Skip to content

inbounds协议(HTTP)与outbounds协议(Trojan/Vmess)不同是否可行 #130

Open
Open
inbounds协议(HTTP)与outbounds协议(Trojan/Vmess)不同是否可行#130
@SweeneyJun

Description

@SweeneyJun
SweeneyJun
opened on Dec 18, 2024

如题,想给一些只支持http_proxy的程序用上机场提供的trojan协议的节点,机场clash.yaml中某个节点的信息(隐去一些密钥细节)如下

  -
    name: "节点1\t"
    type: trojan
    server: relay-**-**.*****.com
    port: '22***'
    password: 1a****-****-****-a467-2b******8d6c
    sni: **-**.telk*****.com

注意到是一个开启了sni选项的trojan节点,查阅手册后填写对应outbounds项如下:

{
      "type": "trojan",
      "tag": "trojan-out-node1",
      "server": "relay-**-**.*****.com",
      "server_port": 22***,
      "password": "1a****-****-****-a467-2b******8d6c",
      "tls": {
        "enabled": true,
        "server_name": "**-**.telk*****.com",
        "insecure": true,
        "utls": {
          "enabled": true,
          "fingerprint": "chrome"
        }
      }
    }

其中,insecure、disable_sni、utls等field都排列组合增删过,添加与否不影响下面日志的报错出现。
sing-box日志如下,目测请求进入正常,dns查询正常,但每次都疑似直接收到目标服务器的rst直接connection reset by peer

+0800 2024-12-18 10:12:06 INFO inbound/http[**]: tcp server started at 0.0.0.0:38752
+0800 2024-12-18 10:12:06 INFO sing-box started (0.00s)
+0800 2024-12-18 10:12:21 INFO [2264161095 0ms] inbound/http[**]: inbound connection from ******:20494
+0800 2024-12-18 10:12:21 INFO [2264161095 1ms] inbound/http[**]: [**] inbound connection to *.com:443
+0800 2024-12-18 10:12:21 DEBUG [2264161095 1ms] router: match[0] inbound=** => trojan-out-node1
+0800 2024-12-18 10:12:21 INFO [2264161095 1ms] outbound/trojan[trojan-out-node1]: outbound multiplex connection to x.com:443
+0800 2024-12-18 10:12:21 DEBUG [2264161095 1ms] dns: lookup domain relay-**-**.*****.com
+0800 2024-12-18 10:12:21 DEBUG [2264161095 1ms] outbound/direct[direct]: outbound packet connection to 114.114.114.114:53
+0800 2024-12-18 10:12:21 DEBUG [2264161095 20ms] dns: exchanged relay-**-**.*****.com NOERROR 34
+0800 2024-12-18 10:12:21 DEBUG [2264161095 21ms] dns: exchanged relay-**-**.*****.com A relay-**-**.*****.com. 34 IN A 183.***.***.***
+0800 2024-12-18 10:12:21 DEBUG [2264161095 21ms] dns: exchanged relay-**-**.*****.comNOERROR 34
+0800 2024-12-18 10:12:21 DEBUG [2264161095 21ms] dns: exchanged relay-**-**.*****.com CNAME relay-**-**.*****.com. 34 IN CNAME relay-**-**-sub.*****.com.
+0800 2024-12-18 10:12:21 DEBUG [2264161095 21ms] dns: lookup succeed for relay-**-**.*****.com: 183.**.**.**
+0800 2024-12-18 10:12:21 DEBUG [2264161095 234ms] inbound/http[**]: connection closed: process connection from 106.11.200.64:20494: upload: raw read: connection reset by peer | download: context canceled

随后我又在outbounds里添加了一个Vmess协议,也是同样的问题:请求进入正常、路由正常、dns查询正常,请求目标服务器IP connection被重置。Vmess协议在clash.yaml中配置如下

- { name: 🇭🇰, type: vmess, server: ***.*********.**, port: ****, uuid: , alterId: 0, cipher: auto, udp: true }

在sing-box中配置如下

    {
      "type": "vmess",
      "tag": "vmess-out",
      "server": "***.*********.**",
      "server_port": ****,
      "uuid": "",
      "security": ""
    },

怀疑是服务器安全组规则导致的连接失败?服务器已开发inbounds里定义的监听端口的任意源ip入权限,出权限没有任何限制。
又或者是我这样的http-trojan/Vmess协议链无法实现?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions