yichya / luci-app-xray

(Almost) full feature Xray client for OpenWrt
Mozilla Public License 2.0
619 stars 554 forks source link

Release v3.1.0 feedback #349

Closed yichya closed 11 months ago

yichya commented 1 year ago

v3.1.0 added a status page used for revealing observatory and statistics information and better LAN hosts access control abilities. It is also considered the first stable release of major version 3 and that means incompatibility of configuration files with v2.x versions.

If you encounter any issues please report and happy programmers' day 🎉

ram108 commented 1 year ago

Thank you so much for the awaited release! Let's try it!

hutozh commented 1 year ago

LAN Hosts Access Control希望能够显示主要名,以便区分。另外对每一台主机希望增加启用选项,以方便临时切换翻墙和直连。

yichya commented 1 year ago

LAN Hosts Access Control希望能够显示主要名,以便区分。另外对每一台主机希望增加启用选项,以方便临时切换翻墙和直连。

我寻思着现在就有主机名和启用选项啊

image
rezconf commented 1 year ago

There is still a problem to enter the domain name and the IP server must be entered. 😑😑

hutozh commented 1 year ago

LAN Hosts Access Control希望能够显示主要名,以便区分。另外对每一台主机希望增加启用选项,以方便临时切换翻墙和直连。

我寻思着现在就有主机名和启用选项啊

image

我说的是在列表显示界面显示名称。

yichya commented 1 year ago

我说的是在列表显示界面显示名称。

这个不一定拿得到(尤其重启之后 /var/dhcp.leases 是空的),而且地方不够大挤不下

hutozh commented 1 year ago

这个不一定拿得到(尤其重启之后 /var/dhcp.leases 是空的)

这个是不是可以提前写入文件里?

而且地方不够大挤不下

你设置项目只分了V4和V6,显示列表也可以简化成V4和V6。

另外,显示列表的选项,是不是可以改成列表选项?这样不需要点编辑就可以方便修改。

yichya commented 1 year ago

这个不一定拿得到(尤其重启之后 /var/dhcp.leases 是空的)

这个是不是可以提前写入文件里?

要不就留个 alias 的选项得了,可以写个只能用来看的备注

而且地方不够大挤不下

你设置项目只分了V4和V6,显示列表也可以简化成V4和V6。

然而 Outbound 是可以分 TCP / UDP 设置的,显示也都要显示出来

另外,显示列表的选项,是不是可以改成列表选项?这样不需要点编辑就可以方便修改。

(这玩意儿真有这么频繁修改的需求吗

yichya commented 1 year ago

There is still a problem to enter the domain name and the IP server must be entered. 😑😑

I'll try to find out a better solution about upstream DNS resolving issue. That's a part of DoH / DoT feature support so it's going to be a bit complicated

hutozh commented 1 year ago

(这玩意儿真有这么频繁修改的需求吗

我的梯子分流有问题,比如编译你这个程序,关了代理比开着代理快很多。

yichya commented 1 year ago

我的梯子分流有问题,比如编译你这个程序,关了代理比开着代理快很多。

那其实我觉得应该下个版本在 extra inbound 上加一个 route 到 direct 上的设置(其实现在也可以用 Custom Configurations 直接加),然后像这种临时关一下代理的就直接用环境变量切一下就行了

yichya commented 1 year ago

那其实我觉得应该下个版本在 extra inbound 上加一个 route 到 direct 上的设置(其实现在也可以用 Custom Configurations 直接加),然后像这种临时关一下代理的就直接用环境变量切一下就行了

(然后发现其实是一个 bug 把这个搞得不能用了,#353 修了一下,可能会发个 3.1.1

Tualua commented 1 year ago

Why status app is for x86_64 only?

Tualua commented 1 year ago

If possible, please add these features:

  1. Custom dokodemo inbounds
  2. Custom rules

I will be much easier to use Wireguard over xray, for example.

yichya commented 1 year ago

Why status app is for x86_64 only?

It's a bug and will be fixed in v3.1.1

If possible, please add these features:

  1. Custom dokodemo inbounds
  2. Custom rules

Try custom configurations for now

Tualua commented 1 year ago

Try custom configurations for now

You mean Custom Options?

You can't ADD rule, need to copy all routing section from generated config. Also can't add more than 1 inbound, everything stops working.

yichya commented 1 year ago

You can't ADD rule, need to copy all routing section from generated config.

That's because of the way Xray multiple configuration file mechanism works.

Also can't add more than 1 inbound, everything stops working.

