vmess如何配置 #21

nickleefly · 2019-10-04T16:17:09Z

界面保存之后，配置文件 /var/etc/v2ray/v2ray.main.json 内容如下
启动之后，访问不出去啊，请问还需要配什么吗

{
	"log": {
		"loglevel": "warning",
		"access": "\/var\/log\/v2ray-access.log",
		"error": "\/var\/log\/v2ray-error.log"
	},
	"routing": {
		"domainStrategy": "IPOnDemand",
		"rules": [
			{
				"type": "field",
				"ip": [
					"geoip:private",
					"geoip:cn"
				],
				"outboundTag": "direct"
			},
			{
				"type": "field",
				"domain": [
					"geosite:cn"
				],
				"outboundTag": "direct"
			}
		]
	},
	"policy": {
		"system": {
			"statsInboundUplink": false,
			"statsInboundDownlink": false
		}
	},
	"inbounds": [
		{
			"listen": "0.0.0.0",
			"port": 8080,
			"protocol": "socks",
			"sniffing": {
				"enabled": true,
				"destOverride": [
					"http",
					"tls"
				]
			},
			"settings": {
				"udp": true,
				"ip": "127.0.0.1",
				"auth": "noauth"
			}
		},
		{
			"listen": "0.0.0.0",
			"port": 1060,
			"protocol": "dokodemo-door",
			"tag": "transparent_proxy",
			"sniffing": {
				"enabled": true,
				"destOverride": [
					"http",
					"tls"
				]
			},
			"settings": {
				"network": "tcp",
				"timeout": 30,
				"followRedirect": true
			}
		}
	],
	"outbounds": [
		{
			"sendThrough": "0.0.0.0",
			"protocol": "vmess",
			"mux": {
				"enabled": false,
				"concurrency": 8
			},
			"settings": {
				"vnext": [
					{
						"port": 443,
						"users": [
							{
								"id": "MY-ID-STRING",
								"level": 1,
								"alterId": 64
							}
						],
						"address": "myv2ray.domain.name"
					}
				]
			}
		},
		{
			"sendThrough": "0.0.0.0",
			"protocol": "freedom",
			"tag": "direct",
			"mux": {
				"enabled": false,
				"concurrency": 8
			}
		}
	]
}

The text was updated successfully, but these errors were encountered:

kuoruan · 2019-10-07T05:44:35Z

/var/etc/v2ray/v2ray.main.json

这个文件是根据 LuCI 配置自动生成的，手动修改无效。

nickleefly · 2019-10-29T07:08:48Z

使用版本:
luci-app-v2ray_1.3.1-1_all.ipk
luci-i18n-v2ray-zh-cn_1.3.1-1_all.ipk
手机上是可以正常使用的

主界面如图

保存配置文件到/var/etc/v2ray/v2ray.main.json 如上文issue描述，我更新了描述中的配置文件

这个DNS需要启用吗？

error log如下

2019/10/29 06:59:11 [Warning] [4228259403] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [dial tcp: lookup myv2ray.domain.name on 127.0.0.1:53: read udp 127.0.0.1:58664->127.0.0.1:53: i/o timeout dial tcp: operation was canceled] > v2ray.com/core/common/retry: all retry attempts failed
2019/10/29 06:59:11 [Warning] [1753217400] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [dial tcp: operation was canceled] > v2ray.com/core/common/retry: all retry attempts failed

nickleefly · 2019-10-29T07:11:06Z

@kuoruan 能帮看下吗？

kuoruan · 2019-10-29T07:23:12Z

你等一下，我发个版，你再试试

nickleefly · 2019-10-29T07:59:42Z

好的

kuoruan · 2019-10-29T08:08:40Z

v1.3.2-1

nickleefly · 2019-10-29T08:38:45Z

我试试看

nickleefly · 2019-10-29T09:02:34Z

nslookup 解析不了
报错信息

2019/10/29 09:01:58 [Warning] [2646383610] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [dial tcp: operation was canceled] > v2ray.com/core/common/retry: all retry attempts failed

