Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fallback对shadowsocks以及xtls的支持 #291

Closed
vangork opened this issue Feb 22, 2021 · 5 comments
Closed

fallback对shadowsocks以及xtls的支持 #291

vangork opened this issue Feb 22, 2021 · 5 comments
Labels
documentation Improvements or additions to documentation

Comments

@vangork
Copy link

vangork commented Feb 22, 2021

测试下来,fallback似乎无法对shadowsocks+tls进行sni分流,以及vless fallback 到trojan后使用xtls连接trojan。希望得到确认。

服务端配置如下:

"inbounds": [
	{
		"port": 443,
		"protocol": "vless",
		"settings": {
			"clients": [
				{
					"id": "", 
					"flow": "xtls-rprx-direct",
					"level": 0,
					"email": "love@example.com"
				}
			],
			"decryption": "none",
			"fallbacks": [
				{
					"dest": 8888, // 默认回落到 Xray 的 Trojan 协议
					"xver": 1
				},
				{
					"name": "domain2.com", // shadowsocks
					"dest": 9999,
					"xver": 1
				}
			]
		},
		"streamSettings": {
			"network": "tcp",
			"security": "xtls",
			"xtlsSettings": {
				"alpn": [
                                       "h2",
					"http/1.1"
				],
				"certificates": [
					{
						"certificateFile": "/path/to/fullchain.crt", // 证书同时包含domain1.com以及domain2.com
						"keyFile": "/path/to/private.key" 
					}
				]
			}
		}
	},
	{
		"port": 8888,
		"listen": "127.0.0.1",
		"protocol": "trojan",
		"settings": {
			"clients": [
				{
					"password": "", 
					"level": 0,
					"email": "love@example.com"
				}
			],
			"fallbacks": [
				{
					"dest": 80 // 或者回落到其它也防探测的代理
				}
			]
		},
		"streamSettings": {
			"network": "tcp",
			"security": "none",
			"tcpSettings": {
				"acceptProxyProtocol": true
			}
		}
	},
	{
		"port": 9999,
		"protocol": "shadowsocks",
		"settings": {
			"clients": [
				{
					"password": "example_user_1",
					"method": "aes-128-gcm"
				}
			],
			"network": "tcp,udp"
		}
	}
],

客户端使用shadowsocks +tls连接,服务端的日志报错如下:

rejected proxy/shadowsocks: failed to read address > cipher: message authentication failed

客户端config如下:

"outbounds": [
	{
		"protocol": "shadowsocks",
		"settings": {
			"servers": [
				{
					"address": "domain2.com",
					"port": 443,
					"password": "example_user_1",
					"method": "aes-128-gcm"
				}
			]
		},
		"streamSettings": {
			"network": "tcp",
			"security": "tls"
		}
	}
]

客户端使用trojan + xtls连接,服务端的日志报错如下:

app/proxyman/inbound: connection ends > proxy/trojan: failed to use xtls-rprx-direct, maybe "security" is not "xtls"

客户端config如下:

"outbounds": [
	{
		"protocol": "trojan",
		"settings": {
			"servers": [
				{
					"address": "domain1.com", 
					"port": 443,
					"password": "",
                                        "flow": "xtls-rprx-direct"
				}
			]
		},
		"streamSettings": {
			"network": "tcp",
			"security": "xtls"
		}
	}
]
@vangork vangork changed the title fallback对shadowsocks以及xtls fallback对shadowsocks以及xtls的支持 Feb 22, 2021
@GleenJi
Copy link

GleenJi commented Feb 22, 2021

借此,想问问,有没有办法在不使用sni的情况下vless+fallback或者trojan+fallback:
1。默认回落80 http端口
2。同时还可以回落到正常的shadowsocks协议(不是ss+ws+tls)

@AkinoKaede
Copy link
Contributor

AkinoKaede commented Feb 22, 2021

Shadowsocks 的 UDP 流量是不走 Plugin 的,所以不推荐回落,这个先等 SIP003u 完成了再讨论。
目前回落的 Trojan 是不支持 XTLS 的

@ghost
Copy link

ghost commented Feb 23, 2021

"xver": 1

请检查shadowsocks入站是否打开了acceptProxyProtocol

@GleenJi
Copy link

GleenJi commented Feb 23, 2021

"xver": 1

请检查shadowsocks入站是否打开了acceptProxyProtocol

这个东西是什么,感觉加不加没啥用😂我是vless+xtls fallcak到ss+ws+tls,不加也没为什么问题

@RPRX
Copy link
Member

RPRX commented Feb 24, 2021

@vangork

  1. Shadowsocks 入站没写 "acceptProxyProtocol": true
  2. VLESS XTLS 回落到 Trojan,目前无法用 Trojan XTLS 连接

@GleenJi

  1. PROXY protocol 用于传递真实 IP、端口,请先阅读文档
  2. 未知流量与 TLS 流量同端口是明显特征,应使用其它端口

@RPRX RPRX closed this as completed Feb 24, 2021
@RPRX RPRX added the documentation Improvements or additions to documentation label Feb 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
documentation Improvements or additions to documentation
Projects
None yet
Development

No branches or pull requests

4 participants