xray and ocserv

[glztmf]

Thank you for the great examples with xray configuration.
Could you advise how to set up xray like steal_oneself by forwarding the connection on port 443 to a local ocserv?

For example, on the machine, xray and ocserv are installed:

• xray listens on port 443
• ocserv listens on port 2443 and provides valid certificates and an XML page

How can I implement the following:

• When the xray client connects to port 443 with the required parameters (pbk, sid, sni), traffic should go through xray.
• When openconnect connects to port 443, xray should forward it to ocserv, and the traffic should go through VPN.

Is this even possible? :)

I tried this configuration:

  "inbounds": [
    {
      "port": 443,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "***",
            "flow": "xtls-rprx-vision"
          }
        ],
        "decryption": "none"
      },
      "streamSettings": {
        "network": "tcp",
        "security": "reality",
        "realitySettings": {
          "show": false,
          "dest": "host.example.com:2443",
          "serverNames": ["host.example.com"],
          "privateKey": "***",
          "shortIds": ["***"]
        }
      }
    }
  ]
...

The connection to the VPN via ocserv works, but the connection to xray gives "reality verification failed".
However, if I forward to nginx (host.example.com:1443), reality works fine.
I read that xray requires ALPN, but ocserv does not support ALPN...

[mcmoodoo]

Looking pretty much for the same setup, except when unauthorized traffic hits port 443, I merely want the traffic to be redirected to the 80 port where my nginx is running. If authorized, I want xray to handle it...

So far, port 80 handles requests just fine, but 443 doesn't redirect. Here's my config:

{
    "log": {
        "loglevel": "warning"
    },
    "inbounds": [
        {
            "port": 443,
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "a-very-unique-UUID",
                        "flow": "xtls-rprx-vision",
                        "level": 0
                    }
                ],
                "decryption": "none",
                "fallbacks": [
                    {
                        "dest": "80"
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "tls",
                "tlsSettings": {
                    "alpn": [
                        "http/1.1"
                    ],
                    "certificates": [
                        {
                            "certificateFile": "/etc/letsencrypt/live/great-domain.com/fullchain.pem",
                            "keyFile": "/etc/letsencrypt/live/great-domain.com/privkey.pem"
                        }
                    ]
                }
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom"
        }
    ]
}