kuoruan · 2019-10-29T09:13:38Z

配置文件贴一下

nickleefly · 2019-10-29T09:19:44Z

{
	"log": {
		"loglevel": "warning",
		"access": "\/var\/log\/v2ray-access.log",
		"error": "\/var\/log\/v2ray-error.log"
	},
	"inbounds": [
		{
			"listen": "0.0.0.0",
			"port": 8080,
			"protocol": "socks",
			"tag": "socks",
			"sniffing": {
				"enabled": true,
				"destOverride": [
					"http",
					"tls"
				]
			},
			"settings": {
				"udp": true,
				"auth": "noauth",
				"ip": "127.0.0.1"
			}
		},
		{
			"listen": "0.0.0.0",
			"port": 1060,
			"protocol": "dokodemo-door",
			"tag": "transparent_proxy",
			"sniffing": {
				"enabled": true,
				"destOverride": [
					"http",
					"tls"
				]
			},
			"settings": {
				"network": "tcp",
				"timeout": 300,
				"followRedirect": true
			}
		}
	],
	"outbounds": [
		{
			"sendThrough": "0.0.0.0",
			"protocol": "vmess",
			"tag": "myv2ray.domain.name",
			"settings": {
				"vnext": [
					{
						"port": 443,
						"users": [
							{
								"id": "my-id-here",
								"level": 1,
								"alterId": 64
							}
						],
						"address": "myv2ray.domain.name"
					}
				]
			},
			"streamSettings": {
				"sockopt": {
					"mark": 255
				}
			}
		},
		{
			"sendThrough": "0.0.0.0",
			"protocol": "freedom",
			"tag": "direct",
			"streamSettings": {
				"sockopt": {
					"mark": 255
				}
			}
		},
		{
			"sendThrough": "0.0.0.0",
			"protocol": "dns",
			"tag": "dns_out",
			"streamSettings": {
				"sockopt": {
					"mark": 255
				}
			}
		}
	]
}

nickleefly · 2019-10-29T09:24:43Z

resolveip -t 5 myv2ray.domain.name 这个我试了一下也能解析

nickleefly · 2019-10-29T09:29:22Z

also see this error message

2019/10/29 09:03:27 [Warning] [1868192558] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [dial tcp: lookup myv2ray.domain.name on 127.0.0.1:53: read udp 127.0.0.1:45775->127.0.0.1:53: i/o timeout dial tcp: operation was canceled

kuoruan · 2019-10-29T09:31:14Z

把 dns 代理勾上呢？

kuoruan · 2019-10-29T09:34:18Z

还有就是看看时间有没有同步

nickleefly · 2019-10-29T09:37:36Z

dns代理勾上还是dns 解析不了

2019/10/29 09:36:57 [Warning] [3957447484] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [dial tcp: operation was canceled] > v2ray.com/core/common/retry: all retry attempts failed

