REALITY 配置问题, 两边服务都能跑起来,但是服务端一直拒绝连接

[picklefan]

搞了一下午要崩溃了,大佬能帮看下问题在哪吗

服务端日志error.log

2023/02/19 04:32:19 [Info] transport/internet/tcp: REALITY: processed invalid connection
2023/02/19 04:32:20 [Info] transport/internet/tcp: REALITY: processed invalid connection
2023/02/19 04:32:20 [Info] transport/internet/tcp: REALITY: processed invalid connection
2023/02/19 04:32:20 [Info] transport/internet/tcp: REALITY: processed invalid connection
2023/02/19 04:32:20 [Info] transport/internet/tcp: REALITY: processed invalid connection
2023/02/19 04:32:20 [Info] transport/internet/tcp: REALITY: processed invalid connection
2023/02/19 04:32:20 [Info] transport/internet/tcp: REALITY: processed invalid connection
2023/02/19 04:32:20 [Info] transport/internet/tcp: REALITY: processed invalid connection

客户端日志error.log

(aaa.bbb.ccc是我vps地址,我替换掉了)

[Info] [2737532523] transport/internet/tcp: dialing TCP to tcp:aaa.bbb.ccc.kfc:443
2023/02/19 01:32:17 [Debug] transport/internet: dialing to tcp:aaa.bbb.ccc.kfc:443
2023/02/19 01:32:17 [Info] [2581654025] transport/internet/tcp: dialing TCP to tcp:aaa.bbb.ccc.kfc:443
2023/02/19 01:32:17 [Debug] transport/internet: dialing to tcp:aaa.bbb.ccc.kfc:443
2023/02/19 01:32:18 [Info] [89749494] transport/internet/tcp: dialing TCP to tcp:aaa.bbb.ccc.kfc:443
2023/02/19 01:32:18 [Debug] transport/internet: dialing to tcp:aaa.bbb.ccc.kfc:443
2023/02/19 01:32:18 [Warning] [2737532523] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [REALITY: processed invalid connection dial tcp aaa.bbb.ccc.kfc:443: operation was canceled] > common/retry: all retry attempts failed
2023/02/19 01:32:18 [Warning] [2581654025] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [REALITY: processed invalid connection dial tcp aaa.bbb.ccc.kfc:443: operation was canceled] > common/retry: all retry attempts failed
2023/02/19 01:32:18 [Warning] [89749494] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [REALITY: processed invalid connection dial tcp aaa.bbb.ccc.kfc:443: operation was canceled] > common/retry: all retry attempts failed

客户端xray配置

(客户端原来是透明代理,为了排查把iptables删了,xray只有一个socks5入口)

{
    "tag": "proxy",
    "protocol": "vless",
    "settings": {
      "vnext": [
        {
          "address": "aaa.bbb.ccc.ddd",
          "port": 443,
          "users": [
            {
              "id": "2a0e7d41-6380-4f7b-96f9-cf754eb6a212",
              "encryption": "none",
              "flow": "xtls-rprx-vision"
            }
          ]
        }
      ]
    },
    "streamSettings": {
      "network": "tcp",
      "security": "reality",
      "sockopt": {
        "mark": 2 
      },
      "realitySettings": {
        "publicKey": "aLJ0ChrV9Y3UKK9dHN1pcwsymfFjheY-3e-8OLsuFyw",
        "shortIds": [""],
        "serverNames": ["www.microsoft.com"],
        "fingerprint": "randomized"
        //"spiderX": "/"
      }
    }
  }

服务端配置

(key是用xray x25519生成的,shortID不知道是什么,客户端不填/8字节/8byte的string都试过了,服务端errorlog一模一样,servername也换过很多了,Dest是抓的serverName的ip填的)

