Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dokodemo-door 无法 TPROXY 透明代理 IPv6 TCP #320

Closed
LGA1150 opened this issue Oct 14, 2020 · 1 comment
Closed

dokodemo-door 无法 TPROXY 透明代理 IPv6 TCP #320

LGA1150 opened this issue Oct 14, 2020 · 1 comment

Comments

@LGA1150
Copy link

LGA1150 commented Oct 14, 2020
edited
Loading

  1. 你正在使用哪个版本的 V2Ray?(如果服务器和客户端使用了不同版本,请注明)
    4.31.0

  2. 你的使用场景是什么?比如使用 Chrome 通过 Socks/VMess 代理观看 YouTube 视频。
    路由器上使用 TPROXY 透明代理访问 IPv6 网站

  3. 你看到的不正常的现象是什么?(请描述具体现象,比如访问超时,TLS 证书错误等)
    任何 IPv6 TCP 均无法连接

> dig @2001:4860:4860::8888 +short +tcp
;; communications error to 2001:4860:4860::8888#53: end of file

;; communications error to 2001:4860:4860::8888#53: end of file

UDP 正常

> dig @2001:4860:4860::8888 +short
b.root-servers.net.
j.root-servers.net.
f.root-servers.net.
i.root-servers.net.
c.root-servers.net.
e.root-servers.net.
l.root-servers.net.
d.root-servers.net.
g.root-servers.net.
a.root-servers.net.
k.root-servers.net.
m.root-servers.net.
h.root-servers.net.

  1. 你期待看到的正确表现是怎样的?
    可以建立 TCP 连接

  2. 请附上你的配置(提交 Issue 前请隐藏服务器端IP地址)。

服务器端配置:

{
        "inbounds": [
                {
                        "port": 443,
                        "address": "0.0.0.0",
                        "protocol": "vless",
                        "settings": {
                                "clients": [
                                        {
                                                "id": "REDACTED",
                                                "flow": "xtls-rprx-direct",
                                                "level": 0
                                        }
                                ],
                                "decryption": "none",
                                "fallbacks": [
                                        {
                                                "dest": 80
                                        }
                                ]
                        },
                        "sniffing": {
                                "enabled": true,
                                "destOverride": ["http", "tls"]
                        },
                        "streamSettings": {
                                "network": "tcp",
                                "security": "xtls",
                                "xtlsSettings": {
                                        "alpn": [
                                                "http/1.1"
                                        ],
                                        "certificates": [
                                                {
                                                        "certificateFile": "/etc/ssl/ssl.crt",
                                                        "keyFile": "/etc/ssl/ssl.key"
                                                }
                                        ]
                                }
                        }
                }
        ]
}
{
        "outbounds": [
                {
                        "protocol": "freedom",
                        "settings": {}
                }
        ]
}

客户端配置:

{
  "outbound": {
    "settings": {
      "vnext": [
        {
          "port": 443,
          "users": [
            {
              "id": "REDACTED",
              "flow": "xtls-rprx-direct",
              "encryption": "none"
            }
          ],
          "address": "REDACTED"
        }
      ]
    },
    "mux": {
      "enabled": false
    },
    "protocol": "vless",
    "streamSettings": {
      "network": "tcp",
      "xtlsSettings": {
        "serverName": "REDACTED",
        "allowInsecure": true
      },
      "security": "xtls"
    }
  },
  "log": {
    "loglevel": "debug"
  },
  "outboundDetour": [
    {
      "settings": {
        "timeout": 60
      },
      "protocol": "freedom"
    }
  ],
  "inbound": {
    "listen": "::",
    "sniffing": {
      "enabled": false
    },
    "port": "1234",
    "protocol": "dokodemo-door",
    "settings": {
      "network": "tcp,udp",
      "followRedirect": true
    },
    "sockopt": {
      "tproxy": "tproxy"
    }
  }
}
  1. 请附上出错时软件输出的错误日志。在 Linux 中,日志通常在 /var/log/v2ray/error.log 文件中。

服务器端错误日志:

客户端错误日志:

2020/10/14 16:48:38 [Debug] [25048068] v2ray.com/core/proxy/dokodemo: processing connection from: [REDACTED]:47575
2020/10/14 16:48:38 [Info] [25048068] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: unable to get destination
2020/10/14 16:48:38 [Info] v2ray.com/core/transport/internet/tcp: failed to call getsockopt > no such file or directory
2020/10/14 16:48:38 [Info] [1664145164] v2ray.com/core/app/proxyman/inbound: failed to get original destination > v2ray.com/core/transport/internet/tcp: failed to call getsockopt
  1. 其它相关的配置文件(如 Nginx)和相关日志。
    ip6tables 规则
ip6tables -t mangle -N V2_FW
ip6tables -t mangle -A V2_FW -p tcp -j TPROXY --on-port 1234 --tproxy-mark 0x1
ip6tables -t mangle -A V2_FW -p udp -j TPROXY --on-port 1234 --tproxy-mark 0x1
ip6tables -t mangle -A PREROUTING -d 2001:4860::/32 -j V2_FW
ip6tables -t mangle -A OUTPUT -d 2001:4860::/32 -j MARK --set-mark 0x1

ip -6 rule

0:      from all lookup local
1:      from all fwmark 0x1 lookup 100
32766:  from all lookup main

ip -6 route show table 100

local default dev lo proto static metric 1024 pref medium
@LGA1150 LGA1150 mentioned this issue Dec 8, 2020
Closed
@LGA1150
Copy link
Author

LGA1150 commented Dec 9, 2020

新讨论见 XTLS/Xray-core#48 (comment)

@LGA1150 LGA1150 closed this as completed Dec 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@LGA1150 and others