X-ray
X-ray, Penetrate GFWs. The best v2ray-core, with XTLS support. Automatically patch and compile by GitHub Actions, fully compatible configuration.
Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.
X-ray X-ray, Penetrate GFWs. The best v2ray-core, with XTLS support. Automatically patch and compile by GitHub Actions, fully compatible configuration
Resource links
2 Open
More issues
Closed
首先非常感谢大佬付出,但是我用xray的shadowsocks协议玩彩虹六号时,会出现:玩一把对局结束后就掉线然后再重连,就这样循环。。。。 这是我服务端的配置文件: { "log": { "loglevel": "warning", "access": "/overgfw/xray/log/access.log", "error": "/overgfw/xray/log/error.log" },
"inbounds": [ { "port": number, "protocol": "shadowsocks", "settings": { "method": "chacha20-ietf-poly1305", "password": "password", "network": "tcp,udp" } } ],
"outbounds": [ { "protocol": "freedom", "settings": { "domainStrategy": "AsIs" } } ] } 客户端用的是netch, 这是怎么回事呢? 之前用的是原版shadowsocks和shadowsocksR倒没问题
opened Jan 3, 2021 by GleenJi 126
Closed
如题,从古老的v2ray 4.22.1版本升级过来的,几乎同样配置的情况下, 之前的版本开机占用≈10m,现在的版本开机占用>60m,一段时间后才能勉强恢复正常(<20m)。 windows-amd64平台,作为客户端,服务器上(linux-amd64)也有内存占用过大的问题。
opened Dec 13, 2020 by timi-owo 81
Closed
使用场景: openwrt主路由iptables透明代理
版本: 服务端,客户端都是1.2.2
现象:
局域网内各客户端正常
主路由自身不能解析国内、境外所有域名(dig返回status: REFUSED)
dig baidu.com
; <<>> DiG 9.16.8 <<>> baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 40939
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;baidu.com. IN A
;; Query time: 20 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jan 19 01:58:38 CST 2021
;; MSG SIZE rcvd: 38
xray客户端配置(小幅修改自 https://xtls.github.io/documents/level-2/tproxy/ ):
{
"log": {
"loglevel": "error",
"error": "/var/log/xray_error.log"
},
"inbounds": [
{
"tag": "all-in",
"port": 12345,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv4"
},
"streamSettings": {
"sockopt": {
"mark": 2
}
}
},
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [{
"address": "服务器域名",
"port": 443,
"users": [{
"id": "uuid",
"flow": "xtls-rprx-splice",
"encryption": "none"
}]
}]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"sockopt": {
"mark": 2
}
}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
}
},
{
"tag": "dns-out",
"protocol": "dns",
"settings": {
"address": "1.1.1.1"
},
"proxySettings": {
"tag": "proxy"
},
"streamSettings": {
"sockopt": {
"mark": 2
}
}
}
],
"dns": {
"hosts": {
"服务器域名": "服务器IP",
},
"servers": [
{
"address": "223.5.5.5",
"port": 53,
"domains": ["geosite:cn"],
"expectIPs": ["geoip:cn"]
},
{
"address": "1.1.1.1",
"port": 53,
"domains": ["geosite:geolocation-!cn"]
},
"8.8.8.8"
]
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"inboundTag": ["all-in"],
"port": 53,
"outboundTag": "dns-out"
},
{
"type": "field",
"ip": [
"223.5.5.5"
],
"outboundTag": "direct"
},
{
"type": "field",
"ip": [
"8.8.8.8",
"1.1.1.1"
],
"outboundTag": "proxy"
},
{
"type": "field",
"domain": [
"geosite:category-ads-all"
],
"outboundTag": "block"
},
{
"type": "field",
"domain": [
"geosite:cn"
],
"outboundTag": "direct"
},
{
"type": "field",
"ip": [
"geoip:cn",
"geoip:private"
],
"outboundTag": "direct"
},
{
"type": "field",
"domain": [
"geosite:geolocation-!cn"
],
"outboundTag": "proxy"
},
{
"type": "field",
"ip": [
"geoip:jp",
"geoip:us",
"geoip:sg",
"geoip:hk",
"geoip:tw",
"109.239.140.0/24",
"14.102.250.18",
"14.102.250.19",
"149.154.164.0/22",
"149.154.168.0/22",
"149.154.172.0/22",
"174.142.105.153",
"50.7.31.230",
"67.220.91.15",
"67.220.91.18",
"67.220.91.23",
"69.65.19.160",
"72.52.81.22",
"85.17.73.31",
"91.108.4.0/22",
"91.108.56.0/22",
"91.108.56.0/23",
"108.177.120.94",
"108.177.120.0/24",
"172.217.0.0/16",
"74.125.0.0/16",
"23.246.0.0/18",
"37.77.184.0/21",
"45.57.0.0/17",
"64.120.128.0/17",
"66.197.128.0/17",
