Xray-core
Xray-core copied to clipboard
XTLS
multi wg peers outbound only one established
Integrity requirements
- [x] I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
- [x] I provided the complete config and logs, rather than just providing the truncated parts based on my own judgment.
- [x] I searched issues and did not find any similar issues.
- [x] The problem can be successfully reproduced in the latest Release
Description
The case:
My remote access vpn (not for censorship resistant), restrict only one login. So I add rules to let xray server act as wg client (outbound), then by using censorship resistant client connecting to my xray server, I can achieve both accessing the blocked network and my private network (what's more, I can do mutiple login with different devices).
The problem:
My remote access vpn consist of three peers with allowedIPs to route network to peer.
My xray server config works well with my extra configs (the wg outbound and related rules).
However if I successfully connect to one host of one network from a peer, I can never connect to other networks of other peers. What's more the established peers also failed.
Reproduction Method
server config:
{
"log": {
"loglevel": "debug"
},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "abcd8888-a888-b888-c888-d88888888888",
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"dest": "7443",
"xver": 1,
"serverNames": [
"rich888-nonexistence.com",
"www.rich888-nonexistence.com"
],
"privateKey": "Rich8888rIch8888riCh8888ricH8888RIch8888rIC",
"shortIds": [
"a8888b8888c8888d"
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"dns": {
"servers": [
{
"address": "10.10.88.88",
"domains": [
"domain:subrich.net",
"domain:sub8888.net",
"domain:rich8888.net"
],
"skipFallback": true
}
]
},
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"ip": [
"10.10.0.0/16",
"10.13.0.0/16",
"100.64.0.0/16"
],
"outboundTag": "rich"
},
{
"type": "field",
"domain": [
"domain:subrich.net",
"domain:sub8888.net",
"domain:rich8888.net"
],
"outboundTag": "rich"
}
]
},
"outbounds": [
{
"protocol": "wireguard",
"tag": "rich",
"settings": {
"secretKey": "Rich8888rIch8888riCh8888ricH8888RIch8888rIC=",
"address": [
"192.168.88.88",
"fd42:42:42::42"
],
"noKernelTun": true,
"peers": [
{ // the peer 1
"endpoint": "36.88.88.88:18888",
"publicKey": "Rich6666rIch6666riCh6666ricH6666RIch6666rIC=",
"preSharedKey": "Rich9999rIch9999riCh9999ricH9999RIch9999rIC=",
"allowedIPs": [
"10.10.0.0/16"
]
},
{ // the peer 2
"endpoint": "211.88.88.88:19999",
"publicKey": "Rich6688rIch6688riCh6688ricH6688RIch6688rIC=",
"preSharedKey": "Rich9988rIch9988riCh9988ricH9988RIch9988rIC=",
"allowedIPs": [
"100.64.8.0/22",
"100.64.16.0/22"
]
},
{
"endpoint": "211.88.88.99:8899",
"publicKey": "Rich9898rIch9898riCh9898ricH9898RIch9898rIC=",
"preSharedKey": "Rich8989rIch8989riCh8989ricH8989RIch8989rIC=",
"allowedIPs": [
"100.64.24.0/22",
"100.64.28.0/22",
"10.13.100.0/24",
"10.13.10.0/24"
]
}
]
}
},
{
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "block"
}
]
}
Invoke call:
# this will dial through the peer 1
curl --socks5 127.0.0.1:10808 -H"Host: gitlab.subrich.net" -v http://10.10.88.99
# * Trying 127.0.0.1:10808...
# * Connected to 127.0.0.1 (127.0.0.1) port 10808
# * SOCKS5 connect to 10.10.88.99:80 (locally resolved)
# * SOCKS5 request granted.
# * Connected to 127.0.0.1 (127.0.0.1) port 10808
# > GET / HTTP/1.1
# > Host: gitlab.subrich.net
# > User-Agent: curl/8.5.0
# > Accept: */*
# >
# < HTTP/1.1 301 Moved Permanently
# < Server: nginx/1.25.3
# < Date: Wed, 19 Mar 2025 07:00:16 GMT
# < Content-Type: text/html
# < Content-Length: 169
# < Connection: keep-alive
# < Location: https://gitlab.subrich.net/
# <
# <html>
# <head><title>301 Moved Permanently</title></head>
# <body>
# <center><h1>301 Moved Permanently</h1></center>
# <hr><center>nginx/1.25.3</center>
# </body>
# </html>
Then, try the peer 2
ssh -o ProxyCommand='nc -x 127.0.0.1:10808 %h %p' [email protected]
# it hanging there, what's more if I try peer 1 with the curl above, it also failed.
And if I restart the xray server, and try peer 2 first:
ssh -o ProxyCommand='nc -x 127.0.0.1:10808 %h %p' [email protected]
# The authenticity of host '100.64.8.8 (<no hostip for proxy command>)' can't be established.
# ED25519 key fingerprint is SHA256:Rich8888rIch8888riCh8888ricH8888/kCoh+MljVo.
# This key is not known by any other names.
# Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
# Warning: Permanently added '100.64.8.8' (ED25519) to the list of known hosts.
# [email protected]'s password:
It connected, and then if I try peer 1 with the curl above, the curl failed, and the peer 2 also can't connect any more.
It seems that only the first established peer works.
Server logs provided.
Client config
Server config
Client log
Server log
// peer1 then peer 2
Xray 25.3.6 (Xray, Penetrates Everything.) Custom (go1.24.0 linux/amd64)
A unified platform for anti-censorship.
2025/03/19 15:14:54.977610 [Info] infra/conf/serial: Reading config: &{Name:/etc/vless/config.json Format:json}
2025/03/19 15:14:55.074565 [Debug] app/log: Logger started
2025/03/19 15:14:55.075282 [Info] app/dns: DNS: created UDP client initialized for 10.10.88.88:53
2025/03/19 15:14:55.075420 [Debug] app/router: MphDomainMatcher is enabled for 3 domain rule(s)
2025/03/19 15:14:55.075611 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:10808
2025/03/19 15:14:55.075882 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:10809
2025/03/19 15:14:55.076136 [Debug] app/proxyman/inbound: creating stream worker on 0.0.0.0:443
2025/03/19 15:14:55.077592 [Info] transport/internet/tcp: listening TCP on 127.0.0.1:10808
2025/03/19 15:14:55.078119 [Info] transport/internet/tcp: listening TCP on 127.0.0.1:10809
2025/03/19 15:14:55.170934 [Info] transport/internet/tcp: listening TCP on 0.0.0.0:443
2025/03/19 15:14:55.171671 [Warning] core: Xray 25.3.6 started
2025/03/19 15:15:22.673029 [Info] [629538135] proxy/vless/inbound: firstLen = 1186
2025/03/19 15:15:22.673524 [Info] [629538135] proxy/vless/inbound: received request for tcp:gitlab.subrich.net:443
2025/03/19 15:15:22.675434 [Info] [629538135] proxy: Xtls Unpadding new block, content 1726 padding 0 command 0
2025/03/19 15:15:22.675764 [Info] [629538135] proxy: XtlsFilterTls found tls client hello! 1106
2025/03/19 15:15:22.679737 [Info] [629538135] app/dispatcher: sniffed domain: gitlab.subrich.net
2025/03/19 15:15:22.679858 [Info] [629538135] app/dispatcher: taking detour [rich] for [tcp:gitlab.subrich.net:443]
2025/03/19 15:15:22.681271 [Info] switching dialer
2025/03/19 15:15:22.681827 [Warning] proxy/wireguard: Using gVisor TUN. NoKernelTun is set to true.