That seems also limited by Xray itself. I may add a configuration hook later to resolve that

Tualua commented 1 year ago

That's because of the way Xray multiple configuration file mechanism works.

Yes, I know that and this is the only reason why I'm asking.

I may add a configuration hook later to resolve that

Thank you!

Tualua commented 1 year ago

May be there is an other way to do what I need?

I need to connect to foreign OVPN server. My way:

       {
            "listen": "192.168.111.111",
            "port": 24354,
            "protocol": "dokodemo-door",
            "settings": {
                "address": "x.x.x.x",
                "port": 24354,
                "network": "tcp"
            },
            "tag": "ovpn_inbound"
        }
     ...
    "routing": {
{
                "type": "field",
                "inboundTag": [
                    "ovpn_inbound"
                ],
                "outboundTag": "ovpn_outbound"
            }
}

OVPN client on another router connects to local address of OpenWRT box to port 24354 and everything works fine. I also add separate outbound to reach OVPN server via separate xray server. I need several of these connections and I can't do it via main xray server because of latency issues.

yichya commented 1 year ago

I also add separate outbound to reach OVPN server via separate xray server. I need several of these connections and I can't do it via main xray server because of latency issues.

Try manual transparent proxy (192.0.2.1 -> remote openvpn server, and set force forward) with firewall port forwarding (input 24354 -> 192.0.2.1)

Tualua commented 1 year ago

I also add separate outbound to reach OVPN server via separate xray server. I need several of these connections and I can't do it via main xray server because of latency issues.

Try manual transparent proxy (192.0.2.1 -> remote openvpn server, and set force forward) with firewall port forwarding (input 24354 -> 192.0.2.1)

Thank you! 192.0.2.1 - is this a local OpenWRT box address or what? I don't think I completely understand how manual transparent proxy rules work

firewall port forwarding (input 24354 -> 192.0.2.1) - standatd OpenWRT firewall config?

yichya commented 1 year ago

192.0.2.1 - is this a local OpenWRT box address or what?

It's a reserved address and could be used by luci-app-xray for forwarding requests. Manual transparent proxy works like firewall port forwarding but offer extra features like specifying outbound and IPv6 / IPv4 address translation.

For example a configuration like this forwards all requests to 192.0.2.1:5310 to 10.80.0.10:53, and you can specify outbound used by enabling force forward. Your other router can connect to OpenVPN server via the source IP and port (192.0.2.1:5310 in the example)

image

firewall port forwarding (input 24354 -> 192.0.2.1) - standatd OpenWRT firewall config?

Yes and this may not be necessary.

Tualua commented 1 year ago

Trying to test with DNS

image

When I try to connect to 192.0.2.1:53 I see this in xray access log

daemon.info xray[16083]: 2023/10/31 04:48:03 10.224.30.27:52295 accepted udp:192.0.2.1:53 [tproxy_udp_inbound_v4 -> direct]

And this on the router which is default gateway for OpenWRT box

image

10.224.30.242 - is WAN IP of OpenWRT

yichya commented 1 year ago

Weird. Try changing source port to something like 5353

2fact commented 1 year ago

Thank you for the "Custom Configuration Hook" feature, it's really helpful.

Appears it's best for tuning of configs that are not doable in web UI. Tried a few custom configs, hope these can also be reference for others.

return function (config) {

    // Set domainsExcluded for sniffing inbounds
    for (i in filter(config["inbounds"], i => "sniffing" in i && i["sniffing"] != null)) {
        i["sniffing"]["domainsExcluded"] = [
            "courier.push.apple.com"
        ];
    }

    // A LAN host needs to access some domains using non-default outbound
    // However it uses own DNS (thus FakeDNS doesn't work)
    // Workaround: Move the rule upward and remove FakeDNS inboundTag
    // Otherwise the "geosite:geolocation-!cn -> tcp_outbound_v4" rule will override it
    rf = filter(config["routing"]["rules"], r => exists(r, "balancerTag") && index(r["balancerTag"], "fake_dns_balancer") >= 0);
    for (r in rf) {
       delete r.inboundTag; 
    }
    splice(config["routing"]["rules"], 0, 0, ...rf);

    // Append an extra routing rule
    push(config["routing"]["rules"], {
        "type": "field",
        "balancerTag": "tcp_outbound_v4",
        "domain": [
            "geosite:..."
        ]
    });

    return config;
};
yichya commented 1 year ago

Thank you for the "Custom Configuration Hook" feature, it's really helpful.

That will be included in v3.2.0 release.