"108.175.32.0/20",
"192.173.64.0/18",
"198.38.96.0/19",
"198.45.48.0/20",
"173.245.48.0/20",
"103.21.244.0/22",
"103.22.200.0/22",
"103.31.4.0/22",
"141.101.64.0/18",
"108.162.192.0/18",
"190.93.240.0/20",
"188.114.96.0/20",
"197.234.240.0/22",
"198.41.128.0/17",
"162.158.0.0/15",
"104.16.0.0/12",
"172.64.0.0/13",
"131.0.72.0/22",
"144.220.0.0/16",
"52.124.128.0/17",
"54.230.0.0/16",
"54.239.128.0/18",
"52.82.128.0/19",
"99.84.0.0/16",
"204.246.172.0/24",
"54.239.192.0/19",
"70.132.0.0/18",
"13.32.0.0/15",
"205.251.208.0/20",
"13.224.0.0/14",
"13.35.0.0/16",
"204.246.164.0/22",
"204.246.168.0/22",
"71.152.0.0/17",
"216.137.32.0/19",
"205.251.249.0/24",
"99.86.0.0/16",
"52.46.0.0/18",
"52.84.0.0/15",
"204.246.173.0/24",
"130.176.0.0/16",
"205.251.200.0/21",
"204.246.174.0/23",
"64.252.128.0/18",
"205.251.254.0/24",
"143.204.0.0/16",
"205.251.252.0/23",
"204.246.176.0/20",
"13.249.0.0/16",
"54.240.128.0/18",
"205.251.250.0/23",
"52.222.128.0/17",
"54.182.0.0/16",
"54.192.0.0/16",
"103.2.30.0/23",
"125.209.208.0/20",
"147.92.128.0/17",
"203.104.144.0/21",
"91.108.8.0/22",
"91.108.12.0/22",
"91.108.16.0/22",
"149.154.160.0/20",
"3.123.36.126/32",
"35.157.215.84/32",
"35.157.217.255/32",
"52.58.209.134/32",
"54.93.124.31/32",
"54.162.243.80/32",
"54.173.34.141/32",
"54.235.23.242/32",
"169.45.248.118/32"
],
"outboundTag": "proxy"
}
]
}
}
iptables规则(小幅修改自 https://xtls.github.io/documents/level-2/tproxy/ ):
ip rule add fwmark 1 table 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N XRAY
iptables -t mangle -A XRAY ! -s 192.168.50.0/24 -j RETURN
iptables -t mangle -A XRAY -s 192.168.50.122/32 -j RETURN
iptables -t mangle -A XRAY -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A XRAY -d 192.0.0.0/24 -j RETURN
iptables -t mangle -A XRAY -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A XRAY -d 192.168.0.0/16 -p tcp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY -p tcp -j TPROXY --on-port 12345 --tproxy-mark 1
iptables -t mangle -A XRAY -p udp -j TPROXY --on-port 12345 --tproxy-mark 1
iptables -t mangle -A PREROUTING -j XRAY
iptables -t mangle -N XRAY_SELF
iptables -t mangle -A XRAY_SELF -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY_SELF -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY_SELF -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY_SELF -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY_SELF -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.0.0.0/24 -j RETURN
iptables -t mangle -A XRAY_SELF -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY_SELF -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY_SELF -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.168.0.0/16 -p tcp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY_SELF -m mark --mark 2 -j RETURN
iptables -t mangle -A XRAY_SELF -p tcp -j MARK --set-mark 1
iptables -t mangle -A XRAY_SELF -p udp -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -j XRAY_SELF
documentation
opened Jan 18, 2021 by 70599 63
Closed
RT 关闭的issue不容易被找到,希望这个不要被关闭,仅作为提示存在
opened Nov 17, 2021 by shenlijun 59
Closed
我觉得可以引入可选的分享加密(基于AES),自定义密钥,防止未授权的传播,之前的vmess就有很多泄露出去的,根本base64只是让人看不懂。而且实现AES也不会很复杂,更加保护分享的安全。适用于个人分享,以及保护订阅被盗时阻止非法访问。 具体可以这样 :密文头部改为 Avless://或 Avmess:// 以提示需要自定义密钥解密。
Originally posted by @RainThings in https://github.com/XTLS/Xray-core/issues/91#issuecomment-765059563
opened Jan 21, 2021 by RainThings 58
Closed
VMess / VLESS 分享链接提案
0 致谢
- @DuckSoft (@Qv2ray): 作者
- @huyz: 提出了非常多的宝贵意见
- @rprx: 审校
1 原则
- 必须是合法的 URL
- 对机器友好、对人类可读
2 约定
- URL 字段对出现顺序不敏感,但同一字段禁止重复出现
- 所有 URL 字段的 Value 都必须使用
encodeURIComponent进行转义处理 - 所有参数名和常数字符串均区分大小写。
3 概览
protocol://
$(uuid)
@
remote-host
:
remote-port
?
