TLS配置在A网络可以用，换到B网络不能用，非issue

[lewisec]

1. 你正在使用哪个版本的 V2Ray？（如果服务器和客户端使用了不同版本，请注明）
   服务器和客户端都是v3.22

2. 你的使用场景是什么？比如使用 Chrome 通过 Socks/VMess 代理观看 YouTube 视频。
   chrome通过socks代理上google

3. 你看到的不正常的现象是什么？（请描述具体现象，比如访问超时，TLS 证书错误等）
   在A网络下，一切正常。
   在B网络下，所有被墙的网站打不开。
   现在可以判断肯定是B网络有限制，但是无法确认是v2ray的哪部分流量触发了B网络的限制条件。
   已知B网络中对DNS有限制，只能DNS查询B网络中指定的DNS Server。

贴出来细节请各位指点迷津，究竟应该如何配置才能绕过B网络的限制。

4. 你期待看到的正确表现是怎样的？
   在B网络下也能上google

5. 请附上你的配置（提交 Issue 前请隐藏服务器端IP地址）。

   服务器端配置:

{
  "log": {
    "access": "/var/log/v2ray/access.log",
    "error": "/var/log/v2ray/error.log",
    "loglevel": "warning"
  },
  "inbound": {
    "port": 443,
    "protocol": "vmess",
    "settings": {
      "clients": [
        {
          "id": "2XXX-XX-XX-XX-XX",
          "alterId": 64
        }
      ]
    },
    "streamSettings": {
      "network": "tcp",
      "security": "tls",
      "tlsSettings": {
        "certificates": [
          {
            "certificateFile": "/etc/v2ray/v2ray.crt",
            "keyFile": "/etc/v2ray/v2ray.key"
          }
        ]
      }
    }
  },
  "outbound": {
    "protocol": "freedom",
    "settings": {}
  },
  "outboundDetour": [
    {
      "protocol": "blackhole",
      "settings": {},
      "tag": "blocked"
    }
  ],
  "routing": {
    "strategy": "rules",
    "settings": {
      "rules": [
        {
          "type": "field",
          "ip": [
            "0.0.0.0/8",
            "10.0.0.0/8",
            "100.64.0.0/10",
            "127.0.0.0/8",
            "169.254.0.0/16",
            "172.16.0.0/12",
            "192.0.0.0/24",
            "192.0.2.0/24",
            "192.168.0.0/16",
            "198.18.0.0/15",
            "198.51.100.0/24",
            "203.0.113.0/24",
            "::1/128",
            "fc00::/7",
            "fe80::/10"
          ],
          "outboundTag": "blocked"
        }
      ]
    }
  }
}

客户端配置:

 {
  "log": {
    "loglevel": "debug"
  },
  "inbound": {
    "domainOverride": [
      "http",
      "tls"
    ],
    "port": 1080,
    "listen": "127.0.0.1",
    "protocol": "socks",
    "settings": {
      "auth": "noauth",
      "udp": false,
      "ip": "127.0.0.1"
    }
  },
  "outbound": {
    "protocol": "vmess",
    "settings": {
      "vnext": [
        {
          "address": "my-server",
          "port": 443,
          "users": [
            {
              "id": "2XXX-XX-XX-XX-XX",
              "alterId": 64
            }
          ]
        }
      ]
    },
    "streamSettings": {
      "network": "tcp",
      "security": "tls"
    }
  },
  "mux": {
    "enabled": false,
    "concurrency": 8
  },
  "outboundDetour": [
    {
      "protocol": "freedom",
      "settings": {},
      "tag": "direct"
    }
  ],
  "dns": {
    "servers": [
      "8.8.8.8",
      "8.8.4.4",
      "localhost"
    ]
  },
  "routing": {
    "strategy": "rules",
    "settings": {
      "domainStrategy": "IPIfNonMatch",
      "rules": [
        {
          "type": "field",
          "domain": [
            "geosite:cn"
          ],
          "ip": [
            "geoip:cn",
            "geoip:private"
          ],
          "outboundTag": "direct"
        }
      ]
    }
  }
}

6. 请附上出错时软件输出的错误日志。在 Linux 中，日志通常在 /var/log/v2ray/error.log 文件中。

   服务器端错误日志:

