Release v3.1.0 feedback

[yichya]

v3.1.0 added a status page used for revealing observatory and statistics information and better LAN hosts access control abilities. It is also considered the first stable release of major version 3 and that means incompatibility of configuration files with v2.x versions.

If you encounter any issues please report and happy programmers' day 🎉

[ram108]

Thank you so much for the awaited release! Let's try it!

[hutozh]

LAN Hosts Access Control希望能够显示主要名，以便区分。另外对每一台主机希望增加启用选项，以方便临时切换翻墙和直连。

[yichya]

LAN Hosts Access Control希望能够显示主要名，以便区分。另外对每一台主机希望增加启用选项，以方便临时切换翻墙和直连。

我寻思着现在就有主机名和启用选项啊

[rezconf]

There is still a problem to enter the domain name and the IP server must be entered. 😑😑

[hutozh]

LAN Hosts Access Control希望能够显示主要名，以便区分。另外对每一台主机希望增加启用选项，以方便临时切换翻墙和直连。

我寻思着现在就有主机名和启用选项啊

我说的是在列表显示界面显示名称。

[yichya]

我说的是在列表显示界面显示名称。

这个不一定拿得到（尤其重启之后 /var/dhcp.leases 是空的），而且地方不够大挤不下

[hutozh]

这个不一定拿得到（尤其重启之后 /var/dhcp.leases 是空的）

这个是不是可以提前写入文件里？

而且地方不够大挤不下

你设置项目只分了V4和V6，显示列表也可以简化成V4和V6。

另外，显示列表的选项，是不是可以改成列表选项？这样不需要点编辑就可以方便修改。

[yichya]

这个不一定拿得到（尤其重启之后 /var/dhcp.leases 是空的）

这个是不是可以提前写入文件里？

要不就留个 alias 的选项得了，可以写个只能用来看的备注

而且地方不够大挤不下

你设置项目只分了V4和V6，显示列表也可以简化成V4和V6。

然而 Outbound 是可以分 TCP / UDP 设置的，显示也都要显示出来

另外，显示列表的选项，是不是可以改成列表选项？这样不需要点编辑就可以方便修改。

（这玩意儿真有这么频繁修改的需求吗

[yichya]

There is still a problem to enter the domain name and the IP server must be entered. 😑😑

I'll try to find out a better solution about upstream DNS resolving issue. That's a part of DoH / DoT feature support so it's going to be a bit complicated

[hutozh]

（这玩意儿真有这么频繁修改的需求吗

我的梯子分流有问题，比如编译你这个程序，关了代理比开着代理快很多。

[yichya]

我的梯子分流有问题，比如编译你这个程序，关了代理比开着代理快很多。

那其实我觉得应该下个版本在 extra inbound 上加一个 route 到 direct 上的设置（其实现在也可以用 Custom Configurations 直接加），然后像这种临时关一下代理的就直接用环境变量切一下就行了

[yichya]

那其实我觉得应该下个版本在 extra inbound 上加一个 route 到 direct 上的设置（其实现在也可以用 Custom Configurations 直接加），然后像这种临时关一下代理的就直接用环境变量切一下就行了

（然后发现其实是一个 bug 把这个搞得不能用了，#353 修了一下，可能会发个 3.1.1

[Tualua]

Why status app is for x86_64 only?

[Tualua]

If possible, please add these features:

1. Custom dokodemo inbounds
2. Custom rules

I will be much easier to use Wireguard over xray, for example.

[yichya]

Why status app is for x86_64 only?

It's a bug and will be fixed in v3.1.1

If possible, please add these features:

1. Custom dokodemo inbounds
2. Custom rules

Try custom configurations for now

[Tualua]

Try custom configurations for now

You mean Custom Options?

You can't ADD rule, need to copy all routing section from generated config. Also can't add more than 1 inbound, everything stops working.

[yichya]

You can't ADD rule, need to copy all routing section from generated config.

That's because of the way Xray multiple configuration file mechanism works.

Also can't add more than 1 inbound, everything stops working.

That seems also limited by Xray itself. I may add a configuration hook later to resolve that

[Tualua]

That's because of the way Xray multiple configuration file mechanism works.