<protocol-specific fields>
<transport-specific fields>
<tls-specific fields>
#$(descriptive-text)
特别说明:$() 代表此处需要 encodeURIComponent。
4 详述
4.1 基本信息段
4.1.1 协议名称 protocol
所使用的协议名称。取值必须为 vmess 或 vless。
不可省略,不能为空字符串。
4.1.2 uuid
UUID。对应配置文件该项出站中 settings.vnext[0].users[0].id 的值。
不可省略,不能为空字符串。
4.1.3 remote-host
服务器的域名或 IP 地址。
不可省略,不能为空字符串。
IPv6 地址必须括上方括号。
IDN 域名(如“百度.cn”)必须使用 xn--xxxxxx 格式。
4.1.4 remote-port
服务器的端口号。
不可省略,必须取 [1,65535] 中的整数。
4.1.5 descriptive-text
服务器的描述信息。
可省略,不推荐为空字符串。
必须使用 encodeURIComponent 转义。
4.2 协议相关段
4.2.1 传输方式 type
协议的传输方式。对应配置文件出站中 settings.vnext[0].streamSettings.network 的值。
当前的取值必须为 tcp、kcp、ws、http、quic 其中之一,分别对应 TCP、mKCP、WebSocket、HTTP/2、QUIC 传输方式。
修订:取值还可以是 grpc,代表 gRPC 传输方式。
4.2.2 (VMess/VLESS) encryption
当协议为 VMess 时,对应配置文件出站中 settings.security,可选值为 auto / aes-128-gcm / chacha20-poly1305 / none。
省略时默认为 auto,但不可以为空字符串。除非指定为 none,否则建议省略。
当协议为 VLESS 时,对应配置文件出站中 settings.encryption,当前可选值只有 none。
省略时默认为 none,但不可以为空字符串。
特殊说明:之所以不使用 security 而使用 encryption,是因为后面还有一个底层传输安全类型 security 与这个冲突。
由 @huyz 提议,将此字段重命名为 encryption,这样不仅能避免命名冲突,还与 VLESS 保持了一致。
4.2.3 (VMess) alterId、aid 等
没有这些字段。旧的 VMess 因协议设计出现致命问题,不再适合使用或分享。
此分享标准仅针对 VMess AEAD 和 VLESS。
4.3 传输层相关段
4.3.1 底层传输安全 security
设定底层传输所使用的 TLS 类型。当前可选值有 none,tls 和 xtls。
省略时默认为 none,但不可以为空字符串。
4.3.2 (HTTP/2) path
HTTP/2 的路径。省略时默认为 /,但不可以为空字符串。不推荐省略。
必须使用 encodeURIComponent 转义。
4.3.3 (HTTP/2) host
客户端进行 HTTP/2 通信时所发送的 Host 头部。
省略时复用 remote-host,但不可以为空字符串。
若有多个域名,可使用英文逗号隔开,但中间及前后不可有空格。
必须使用 encodeURIComponent 转义。
4.3.4 (WebSocket) path
WebSocket 的路径。省略时默认为 /,但不可以为空字符串。不推荐省略。
必须使用 encodeURIComponent 转义。
4.3.5 (WebSocket) host
WebSocket 请求时 Host 头的内容。不推荐省略,不推荐设为空字符串。
必须使用 encodeURIComponent 转义。
4.3.6 (mKCP) headerType
mKCP 的伪装头部类型。当前可选值有 none / srtp / utp / wechat-video / dtls / wireguard。
省略时默认值为 none,即不使用伪装头部,但不可以为空字符串。
4.3.7 (mKCP) seed
mKCP 种子。省略时不使用种子,但不可以为空字符串。建议 mKCP 用户使用 seed。
必须使用 encodeURIComponent 转义。
4.3.8 (QUIC) quicSecurity
QUIC 的加密方式。当前可选值有 none / aes-128-gcm / chacha20-poly1305。
省略时默认值为 none。
4.3.9 (QUIC) key
当 QUIC 的加密方式不为 none 时的加密密钥。
当 QUIC 的加密方式为 none 时,此项不得出现;否则,此项必须出现,且不可为空字符串。
若出现此项,则必须使用 encodeURIComponent 转义。
4.3.10 (QUIC) headerType
QUIC 的伪装头部类型。其他同 mKCP headerType 字段定义。
4.3.11 (gRPC) serviceName
对应 gRPC 的 ServiceName。建议仅使用英文字母数字和英文句号、下划线组成。
不建议省略,不可为空字符串。
4.3.12 (gRPC) mode
对应 gRPC 的传输模式,目前有以下三种:
