Xray-core
Xray-core copied to clipboard
XTLS
feat(vless): IP restriction
Limits user's connections by number of allowed IP addresses. Simply it closes any other connections if the user exceeds the limit.
The limitation is based on the Email provided for the user
Example config.json:
{
"policy": {
"levels": {
"0": {
"maxIPs": 0,
"statsUserUplink": true,
"statsUserDownlink": true
},
"1": {
"maxIPs": 1,
"statsUserUplink": true,
"statsUserDownlink": true
}
},
"system": {
"statsInboundUplink": true,
"statsInboundDownlink": true,
"statsOutboundUplink": true,
"statsOutboundDownlink": true
}
},
"inbounds": [
{
"listen": "0.0.0.0",
"tag": "vless-tcp-reality",
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "46a9ed35-8c0e-415a-9b5f-12755db8b8cd",
"email": "[email protected]",
"level": 1,
"flow": "xtls-rprx-vision"
},
{
"id": "aaf2d6f0-e3d0-3840-b59f-1027b6ab14e3",
"email": "[email protected]",
"level": 0,
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
}
}
]
}
Note that, my main programming language is not Golang (I've written this RnD) and I might have written some codes incorrectly. feel free to help me fix it. because I am a super newbie with Xray-Core coding and also Golang.
That is a great job. However, i think it would be better to have also a gRPC service to retrieve the active IPs. Is it possible to add it?
On Sat, Jul 1, 2023 at 2:13 AM realartin @.***> wrote:
@hiddify1 https://github.com/hiddify1 check this out
— Reply to this email directly, view it on GitHub https://github.com/XTLS/Xray-core/pull/2277#issuecomment-1615295516, or unsubscribe https://github.com/notifications/unsubscribe-auth/A3HPTEJ5VBPXK5NLLPFI3NTXN5TS7ANCNFSM6AAAAAAZZ3H2C4 . You are receiving this because you were mentioned.Message ID: @.***>
That is a great job. However, i think it would be better to have also a gRPC service to retrieve the active IPs. Is it possible to add it?
Well, that's possible. Currently, the real functionality of IP Restriction is important, then other things like API service
I think, core would not add logic to limit user. Such logic is only useful when tied with user authorization, payment calculation as such.
I think, core would not add logic to limit user. Such logic is only useful when tied with user authorization, payment calculation as such.
@yuhan6665, Why not? it's very useful to avoid sharing configs... This is a wanted feature from a lot of Iranian users. Some people implemented this outside of xray-core but it would be great to have it on xray-core, as an option.
frankly, core is maintained with volunteer time. It is crucial to focus this project.
frankly, core is maintained with volunteer time. It is crucial to focus this project.
Is that mean that this PR is never going to be merged? I did not get your mean by that.
I think, core would not add logic to limit user. Such logic is only useful when tied with user authorization, payment calculation as such.
@yuhan6665, Why not? it's very useful to avoid sharing configs... This is a wanted feature from a lot of Iranian users. Some people implemented this outside of xray-core but it would be great to have it on xray-core, as an option.
Maybe you shouldn't share your configs with others.Many Iranians want this feature because they sell proxies created by xray core, while xray core is not a commercial product.But I also think this feature can be a good option if we wanna share our server with other friends for cost sharing,so any chances to merge this PR? @yuhan6665 also CC @RPRX
The real problem is that when you set up a server with Xray-core and give that vless config to your friend they'll share that with other people and that's a big problem. But when it's limited by IP, a config cannot be shared with many people and this also helps sharing configs.
Of course, this helps proxy sellers but the main goal of this purpose is to avoid config sharing by limiting users by IP.
your service provider doesn't charge by number of connecting IPs right? It seems unnecessary to me. But again, I don't want core to get involved with these business logic anyway
@FranzKafkaYu, Not many people knows how to buy a VPS and setup a proxy, there's always someone that creates one and shares with others to help others access free internet
your service provider doesn't charge by number of connecting IPs right? It seems unnecessary to me. But again, I don't want core to get involved with these business logic anyway.
Almost all proxy sellers sell configs as subscriptions rather than single configuration, it's clear that this implementation does not provide limitation across multiple nodes and there's no Redis server involved here to help out proxy sellers.