    服务器没有错误日志，error.log是空的，access.log也是空的。所以推断应该是B网络有限制，drop了所有请求的数据

客户端错误日志:

2018/07/30 16:02:08 [Info] [90697051] Proxy|Socks: TCP Connect request to tcp:clients1.google.com:443
2018/07/30 16:02:08 [Info] App|Router: looking for IP for domain: clients1.google.com
2018/07/30 16:02:08 [Debug] App|DNS: add pending request id 43256
2018/07/30 16:02:08 [Debug] Transport|Internet|UDP: dispatch request to: udp:8.8.8.8:53
2018/07/30 16:02:08 [Info] Transport|Internet|UDP: establishing new connection for udp:8.8.8.8:53
2018/07/30 16:02:08 [Info] App|Dispatcher: default route for udp:8.8.8.8:53
2018/07/30 16:02:08 [Info] Transport|Internet|TCP: dialing TCP to tcp:myserver:443
2018/07/30 16:02:08 tcp:127.0.0.1:1820 accepted tcp:clients1.google.com:443
2018/07/30 16:02:08 [Info] Proxy|VMess|Outbound: tunneling request to udp:8.8.8.8:53 via tcp:myserver:443
2018/07/30 16:02:08 [Info] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|VMess|Outbound: connection ends > Proxy|VMess|Outbound: failed to read header > Proxy|VMess|Encoding: failed to read response header > EOF
2018/07/30 16:02:08 [Info] Transport|Internet|UDP: failed to handle UDP input > io: read/write on closed pipe
2018/07/30 16:02:09 [Debug] Transport|Internet|UDP: dispatch request to: udp:8.8.8.8:53
2018/07/30 16:02:09 [Info] Transport|Internet|UDP: establishing new connection for udp:8.8.8.8:53
2018/07/30 16:02:09 [Info] App|Dispatcher: default route for udp:8.8.8.8:53
2018/07/30 16:02:09 [Info] Transport|Internet|TCP: dialing TCP to tcp:myserver:443
2018/07/30 16:02:09 [Info] Proxy|VMess|Outbound: tunneling request to udp:8.8.8.8:53 via tcp:myserver:443
2018/07/30 16:02:09 [Info] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|VMess|Outbound: connection ends > Proxy|VMess|Outbound: failed to read header > Proxy|VMess|Encoding: failed to read response header > EOF
2018/07/30 16:02:09 [Info] Transport|Internet|UDP: failed to handle UDP input > io: read/write on closed pipe
2018/07/30 16:02:10 [Debug] Transport|Internet|UDP: dispatch request to: udp:8.8.8.8:53
2018/07/30 16:02:10 [Info] Transport|Internet|UDP: establishing new connection for udp:8.8.8.8:53
2018/07/30 16:02:10 [Info] App|Dispatcher: default route for udp:8.8.8.8:53
2018/07/30 16:02:10 [Info] Transport|Internet|TCP: dialing TCP to tcp:security.lewisec.com:443
2018/07/30 16:02:10 [Info] Proxy|VMess|Outbound: tunneling request to udp:8.8.8.8:53 via tcp:myserver:443
2018/07/30 16:02:10 [Info] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|VMess|Outbound: connection ends > Proxy|VMess|Outbound: failed to read header > Proxy|VMess|Encoding: failed to read response header > EOF
2018/07/30 16:02:10 [Info] Transport|Internet|UDP: failed to handle UDP input > io: read/write on closed pipe
2018/07/30 16:02:12 tcp:127.0.0.1:1819 rejected  Proxy|Socks: insufficient header > read tcp 127.0.0.1:1080->127.0.0.1:1819: i/o timeout
2018/07/30 16:02:12 [Info] [1620491254] App|Proxyman|Inbound: connection ends > Proxy|Socks: failed to read request > Proxy|Socks: insufficient header > read tcp 127.0.0.1:1080->127.0.0.1:1819: i/o timeout
2018/07/30 16:02:16 [Debug] App|DNS: add pending request id 59716