gun: 即原始的 gun 传输模式,将单个 []byte 封在 Protobuf 里通过 gRPC 发送(参考资料);multi: 即 Xray-Core 的 multiMode,将多组 []byte 封在一条 Protobuf 里通过 gRPC 发送;guna: 即通过使用自定义 Codec 的方式,直接将数据包封在 gRPC 里发送。(参考资料)
省略时默认为 gun,不可以为空字符串。
4.4 TLS 相关段
4.4.1 sni
TLS SNI,对应配置文件中的 serverName 项目。
省略时复用 remote-host,但不可以为空字符串。
4.4.2 alpn
TLS ALPN,对应配置文件中的 alpn 项目。
多个 ALPN 之间用英文逗号隔开,中间无空格。
省略时由内核决定具体行为,但不可以为空字符串。
必须使用 encodeURIComponent 转义。
4.4.3 allowInsecure
没有这个字段。不安全的节点,不适合分享。
4.4.4 (XTLS) flow
XTLS 的流控方式。可选值为 xtls-rprx-direct、xtls-rprx-splice 等。
若使用 XTLS,此项不可省略,否则无此项。此项不可为空字符串。
5 举例
# VMess + TCP,不加密(仅作示例,不安全)
vmess://[email protected]:31415?encryption=none#VMessTCPNaked
# VMess + TCP,自动选择加密。编程人员特别注意不是所有的 URL 都有问号,注意处理边缘情况。
vmess://[email protected]:9265#VMessTCPAuto
# VMess + TCP,手动选择加密
vmess://[email protected]:35897?encryption=aes-128-gcm#VMessTCPAES
# VMess + TCP + TLS,内层不加密
vmess://136ca332-f855-4b53-a7cc-d9b8[email protected]:9323?encryption=none&security=tls#VMessTCPTLSNaked
# VMess + TCP + TLS,内层也自动选择加密
vmess://[email protected]:8462?security=tls#VMessTCPTLS
# VMess + TCP + TLS,内层不加密,手动指定 SNI
vmess://[email protected]:64338?encryption=none&security=tls&sni=fastgit.org#VMessTCPTLSSNI
# VLESS + TCP + XTLS
vless://[email protected]:3279?security=xtls&flow=rprx-xtls-splice#VLESSTCPXTLSSplice
# VLESS + mKCP + Seed
vless://[email protected]:50288?type=kcp&seed=69f04be3-d64e-45a3-8550-af3172c63055#VLESSmKCPSeed
# VLESS + mKCP + Seed,伪装成 Wireguard
vless://[email protected]:41971?type=kcp&headerType=wireguard&seed=69f04be3-d64e-45a3-8550-af3172c63055#VLESSmKCPSeedWG
# VMess + WebSocket + TLS
vmess://[email protected]:6939?type=ws&security=tls&host=qv2ray.net&path=%2Fsomewhere#VMessWebSocketTLS
6 补充
6.1 2020/12/21 @rprx 关于 flow 选项的补充说明
https://github.com/XTLS/Xray-core/issues/91#issuecomment-748899964
-
-udp443系列属于客户端选项,不建议服务器下发,是否开启应由客户端决定。 -
splice的使用场景比较苛刻,目前要求入站“纯粹”、且运行在 Linux / Android 操作系统上。若不满足相关要求,客户端使用direct模式即可。
@DuckSoft 的唠叨:
- 目前
splice与否对服务器方面没有要求,服务器使用direct即可支持splice和direct。建议服务器下发direct,开启splice与否应由客户端自行决定。- 必须充分认识到,XTLS 仍处于实验性阶段,当前阶段分享链接的主要目标是方便 XTLS 节点的交换与传播,并不适用于机场大规模下发。分享链接标准的更新会紧跟 XTLS 的任何变化,在稳定版之前出现破坏性变更是大概率事件,请知悉。
enhancement
opened Dec 19, 2020 by DuckSoft 56
Open
如果ntp走了代理,本地xray client可以看到udp 123端口的ntp连入,但是服务器看不到相关log。
我确定客户端和服务器都没配置ntp相关的路由规则(包括直连也没配置)。
同时,使用发包工具测试发送122端口和124端口,客户端和服务器均可看到log,唯独123端口服务器没有log。
这是bug还是feature?