2025/03/19 15:15:22.684098 from 116.88.88.99:64061 accepted tcp:gitlab.subrich.net:443 [rich]
2025/03/19 15:15:22.685001 [Debug] UAPI: Updating private key
2025/03/19 15:15:22.685145 [Debug] Routine: encryption worker 1 - started
2025/03/19 15:15:22.687749 [Debug] Routine: decryption worker 2 - started
2025/03/19 15:15:22.688312 [Debug] Routine: decryption worker 1 - started
2025/03/19 15:15:22.688400 [Debug] Routine: handshake worker 1 - started
2025/03/19 15:15:22.690309 [Debug] Routine: encryption worker 2 - started
2025/03/19 15:15:22.691034 [Debug] peer(TbMY…6cW0) - UAPI: Created
2025/03/19 15:15:22.691332 [Debug] peer(TbMY…6cW0) - UAPI: Updating preshared key
2025/03/19 15:15:22.691453 [Debug] peer(TbMY…6cW0) - UAPI: Updating endpoint
2025/03/19 15:15:22.691829 [Debug] peer(TbMY…6cW0) - UAPI: Adding allowedip
2025/03/19 15:15:22.692308 [Debug] peer(wZs5…arXY) - UAPI: Created
2025/03/19 15:15:22.692348 [Debug] peer(wZs5…arXY) - UAPI: Updating preshared key
2025/03/19 15:15:22.692817 [Debug] peer(wZs5…arXY) - UAPI: Updating endpoint
2025/03/19 15:15:22.692939 [Debug] peer(wZs5…arXY) - UAPI: Adding allowedip
2025/03/19 15:15:22.692963 [Debug] peer(wZs5…arXY) - UAPI: Adding allowedip
2025/03/19 15:15:22.692985 [Debug] peer(zHpT…jpwY) - UAPI: Created
2025/03/19 15:15:22.693011 [Debug] peer(zHpT…jpwY) - UAPI: Updating preshared key
2025/03/19 15:15:22.770835 [Debug] peer(zHpT…jpwY) - UAPI: Updating endpoint
2025/03/19 15:15:22.771001 [Debug] [629538135] transport/internet: dialing to udp:36.88.88.88:18888
2025/03/19 15:15:22.771874 [Debug] Routine: event worker - started
2025/03/19 15:15:22.772009 [Debug] Interface up requested
2025/03/19 15:15:22.772155 [Debug] Routine: handshake worker 2 - started
2025/03/19 15:15:22.773509 [Debug] peer(TbMY…6cW0) - Received handshake response
2025/03/19 15:15:22.687404 from DNS accepted udp:10.10.88.88:53 [xray.system.e13ed173-0f80-4d0a-875f-8c6be5530eb3 -> rich]
2025/03/19 15:15:22.795046 [Info] [389849572] proxy/vless/inbound: firstLen = 1186
2025/03/19 15:15:22.795215 [Info] [389849572] proxy/vless/inbound: received request for tcp:gitlab.subrich.net:443
2025/03/19 15:15:22.795345 [Info] [389849572] proxy: Xtls Unpadding new block, content 1726 padding 0 command 0
2025/03/19 15:15:22.796178 [Info] [389849572] proxy: XtlsFilterTls found tls client hello! 1106
2025/03/19 15:15:22.796203 [Info] [389849572] app/dispatcher: sniffed domain: gitlab.subrich.net
2025/03/19 15:15:22.796241 [Info] [389849572] app/dispatcher: taking detour [rich] for [tcp:gitlab.subrich.net:443]
2025/03/19 15:15:22.796331 [Debug] app/dns: domain gitlab.subrich.net matches following rules: [domain:subrich.net(DNS idx:0)]
2025/03/19 15:15:22.796403 [Debug] app/dns: domain gitlab.subrich.net will use DNS in order: [UDP:10.10.88.88:53]
2025/03/19 15:15:22.796443 [Debug] app/dns: UDP:10.10.88.88:53 querying DNS for: gitlab.subrich.net.
2025/03/19 15:15:22.796497 [Debug] transport/internet/udp: dispatch request to: udp:10.10.88.88:53
2025/03/19 15:15:22.796553 [Debug] transport/internet/udp: dispatch request to: udp:10.10.88.88:53
2025/03/19 15:15:22.795607 from 116.88.88.99:64062 accepted tcp:gitlab.subrich.net:443 [rich]
2025/03/19 15:15:22.796886 [Info] app/dns: UDP:10.10.88.88:53 got answer: gitlab.subrich.net. TypeA -> [10.10.88.99] 110.008616ms
2025/03/19 15:15:22.797415 [Debug] app/dns: UDP:10.10.88.88:53 updating IP records for domain:gitlab.subrich.net.
2025/03/19 15:15:22.797536 [Info] app/dns: UDP:10.10.88.88:53 got answer: gitlab.subrich.net. TypeAAAA -> [] 110.093109ms
2025/03/19 15:15:22.797595 [Debug] app/dns: UDP:10.10.88.88:53 updating IP records for domain:gitlab.subrich.net.
2025/03/19 15:15:22.871438 [Info] app/dns: UDP:10.10.88.88:53 got answer: gitlab.subrich.net. TypeA -> [10.10.88.99] 75.863839ms
2025/03/19 15:15:22.871579 [Debug] app/dns: UDP:10.10.88.88:53 updating IP records for domain:gitlab.subrich.net.
2025/03/19 15:15:22.871889 [Info] app/dns: UDP:10.10.88.88:53 got answer: gitlab.subrich.net. TypeAAAA -> [] 76.351322ms
2025/03/19 15:15:22.871988 [Debug] app/dns: UDP:10.10.88.88:53 updating IP records for domain:gitlab.subrich.net.
