vless+tls+ws

[karafen]

Hi guys! Recently there was a problem with connecting the xray vless+tls+ws cloudflare cdn on all clients is this error:

[Warning] [3963568036] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://xxxx.info/xxxx/): > read tcp 192.168.0.230:51605->188.114.99.160:443: wsarecv: An existing connection was forcibly closed by the remote host. transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://xxxx.info/xxxx/): > read tcp 192.168.0.230:51606->188.114.99.160:443: wsarecv: An existing connection was forcibly closed by the remote host. transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://xxxx.info/xxxx/): > read tcp 192.168.0.230:51608->188.114.99.160:443: wsarecv: An existing connection was forcibly closed by the remote host. transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://xxxx.info/xxxx/): > read tcp 192.168.0.230:51613->188.114.99.160:443: wsarecv: An existing connection was forcibly closed by the remote host. transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://xxxx.info/xxxx/): > read tcp 192.168.0.230:51619->188.114.99.160:443: wsarecv: An existing connection was forcibly closed by the remote host.] > common/retry: all retry attempts failed.

`server config:

{
"log": {
"access": "/var/log/xray/access.log",
"error": "/var/log/xray/error.log",
"loglevel": "warning"
},
"inbounds": [
{
"port": 20712,
"listen": "127.0.0.1",
"tag": "VLESS-in",
"protocol": "VLESS",
"settings": {
"clients": [
{
"id": "my-u-u-i-d",
"alterId": 0
}
],
"decryption": "none"
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/xxxx/"
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {},
"tag": "direct"
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
],
"dns": {
"servers": [
"https+local://1.1.1.1/dns-query",
"1.1.1.1",
"1.0.0.1",
"8.8.8.8",
"8.8.4.4",
"localhost"
]
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"inboundTag": [
"VLESS-in"
],
"outboundTag": "direct"
}
]
}
}

client config:

{
"log": {
"access": "",
"error": "",
"loglevel": "warning"
},
"inbounds": [
{
"tag": "socks",
"port": 10808,
"listen": "127.0.0.1",
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"allowTransparent": false
}
},
{
"tag": "http",
"port": 10809,
"listen": "127.0.0.1",
"protocol": "http",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"allowTransparent": false
}
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "akkl.info",
"port": 443,
"users": [
{
"id": "my-u-u-i-d",
"alterId": 0,
"email": "t@t.tt",
"security": "auto",
"encryption": "none",
"flow": ""
}
]
}
]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"tlsSettings": {
"allowInsecure": false,
"serverName": "xxxx.info"
},
"wsSettings": {
"path": "/xxxx/",
"headers": {
"Host": "xxxx.info"
}
}
},
"mux": {
"enabled": false,
"concurrency": -1
}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
}
}
],
"routing": {
"domainStrategy": "IPIfNonMatch",
"domainMatcher": "linear",
"rules": [
{
"type": "field",
"inboundTag": [
"api"
],
"outboundTag": "api",
"enabled": true
},
{
"type": "field",
"outboundTag": "proxy",
"domain": [
"geosite:google"
],
"enabled": true
},
{
"type": "field",
"outboundTag": "direct",
"domain": [
"geosite:cn"
],
"enabled": true
},
{
"type": "field",
"outboundTag": "direct",
"ip": [
"geoip:private",
"geoip:cn"
],
"enabled": true
},
{
"type": "field",
"outboundTag": "block",
"domain": [
"geosite:category-ads-all"
],
"enabled": true
}
]
}
}

nginx config

   server {
listen 443 ssl http2;
listen [::]:443 http2;
    ssl_certificate       /ssl/xray.crt;
    ssl_certificate_key   /ssl/xray.key;
    ssl_protocols         TLSv1.2 TLSv1.3;
    ssl_ecdh_curve        X25519:P-256:P-384:P-521;
    server_name           xxxx.info;
    index index.html index.htm;
    root  /www/xray_web;
    error_page 400 = /400.html;
    if ($host !~ ^(xxxx.info|www.xxxx.info)$ ) {return 444;}

    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security "max-age=63072000" always;

location /xxxx/
    {
        proxy_redirect off;
proxy_pass http://127.0.0.1:20712;
        proxy_http_version 1.1;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
    }

}
server {
listen 80;
listen [::]:80;
server_name xxxx.info;
return 301 https://$http_host$request_uri;
}
`

[ghost]

What is the Cloudflare Proxy status for xxxx.info?

What is the Cloudflare SSL/TLS encryption mode for xxxx.info?

[karafen]

What is the Cloudflare Proxy status for xxxx.info?

What is the Cloudflare SSL/TLS encryption mode for xxxx.info?
Cloudflare Proxy status for xxxx.info = ON Cloudflare **SSL/TLS** encryption mode for xxxx.info = FULL(strict)

But even if the cloudflare proxy status is off in dns-only mode, the error is similar. Vless+tls+ws configuration works only with the shadowrocket iOS client if you switch the TUNNEL-TCP-TLS mode to the network position (TLS 1.3/At least iOS 12/Faster/Higher Memory.), but the android and luci-app-passwall OpenWrt clients don't have this option to switch mode so these clients don't work with vless+tls+ws
((

[54601]

I have the same problem, any idea how to fix them?