opened Jun 24, 2022 by xsm1997 4
Open
1、学习了源码,目前负载均衡的策略是random和leastping,leastping是使用http的get方法,考虑到一些服务器不允许提供http服务的场景,建议能支持类似tcping的方法,增强适用范围。 2、此外对检查各服务器delay的时机,是否可以使用单独的线程轮询更新,这样可以不影响每次实际通过代理的访问请求。
opened Jun 20, 2022 by 1887656 6
Open
上一张从官网截的一张图。具体疑问在图下方
-
如果我把domainStrategy 设置Asis, 根据官方配置文档里 ”内置 DNS 服务器“ 的介绍,Xray 是不再依赖DNS来路由数据的,这个和容易理解。
-
如果我把domainStrategy 设置为IPIfNonMatch, 配置文件里的DNS模块,是不是不需要 "domains": ["geosite:geolocation-!cn"] 或 "domains": ["geosite:cn"] 来限定是哪类域名就用哪个DNS来解析域名 或不需要"expectIPs": ["geoip:cn"] 之类的设置,即只需指定DNS IP, 这个路由策略表明在被匹配的域名与任何基于domain的规则都不匹配的情况下,将该域名解析成IP, 再用解析到的IP 去匹配基于IP的规则; 如果在第一轮基于域名的匹配规则都没匹配上,DNS解析的时候,就不应该指定: 假如该域名在 "domains": ["geosite:geolocation-!cn"] 里,就用 "address": "1.1.1.1", 去解析,否则没有意义了,因为Xray并不知道该域名是属于哪一类域名,否则在第一轮匹配的时候就能做出路由选择了。 可能是我理解的还不全面,存在错误,请帮忙指出不对的地方。
-
如果我把domainStrategy 设置为IPOnDemand, 意思是对任何域名,都需要先通过DNS来解析成IP,这时就可以指定:如果该域名如果在 "domains": ["geosite:geolocation-!cn"] 里,就用 "address": "1.1.1.1",去解析, 再用解析到的IP去匹配基于IP的路由规则,这样的话,路由模块是不是就没必要包含基于域名的路由规则? 还是说先判断路由模块里是否包含有基于IP的路由规则,如果有则所有域名必须解析成IP在进行IP规则匹配,如果没有,则不解析IP,直接通过域名规则去做路由选择。是这样理解吗?
总得来说,把domainStrategy 设置为IPOnDemand时,DNS模块指定domains 或 expectIPs 的参数才有意义, 设置为IPIfNonMatch 或Asis 时,DNS模块指定domains 或 expectIPs 的参数 是没有意义的, 设置为Asis 时,设置DNS模块是没有意义的。
可以这样理解吗?