~~我觉得你们说的都有些道理~~
一般来说我们不喜欢加机场专属功能,比如限 IP、限速,虽然 @FranzKafkaYu 找了一个不错的理由,~~不过我们都心知肚明~~
总之如果这是个 Feature Request,我肯定是不会去实现的,如果这是个写好的 PR,可以考虑一下,~~毕竟你们都找了“正当”理由~~
@FranzKafkaYu, Not many people knows how to buy a VPS and setup a proxy, there's always someone that creates one and shares with others to help others access free internet
it's reasonable,but if you share your configs with your friends,you should tell them do not share with others,or it will be blocked.If they shared,you should kick them out.Add this feature may cause some problems:
- Not all of us need this feature,but this feature will increase binay size,it's not friendly for some low-end devices such as routers.
- Need a stable maintainer for this feature,if you are willing to be a stable maintainer,this shouldn't be a problem
In principle,core should be tidy and keep core functions for proxy.User management and control should be achieved by other tools.Here if you want to restrict connected IPs,iptables can do this job for you.
In my opinion,this feature can be a good option if we share a proxy server with some strangers for cost sharing,but we also can use iptables to make some restrictions.
I think, core would not add logic to limit user. Such logic is only useful when tied with user authorization, payment calculation as such.
@yuhan6665, Why not? it's very useful to avoid sharing configs... This is a wanted feature from a lot of Iranian users. Some people implemented this outside of xray-core but it would be great to have it on xray-core, as an option.
Maybe you shouldn't share your configs with others.Many Iranians want this feature because they sell proxies created by xray core, while xray core is not a commercial product.But I also think this feature can be a good option if we wanna share our server with other friends for cost sharing,so any chances to merge this PR? @yuhan6665 also CC @RPRX
please consider if we make a config for a few people then those people share the config : 1-traffic goes more than we prepared for 2- more user on ip or domain = dpi blocking 3- .... we need this
If they shared,you should kick them out.
~~这也是我想说的~~
sir at least make it like an extension to the core , if someone needs it make it on if someone doesn't want to use make it off and the default it can be off
tnx a lot ❤️
@FranzKafkaYu, Not many people knows how to buy a VPS and setup a proxy, there's always someone that creates one and shares with others to help others access free internet
it's reasonable,but if you share your configs with your friends,you should tell them do not share with others,or it will be blocked.If they shared,you should kick them out.Add this feature may cause some problems:
- Not all of us need this feature,but this feature will increase binay size,it's not friendly for some low-end devices such as routers.
- Need a stable maintainer for this feature,if you are willing to be a stable maintainer,this shouldn't be a problem
In principle,core should be tidy and keep core functions for proxy.User management and control should be achieved by other tools.Here if you want to restrict connected IPs,iptables can do this job for you.
In my opinion,this feature can be a good option if we share a proxy server with some strangers for cost sharing,but we also can use iptables to make some restrictions.
this is not efficient when we have a lot of user we can't control theme 1 by 1 if we could make it Auto every user can use 2 ip per uuid for example or ... it's very efficient and effective
If they shared,you should kick them out.
~~这也是我想说的~~
for cost sharing : we pay for good vps for each 1TB 1usd for example if this option could be on and working we can provide 2 users per uuid and give them 1TB usage as fair usage unlimited for fair cost ! but if this option is not , if we give to user 1TB fair usage as unlimited they're going to share it and use more than what we prepared for , also when so many ip connect to 1 vps the bandwidth drops also dpi can easily find us
please consider this as a request for so many people and help us let this be an extension 🫠❤️
where's the core that we can test ?
The pull request is currently under review and is not yet merged into the main codebase.
Please take into consideration that the IPs on behind of CDN should be selected by X-REAL-IP header or other headers
Please take into consideration that the IPs on behind of CDN should be selected by X-REAL-IP header or other headers
WebSocket 入站有自动处理,gRPC 不清楚,麻烦 @amir-devman 测试一下
@amir-devman Hi Amir, how do I test your development? Can you give instructions ?
@amir-devman Hi Amir, how do I test your development? Can you give instructions ?
Hello, the current implementation is not correct and it crashes. and needs to be implemented in some other ways, my current work time is limited but trying to finish it asap.
Therefore, wait for correct implementation.
@amir-devman Thank you so much, I'm really looking forward to your release, good luck with your development!!!
@amir-devman Great implementation. Please do it for us with @RPRX because this feature is a must.