2025/03/19 15:15:22.900225 [Info] [629538135] proxy: XtlsFilterTls found tls 1.3! 3308 TLS_AES_128_GCM_SHA256
2025/03/19 15:15:22.900344 [Info] [629538135] proxy: XtlsPadding 3308 161 0
2025/03/19 15:15:22.971416 [Info] [389849572] proxy: XtlsFilterTls found tls 1.3! 1368 TLS_AES_128_GCM_SHA256
2025/03/19 15:15:22.971488 [Info] [389849572] proxy: XtlsPadding 1368 11 0
2025/03/19 15:15:22.973009 [Info] [629538135] proxy: Xtls Unpadding new block, content 64 padding 969 command 2
2025/03/19 15:15:22.973376 [Info] [629538135] proxy: CopyRawConn readv
2025/03/19 15:15:22.973806 [Info] [389849572] proxy: XtlsPadding 1942 23 0
2025/03/19 15:15:22.989227 [Info] [389849572] proxy: Xtls Unpadding new block, content 64 padding 910 command 2
2025/03/19 15:15:22.989532 [Info] [389849572] proxy: CopyRawConn readv
2025/03/19 15:15:22.995928 [Info] [629538135] proxy: XtlsPadding 574 449 2
2025/03/19 15:15:23.012681 [Info] [389849572] proxy: XtlsPadding 574 556 2
2025/03/19 15:15:24.073920 [Info] [2298338073] proxy/vless/inbound: firstLen = 1186
2025/03/19 15:15:24.074286 [Info] [2298338073] proxy/vless/inbound: received request for tcp:gitlab.subrich.net:443
2025/03/19 15:15:24.075009 [Info] [2298338073] proxy: Xtls Unpadding new block, content 2013 padding 0 command 0
2025/03/19 15:15:24.075408 [Info] [2298338073] proxy: XtlsFilterTls found tls client hello! 1106
2025/03/19 15:15:24.075722 [Info] [2298338073] app/dispatcher: sniffed domain: gitlab.subrich.net
2025/03/19 15:15:24.075824 [Info] [2298338073] app/dispatcher: taking detour [rich] for [tcp:gitlab.subrich.net:443]
2025/03/19 15:15:24.076172 [Debug] app/dns: domain gitlab.subrich.net matches following rules: [domain:subrich.net(DNS idx:0)]
2025/03/19 15:15:24.077042 [Debug] app/dns: domain gitlab.subrich.net will use DNS in order: [UDP:10.10.88.88:53]
2025/03/19 15:15:24.077199 [Debug] app/dns: UDP:10.10.88.88:53 cache HIT gitlab.subrich.net -> [10.10.88.99]
2025/03/19 15:15:24.075306 from 116.88.88.99:64103 accepted tcp:gitlab.subrich.net:443 [rich]
2025/03/19 15:15:24.172857 [Info] [1671595147] proxy/vless/inbound: firstLen = 1186
2025/03/19 15:15:24.174409 [Info] [1671595147] proxy/vless/inbound: received request for tcp:gitlab.subrich.net:443
2025/03/19 15:15:24.176437 [Info] [1671595147] proxy: Xtls Unpadding new block, content 2013 padding 0 command 0
2025/03/19 15:15:24.176756 [Info] [1671595147] proxy: XtlsFilterTls found tls client hello! 1106
2025/03/19 15:15:24.177696 [Info] [1671595147] app/dispatcher: sniffed domain: gitlab.subrich.net
2025/03/19 15:15:24.177722 [Info] [1671595147] app/dispatcher: taking detour [rich] for [tcp:gitlab.subrich.net:443]
2025/03/19 15:15:24.178049 [Debug] app/dns: domain gitlab.subrich.net matches following rules: [domain:subrich.net(DNS idx:0)]
2025/03/19 15:15:24.178584 [Debug] app/dns: domain gitlab.subrich.net will use DNS in order: [UDP:10.10.88.88:53]
2025/03/19 15:15:24.179197 [Debug] app/dns: UDP:10.10.88.88:53 cache HIT gitlab.subrich.net -> [10.10.88.99]
2025/03/19 15:15:24.176814 from 116.88.88.99:64104 accepted tcp:gitlab.subrich.net:443 [rich]
2025/03/19 15:15:24.199687 [Info] [2298338073] proxy: XtlsFilterTls found tls 1.3! 244 TLS_AES_128_GCM_SHA256
2025/03/19 15:15:24.199796 [Info] [2298338073] proxy: XtlsPadding 244 1125 0
2025/03/19 15:15:24.271767 [Info] [2298338073] proxy: Xtls Unpadding new block, content 64 padding 1139 command 2
2025/03/19 15:15:24.272030 [Info] [2298338073] proxy: CopyRawConn readv
2025/03/19 15:15:24.274679 [Info] [1671595147] proxy: XtlsFilterTls found tls 1.3! 244 TLS_AES_128_GCM_SHA256
2025/03/19 15:15:24.276447 [Info] [1671595147] proxy: XtlsPadding 244 902 0
2025/03/19 15:15:24.292024 [Info] [1671595147] proxy: Xtls Unpadding new block, content 64 padding 1005 command 2
2025/03/19 15:15:24.292236 [Info] [1671595147] proxy: CopyRawConn readv
2025/03/19 15:15:24.295756 [Info] [2298338073] proxy: XtlsPadding 287 742 2
2025/03/19 15:15:24.371953 [Info] [1208214367] proxy/vless/inbound: firstLen = 1186
2025/03/19 15:15:24.372034 [Info] [1208214367] proxy/vless/inbound: received request for tcp:gitlab.subrich.net:443
2025/03/19 15:15:24.372976 [Info] [1208214367] proxy: Xtls Unpadding new block, content 1790 padding 0 command 0
2025/03/19 15:15:24.373257 [Info] [1208214367] proxy: XtlsFilterTls found tls client hello! 1106
2025/03/19 15:15:24.374567 [Info] [1208214367] app/dispatcher: sniffed domain: gitlab.subrich.net
2025/03/19 15:15:24.375294 [Info] [1208214367] app/dispatcher: taking detour [rich] for [tcp:gitlab.subrich.net:443]
2025/03/19 15:15:24.377707 [Debug] app/dns: domain gitlab.subrich.net matches following rules: [domain:subrich.net(DNS idx:0)]
2025/03/19 15:15:24.377893 [Debug] app/dns: domain gitlab.subrich.net will use DNS in order: [UDP:10.10.88.88:53]
2025/03/19 15:15:24.378132 [Debug] app/dns: UDP:10.10.88.88:53 cache HIT gitlab.subrich.net -> [10.10.88.99]
2025/03/19 15:15:24.378681 [Info] [2687061833] proxy/vless/inbound: firstLen = 1186