opened Jun 19, 2022 by tlsalex 3
Open
1.4以后的版本不支持vmess+tcp了么,今天从1.3升级到1.5以后国内中转不能用了。入站用的vmess+tcp。 1.4 1.5都不行了。 是怎么回事呢
opened Jun 16, 2022 by fanbin8592 5
Open
v2rayNG 配置
{
"log": {
"loglevel": "info"
},
"dns": {
"hosts": {
"domain:googleapis.cn": "googleapis.com"
},
"servers": [
{
"address": "fakedns",
"domains": [
"geosite:cn"
]
},
"1.1.1.1",
{
"address": "223.5.5.5",
"domains": [
"geosite:cn"
],
"expectIPs": [
"geoip:cn"
]
}
],
"queryStrategy": "UseIPv4",
"disableFallback": true
},
"fakedns": [
{
"ipPool": "198.18.0.0/15",
"poolSize": 65535
}
],
"routing": {
"domainMatcher": "mph",
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"inboundTag": [
"dns-in"
],
"outboundTag": "dns-out",
"type": "field"
},
{
"outboundTag": "proxy",
"type": "field",
"domain": [
"geosite:geolocation-!cn"
]
},
{
"outboundTag": "direct",
"type": "field",
"domain": [
"geosite:cn"
]
},
{
"outboundTag": "proxy",
"type": "field",
"ip": [
"1.1.1.1"
]
},
{
"outboundTag": "direct",
"type": "field",
"ip": [
"223.5.5.5",
"geoip:cn",
"geoip:private"
]
}
]
},
"inbounds": [
{
"tag": "socks",
"protocol": "socks",
"listen": "127.0.0.1",
"port": 10808,
"settings": {
"auth": "noauth",
"udp": true
},
"streamSettings": {
"network": "tcp",
"security": "none"
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"fakedns"
],
"metadataOnly": false
},
"allocate": {
"strategy": "always"
}
},
{
"tag": "http",
"protocol": "http",
"listen": "127.0.0.1",
"port": 10809,
"settings": {
"allowTransparent": false
},
"streamSettings": {
"network": "tcp",
"security": "none"
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls",
"fakedns"
],
"metadataOnly": false
},
"allocate": {
"strategy": "always"
}
},
{
"listen": "127.0.0.1",
"port": 10853,
"protocol": "dokodemo-door",
"settings": {
"address": "1.1.1.1",
"network": "tcp,udp",
"port": 53
},
"tag": "dns-in"
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "shadowsocks",
"settings": {
"servers": [
{
"address": "ip",
"port": 12345,
"method": "2022-blake3-aes-128-gcm",
"password": "12345"
}
]
},
"streamSettings": {
"network": "tcp",
"security": "none"
},
"mux": {
"enabled": false,
"concurrency": -1
}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv4"
}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {}
},
{
"tag": "dns-out",
"protocol": "dns",
"proxySettings": {
"tag": "proxy"
}
}
]
}
大多数网站都正常 但是目前发现两个不能访问
06-12 15:47:00.093 I/GoLog ( 3178): [Info] [3259104860] proxy/socks: TCP Connect request to tcp:198.19.90.108:443
06-12 15:47:00.094 I/GoLog ( 3178): [Info] [3259104860] app/dispatcher: fake dns got domain: ttpc.asia for ip: 198.19.90.108
06-12 15:47:00.094 I/GoLog ( 3178): [Info] [3259104860] app/dispatcher: sniffed domain: ttpc.asia
06-12 15:47:00.094 I/GoLog ( 3178): [Info] features/routing/dns: resolve ip for ttpc.asia > app/dns: returning nil for domain ttpc.asia
06-12 15:47:00.094 I/GoLog ( 3178): [Info] features/routing/dns: resolve ip for ttpc.asia > app/dns: returning nil for domain ttpc.asia
06-12 15:47:00.094 I/GoLog ( 3178): [Info] [3259104860] app/dispatcher: default route for tcp:ttpc.asia:443
06-12 15:47:00.094 I/GoLog ( 3178): [Info] [3259104860] proxy/shadowsocks_2022: tunneling request to tcp:ttpc.asia:443 via ip:12345
还有一个 llxx.cc 也是一样的情况 那个default route不知道是什么 可能是没有匹配到任何规则 就默认走proxy?服务端配置了ipifnonmatch屏蔽geoip:cn 所以无法访问 但把"disableFallback": true 改成 false就正常走direct
opened Jun 12, 2022 by GeorgeRudd 0
Open
系统配置
Esxi虚拟机 Intel(R) Xeon(R) CPU E5-2689 0 @ 2.60GHz 1G RAM
Linux ubnt.cmdschool.org 4.19.0-20-amd64 #1 SMP Debian 4.19.235-1 (2022-03-17) x86_64 GNU/Linux
DNS服务器使用主网关的
- 你正在使用哪个版本的 XRay?(如果服务器和客户端使用了不同版本,请注明)
● xray.service - Xray Service Loaded: loaded (/etc/systemd/system/xray.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/xray.service.d └─10-donot_touch_single_conf.conf Active: active (running) since Sun 2022-06-05 16:14:52 EDT; 7s ago Docs: https://github.com/xtls Main PID: 19121 (xray) Tasks: 9 (limit: 1147) Memory: 41.9M CGroup: /system.slice/xray.service └─19121 /usr/local/bin/xray run -config /usr/local/etc/xray/config.json
Jun 05 16:14:52 ubnt.cmdschool.org systemd[1]: Started Xray Service. Jun 05 16:14:52 ubnt.cmdschool.org xray[19121]: Xray 1.5.5 (Xray, Penetrates Everything.) Custom (go1.18.1 linux/amd64) Jun 05 16:14:52 ubnt.cmdschool.org xray[19121]: A unified platform for anti-censorship. Jun 05 16:14:52 ubnt.cmdschool.org xray[19121]: 2022/06/05 16:14:52 [Info] infra/conf/serial: Reading config: /usr/local/etc/xray/config.json
- 你的使用场景是什么?比如使用 Chrome 通过 Socks/VMess 代理观看 YouTube 视频。
家用透明代理无缝访问各个地区资源
- 你看到的不正常的现象是什么?(请描述具体现象,比如访问超时,TLS 证书错误等)
CPU占用率长期接近满,CPU从1核心加到4核情况都复现 已经参照https://github.com/v2ray/v2ray-core/issues/2621 增加 iptables -t mangle -A V2RAY -j RETURN -m mark --mark 0xff CPU占用率依然居高不下
-
你期待看到的正确表现是怎样的?
