowsocks",
            "udp_over_tcp": {
                "enabled": true,
                "version": 2
            }
        },
        {
            "password": "259c0rgfrggr6aa17995fd6f0f4af4",
            "server": "",
            "server_port": 55337,
            "tag": "shadowtls-out",
            "tls": {
                "enabled": true,
                "server_name": "www.speedtest.net",
                "utls": {
                    "enabled": true,
                    "fingerprint": "firefox"
                }
            },
            "type": "shadowtls",
            "version": 3
        },
        {
            "tag": "dns-out",
            "type": "dns"
        }
    ],
    "route": {
        "auto_detect_interface": true,
        "final": "ss",
        "rules": [
            {
                "outbound": "dns-out",
                "protocol": "dns"
            }
        ]
    }
}
Gzxhwq commented 1 year ago

"Shadow"TLS is NOT TLS. You must know what is it.

mfat commented 1 year ago

Thanks. In my config file there is this part that's why I asked:

"tls": {
                "enabled": true,
                "server_name": "www.speedtest.net",
Gzxhwq commented 1 year ago

Sing-box reuse this tls struct to provide "server_name" parameter, and passwall name it to "ShadowTLS Domain".

github-actions[bot] commented 10 months ago

Stale Issue