2025/03/19 15:15:24.378993 [Info] [2687061833] proxy/vless/inbound: received request for tcp:gitlab.subrich.net:443
2025/03/19 15:15:24.382829 [Info] [2687061833] proxy: Xtls Unpadding new block, content 1822 padding 0 command 0
2025/03/19 15:15:24.382933 [Info] [2687061833] proxy: XtlsFilterTls found tls client hello! 1106
2025/03/19 15:15:24.384308 [Info] [2687061833] app/dispatcher: sniffed domain: gitlab.subrich.net
2025/03/19 15:15:24.384447 [Info] [2687061833] app/dispatcher: taking detour [rich] for [tcp:gitlab.subrich.net:443]
2025/03/19 15:15:24.385217 [Debug] app/dns: domain gitlab.subrich.net matches following rules: [domain:subrich.net(DNS idx:0)]
2025/03/19 15:15:24.385372 [Debug] app/dns: domain gitlab.subrich.net will use DNS in order: [UDP:10.10.88.88:53]
2025/03/19 15:15:24.470912 [Debug] app/dns: UDP:10.10.88.88:53 cache HIT gitlab.subrich.net -> [10.10.88.99]
2025/03/19 15:15:24.471417 [Info] [1671595147] proxy: XtlsPadding 2859 77 2
2025/03/19 15:15:24.376007 from 116.88.88.99:64106 accepted tcp:gitlab.subrich.net:443 [rich]
2025/03/19 15:15:24.472085 from 116.88.88.99:64105 accepted tcp:gitlab.subrich.net:443 [rich]
2025/03/19 15:15:24.499425 [Info] [1208214367] proxy: XtlsFilterTls found tls 1.3! 1368 TLS_AES_128_GCM_SHA256
2025/03/19 15:15:24.499528 [Info] [1208214367] proxy: XtlsPadding 1368 190 0
2025/03/19 15:15:24.500502 [Info] [1208214367] proxy: XtlsPadding 1940 192 0
2025/03/19 15:15:24.571262 [Info] [2687061833] proxy: XtlsFilterTls found tls 1.3! 1368 TLS_AES_128_GCM_SHA256
2025/03/19 15:15:24.571981 [Info] [2687061833] proxy: XtlsPadding 1368 245 0
2025/03/19 15:15:24.572144 [Info] [2687061833] proxy: XtlsPadding 1941 49 0
2025/03/19 15:15:24.573621 [Info] [1208214367] proxy: Xtls Unpadding new block, content 64 padding 1022 command 2
2025/03/19 15:15:24.573857 [Info] [1208214367] proxy: CopyRawConn readv
2025/03/19 15:15:24.589859 [Info] [2687061833] proxy: Xtls Unpadding new block, content 64 padding 1061 command 2
2025/03/19 15:15:24.590230 [Info] [2687061833] proxy: CopyRawConn readv
2025/03/19 15:15:24.597153 [Info] [1208214367] proxy: XtlsPadding 287 1063 2
2025/03/19 15:15:24.613299 [Info] [2687061833] proxy: XtlsPadding 287 773 2
2025/03/19 15:15:41.533549 [Info] [991037747] proxy/vless/inbound: firstLen = 201
2025/03/19 15:15:41.533708 [Info] [991037747] proxy/vless/inbound: received request for tcp:100.64.8.8:22
2025/03/19 15:15:41.533856 [Info] [991037747] proxy: Xtls Unpadding new block, content 50 padding 86 command 0
2025/03/19 15:15:41.533994 [Info] [991037747] app/dispatcher: taking detour [rich] for [tcp:100.64.8.8:22]
2025/03/19 15:15:41.534931 [Debug] peer(wZs5…arXY) - Sending handshake initiation
2025/03/19 15:15:41.535246 from 116.88.88.99:64683 accepted tcp:100.64.8.8:22 [rich]
2025/03/19 15:15:41.535428 [Debug] [629538135] transport/internet: dialing to udp:211.88.88.88:19999
2025/03/19 15:15:45.093450 [Debug] peer(TbMY…6cW0) - Receiving keepalive packet
2025/03/19 15:15:45.094061 [Debug] peer(wZs5…arXY) - Received handshake response
2025/03/19 15:16:00.272909 [Debug] peer(wZs5…arXY) - Retrying handshake because we stopped hearing back after 15 seconds
2025/03/19 15:16:00.272955 [Debug] peer(wZs5…arXY) - Sending handshake initiation
2025/03/19 15:16:05.492780 [Debug] peer(wZs5…arXY) - Handshake did not complete after 5 seconds, retrying (try 2)
2025/03/19 15:16:05.492857 [Debug] peer(wZs5…arXY) - Sending handshake initiation
2025/03/19 15:16:10.565462 [Debug] peer(wZs5…arXY) - Handshake did not complete after 5 seconds, retrying (try 3)
2025/03/19 15:16:10.565611 [Debug] peer(wZs5…arXY) - Sending handshake initiation
2025/03/19 15:16:15.637261 [Debug] peer(wZs5…arXY) - Handshake did not complete after 5 seconds, retrying (try 4)
2025/03/19 15:16:15.637488 [Debug] peer(wZs5…arXY) - Sending handshake initiation
2025/03/19 15:16:20.912528 [Debug] peer(wZs5…arXY) - Handshake did not complete after 5 seconds, retrying (try 5)
2025/03/19 15:16:20.912636 [Debug] peer(wZs5…arXY) - Sending handshake initiation
2025/03/19 15:16:23.369047 [Info] transport/internet/tcp: REALITY: processed invalid connection
2025/03/19 15:16:25.505338 [Info] [2687061833] app/proxyman/inbound: connection ends > proxy/vless/inbound: connection ends > context canceled
2025/03/19 15:16:25.505431 [Info] [1208214367] app/proxyman/inbound: connection ends > proxy/vless/inbound: connection ends > context canceled
2025/03/19 15:16:25.961044 [Debug] peer(wZs5…arXY) - Handshake did not complete after 5 seconds, retrying (try 6)
2025/03/19 15:16:25.961247 [Debug] peer(wZs5…arXY) - Sending handshake initiation
2025/03/19 15:16:29.506756 [Debug] Received invalid response message from 211.88.88.88:19999
2025/03/19 15:16:29.506864 [Debug] Received invalid response message from 211.88.88.88:19999
2025/03/19 15:16:29.990720 [Debug] Received invalid response message from 211.88.88.88:19999
2025/03/19 15:16:30.219996 [Info] [389849572] app/proxyman/inbound: connection ends > proxy/vless/inbound: connection ends > context canceled
