Xray-core icon indicating copy to clipboard operation
Xray-core copied to clipboard
verified publisher icon XTLS

1.7.2 首次访问浏览器报 SSL_ERROR_RX_UNKNOWN_RECORD_TYPE

Open dream10201 opened this issue 2 years ago • 3 comments

首次通过代理访问某个网站时都会出错,需要点重试1到三次才能正常访问,浏览器用的火狐的SmartProxy插件,模式为全局代理。

error

smartproxy_setting

服务器配置

{
  "log": {
    "loglevel": "debug"
  },
  "inbounds": [
    {
      "listen": "0.0.0.0",
      "port": 443,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "",
            "flow": "xtls-rprx-vision"
          }
        ],
        "decryption": "none"
      },
      "streamSettings": {
        "network": "tcp",
        "security": "tls",
        "tlsSettings": {
          "certificates": [
            {
              "certificateFile": "/opt/etc/cert/cert.pem",
              "keyFile": "/opt/etc/cert/key.pem"
            }
          ]
        }
      },
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ]
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "tag": "direct"
    }
  ]
}

客户端配置

{
  "log": {
    "loglevel": "debug"
  },
  "routing": {
    "domainStrategy": "IPIfNonMatch",
    "rules": [
      {
        "type": "field",
        "domain": [
          "geosite:cn",
          "geosite:private"
        ],
        "outboundTag": "direct"
      },
      {
        "type": "field",
        "ip": [
          "geoip:cn",
          "geoip:private"
        ],
        "outboundTag": "direct"
      }
    ]
  },
  "inbounds": [
    {
      "listen": "0.0.0.0",
      "port": 10808,
      "protocol": "socks",
      "settings": {
        "udp": true
      },
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ]
      }
    },
    {
      "listen": "0.0.0.0",
      "port": 10809,
      "protocol": "http",
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ]
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "vless",
      "settings": {
        "vnext": [
          {
            "address": "",
            "port": 443,
            "users": [
              {
                "id": "",
                "encryption": "none",
                "flow": "xtls-rprx-vision"
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "security": "tls",
        "tlsSettings": {
          "serverName": "???.???",
          "allowInsecure": false,
          "fingerprint": "firefox"
        }
      },
      "tag": "proxy"
    },
    {
      "protocol": "freedom",
      "tag": "direct"
    }
  ]
}

附上debug下的双端log

log.zip

dream10201 avatar Jan 09 '23 03:01 dream10201

麻烦用手机开代理,电脑端浏览器的插件设置为手机的 http 代理地址,然后用 wireshark 截取对应的流,并传上来(记得脱敏)

RPRX avatar Jan 09 '23 05:01 RPRX

有空整下抓包吧,先关闭了

dream10201 avatar Jan 09 '23 15:01 dream10201

如果你遇到的问题可以稳定复现,是不用关闭这个 issue 的,它会帮助我们改进 Xray-core 的代码 说不定有人遇到了同样的问题,看到这个 issue 后会给我们反馈更多信息

RPRX avatar Jan 09 '23 15:01 RPRX

log.zip 今天一大早抓了一个,隐私浏览器访问的youtube,大概点重试点了6次才成功进去。

dream10201 avatar Jan 10 '23 01:01 dream10201

log.zip 今天一大早抓了一个,隐私浏览器访问的youtube,大概点重试点了6次才成功进去。

麻烦仅保留走代理的 TCP 连接数据

RPRX avatar Jan 10 '23 08:01 RPRX

@RPRX 是过滤代理的端口么,我用的http代理,10809端口,wireshark 过滤http 10809就行了吗?

dream10201 avatar Jan 11 '23 02:01 dream10201

@RPRX 我重启了下服务器,好像没问题了,我今天多测试下,后面反馈结果。

dream10201 avatar Jan 11 '23 02:01 dream10201

基本确认已经没问题了,果然遇事先重启。 然后我回忆了一下,在这段时间就修改了TCP数据缓冲大小和开启了BBR,不确定是不是这个导致的。这个问题可以关闭了。

net.core.rmem_max=2500000
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr

dream10201 avatar Jan 11 '23 05:01 dream10201