-
请附上你的配置(提交 Issue 前请隐藏服务器端IP地址)。
服务器端配置:
{
"log": {
"loglevel": "warning",
"access": "/var/log/xray/access.log",
"error": "/var/log/xray/error.log"
},
"routing": {
"domainStrategy": "IPOnDemand",
"rules": [
{
"type": "field",
"inboundTag": "vless",
"outboundTag": "direct"
},
{ // 直连 123 端口 UDP 流量(NTP 协议)
"type": "field",
"inboundTag": [
"transparent"
],
"port": 123,
"network": "udp",
"outboundTag": "direct"
},
{ // 劫持 53 端口 UDP 流量,使用 V2Ray 的 DNS
"type": "field",
"inboundTag": [
"transparent"
],
"port": 53,
"network": "udp",
"outboundTag": "dns-out"
},
{
"type": "field",
"inboundtag": [
"transparent"
],
"outboundTag": "US_LA",
"domain": [
"geosite:spotify",
"geosite:hbo",
"geosite:netflix",
"geosite:steam",
"geosite:amazon"
]
},
{
"type": "field",
"inboundtag": [
"transparent"
],
"outboundTag": "US_IV",
"domain": [
"geosite:hulu"
]
},
{
"type": "field",
"inboundtag": [
"transparent"
],
"outboundTag": "CN_GZ",
"domain": [
"geosite:bilibili",
"geosite:iqiyi",
"geosite:youku",
"geosite:umeng",
"geosite:aliyun",
"domain:speedtest.cn",
"vv.video.qq.com",
"domain:nos.netease.com",
"domain:music.163.com",
"domain:music.126.net",
"domain:music.qq.com",
"domain:qqmusic.qq.com",
"domain:tencentmusic.com"
]
},
{
"type": "field",
"domain": [
"geosite:category-ads-all"
],
"outboundTag": "block"
},
{
"type": "field",
"protocol": [
"bittorrent"
],
"outboundTag": "direct"
}
]
},
"inbounds": [
{
"tag": "transparent",
"protocol": "dokodemo-door",
"port": *,
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy",
"mark": 255
}
}
},
{
"tag": "vless",
"protocol": "vless",
"port": 443,
"settings": {
"clients": [
{
"id": "*",
"flow": "xtls-rprx-direct",
"level": 0
}
],
"decryption": "none",
"fallbacks": [
{
"dest": "/dev/shm/default.sock",
"xver": 1
},
{
"alpn": "h2",
"dest": "/dev/shm/h2c.sock",
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"allowInsecure": false,
"alpn": [
"h2",
"http/1.1"
],
"certificates": [
{
"certificateFile": "*",
"keyFile": "*"
}
]
}
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"streamSettings": {
"sockopt": {
"mark": 255
}
}
}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
}
},
{
"tag": "dns-out",
"protocol": "dns",
"streamSettings": {
"sockopt": {
"mark": 255
}
}
},
{
"tag": "US_LA",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "*",
"port": 443,
"users": [
{
"email": "[email protected]",
"id": "*",
"flow": "xtls-rprx-direct",
"encryption": "none",
"level": 0
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "*",
"sockopt": {
"mark": 255
}
}
}
},
{
"tag": "US_IV",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "*",
"port": 443,
"users": [
{
"email": "[email protected]",
"id": "*",
"flow": "xtls-rprx-direct",
"encryption": "none",
"level": 0
}
]
}
]
},
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"serverName": "domain"
},
"streamSettings": {
"sockopt": {
"mark": 255
}
}
},
{
"tag": "CN_GZ",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "*",
"port": *,
"users": [
{
"id": "*",
"encryption": "none",
"level": 0
}
]
}
]
},
"streamSettings": {
"sockopt": {
"mark": 255
}
}
}
]
}
客户端配置:
// 在这里附上客户端配置
- 请附上出错时软件输出的错误日志。在 Linux 中,日志通常在
/var/log/v2ray/error.log文件中。
服务器端错误日志:
2022/06/04 16:27:51 [Warning] [2289254030] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [dial tcp *: operation was canceled dial tcp: operation was canceled] > common/retry: all retry attempts failed
- 请附上访问日志。在 Linux 中,日志通常在
/var/log/v2ray/access.log文件中。
无可见异常
- 其它相关的配置文件(如 Nginx)和相关日志。