2025/03/19 15:16:30.508144 [Info] [2298338073] app/proxyman/inbound: connection ends > proxy/vless/inbound: connection ends > context canceled
2025/03/19 15:16:30.991738 [Info] [629538135] app/proxyman/inbound: connection ends > proxy/vless/inbound: connection ends > context canceled
2025/03/19 15:16:31.014361 [Debug] Received invalid response message from 211.88.88.88:19999
2025/03/19 15:16:31.053827 [Debug] peer(wZs5…arXY) - Handshake did not complete after 5 seconds, retrying (try 7)
2025/03/19 15:16:31.054001 [Debug] peer(wZs5…arXY) - Sending handshake initiation
2025/03/19 15:16:36.252847 [Debug] peer(wZs5…arXY) - Handshake did not complete after 5 seconds, retrying (try 8)
2025/03/19 15:16:36.253460 [Debug] peer(wZs5…arXY) - Sending handshake initiation
2025/03/19 15:16:36.851474 [Debug] Received invalid response message from 211.88.88.88:19999
2025/03/19 15:16:36.851814 [Info] [991037747] app/proxyman/outbound: app/proxyman/outbound: failed to process outbound traffic > proxy/wireguard: connection ends > read tcp 192.168.202.49:34981: connection reset by peer
2025/03/19 15:16:36.852275 [Info] [991037747] app/proxyman/inbound: connection ends > proxy/vless/inbound: connection ends > io: read/write on closed pipe
2025/03/19 15:16:37.975594 [Debug] Received invalid response message from 211.88.88.88:19999
2025/03/19 15:16:41.377751 [Debug] peer(wZs5…arXY) - Handshake did not complete after 5 seconds, retrying (try 9)
2025/03/19 15:16:41.377833 [Debug] peer(wZs5…arXY) - Sending handshake initiation
2025/03/19 15:16:45.110335 [Debug] Received invalid response message from 211.88.88.88:19999
2025/03/19 15:16:46.681009 [Debug] peer(wZs5…arXY) - Handshake did not complete after 5 seconds, retrying (try 10)
2025/03/19 15:16:46.681056 [Debug] peer(wZs5…arXY) - Sending handshake initiation
2025/03/19 15:16:51.829322 [Debug] peer(wZs5…arXY) - Handshake did not complete after 5 seconds, retrying (try 11)
2025/03/19 15:16:51.829353 [Debug] peer(wZs5…arXY) - Sending handshake initiation
2025/03/19 15:16:55.141596 [Debug] Received invalid response message from 211.88.88.88:19999
2025/03/19 15:16:55.141696 [Debug] peer(TbMY…6cW0) - Receiving keepalive packet
2025/03/19 15:16:56.938059 [Debug] peer(wZs5…arXY) - Handshake did not complete after 5 seconds, retrying (try 12)
2025/03/19 15:16:56.938726 [Debug] peer(wZs5…arXY) - Sending handshake initiation
2025/03/19 15:17:02.065613 [Debug] peer(wZs5…arXY) - Handshake did not complete after 5 seconds, retrying (try 13)
2025/03/19 15:17:02.065739 [Debug] peer(wZs5…arXY) - Sending handshake initiation
2025/03/19 15:17:07.396228 [Debug] peer(wZs5…arXY) - Handshake did not complete after 5 seconds, retrying (try 14)
2025/03/19 15:17:07.396285 [Debug] peer(wZs5…arXY) - Sending handshake initiation
2025/03/19 15:17:11.735515 [Info] transport/internet/tcp: REALITY: processed invalid connection
2025/03/19 15:17:12.621621 [Debug] peer(wZs5…arXY) - Handshake did not complete after 5 seconds, retrying (try 15)
2025/03/19 15:17:12.621772 [Debug] peer(wZs5…arXY) - Sending handshake initiation
2025/03/19 15:17:17.717043 [Debug] peer(wZs5…arXY) - Handshake did not complete after 5 seconds, retrying (try 16)
2025/03/19 15:17:17.717171 [Debug] peer(wZs5…arXY) - Sending handshake initiation
2025/03/19 15:17:22.689125 [Info] transport/internet/udp: failed to handle UDP input > io: read/write on closed pipe
2025/03/19 15:17:22.989831 [Debug] peer(wZs5…arXY) - Handshake did not complete after 5 seconds, retrying (try 17)
2025/03/19 15:17:22.990303 [Debug] peer(wZs5…arXY) - Sending handshake initiation
2025/03/19 15:17:24.829936 [Debug] peer(TbMY…6cW0) - Sending handshake initiation
2025/03/19 15:17:24.855152 [Debug] peer(TbMY…6cW0) - Received handshake response
2025/03/19 15:17:24.855202 [Debug] peer(TbMY…6cW0) - Sending keepalive packet
2025/03/19 15:17:24.855216 [Debug] Received invalid response message from 211.88.88.88:19999
2025/03/19 15:17:24.878514 [Debug] Received invalid response message from 211.88.88.88:19999
2025/03/19 15:17:28.297570 [Debug] peer(wZs5…arXY) - Handshake did not complete after 5 seconds, retrying (try 18)
2025/03/19 15:17:28.297603 [Debug] peer(wZs5…arXY) - Sending handshake initiation
2025/03/19 15:17:33.370278 [Debug] peer(wZs5…arXY) - Handshake did not complete after 5 seconds, retrying (try 19)
2025/03/19 15:17:33.370591 [Debug] peer(wZs5…arXY) - Sending handshake initiation
2025/03/19 15:17:34.917673 [Debug] peer(TbMY…6cW0) - Receiving keepalive packet
2025/03/19 15:17:34.917746 [Debug] Received invalid response message from 211.88.88.88:19999
2025/03/19 15:17:38.702720 [Debug] peer(wZs5…arXY) - Handshake did not complete after 5 seconds, retrying (try 20)
2025/03/19 15:17:38.702755 [Debug] peer(wZs5…arXY) - Sending handshake initiation
2025/03/19 15:17:39.374474 [Info] transport/internet/tcp: REALITY: processed invalid connection
2025/03/19 15:17:39.849717 [Debug] Received invalid response message from 211.88.88.88:19999