kuoruan · 2019-10-29T10:09:03Z

看看时间；
关闭透明代理，试试 socks5 代理能不能用。

nickleefly · 2019-10-29T10:28:09Z

时间和哪个比较路由器上是中国时间，为啥log显示的看起来像UTC +0的时间

nickleefly · 2019-10-29T14:29:11Z

只用socks5也用不了

nickleefly · 2019-10-29T14:53:06Z

iptables -t nat -nL 没看到添加的iptables 规则

kuoruan · 2019-10-29T14:53:37Z

不知道你为什么把 level 设置为 1？
实在不行的话，找官方吧
关闭透明代理肯定就没有规则了。

nickleefly · 2019-10-29T14:53:48Z

@kuoruan 麻烦再帮看下，你能贴个你的配置吗

kuoruan · 2019-10-29T14:54:31Z

把 level 删了行吗？

nickleefly · 2019-10-29T14:55:31Z

我试试， level 1也是服务端安装的生成的

nickleefly · 2019-10-29T14:57:43Z

还是不行

kuoruan · 2019-10-29T14:59:34Z

电脑客户端先试试吧，或者看看服务端的配置文件

nickleefly · 2019-10-29T15:03:14Z

电脑，手机上都可以用，都用了好久了

kuoruan · 2019-10-29T15:05:44Z

电脑上的配置文件导出来和路由器上的比较一下，看看有哪里不同

kuoruan · 2019-10-29T15:06:17Z

这配置文件项目比较多，必须要一点一点对

nickleefly · 2019-10-29T15:44:56Z

对了，我v2ray服务端是 websocket + tls
电脑导出的配置如下，大部分配置都类似吧，只有outbounds 的streamSettings不一样，是不是这个地方影响的，目前这个UI没有配置streamSettings的地方

{
  "dns" : {
    "servers" : [
      "localhost"
    ]
  },
  "inbounds" : [
    {
      "listen" : "127.0.0.1",
      "port" : 1080,
      "protocol" : "socks",
      "tag" : "socksinbound",
      "settings" : {
        "auth" : "noauth",
        "udp" : true,
        "ip" : "127.0.0.1"
      }
    },
    {
      "listen" : "127.0.0.1",
      "port" : 8001,
      "protocol" : "http",
      "tag" : "httpinbound",
      "settings" : {
        "timeout" : 0
      }
    }
  ],
  "outbounds" : [
    {
      "sendThrough" : "0.0.0.0",
      "mux" : {
        "enabled" : false,
        "concurrency" : 8
      },
      "protocol" : "vmess",
      "settings" : {
        "vnext" : [
          {
            "address" : "myv2ray.domain.name",
            "users" : [
              {
                "id" : "my-id-here",
                "alterId" : 64,
                "security" : "auto",
                "level" : 0
              }
            ],
            "port" : 443
          }
        ]
      },
      "tag" : "myv2ray.domain.name",
      "streamSettings" : {
        "wsSettings" : {
          "path" : "\/",
          "headers" : {
            "Host" : "myv2ray.domain.name"
          }
        },
        "quicSettings" : {
          "key" : "",
          "security" : "none",
          "header" : {
            "type" : "none"
          }
        },
        "tlsSettings" : {
          "allowInsecure" : false,
          "alpn" : [
            "http\/1.1"
          ],
          "serverName" : "myv2ray.domain.name",
          "allowInsecureCiphers" : false
        },
        "httpSettings" : {
          "path" : ""
        },
        "kcpSettings" : {
          "header" : {
            "type" : "none"
          },
          "mtu" : 1350,
          "congestion" : false,
          "tti" : 20,
          "uplinkCapacity" : 5,
          "writeBufferSize" : 1,
          "readBufferSize" : 1,
          "downlinkCapacity" : 20
        },
        "tcpSettings" : {
          "header" : {
            "type" : "none"
          }
        },
        "security" : "tls",
        "network" : "ws"
      }
    }
  ],
  "routing" : {
    "name" : "all_to_main",
    "domainStrategy" : "AsIs",
    "rules" : [
      {
        "type" : "field",
        "outboundTag" : "myv2ray.domain.name",
        "port" : "0-65535"
      }
    ]
  }
}

nickleefly · 2019-10-29T16:00:53Z

尝试了一下，用类似电脑上的配置，在路由器里面选择使用自定义配置，
看到一些错误信息如下

2019/10/29 15:44:39 [Warning] [3076464785] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [dial tcp VPS-IP-HERE:443: operation was canceled dial tcp: operation was canceled] > v2ray.com/core/common/retry: all retry attempts failed

kuoruan · 2019-10-30T02:01:57Z

。。。。
下面那个框就可以填 streamSettings

nickleefly · 2019-10-30T02:15:25Z

保存之后没有保存到
/var/etc/v2ray/v2ray.main.json 下面这个部分还是没变

"streamSettings": {
  "sockopt": {
    "mark": 255
  }
}

kuoruan · 2019-10-30T02:28:35Z

保存并应用，或者重载服务 OK?

