Xray-core
Xray-core copied to clipboard
Published
20 hours ago •
XTLS
XTLS
P2P game working with TLS, but not with XTLS
I have this error message when setting the VLESS server to XTLS and trying to connect to a P2P game that uses TCP and UDP
2021/12/29 20:00:15.149 [I] [io.go:425] [Info] [973817280] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: connection ends > proxy/vless/outbound: failed to transfer response payload > remote error: tls: bad record MAC
It makes it just not even able to log in
My config is as follows:
{
"log": {
"access": "",
"error": "",
"loglevel": "info"
},
"inbounds": [
{
"port": 1080,
"protocol": "socks",
"listen": "127.0.0.1",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
],
"metadataOnly": false
},
"settings": {
"auth": "noauth",
"udp": true
},
"streamSettings": null,
"tag": "socks_ipv4"
},
{
"port": 1081,
"protocol": "http",
"listen": "127.0.0.1",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
],
"metadataOnly": false
},
"streamSettings": null,
"tag": "http_ipv4"
},
{
"port": 1082,
"protocol": "http",
"listen": "127.0.0.1",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
],
"metadataOnly": false
},
"streamSettings": null,
"tag": "rule_ipv4"
},
{
"port": 32345,
"protocol": "dokodemo-door",
"listen": "127.0.0.1",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
],
"metadataOnly": false
},
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
},
"tag": "transparent_ipv4"
},
{
"port": 35137,
"protocol": "dokodemo-door",
"listen": "127.0.0.1",
"sniffing": {
"enabled": false,
"metadataOnly": false
},
"settings": {
"address": "127.0.0.1"
},
"streamSettings": null,
"tag": "api-in_ipv4"
},
{
"port": 1080,
"protocol": "socks",
"listen": "::1",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
],
"metadataOnly": false
},
"settings": {
"auth": "noauth",
"udp": true
},
"streamSettings": null,
"tag": "socks_ipv6"
},
{
"port": 1081,
"protocol": "http",
"listen": "::1",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
],
"metadataOnly": false
},
"streamSettings": null,
"tag": "http_ipv6"
},
{
"port": 1082,
"protocol": "http",
"listen": "::1",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
],
"metadataOnly": false
},
"streamSettings": null,
"tag": "rule_ipv6"
},
{
"port": 32345,
"protocol": "dokodemo-door",
"listen": "::1",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
],
"metadataOnly": false
},
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
},
"tag": "transparent_ipv6"
},
{
"port": 35137,
"protocol": "dokodemo-door",
"listen": "::1",
"sniffing": {
"enabled": false,
"metadataOnly": false
},
"settings": {
"address": "127.0.0.1"
},
"streamSettings": null,
"tag": "api-in_ipv6"
}
],
"outbounds": [
{
"tag": "proxy",
"protocol": "vless",
"settings": {
"vnext": [
{
"address": "blah",
"port": 443,
"users": [
{
"id": "blah",
"encryption": "none",
"flow": "xtls-rprx-direct"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"allowInsecure": false,
"serverName": "blah"
},
"sockopt": {
"mark": 128,
"tcpFastOpen": true
}
}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIP"
},
"streamSettings": {
"sockopt": {
"mark": 128,
"tcpFastOpen": true
}
}
},
{
"tag": "block",
"protocol": "blackhole",
"settings": {}
},
{
"tag": "dns-out",
"protocol": "dns",
"settings": {},
"streamSettings": {
"sockopt": {
"mark": 128,
"tcpFastOpen": true
}
}
}
],
"routing": {
"domainStrategy": "IPOnDemand",
"domainMatcher": "mph",
"rules": [
{
"type": "field",
"outboundTag": "direct",
"domain": [
"blah"
],
"port": "443"
},
{
"type": "field",
"outboundTag": "direct",
"inboundTag": [
"dns"
],
"ip": [
"208.67.220.220"
],
"port": "5353"
},
{
"type": "field",
"outboundTag": "direct",
"inboundTag": [
"dns"
],
"ip": [
"119.29.29.29"
],
"port": "53"
},
{
"type": "field",
"outboundTag": "direct",
"inboundTag": [
"dns"
]
},
{
"type": "field",
"outboundTag": "direct",
"inboundTag": [
"transparent_ipv4",
"transparent_ipv6"
],
"ip": [
"geoip:private",
"127.0.0.1/8",
"192.168.2.246/24",
"172.17.0.1/16",
"172.20.0.1/16",
"::1/128",
"fe80::e957:67f3:2de7:9fa6/64"