2025/03/19 15:17:39.850041 [Debug] Received invalid response message from 211.88.88.88:19999
2025/03/19 15:17:40.863795 [Debug] Received invalid response message from 211.88.88.88:19999
2025/03/19 15:17:40.863856 [Debug] Received invalid response message from 211.88.88.88:19999
2025/03/19 15:17:40.982637 [Debug] Received invalid response message from 211.88.88.88:19999
2025/03/19 15:17:40.991639 [Debug] Received invalid response message from 211.88.88.88:19999
2025/03/19 15:17:43.860282 [Debug] Received invalid response message from 211.88.88.88:19999
2025/03/19 15:17:43.860476 [Debug] Received invalid response message from 211.88.88.88:19999
2025/03/19 15:17:43.911340 [Debug] peer(wZs5…arXY) - Handshake did not complete after 20 attempts, giving up
2025/03/19 15:17:48.113696 [Debug] peer(wZs5…arXY) - Received handshake response
2025/03/19 15:17:48.113939 [Debug] peer(wZs5…arXY) - Sending keepalive packet
2025/03/19 15:18:02.956316 [Info] transport/internet/tcp: REALITY: processed invalid connection
2025/03/19 15:18:03.415619 [Debug] peer(TbMY…6cW0) - Retrying handshake because we stopped hearing back after 15 seconds
2025/03/19 15:18:03.415948 [Debug] peer(TbMY…6cW0) - Sending handshake initiation
2025/03/19 15:18:08.563903 [Debug] peer(TbMY…6cW0) - Handshake did not complete after 5 seconds, retrying (try 2)
2025/03/19 15:18:08.563956 [Debug] peer(TbMY…6cW0) - Sending handshake initiation
2025/03/19 15:18:13.843526 [Debug] peer(TbMY…6cW0) - Handshake did not complete after 5 seconds, retrying (try 3)
2025/03/19 15:18:13.843614 [Debug] peer(TbMY…6cW0) - Sending handshake initiation
2025/03/19 15:18:19.144546 [Debug] peer(TbMY…6cW0) - Handshake did not complete after 5 seconds, retrying (try 4)
2025/03/19 15:18:19.145035 [Debug] peer(TbMY…6cW0) - Sending handshake initiation
2025/03/19 15:18:24.162446 [Debug] peer(TbMY…6cW0) - Handshake did not complete after 5 seconds, retrying (try 5)
2025/03/19 15:18:24.162570 [Debug] peer(TbMY…6cW0) - Sending handshake initiation
2025/03/19 15:18:29.356964 [Debug] peer(TbMY…6cW0) - Handshake did not complete after 5 seconds, retrying (try 6)
2025/03/19 15:18:29.357104 [Debug] peer(TbMY…6cW0) - Sending handshake initiation
2025/03/19 15:18:33.197777 [Info] transport/internet/tcp: REALITY: processed invalid connection
2025/03/19 15:18:34.652859 [Debug] peer(TbMY…6cW0) - Handshake did not complete after 5 seconds, retrying (try 7)
2025/03/19 15:18:34.652935 [Debug] peer(TbMY…6cW0) - Sending handshake initiation
2025/03/19 15:18:39.873863 [Debug] peer(TbMY…6cW0) - Handshake did not complete after 5 seconds, retrying (try 8)
2025/03/19 15:18:39.874103 [Debug] peer(TbMY…6cW0) - Sending handshake initiation
2025/03/19 15:18:44.876136 [Debug] peer(TbMY…6cW0) - Handshake did not complete after 5 seconds, retrying (try 9)
2025/03/19 15:18:44.876178 [Debug] peer(TbMY…6cW0) - Sending handshake initiation
2025/03/19 15:18:49.912284 [Debug] peer(TbMY…6cW0) - Handshake did not complete after 5 seconds, retrying (try 10)
2025/03/19 15:18:49.912397 [Debug] peer(TbMY…6cW0) - Sending handshake initiation
2025/03/19 15:18:55.135759 [Debug] peer(TbMY…6cW0) - Handshake did not complete after 5 seconds, retrying (try 11)
2025/03/19 15:18:55.135792 [Debug] peer(TbMY…6cW0) - Sending handshake initiation
2025/03/19 15:18:57.950942 [Debug] peer(TbMY…6cW0) - Retrying handshake because we stopped hearing back after 15 seconds
2025/03/19 15:19:00.312522 [Debug] peer(TbMY…6cW0) - Handshake did not complete after 5 seconds, retrying (try 2)
2025/03/19 15:19:00.312675 [Debug] peer(TbMY…6cW0) - Sending handshake initiation
// peer 2 then peer 1
Xray 25.3.6 (Xray, Penetrates Everything.) Custom (go1.24.0 linux/amd64)
A unified platform for anti-censorship.
2025/03/19 15:21:38.429296 [Info] infra/conf/serial: Reading config: &{Name:/etc/vless/config.json Format:json}
2025/03/19 15:21:38.433084 [Debug] app/log: Logger started
2025/03/19 15:21:38.433349 [Info] app/dns: DNS: created UDP client initialized for 10.10.88.88:53
2025/03/19 15:21:38.433551 [Debug] app/router: MphDomainMatcher is enabled for 3 domain rule(s)
2025/03/19 15:21:38.433591 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:10808
2025/03/19 15:21:38.433617 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:10809
2025/03/19 15:21:38.433688 [Debug] app/proxyman/inbound: creating stream worker on 0.0.0.0:443
2025/03/19 15:21:38.527912 [Info] transport/internet/tcp: listening TCP on 127.0.0.1:10808
2025/03/19 15:21:38.528585 [Info] transport/internet/tcp: listening TCP on 127.0.0.1:10809
2025/03/19 15:21:38.529062 [Info] transport/internet/tcp: listening TCP on 0.0.0.0:443
2025/03/19 15:21:38.530427 [Warning] core: Xray 25.3.6 started
2025/03/19 15:22:51.531744 [Info] [266406767] proxy/socks: TCP Connect request to tcp:100.64.8.8:22
2025/03/19 15:22:51.532495 [Info] [266406767] app/dispatcher: taking detour [rich] for [tcp:100.64.8.8:22]
2025/03/19 15:22:51.532669 [Info] switching dialer
2025/03/19 15:22:51.532814 [Warning] proxy/wireguard: Using gVisor TUN. NoKernelTun is set to true.