Iptables
设置策略路由
ip rule add fwmark 1 table 100 ip route add local 0.0.0.0/0 dev lo table 100
代理局域网设备
iptables -t mangle -N V2RAY iptables -t mangle -A V2RAY -d 127.0.0.1/32 -j RETURN iptables -t mangle -A V2RAY -d 224.0.0.0/4 -j RETURN iptables -t mangle -A V2RAY -d 255.255.255.255/32 -j RETURN iptables -t mangle -A V2RAY -d * -p tcp -j RETURN # 直连局域网,避免 V2Ray 无法启动时无法连网关的 SSH,如果你配置的是其他网段(如 10.x.x.x 等),则修改成自己的 iptables -t mangle -A V2RAY -d * -p udp ! --dport 53 -j RETURN # 直连局域网,53 端口除外(因为要使用 V2Ray 的 iptables -t mangle -A V2RAY -p udp -j TPROXY --on-port *--tproxy-mark 1 # 给 UDP 打标记 1,转发至 12345 端口 iptables -t mangle -A V2RAY -p tcp -j TPROXY --on-port *--tproxy-mark 1 # 给 TCP 打标记 1,转发至 12345 端口 iptables -t mangle -A PREROUTING -j V2RAY # 应用规则
opened Jun 5, 2022 by edisonleung1 0
Contents
Share this repo
Related Repos
4
tkrzw Fast Persistent KeyValue Storage. Wrapper for Tkrzw Installation Add this to your application's shard.yml: dependencies:
tkrzw:
github: ko
4.2k
Native port of Redis for Windows. Redis is an in-memory database that persists on disk. The data model is key-value, but many different kind of values are supported: Strings, Lists, Sets, Sorted Sets, Hashes, Streams, HyperLogLogs. This repository contains unofficial port of Redis to Windows.
873
pgRouting - Routing on PostgreSQL Branches The master branch has the development of the next micro release The develop branch has the development of t
7
MSS Magnetic Storage System Purpose : Simple method to organize things off all sizes. Modular containers snap into position with tiny magnets. Feature
17
Хранилище тредов Ссылка на мой твиттер: ValeriiZhyla Все документы с тредами в этом репозитории созданы с помощью ThreadReaderApp GitHub не очень силе
24
meta-list This library provides a bunch of consteval toolsets to do metaprogramming, and provides the pipeline syntactic sugar for function combinatio
23
meta-value-list This library provides a bunch of consteval toolsets to do metaprogramming, and provides the pipeline syntactic sugar for function comb
13
KV Store 🗄️ Redis based Config or Settings key-value store with GUI. Manages your frequently changed env vars without any deployment. Generates Pytho
1.6k
TerarkDB is a RocksDB replacement with optimized tail latency, throughput and compression etc. In most cases you can migirate your existing RocksDB instance to TerarkDB without any drawbacks.
2.4k
Tendis is a high-performance distributed storage system which is fully compatible with the Redis protocol. It uses RocksDB as the storage engine, and all data is stored to disks through RocksDB. Users can access Tendis using a Redis client, and the application hardly needs to be changed. In addition, Tendis supports storage capacity far exceeding memory, which can greatly reduce user storage costs.
57
Uses homomorphic encryption, so the server can’t read data or queries. Powered by HElib and follows the Redis protocol.
694
Redis memory profiler to find the RAM bottlenecks throw scaning key space in real time and aggregate RAM usage statistic by patterns.
149
X-ray X-ray, Penetrate GFWs. The best v2ray-core, with XTLS support. Automatically patch and compile by GitHub Actions, fully compatible configuration
20
nimdbx An extremely fast persistent key-value store for the Nim language, based on the amazing MDBX library. NimDBX just maps arbitrary keys to values
292
An optimized and cryptographically provable key-value store. Written in C.