],
"port": "53"
},
{
"type": "field",
"outboundTag": "proxy",
"inboundTag": [
"rule_ipv4",
"rule_ipv6"
],
"domain": [
"ext:LoyalsoldierSite.dat:geolocation-!cn"
]
},
{
"type": "field",
"outboundTag": "direct",
"inboundTag": [
"rule_ipv4"
],
"domain": [
"geosite:cn"
]
},
{
"type": "field",
"outboundTag": "proxy",
"inboundTag": [
"rule_ipv4"
],
"ip": [
"geoip:hk",
"geoip:mo"
]
},
{
"type": "field",
"outboundTag": "direct",
"inboundTag": [
"rule_ipv4"
],
"ip": [
"geoip:private",
"geoip:cn",
"127.0.0.1/8",
"192.168.2.246/24",
"172.17.0.1/16",
"172.20.0.1/16",
"::1/128",
"fe80::e957:67f3:2de7:9fa6/64"
]
},
{
"type": "field",
"outboundTag": "proxy",
"inboundTag": [
"transparent_ipv4",
"transparent_ipv6"
],
"domain": [
"ext:LoyalsoldierSite.dat:geolocation-!cn"
]
},
{
"type": "field",
"outboundTag": "direct",
"inboundTag": [
"transparent_ipv4"
],
"domain": [
"geosite:cn"
]
},
{
"type": "field",
"outboundTag": "proxy",
"inboundTag": [
"transparent_ipv4"
],
"ip": [
"geoip:hk",
"geoip:mo"
]
},
{
"type": "field",
"outboundTag": "direct",
"inboundTag": [
"transparent_ipv4"
],
"ip": [
"geoip:private",
"geoip:cn",
"127.0.0.1/8",
"192.168.2.246/24",
"172.17.0.1/16",
"172.20.0.1/16",
"::1/128",
"fe80::e957:67f3:2de7:9fa6/64"
]
},
{
"type": "field",
"outboundTag": "api-out",
"inboundTag": [
"api-in_ipv4",
"api-in_ipv6"
]
}
]
},
"dns": {
"servers": [
"localhost",
{
"address": "208.67.220.220",
"port": 5353,
"domains": [
"blah"
]
},
{
"address": "119.29.29.29",
"port": 53,
"domains": [
"blah"
]
}
],
"tag": "dns"
},
"api": {
"tag": "api-out",
"services": [
"LoggerService"
]
}
}
I'm using Xray 1.5.0
Note if I use splice instead of direct it seems to work, but what does that setting even do?
Edit: Never mind, it didn't work. XTLS just not working
Spoke too soon, still broken when using XTLS and works perfectly with normal TLS everything else being the same
Reinstalled my system, got the same issue again, with a similar configuration
2022/08/29 20:12:19 [Info] [266897868] proxy/dokodemo: received request for 192.168.2.246:53927
2022/08/29 20:12:19 [Info] [266897868] app/dispatcher: sniffed domain: us.actual.battle.net
2022/08/29 20:12:19 [Info] [266897868] app/dispatcher: taking detour [proxy] for [tcp:us.actual.battle.net:1119]
2022/08/29 20:12:19 [Info] [266897868] transport/internet/tcp: dialing TCP to tcp:server.lol:443
2022/08/29 20:12:19 [Info] [266897868] proxy/vless/outbound: tunneling request to tcp:us.actual.battle.net:1119 via server.lol:443
2022/08/29 20:12:20 [Info] [266897868] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: connection ends > proxy/vless/outbound: failed to transfer response payload > remote error: tls: bad record MAC
2022/08/29 20:12:20 [Info] [266897868] app/proxyman/inbound: connection ends > proxy/dokodemo: connection ends > proxy/dokodemo: failed to transport response > io: read/write on closed pipe
how it should look like with TLS set instead of XTLS (and the game works)
2022/08/29 20:17:05 [Info] [513721008] proxy/dokodemo: received request for 192.168.2.246:39485
2022/08/29 20:17:05 [Info] [513721008] app/dispatcher: sniffed domain: us.actual.battle.net
2022/08/29 20:17:05 [Info] [513721008] app/dispatcher: taking detour [proxy] for [tcp:us.actual.battle.net:1119]
2022/08/29 20:17:05 [Info] [513721008] transport/internet/tcp: dialing TCP to tcp:server.lol:443
2022/08/29 20:17:05 [Info] [513721008] proxy/vless/outbound: tunneling request to tcp:us.actual.battle.net:1119 via server.lol:443
So the issue is how XTLS works with v2rayA and tproxy setup. I want both, since I want to proxy into my Wine game which v2rayA sets up for me (I can see I lose connection when I stop xray). But I get this issue when I use XTLS + v2raya with the above setup, so I have to downgrade the client to TLS
v2rayA uses iptables to redirect all traffic
TPROXY tcp -- anywhere anywhere mark match 0x40/0xc0 TPROXY redirect 127.0.0.1:32345 mark 0x0/0x0
TPROXY udp -- anywhere anywhere mark match 0x40/0xc0 TPROXY redirect 127.0.0.1:32345 mark 0x0/0x0
does this work with XTLS p2p UDP full cone?