2018/07/30 16:02:16 [Debug] Transport|Internet|UDP: dispatch request to: udp:8.8.4.4:53
2018/07/30 16:02:16 [Info] Transport|Internet|UDP: establishing new connection for udp:8.8.4.4:53
2018/07/30 16:02:16 [Info] App|Dispatcher: default route for udp:8.8.4.4:53
2018/07/30 16:02:16 [Info] Transport|Internet|TCP: dialing TCP to tcp:myserver:443
2018/07/30 16:02:16 [Info] Proxy|VMess|Outbound: tunneling request to udp:8.8.4.4:53 via tcp:myserver:443
2018/07/30 16:02:16 [Info] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|VMess|Outbound: connection ends > Proxy|VMess|Outbound: failed to read header > Proxy|VMess|Encoding: failed to read response header > EOF
2018/07/30 16:02:16 [Info] Transport|Internet|UDP: failed to handle UDP input > io: read/write on closed pipe
2018/07/30 16:02:16 [Info] [2616100705] Proxy|Socks: TCP Connect request to tcp:www.google.com:443
2018/07/30 16:02:16 [Info] App|Router: looking for IP for domain: www.google.com
2018/07/30 16:02:17 [Debug] App|DNS: add pending request id 41
2018/07/30 16:02:17 [Debug] Transport|Internet|UDP: dispatch request to: udp:8.8.8.8:53
2018/07/30 16:02:17 [Info] Transport|Internet|UDP: establishing new connection for udp:8.8.8.8:53
2018/07/30 16:02:17 [Info] App|Dispatcher: default route for udp:8.8.8.8:53
2018/07/30 16:02:17 [Info] Transport|Internet|TCP: dialing TCP to tcp:myserver:443
2018/07/30 16:02:17 [Info] Proxy|VMess|Outbound: tunneling request to udp:8.8.8.8:53 via tcp:myserver:443
2018/07/30 16:02:17 [Debug] Transport|Internet|UDP: dispatch request to: udp:8.8.4.4:53
2018/07/30 16:02:17 [Info] Transport|Internet|UDP: establishing new connection for udp:8.8.4.4:53
2018/07/30 16:02:17 [Info] App|Dispatcher: default route for udp:8.8.4.4:53
2018/07/30 16:02:17 [Info] Transport|Internet|TCP: dialing TCP to tcp:myserver:443
2018/07/30 16:02:17 [Info] Proxy|VMess|Outbound: tunneling request to udp:8.8.4.4:53 via tcp:myserver:443
2018/07/30 16:02:17 [Info] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|VMess|Outbound: connection ends > Proxy|VMess|Outbound: failed to read header > Proxy|VMess|Encoding: failed to read response header > EOF
2018/07/30 16:02:17 [Info] Transport|Internet|UDP: failed to handle UDP input > io: read/write on closed pipe
2018/07/30 16:02:16 tcp:127.0.0.1:1827 accepted tcp:www.google.com:443
2018/07/30 16:02:17 [Info] App|Proxyman|Outbound: failed to process outbound traffic > Proxy|VMess|Outbound: connection ends > Proxy|VMess|Outbound: failed to read header > Proxy|VMess|Encoding: failed to read response header > EOF
2018/07/30 16:02:17 [Info] Transport|Internet|UDP: failed to handle UDP input > io: read/write on closed pipe

7. 请附上访问日志。在 Linux 中，日志通常在 /var/log/v2ray/access.log 文件中。

    空的，没内容

8. 其它相关的配置文件（如 Nginx）和相关日志。

[leo9800]

把客户端的outbound里面server换成域名对应的IP试试？
另外，在streamsettings里面加:

"tlsSettings":{
	"serverName": "yourdomain",
	"allowInsecure": false,
	"allowInsecureCiphers": false
}

yourdomain换成实际的域名。

此外，最好提供一些抓包信息，以上建议仅根据你的描述【B网路的限制在于DNS，(假设)其不解析某些域名，也无法使用(切断连接/污染)其他DNS】

[lewisec]

@Hardrain980 厉害啊，药到病除！非常感谢！
如果有时间的话，可否多请教一下：
1.为何这样修改之后可以突破DNS的限制？
2.加入的tlssettings的三行分别是什么用途？

[DarienRaymond]

Kamino closed and cloned this issue to v2ray/discussion