Xray-core
Xray-core copied to clipboard
XTLS
vless+tcp+xtls和vless+quic+tls同时监听443后者无效
这是服务器端配置文件,我这边反复测试过,只要两者同时监听443端口,quic就不能用,虽然启动正常,查看端口监听也是一个tcp 443和一个udp 443,但它就是用不了,但是只要把quic改个端口,quic就可以用
{
"log": {
"access": "/var/log/xray/access.log",
"error": "/var/log/xray/error.log",
"loglevel": "warning",
"dnsLog": false
},
"api": {
"tag": "api",
"services": [
"HandlerService",
"LoggerService",
"StatsService"
]
},
"dns": {
"hosts": {
"domain:github.io": "pages.github.com",
"domain:wikipedia.org": "www.wikimedia.org",
"domain:shadowsocks.org": "electronicsrealm.com"
},
"servers": [
"1.1.1.1",
{
"address": "114.114.114.114",
"port": 53,
"domains": [
"geosite:cn"
]
},
"8.8.8.8",
"localhost"
]
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"domainMatcher": "hybrid",
"rules": [
{
"type": "field",
"ip": [
"geoip:private"
],
"outboundTag": "blocked"
}
]
},
"policy": {
"levels": {
"0": {
"uplinkOnly": 0,
"downlinkOnly": 0
}
},
"system": {
"statsInboundUplink": false,
"statsInboundDownlink": false
}
},
"inbounds": [
// vless+tcp+xtls
{
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "4eaaae16-685d-4871-82c7-3c3f2122623b",
"flow": "xtls-rprx-direct"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"tcpSettings": {
"header": {
"type": "none"
}
},
"xtlsSettings": {
"alpn": [
"h2",
"http/1.1"
],
"certificates": [
{
"certificateFile": "/path/to/fullchain.pem",
"keyFile": "/path/to/private.pem"
}
]
}
}
}
// vless+quic+tls
,{
"listen": "0.0.0.0",
"port": 443,
// "port": 2443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "4eaaae16-685d-4871-82c7-3c3f2122623b"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "quic",
"security": "tls",
"quicSettings": {
"security": "none",
// 由于iOS小火箭没有加密可选,这里我就不加密了
// "security": "chacha20-poly1305",
// "key": "ds33*q#2op9Sdpz",
"header": {
"type": "utp"
}
},
"tlsSettings": {
"certificates": [
{
"certificateFile": "/path/to/fullchain.pem",
"keyFile": "/path/to/private.pem"
}
]
}
},
"tag": "vless-quic"
}
],
"outbounds": [
{
"sendThrough": "0.0.0.0",
"protocol": "freedom",
"settings": {},
"tag": "direct"
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
],
"transport": {},
"stats": {},
"reverse": {}
}
配置本来设计的就是这样逻辑,不能这样写2个443。你以为一个是TCP的,一个是UDP的,它程序就这样定的,认为不能用。
要QUIC去用隔壁HY TUIC。XRAY这边开443,跑个VLESS TCP XTLS,HY你用443,就是监听的UDP的443。
配置本来设计的就是这样逻辑,不能这样写2个443。你以为一个是TCP的,一个是UDP的,它程序就这样定的,认为不能用。
要QUIC去用隔壁HY TUIC。XRAY这边开443,跑个VLESS TCP XTLS,HY你用443,就是监听的UDP的443。
哦哦,我也不是说非要用quic,只是不明白它不行的原因,既然程序本身设计的就是不能这么用的,那我就没什么问题了,因为我本以为一个tcp一个udp,这两者不会冲突🤣 毕竟端口也能同时开
官方已经说了使用xtls时,会拦截udp443端口的数据。所以不能使用同一个端口。我也按照官方说的使用了xtls-rprx-direct-udp443的流控模式来放行udp443端口,但程序直接提示不支持这个流控模式。于是我用了docker,
docker run --restart=unless-stopped -d --name xray -p 443:443/tcp -p 443:4443/udp -v pwd/config.json:/etc/xray/config.json teddysun/xray
这样,xray监听的4443udp端口,但实际上服务器对外仍然是udp443端口。
不过我明白的是为啥官方要拦截udp443端口?