"inbounds": [
        {
            "tag": "VLESS-TCP-Reality",
            "protocol": "vless",
            "listen":"0.0.0.0",
            "port":443,
            "settings": {
                "client":{
                    "id": "2a0e7d41-6380-4f7b-96f9-cf754eb6a212",
                    "flow": "xtls-rprx-vision"
                },
                "decryption": "none"
            },
            "streamSettings": {
              "network": "tcp",
              "security": "reality",
              "realitySettings": {
                "show": false,
                "privateKey":"R6xEek-WTsP90wyi8X1uhkjVscuqY5bf9jOEqCOPV6k",
                "shortIds": ["7788"],
                "Dest": "23.35.196.245:443",
                "type": "tcp",
                "serverNames": ["www.microsoft.com"]
                //"fingerprint": "randomized",
                //"spiderX": "/"
              }
            }
          }
    ],

[limetw]

乖，r佬知道你是在疯狂暗示。

[picklefan]

我不是啊,我这个配置真的一直这样连不上,你是不是也觉得我配置没问题. 那我重启一下vps看看

[wyx2685]

shortID写个8位的两边写一样

[ReAllTh]

其实我也一直不明白服务端 realitySettings 里面那个 Dest 该填什么...

[picklefan]

shortID写个8位的两边写一样

试过了,没有用,77889912这种试过很多

[picklefan]

其实我也一直不明白服务端 realitySettings 里面那个 Dest 该填什么...

我一直以为是serverName里面的一个ip, 所以我都是本地dig一下,然后选一个

[o0HalfLife0o]

客户端用shortId serverName，没有s，值是字符串，shortid是8位或16位字母数字

[csryt]

@o0HalfLife0o 看服务端报错，我测试的时候乱用字符串服务端会报错的。

[csryt]

@o0HalfLife0o 印象中是得八位数字

[picklefan]

客户端用shortId serverName，没有s，值是字符串，shortid是8位或16位字母数字

真的, 改了之后, 服务端终于有access log了, 不过我的配置似乎还是有点问题,目前报错

2023/02/19 05:45:53 [Info] [3433587326] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:14171 > proxy/vless/encoding: invalid request user id
2023/02/19 05:45:53 [Info] [110563686] proxy/vless/inbound: firstLen = 149
2023/02/19 05:45:53 [Info] [110563686] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:14172 > proxy/vless/encoding: invalid request user id
2023/02/19 05:45:54 [Info] [2356926536] proxy/vless/inbound: firstLen = 315
2023/02/19 05:45:54 [Info] [2356926536] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:14174 > proxy/vless/encoding: invalid request user id
2023/02/19 05:45:54 [Info] [2972372293] proxy/vless/inbound: firstLen = 532
2023/02/19 05:45:54 [Info] [2972372293] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:14177 > proxy/vless/encoding: invalid request user id
2023/02/19 05:45:54 [Info] [3493429218] proxy/vless/inbound: firstLen = 313
2023/02/19 05:45:54 [Info] [3493429218] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:14175 > proxy/vless/encoding: invalid request user id
2023/02/19 05:45:54 [Info] [3890738642] proxy/vless/inbound: firstLen = 201
2023/02/19 05:45:54 [Info] [3890738642] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:14176 > proxy/vless/encoding: invalid request user id

我再看看, 配置成功了我把配置发上来参考

[cross-hello]

shortid maybe should be set to eight-byte.

[picklefan]

shortid maybe should be set to eight-byte.

I did, on both client and server like this "shortId": "9F3A2B4C5D6E7F80",, still nothing changed in the error log which says:

2023/02/19 06:16:42 [Info] [4096422307] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:17124 > proxy/vless/encoding: invalid request user id
2023/02/19 06:16:43 [Info] [1835208278] proxy/vless/inbound: firstLen = 540
2023/02/19 06:16:43 [Info] [1835208278] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:17127 > proxy/vless/encoding: invalid request user id
2023/02/19 06:16:43 [Info] [713352930] proxy/vless/inbound: firstLen = 213
2023/02/19 06:16:43 [Info] [713352930] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:17126 > proxy/vless/encoding: invalid request user id
2023/02/19 06:16:44 [Info] [301853249] proxy/vless/inbound: firstLen = 347
2023/02/19 06:16:44 [Info] [301853249] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:17128 > proxy/vless/encoding: invalid request user id
2023/02/19 06:16:44 [Info] [3590958526] proxy/vless/inbound: firstLen = 1186
2023/02/19 06:16:44 [Info] [3590958526] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:17129 > proxy/vless/encoding: invalid request user id

跟uuid没关系也没关系,这个报错不知道是什么

[cross-hello]

Are you sure

*"9F3A2B4C5D6E7F80"* is eight-bytes?

🤭

Feb 19, 2023 19:28:06 picklefan ***@***.***>:

…

shortid maybe should be set to eight-byte. [https://user-images.githubusercontent.com/42733664/219943703-45736658-39a7-4b7a-8f6a-33aa649a0be3.png][Screenshot_2023_0219_185559][https://user-images.githubusercontent.com/42733664/219943703-45736658-39a7-4b7a-8f6a-33aa649a0be3.png] I did, on both client and server like this *"shortId": "9F3A2B4C5D6E7F80",*, still nothing changed in the error log which says: *2023/02/19 06:16:42 [Info] [4096422307] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:17124 > proxy/vless/encoding: invalid request user id 2023/02/19 06:16:43 [Info] [1835208278] proxy/vless/inbound: firstLen = 540 2023/02/19 06:16:43 [Info] [1835208278] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:17127 > proxy/vless/encoding: invalid request user id 2023/02/19 06:16:43 [Info] [713352930] proxy/vless/inbound: firstLen = 213 2023/02/19 06:16:43 [Info] [713352930] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:17126 > proxy/vless/encoding: invalid request user id 2023/02/19 06:16:44 [Info] [301853249] proxy/vless/inbound: firstLen = 347 2023/02/19 06:16:44 [Info] [301853249] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:17128 > proxy/vless/encoding: invalid request user id 2023/02/19 06:16:44 [Info] [3590958526] proxy/vless/inbound: firstLen = 1186 2023/02/19 06:16:44 [Info] [3590958526] app/proxyman/inbound: connection ends > proxy/vless/inbound: invalid request from 117.28.183.93:17129 > proxy/vless/encoding: invalid request user id * 跟uuid没关系也没关系,这个报错不知道是什么 — Reply to this email directly, view it on GitHub[#1675 (comment)], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AKGBAYD4HWHVXV7U3MYQNS3WYH7ULANCNFSM6AAAAAAVA35X7M]. You are receiving this because you commented.[Tracking image][https://github.com/notifications/beacon/AKGBAYBKUNVO2SBMCCN6EB3WYH7ULA5CNFSM6AAAAAAVA35X7OWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTSVS4GU4.gif]

[wyx2685]

你这个报错是vless的配置有问题，和reality没关系
"settings": {
"clients":[{
"id": "2a0e7d41-6380-4f7b-96f9-cf754eb6a212",
"flow": "xtls-rprx-vision"
}],
"decryption": "none"
}

[xianren78]

你这个报错是vless的配置有问题，和reality没关系 "settings": { "clients":[{ "id": "2a0e7d41-6380-4f7b-96f9-cf754eb6a212", "flow": "xtls-rprx-vision" }], "decryption": "none" }

client --> clients

[ixxmu]

这是新特性泄漏啊

[picklefan]

破案了,破案了,感谢大家的帮助!

问题主要是由server和client 两边配置语法问题导致的,server端都是加s,而且用的array[ " "],

客户端都是直接string" "

比如"shortIds": [" "], "shortId":" "

我的REALITY成功配置运行,斜面贴下我的配置:

客户端

{
    "tag": "proxy",
    "protocol": "vless",
    "settings": {
      "vnext": [
        {
          "address": "your_vps_ip",
          "port": 443,
          "users": [
            {
              "id": "6d0ddb31-ee86-4ba2-875a-b81d0f6f8efc",
              "encryption": "none",
              "flow": "xtls-rprx-vision"
            }
          ]
        }
      ]
    },
    "streamSettings": {
      "network": "tcp",
      "security": "reality",
      "sockopt": {
        "mark": 2 
      },
      "realitySettings": {
        "publicKey": "aLJ0ChrV9Y3UKK9dHN1pcwsymfFjheY-3e-8OLsuFyw",
        "shortId": "3f4d573ec4ce481c",
        "serverName": "www.microsoft.com",
        "fingerprint": "randomized"
        //"spiderX": "/"
      }
    }
  }