Yes, I know that and this is the only reason why I'm asking.

I may add a configuration hook later to resolve that

Thank you!

[Tualua]

May be there is an other way to do what I need?

I need to connect to foreign OVPN server. My way:

       {
            "listen": "192.168.111.111",
            "port": 24354,
            "protocol": "dokodemo-door",
            "settings": {
                "address": "x.x.x.x",
                "port": 24354,
                "network": "tcp"
            },
            "tag": "ovpn_inbound"
        }
     ...
    "routing": {
{
                "type": "field",
                "inboundTag": [
                    "ovpn_inbound"
                ],
                "outboundTag": "ovpn_outbound"
            }
}

OVPN client on another router connects to local address of OpenWRT box to port 24354 and everything works fine. I also add separate outbound to reach OVPN server via separate xray server. I need several of these connections and I can't do it via main xray server because of latency issues.

[yichya]

I also add separate outbound to reach OVPN server via separate xray server. I need several of these connections and I can't do it via main xray server because of latency issues.

Try manual transparent proxy (192.0.2.1 -> remote openvpn server, and set force forward) with firewall port forwarding (input 24354 -> 192.0.2.1)

[Tualua]

I also add separate outbound to reach OVPN server via separate xray server. I need several of these connections and I can't do it via main xray server because of latency issues.

Try manual transparent proxy (192.0.2.1 -> remote openvpn server, and set force forward) with firewall port forwarding (input 24354 -> 192.0.2.1)

Thank you! 192.0.2.1 - is this a local OpenWRT box address or what? I don't think I completely understand how manual transparent proxy rules work

firewall port forwarding (input 24354 -> 192.0.2.1) - standatd OpenWRT firewall config?

[yichya]

192.0.2.1 - is this a local OpenWRT box address or what?

It's a reserved address and could be used by luci-app-xray for forwarding requests. Manual transparent proxy works like firewall port forwarding but offer extra features like specifying outbound and IPv6 / IPv4 address translation.

For example a configuration like this forwards all requests to 192.0.2.1:5310 to 10.80.0.10:53, and you can specify outbound used by enabling force forward. Your other router can connect to OpenVPN server via the source IP and port (192.0.2.1:5310 in the example)

firewall port forwarding (input 24354 -> 192.0.2.1) - standatd OpenWRT firewall config?

Yes and this may not be necessary.

[Tualua]

Trying to test with DNS

When I try to connect to 192.0.2.1:53 I see this in xray access log

daemon.info xray[16083]: 2023/10/31 04:48:03 10.224.30.27:52295 accepted udp:192.0.2.1:53 [tproxy_udp_inbound_v4 -> direct]

And this on the router which is default gateway for OpenWRT box

10.224.30.242 - is WAN IP of OpenWRT

[yichya]

Weird. Try changing source port to something like 5353

[2fact]

Thank you for the "Custom Configuration Hook" feature, it's really helpful.

Appears it's best for tuning of configs that are not doable in web UI. Tried a few custom configs, hope these can also be reference for others.

return function (config) {

    // Set domainsExcluded for sniffing inbounds
    for (i in filter(config["inbounds"], i => "sniffing" in i && i["sniffing"] != null)) {
        i["sniffing"]["domainsExcluded"] = [
            "courier.push.apple.com"
        ];
    }

    // A LAN host needs to access some domains using non-default outbound
    // However it uses own DNS (thus FakeDNS doesn't work)
    // Workaround: Move the rule upward and remove FakeDNS inboundTag
    // Otherwise the "geosite:geolocation-!cn -> tcp_outbound_v4" rule will override it
    rf = filter(config["routing"]["rules"], r => exists(r, "balancerTag") && index(r["balancerTag"], "fake_dns_balancer") >= 0);
    for (r in rf) {
       delete r.inboundTag; 
    }
    splice(config["routing"]["rules"], 0, 0, ...rf);

    // Append an extra routing rule
    push(config["routing"]["rules"], {
        "type": "field",
        "balancerTag": "tcp_outbound_v4",
        "domain": [
            "geosite:..."
        ]
    });

    return config;
};

[yichya]

Thank you for the "Custom Configuration Hook" feature, it's really helpful.

That will be included in v3.2.0 release.