nickleefly · 2019-10-30T02:47:46Z

首届面忘记勾上了

nickleefly · 2019-10-30T03:05:14Z

可以了，谢谢 @kuoruan

nickleefly · 2019-10-30T03:06:13Z

socks5可以了，我再试试透明代理

nickleefly · 2019-10-30T13:43:46Z

"alterId"和服务器一致，透明代理可以使用了
谢谢 @kuoruan

nickleefly · 2019-11-01T01:20:39Z

@kuoruan 发现一个问题，服务刚启动的时候，cn域名，国外域名都能访问，过一会全都访问不了了
看了iptables 规则之前正常使用的ss 在Chain PREROUTING是插入在最前面的，而我们这里是插入在Chain PREROUTING的最后面

kuoruan · 2019-11-01T03:24:58Z

看看是不是 #35

nickleefly · 2019-11-01T06:02:23Z

试了一下，还是同样的问题，访问不出去，iptables 规则有问题

kuoruan · 2019-11-01T06:20:52Z

遇到问题请附上详细信息，我猜也猜不出来啊，比如向上面的 issue 里给详细的 iptables 对比！！！

nickleefly · 2019-11-01T07:02:06Z

ss 的iptables

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
SS_SPEC_LAN_DG  tcp  --  0.0.0.0/0            0.0.0.0/0
prerouting_rule  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3: Custom prerouting rule chain */
zone_lan_prerouting  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3 */
zone_wan_prerouting  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3 */
zone_wan_prerouting  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3 */

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
SS_SPEC_WAN_DG  tcp  --  0.0.0.0/0            0.0.0.0/0

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
postrouting_rule  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3: Custom postrouting rule chain */
zone_lan_postrouting  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3 */
zone_wan_postrouting  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3 */
zone_wan_postrouting  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3 */

Chain SS_SPEC_LAN_AC (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0            match-set ss_spec_src_bp src
SS_SPEC_WAN_FW  all  --  0.0.0.0/0            0.0.0.0/0            match-set ss_spec_src_fw src
SS_SPEC_WAN_AC  all  --  0.0.0.0/0            0.0.0.0/0            match-set ss_spec_src_ac src
SS_SPEC_WAN_AC  all  --  0.0.0.0/0            0.0.0.0/0

Chain SS_SPEC_LAN_DG (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0            match-set ss_spec_dst_sp dst
SS_SPEC_LAN_AC  tcp  --  0.0.0.0/0            0.0.0.0/0

Chain SS_SPEC_WAN_AC (3 references)
target     prot opt source               destination
SS_SPEC_WAN_FW  all  --  0.0.0.0/0            0.0.0.0/0            match-set ss_spec_dst_fw dst
RETURN     all  --  0.0.0.0/0            0.0.0.0/0            match-set ss_spec_dst_bp dst
SS_SPEC_WAN_FW  all  --  0.0.0.0/0            0.0.0.0/0

Chain SS_SPEC_WAN_DG (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0            match-set ss_spec_dst_sp dst
SS_SPEC_WAN_AC  tcp  --  0.0.0.0/0            0.0.0.0/0

Chain SS_SPEC_WAN_FW (3 references)
target     prot opt source               destination
REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0            redir ports 1080

Chain postrouting_lan_rule (1 references)
target     prot opt source               destination

Chain postrouting_rule (1 references)
target     prot opt source               destination

Chain postrouting_wan_rule (1 references)
target     prot opt source               destination

Chain prerouting_lan_rule (1 references)
target     prot opt source               destination

Chain prerouting_rule (1 references)
target     prot opt source               destination

Chain prerouting_wan_rule (1 references)
target     prot opt source               destination