2025/03/19 15:22:51.533402 from tcp:127.0.0.1:48668 accepted tcp:100.64.8.8:22 [rich]
2025/03/19 15:22:51.534649 [Debug] UAPI: Updating private key
2025/03/19 15:22:51.535006 [Debug] peer(TbMY…6cW0) - UAPI: Created
2025/03/19 15:22:51.535177 [Debug] peer(TbMY…6cW0) - UAPI: Updating preshared key
2025/03/19 15:22:51.535322 [Debug] peer(TbMY…6cW0) - UAPI: Updating endpoint
2025/03/19 15:22:51.535429 [Debug] peer(TbMY…6cW0) - UAPI: Adding allowedip
2025/03/19 15:22:51.535544 [Debug] peer(wZs5…arXY) - UAPI: Created
2025/03/19 15:22:51.535633 [Debug] peer(wZs5…arXY) - UAPI: Updating preshared key
2025/03/19 15:22:51.535811 [Debug] peer(wZs5…arXY) - UAPI: Updating endpoint
2025/03/19 15:22:51.535889 [Debug] peer(wZs5…arXY) - UAPI: Adding allowedip
2025/03/19 15:22:51.536158 [Debug] peer(wZs5…arXY) - UAPI: Adding allowedip
2025/03/19 15:22:51.536293 [Debug] peer(zHpT…jpwY) - UAPI: Created
2025/03/19 15:22:51.536389 [Debug] peer(zHpT…jpwY) - UAPI: Updating preshared key
2025/03/19 15:22:51.536424 [Debug] peer(zHpT…jpwY) - UAPI: Updating endpoint
2025/03/19 15:22:51.536695 [Debug] peer(zHpT…jpwY) - UAPI: Adding allowedip
2025/03/19 15:22:51.536815 [Debug] peer(zHpT…jpwY) - UAPI: Adding allowedip
2025/03/19 15:22:51.536845 [Debug] peer(zHpT…jpwY) - UAPI: Adding allowedip
2025/03/19 15:22:51.536860 [Debug] peer(zHpT…jpwY) - UAPI: Adding allowedip
2025/03/19 15:22:51.536876 [Debug] [266406767] transport/internet: dialing to udp:211.88.88.88:19999
2025/03/19 15:22:51.536886 [Debug] peer(wZs5…arXY) - Routine: sequential receiver - started
2025/03/19 15:22:51.536896 [Debug] peer(zHpT…jpwY) - Routine: sequential sender - started
2025/03/19 15:22:51.536906 [Debug] peer(zHpT…jpwY) - Routine: sequential receiver - started
2025/03/19 15:22:51.536916 [Debug] peer(TbMY…6cW0) - Routine: sequential sender - started
2025/03/19 15:22:51.536926 [Debug] Routine: receive incoming Open - started
2025/03/19 15:22:51.628536 [Debug] peer(wZs5…arXY) - Received handshake response
2025/03/19 15:22:59.917823 [Info] [266406767] app/proxyman/inbound: connection ends > proxy/socks: connection ends > context canceled
2025/03/19 15:23:07.186808 [Info] [4237830188] proxy/socks: TCP Connect request to tcp:10.10.88.99:80
2025/03/19 15:23:07.186962 [Info] [4237830188] app/dispatcher: taking detour [rich] for [tcp:10.10.88.99:80]
2025/03/19 15:23:07.187047 [Debug] peer(TbMY…6cW0) - Sending handshake initiation
2025/03/19 15:23:07.187816 from tcp:127.0.0.1:51790 accepted tcp:10.10.88.99:80 [rich]
2025/03/19 15:23:07.187985 [Debug] [266406767] transport/internet: dialing to udp:36.103.235.152:58449
2025/03/19 15:23:09.998550 [Debug] peer(wZs5…arXY) - Receiving keepalive packet
2025/03/19 15:23:09.999166 [Debug] peer(TbMY…6cW0) - Received handshake response
2025/03/19 15:23:10.716723 [Info] [4237830188] app/proxyman/inbound: connection ends > proxy/socks: connection ends > context canceled
2025/03/19 15:23:25.272980 [Debug] peer(TbMY…6cW0) - Retrying handshake because we stopped hearing back after 15 seconds
2025/03/19 15:23:25.273012 [Debug] peer(TbMY…6cW0) - Sending handshake initiation
2025/03/19 15:23:30.522411 [Debug] peer(TbMY…6cW0) - Handshake did not complete after 5 seconds, retrying (try 2)
2025/03/19 15:23:30.522533 [Debug] peer(TbMY…6cW0) - Sending handshake initiation
2025/03/19 15:23:35.793148 [Debug] peer(TbMY…6cW0) - Handshake did not complete after 5 seconds, retrying (try 3)
2025/03/19 15:23:35.793231 [Debug] peer(TbMY…6cW0) - Sending handshake initiation
2025/03/19 15:23:40.830489 [Debug] peer(TbMY…6cW0) - Handshake did not complete after 5 seconds, retrying (try 4)
2025/03/19 15:23:40.830739 [Debug] peer(TbMY…6cW0) - Sending handshake initiation
2025/03/19 15:23:46.032716 [Debug] peer(TbMY…6cW0) - Handshake did not complete after 5 seconds, retrying (try 5)
2025/03/19 15:23:46.032861 [Debug] peer(TbMY…6cW0) - Sending handshake initiation
2025/03/19 15:23:51.312844 [Debug] peer(TbMY…6cW0) - Handshake did not complete after 5 seconds, retrying (try 6)
2025/03/19 15:23:51.312992 [Debug] peer(TbMY…6cW0) - Sending handshake initiation
It connected, and then if I try peer 1 with the curl above, the curl failed, and the peer 2 also can connect any more.
can -> can't ?
Hi @RPRX @Fangliding Thanks for reply.
can -> can't ?
Yes it's a typo, can not. Once a peer failed all peers failed.
Hi @RPRX @Fangliding ,
FYI, there is a xray alternative (s**g-b*x), ~~which has it's own wireguard impl~~, it handles my case well.