服务端

 "inbounds": [
        {
            "tag": "VLESS-TCP-Reality",
            "protocol": "vless",
            "listen":"0.0.0.0",
            "port":443,
            "settings": {
                "clients":[{
                    "id": "6d0ddb31-ee86-4ba2-875a-b81d0f6f8efc",
                    "flow": "xtls-rprx-vision"
                }],
                "decryption": "none"
            },
            "streamSettings": {
              "network": "tcp",
              "security": "reality",
              "realitySettings": {
                "show": false,
                "privateKey":"R6xEek-WTsP90wyi8X1uhkjVscuqY5bf9jOEqCOPV6k",
                "shortIds": ["3f4d573ec4ce481c"],
                "Dest": "23.35.196.245:443",
                "type": "tcp",
                "serverNames": ["www.microsoft.com"]
                //"fingerprint": "randomized",
                //"spiderX": "/"
              }
            }
          }
    ],

[picklefan]

你这个报错是vless的配置有问题，和reality没关系 "settings": { "clients":[{ "id": "2a0e7d41-6380-4f7b-96f9-cf754eb6a212", "flow": "xtls-rprx-vision" }], "decryption": "none" }

client --> clients

没错,抄的配置,我以前也不会注意这个,确实是这个问题,谢谢

[Nirvanatin]

可以请你列出每个步骤吗？请问你用的是那个客户软件？

[ggomo8]

您好，小白弱弱的问下，请问xray x25519是咋生成key的？

[chika0801]

您好，小白弱弱的问下，请问xray x25519是咋生成key的？

https://github.com/chika0801/Xray-examples/blob/main/VLESS-XTLS-uTLS-REALITY/README.md
下载内测的core替换175版本，ssh连上vps直接打
xray x25519 就行了（替换后重启下vps或xray程序）

[ggomo8]

您好，小白弱弱的问下，请问xray x25519是咋生成key的？

https://github.com/chika0801/Xray-examples/blob/main/VLESS-XTLS-uTLS-REALITY/README.md 下载内测的core替换175版本，ssh连上vps直接打 xray x25519 就行了（替换后重启下vps或xray程序）

多谢大佬！

[abcjeff]

请问你的服务端配置中的 "Dest": "23.35.196.245:443", 这一行是什么意思，需要照抄吗，这个地址的意思是什么？

[picklefan]

https://xtls.github.io/config/transport.html#realityobject

https://github.com/XTLS/REALITY#vless-xtls-utls-reality-example-for-xray-core-%E4%B8%AD%E6%96%87

[picklefan]

请问你的服务端配置中的 "Dest": "23.35.196.245:443", 这一行是什么意思，需要照抄吗，这个地址的意思是什么？

在我上面的配置里

"Dest": "23.35.196.245:443" 的意思是 www.microsoft.com 其中一个IP地址，可以通过 nslookup www.microsoft.com 或者 dig www.microsoft.com 查询，dest 不必须为IP, 以上的第一个连接里面有解释

[abcjeff]

请问你的服务端配置中的 "Dest": "23.35.196.245:443", 这一行是什么意思，需要照抄吗，这个地址的意思是什么？

在我上面的配置里

"Dest": "23.35.196.245:443" 的意思是 www.microsoft.com 其中一个IP地址，可以通过 nslookup www.microsoft.com 或者 dig www.microsoft.com 查询，dest 不必须为IP, 以上的第一个连接里面有解释

哦我直接填的www.microsoft.com：443。我今天下午搞半天没成功，后来发现是客户端的问题，v2rayN 6.2的客户端有问题，死活连不上，后来换用官方的命令行的客户端，自己写好config.json一下就成功了。

[yezige]

"Dest": "23.35.196.245:443",

@picklefan 这个 Dest 的 D 大写吗？我怎么看文档不是大写的，我按你最后贴的配置来了，仍然报这个错

proxy/vless/outbound: failed to find an available destination > common/retry: [REALITY: processed invalid connection]