Chain zone_lan_postrouting (1 references)
target     prot opt source               destination
postrouting_lan_rule  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3: Custom lan postrouting rule chain */
SNAT       tcp  --  192.168.1.0/24       192.168.1.1          tcp dpt:80 /* !fw3: home (reflection) */ to:192.168.1.1
SNAT       udp  --  192.168.1.0/24       192.168.1.1          udp dpt:80 /* !fw3: home (reflection) */ to:192.168.1.1
SNAT       tcp  --  192.168.1.0/24       192.168.1.1          tcp dpt:22 /* !fw3: ssh (reflection) */ to:192.168.1.1
SNAT       udp  --  192.168.1.0/24       192.168.1.1          udp dpt:22 /* !fw3: ssh (reflection) */ to:192.168.1.1

Chain zone_lan_prerouting (1 references)
target     prot opt source               destination
prerouting_lan_rule  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3: Custom lan prerouting rule chain */
DNAT       tcp  --  192.168.1.0/24       lan-ip       tcp dpt:8000 /* !fw3: home (reflection) */ to:192.168.1.1:80
DNAT       udp  --  192.168.1.0/24       lan-ip       udp dpt:8000 /* !fw3: home (reflection) */ to:192.168.1.1:80
DNAT       tcp  --  192.168.1.0/24       lan-ip       tcp dpt:2000 /* !fw3: ssh (reflection) */ to:192.168.1.1:22
DNAT       udp  --  192.168.1.0/24       lan-ip       udp dpt:2000 /* !fw3: ssh (reflection) */ to:192.168.1.1:22

Chain zone_wan_postrouting (2 references)
target     prot opt source               destination
postrouting_wan_rule  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3: Custom wan postrouting rule chain */
MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3 */

Chain zone_wan_prerouting (2 references)
target     prot opt source               destination
prerouting_wan_rule  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3: Custom wan prerouting rule chain */
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8000 /* !fw3: home */ to:192.168.1.1:80
DNAT       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:8000 /* !fw3: home */ to:192.168.1.1:80
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:2000 /* !fw3: ssh */ to:192.168.1.1:22
DNAT       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:2000 /* !fw3: ssh */ to:192.168.1.1:22

nickleefly · 2019-11-01T07:05:08Z

v2ray 的iptables, 在这个 RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 mark match 0xff
后面, 应该缺一条规则

# Ignore your V2Ray server's addresses
# It's very IMPORTANT, just be careful.
iptables -t nat -A V2RAY -d 123.123.123.123 -j RETURN

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
prerouting_rule  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3: Custom prerouting rule chain */
zone_lan_prerouting  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3 */
zone_wan_prerouting  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3 */
zone_wan_prerouting  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3 */
V2RAY      tcp  --  0.0.0.0/0            0.0.0.0/0

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
V2RAY      tcp  --  0.0.0.0/0            0.0.0.0/0

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
postrouting_rule  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3: Custom postrouting rule chain */
zone_lan_postrouting  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3 */
zone_wan_postrouting  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3 */
zone_wan_postrouting  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3 */

Chain V2RAY (2 references)
target     prot opt source               destination
RETURN     tcp  --  0.0.0.0/0            0.0.0.0/0            mark match 0xff
RETURN     tcp  --  0.0.0.0/0            0.0.0.0/8
RETURN     tcp  --  0.0.0.0/0            10.0.0.0/8
RETURN     tcp  --  0.0.0.0/0            100.64.0.0/10
RETURN     tcp  --  0.0.0.0/0            127.0.0.0/8
RETURN     tcp  --  0.0.0.0/0            169.254.0.0/16
RETURN     tcp  --  0.0.0.0/0            172.16.0.0/12
RETURN     tcp  --  0.0.0.0/0            192.0.0.0/24
RETURN     tcp  --  0.0.0.0/0            192.0.2.0/24
RETURN     tcp  --  0.0.0.0/0            192.88.99.0/24
RETURN     tcp  --  0.0.0.0/0            192.168.0.0/16
RETURN     tcp  --  0.0.0.0/0            198.18.0.0/15
RETURN     tcp  --  0.0.0.0/0            198.51.100.0/24
RETURN     tcp  --  0.0.0.0/0            203.0.113.0/24
RETURN     tcp  --  0.0.0.0/0            224.0.0.0/4
RETURN     tcp  --  0.0.0.0/0            240.0.0.0/4
RETURN     tcp  --  0.0.0.0/0            255.255.255.255
REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0            redir ports 1060