Server Config (s*-b*):
{
"log": {
"disabled": false,
"level": "warn",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "tencent",
"address": "119.28.28.28",
"detour": "direct"
},
{
"tag": "tencent_dot",
"address": "tls://dot.pub",
"address_resolver": "tencent",
"strategy": "prefer_ipv4",
"detour": "direct"
},
{
"tag": "rich",
"address": "10.10.88.88",
"detour": "rich"
},
{
"tag": "refused",
"address": "rcode://refused"
},
{
"tag": "fakeip",
"address": "fakeip"
}
],
"rules": [
{
"domain_suffix": [
"subrich.net",
"rich888.net",
"sub888.net"
],
"server": "rich"
},
{
"outbound": "any",
"server": "tencent"
},
{
"query_type": [
"A",
"AAAA",
"CNAME"
],
"invert": true,
"server": "refused",
"disable_cache": true
}
],
"final": "tencent_dot",
"independent_cache": true,
"fakeip": {
"enabled": true,
"inet4_range": "198.18.0.0/15",
"inet6_range": "fc00::/18"
}
},
"inbounds": [
{
"type": "socks",
"tag": "socks",
"listen_port": 10808,
"tcp_fast_open": true,
"sniff": true,
"domain_strategy": "prefer_ipv4"
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
}
],
"endpoints": [
{
"type": "wireguard",
"tag": "rich",
"address": [
"192.168.88.88/32",
"fd42:42:42::42/128"
],
"private_key": "Rich8888rIch8888riCh8888ricH8888RIch8888rIC=",
"peers": [
{
"address": "36.88.88.88",
"port": 18888,
"public_key": "Rich6666rIch6666riCh6666ricH6666RIch6666rIC=",
"pre_shared_key": "Rich9999rIch9999riCh9999ricH9999RIch9999rIC=",
"allowed_ips": [
"10.10.0.0/16"
]
},
{
"address": "211.88.88.88",
"port": 19999,
"public_key": "Rich6688rIch6688riCh6688ricH6688RIch6688rIC=",
"pre_shared_key": "Rich9988rIch9988riCh9988ricH9988RIch9988rIC=",
"allowed_ips": [
"100.64.8.0/22",
"100.64.16.0/22"
]
},
{
"address": "211.88.88.99",
"port": 8899,
"public_key": "Rich9898rIch9898riCh9898ricH9898RIch9898rIC=",
"pre_shared_key": "Rich8989rIch8989riCh8989ricH8989RIch8989rIC=",
"allowed_ips": [
"100.64.24.0/22",
"100.64.28.0/22",
"10.13.100.0/24",
"10.13.10.0/24"
]
}
]
}
],
"route": {
"rules": [
{
"ip_cidr": [
"36.88.88.88/32",
"211.88.88.88/32",
"211.88.88.99/32"
],
"outbound": "direct"
},
{
"ip_cidr": [
"10.10.0.0/16",
"10.13.0.0/16",
"100.64.0.0/16"
],
"outbound": "rich"
},
{
"ip_version": 6,
"outbound": "direct"
},
{
"action": "sniff"
},
{
"protocol": "dns",
"action": "hijack-dns"
},
{
"domain_suffix": [
"subrich.net",
"rich888.net",
"sub888.net"
],
"outbound": "rich"
},
{
"ip_is_private": true,
"outbound": "direct"
}
],
"final": "direct",
"auto_detect_interface": true
},
"experimental": {
"cache_file": {
"enabled": true,
"path": "cache.db",
"store_fakeip": true,
"store_rdrc": true
}
}
}
Works fine, command line output:
# ^Croot@VM-8-2-ubuntu:~# kubectl logs -f --tail 100 s**g-b*x-578cfb7654-zkvjr -n proxy
#
#
#
#
# ^Croot@VM-8-2-ubuntu:~curl --socks5 127.0.0.1:10808 -H"Host: gitlab.subrich.net" -v http://10.10.88.88
# * Trying 127.0.0.1:10808...
# * Connected to 127.0.0.1 (127.0.0.1) port 10808
# * SOCKS5 connect to 10.10.88.88:80 (locally resolved)
# * SOCKS5 request granted.
# * Connected to 127.0.0.1 (127.0.0.1) port 10808
# > GET / HTTP/1.1
# > Host: gitlab.subrich.net
# > User-Agent: curl/8.5.0
# > Accept: */*
# >
# < HTTP/1.1 301 Moved Permanently
# < Server: nginx/1.25.3
# < Date: Fri, 21 Mar 2025 02:42:35 GMT
# < Content-Type: text/html
# < Content-Length: 169
# < Connection: keep-alive
# < Location: https://gitlab.subrich.net/
# <
# <html>
# <head><title>301 Moved Permanently</title></head>
# <body>
# <center><h1>301 Moved Permanently</h1></center>
# <hr><center>nginx/1.25.3</center>
# </body>
# </html>
# * Connection #0 to host 127.0.0.1 left intact
# root@VM-8-2-ubuntu:~# ssh -o ProxyCommand='nc -x 127.0.0.1:10808 %h %p' [email protected]
# The authenticity of host '100.64.8.8 (<no hostip for proxy command>)' can't be established.
# ED25519 key fingerprint is SHA256:Rich8888rIch8888riCh8888ricH8888/kCoh+MljVo.
# This key is not known by any other names.
# Are you sure you want to continue connecting (yes/no/[fingerprint])? ^C
# root@VM-8-2-ubuntu:~# ssh -o ProxyCommand='nc -x 127.0.0.1:10808 %h %p' [email protected]
# The authenticity of host '100.64.8.8 (<no hostip for proxy command>)' can't be established.
# ED25519 key fingerprint is SHA256:Rich8888rIch8888riCh8888ricH8888/kCoh+MljVo.
# This key is not known by any other names.
# Are you sure you want to continue connecting (yes/no/[fingerprint])? ^C
# root@VM-8-2-ubuntu:~# curl --socks5 127.0.0.1:10808 -H"Host: gitlab.subrich.net" -v http://10.10.88.88
# * Trying 127.0.0.1:10808...
# * Connected to 127.0.0.1 (127.0.0.1) port 10808
# * SOCKS5 connect to 10.10.88.88:80 (locally resolved)
# * SOCKS5 request granted.
# * Connected to 127.0.0.1 (127.0.0.1) port 10808
# > GET / HTTP/1.1
# > Host: gitlab.subrich.net
# > User-Agent: curl/8.5.0
# > Accept: */*
# >
# < HTTP/1.1 301 Moved Permanently
# < Server: nginx/1.25.3
# < Date: Fri, 21 Mar 2025 02:42:54 GMT
# < Content-Type: text/html
# < Content-Length: 169
# < Connection: keep-alive
# < Location: https://gitlab.subrich.net/
# <
# <html>
# <head><title>301 Moved Permanently</title></head>
# <body>
# <center><h1>301 Moved Permanently</h1></center>
# <hr><center>nginx/1.25.3</center>
# </body>
# </html>
# * Connection #0 to host 127.0.0.1 left intact
// file: /proxy/wireguard/server.go:
type Server struct {
...
info routingInfo // 这里有大问题
...
}
所有的接入连接都使用这个变量保存上下文, 如果同时有多个连接, 后面的连接上下文会覆盖前面的, 上帝知道这会发生什么, 所以一个用户问题不大, 多个用户一定会崩溃. 这也是为什么上一个开发者没有实现用户管理接口, 因为按找现在的架构没法传递上下文, 现阶段 wireguard 没法用.
我看到 Xray 是把整个配置打包传给 WireGuard 库的,所以我好奇这东西是能靠修改 Xray 自身的代码解决的吗
但是我看 sb 用的那个库似乎也没有相关修改,可能还真是要改 Xray 的代码 @Fangliding