Chain postrouting_lan_rule (1 references)
target     prot opt source               destination

Chain postrouting_rule (1 references)
target     prot opt source               destination

Chain postrouting_wan_rule (1 references)
target     prot opt source               destination

Chain prerouting_lan_rule (1 references)
target     prot opt source               destination

Chain prerouting_rule (1 references)
target     prot opt source               destination

Chain prerouting_wan_rule (1 references)
target     prot opt source               destination

Chain zone_lan_postrouting (1 references)
target     prot opt source               destination
postrouting_lan_rule  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3: Custom lan postrouting rule chain */
SNAT       tcp  --  192.168.1.0/24       192.168.1.1          tcp dpt:80 /* !fw3: home (reflection) */ to:192.168.1.1
SNAT       udp  --  192.168.1.0/24       192.168.1.1          udp dpt:80 /* !fw3: home (reflection) */ to:192.168.1.1
SNAT       tcp  --  192.168.1.0/24       192.168.1.1          tcp dpt:22 /* !fw3: ssh (reflection) */ to:192.168.1.1
SNAT       udp  --  192.168.1.0/24       192.168.1.1          udp dpt:22 /* !fw3: ssh (reflection) */ to:192.168.1.1

Chain zone_lan_prerouting (1 references)
target     prot opt source               destination
prerouting_lan_rule  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3: Custom lan prerouting rule chain */
DNAT       tcp  --  192.168.1.0/24       lan-ip       tcp dpt:8000 /* !fw3: home (reflection) */ to:192.168.1.1:80
DNAT       udp  --  192.168.1.0/24       lan-ip       udp dpt:8000 /* !fw3: home (reflection) */ to:192.168.1.1:80
DNAT       tcp  --  192.168.1.0/24       lan-ip       tcp dpt:2000 /* !fw3: ssh (reflection) */ to:192.168.1.1:22
DNAT       udp  --  192.168.1.0/24       lan-ip       udp dpt:2000 /* !fw3: ssh (reflection) */ to:192.168.1.1:22

Chain zone_wan_postrouting (2 references)
target     prot opt source               destination
postrouting_wan_rule  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3: Custom wan postrouting rule chain */
MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3 */

Chain zone_wan_prerouting (2 references)
target     prot opt source               destination
prerouting_wan_rule  all  --  0.0.0.0/0            0.0.0.0/0            /* !fw3: Custom wan prerouting rule chain */
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8000 /* !fw3: home */ to:192.168.1.1:80
DNAT       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:8000 /* !fw3: home */ to:192.168.1.1:80
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:2000 /* !fw3: ssh */ to:192.168.1.1:22
DNAT       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:2000 /* !fw3: ssh */ to:192.168.1.1:22

kuoruan · 2019-11-01T07:17:33Z

默认情况下会自动添加 server ip 的 return 规则；
不处理和 ss 一起使用时造成的各种问题。

nickleefly · 2019-11-01T09:06:19Z

不是和ss一起使用的，ss是disable的状态

kuoruan · 2019-11-01T09:56:04Z

在这里会获取服务端地址：

luci-app-v2ray/root/etc/init.d/v2ray

Lines 768 to 770 in 5a9832a

    
           for ipv4 in $(resolveip -4 -t 5 "$addr") ; do 
        
           	append_server_ipv4 "$ipv4" 
        
           done

在这里会将服务端 IP 插入 iptables

luci-app-v2ray/root/etc/init.d/v2ray

Line 278 in 5a9832a

$(for s4 in $servers_ipv4 ; do echo "-A V2RAY -p tcp -d $s4 -j RETURN" ; done)

除非 resolveip -4 -t 5 "$addr" 返回为空，或者你的地址不是 IPv4 才可能没有插入 iptables

koho · 2019-11-01T10:22:21Z

具体是怎样访问不了，dns解析不了还是ip没响应？就算没服务器地址规则国内直连的应该会先RETURN，国内的应该能访问才对

nickleefly · 2019-11-01T11:03:13Z

刚刚确认了一下，服务器ip加入 v2ray chain里面了，我再观察一下

nickleefly · 2019-11-01T12:00:56Z

过一会dns解析不了

$ dig dropbox.com

; <<>> DiG 9.10.6 <<>> dropbox.com
;; global options: +cmd
;; connection timed out; no servers could be reached

nickleefly · 2019-11-01T12:35:47Z

看到一些错误日志
2019/11/01 12:34:01 [Warning] [157524355] v2ray.com/core/app/proxyman/outbound: failed to process outbound traffic > v2ray.com/core/proxy/vmess/outbound: failed to find an available destination > v2ray.com/core/common/retry: [v2ray.com/core/transport/internet/websocket: failed to dial WebSocket > v2ray.com/core/transport/internet/websocket: failed to dial to (wss://mydomainname.com/): > dial tcp: operation was canceled] > v2ray.com/core/common/retry: all retry attempts failed

nickleefly · 2019-11-02T06:15:09Z

@kuoruan 你路由器上websocket tls能用吗？

kuoruan closed this as completed Oct 7, 2019

nickleefly mentioned this issue Oct 30, 2019

请大家帮一下忙，发一个可以用的v2ray路由配置 #33

Closed

vmess如何配置 #21

vmess如何配置 #21

Comments

nickleefly commented Oct 4, 2019 • edited Loading

kuoruan commented Oct 7, 2019

nickleefly commented Oct 29, 2019

nickleefly commented Oct 29, 2019

kuoruan commented Oct 29, 2019

nickleefly commented Oct 29, 2019

kuoruan commented Oct 29, 2019

nickleefly commented Oct 29, 2019

nickleefly commented Oct 29, 2019

kuoruan commented Oct 29, 2019

nickleefly commented Oct 29, 2019

nickleefly commented Oct 29, 2019

nickleefly commented Oct 29, 2019

kuoruan commented Oct 29, 2019

kuoruan commented Oct 29, 2019

nickleefly commented Oct 29, 2019

kuoruan commented Oct 29, 2019

nickleefly commented Oct 29, 2019

nickleefly commented Oct 29, 2019

nickleefly commented Oct 29, 2019

kuoruan commented Oct 29, 2019

nickleefly commented Oct 29, 2019

kuoruan commented Oct 29, 2019

nickleefly commented Oct 29, 2019

nickleefly commented Oct 29, 2019

kuoruan commented Oct 29, 2019

nickleefly commented Oct 29, 2019

kuoruan commented Oct 29, 2019

kuoruan commented Oct 29, 2019

nickleefly commented Oct 29, 2019 • edited Loading

nickleefly commented Oct 29, 2019

kuoruan commented Oct 30, 2019

nickleefly commented Oct 30, 2019

kuoruan commented Oct 30, 2019

nickleefly commented Oct 30, 2019

nickleefly commented Oct 30, 2019

nickleefly commented Oct 30, 2019

nickleefly commented Oct 30, 2019

nickleefly commented Nov 1, 2019

kuoruan commented Nov 1, 2019

nickleefly commented Nov 1, 2019

kuoruan commented Nov 1, 2019

nickleefly commented Nov 1, 2019

nickleefly commented Nov 1, 2019

kuoruan commented Nov 1, 2019

nickleefly commented Nov 1, 2019

kuoruan commented Nov 1, 2019

koho commented Nov 1, 2019

nickleefly commented Nov 1, 2019

nickleefly commented Nov 1, 2019

nickleefly commented Nov 1, 2019

nickleefly commented Nov 2, 2019

nickleefly commented Oct 4, 2019 •

edited

Loading

nickleefly commented Oct 29, 2019 •

edited

Loading