hysteria
hysteria copied to clipboard
apernet
hysteria2.0:openclash/passwall 都会导致hysteria2.0的socks/http proxy出问题
1. 拓扑
openclash / passwall 和 hysteria2.0 client在同一个Openwrt上运行 , openclash/passwall 通过 socks/http本地代理连接hysteria
2.服务端/客户端配置
server.yaml
# listen: :443
acme:
domains:
- xxx.com
email: [email protected]
auth:
type: password
password: xxxxx
masquerade:
type: proxy
proxy:
url: https://www.bing.com/
rewriteHost: true
client.yaml
server: xxx.com:443
auth: xxxxx
bandwidth:
up: 20 mbps
down: 100 mbps
socks5:
listen: 0.0.0.0:10808
http:
listen: 0.0.0.0:10809
3.openclash/passwall 配置
我在这两个客户端都设置了: 1.不禁用quic (我不确定这个需不需要) 2.xxx.com走直连
4.实际结果
完全无法连接上任何国外网站 通过-l debug的log来看 只能看到request的log,看不到close connection的log.
2023-09-07T20:47:03+08:00 INFO HTTP proxy server listening {"addr": "0.0.0.0:11081"}
2023-09-07T20:47:03+08:00 DEBUG checking for updates {"version": "v2.0.0", "platform": "linux", "arch": "amd64", "channel": "release"}
2023-09-07T20:47:03+08:00 INFO SOCKS5 server listening {"addr": "0.0.0.0:21080"}
2023-09-07T20:47:04+08:00 DEBUG no update available
2023-09-07T20:47:38+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:44378", "reqAddr": "150.230.112.59:53162"}
2023-09-07T20:47:38+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:44390", "reqAddr": "65.108.73.207:51719"}
2023-09-07T20:47:38+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:44394", "reqAddr": "192.18.148.172:51836"}
2023-09-07T20:47:39+08:00 DEBUG SOCKS5 TCP closed {"addr": "192.168.200.2:44378", "reqAddr": "150.230.112.59:53162"}
2023-09-07T20:47:39+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:57090", "reqAddr": "142.251.222.14:443"}
2023-09-07T20:47:39+08:00 DEBUG SOCKS5 TCP closed {"addr": "192.168.200.2:44390", "reqAddr": "65.108.73.207:51719"}
2023-09-07T20:47:40+08:00 DEBUG SOCKS5 TCP closed {"addr": "192.168.200.2:44394", "reqAddr": "192.18.148.172:51836"}
2023-09-07T20:47:40+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:57100", "reqAddr": "50.93.13.229:45887"}
2023-09-07T20:47:40+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:57108", "reqAddr": "51.15.177.190:51413"}
2023-09-07T20:47:41+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:57120", "reqAddr": "34.89.30.59:1337"}
2023-09-07T20:47:41+08:00 ERROR SOCKS5 TCP error {"addr": "192.168.200.2:57120", "reqAddr": "34.89.30.59:1337", "error": "dial error: dial tcp4 34.89.30.59:1337: connect: connection refused"}
2023-09-07T20:47:41+08:00 DEBUG SOCKS5 TCP closed {"addr": "192.168.200.2:57100", "reqAddr": "50.93.13.229:45887"}
2023-09-07T20:47:42+08:00 DEBUG SOCKS5 TCP closed {"addr": "192.168.200.2:57108", "reqAddr": "51.15.177.190:51413"}
2023-09-07T20:47:43+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:57134", "reqAddr": "99.36.164.235:29303"}
2023-09-07T20:47:44+08:00 DEBUG SOCKS5 TCP closed {"addr": "192.168.200.2:57134", "reqAddr": "99.36.164.235:29303"}
2023-09-07T20:47:45+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:57136", "reqAddr": "193.189.100.188:80"}
2023-09-07T20:47:47+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:57138", "reqAddr": "193.189.100.187:80"}
2023-09-07T20:47:47+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:57148", "reqAddr": "216.250.247.140:1096"}
2023-09-07T20:47:47+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:57150", "reqAddr": "223.16.99.207:56096"}
2023-09-07T20:47:49+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36724", "reqAddr": "193.189.100.188:80"}
2023-09-07T20:47:49+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36726", "reqAddr": "203.208.50.33:443"}
2023-09-07T20:47:50+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36732", "reqAddr": "www.google.com:443"}
2023-09-07T20:47:50+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36746", "reqAddr": "76.233.78.158:36881"}
2023-09-07T20:47:51+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36754", "reqAddr": "142.251.222.14:443"}
2023-09-07T20:47:51+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36762", "reqAddr": "142.251.42.142:443"}
2023-09-07T20:47:53+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36776", "reqAddr": "142.251.42.142:443"}
2023-09-07T20:47:53+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36796", "reqAddr": "142.251.42.142:443"}
2023-09-07T20:47:53+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36782", "reqAddr": "142.251.42.142:443"}
2023-09-07T20:47:53+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36806", "reqAddr": "13.107.21.239:443"}
2023-09-07T20:47:53+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36822", "reqAddr": "13.107.21.239:443"}
2023-09-07T20:47:53+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36826", "reqAddr": "58.110.249.37:16881"}
2023-09-07T20:47:54+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36828", "reqAddr": "35.227.12.84:1337"}
2023-09-07T20:47:54+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36836", "reqAddr": "50.93.13.229:45887"}
2023-09-07T20:47:54+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36844", "reqAddr": "104.245.98.141:16881"}
2023-09-07T20:47:55+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36852", "reqAddr": "34.89.30.59:1337"}
2023-09-07T20:47:55+08:00 ERROR SOCKS5 TCP error {"addr": "192.168.200.2:57136", "reqAddr": "193.189.100.188:80", "error": "dial error: dial tcp4 193.189.100.188:80: i/o timeout"}
2023-09-07T20:47:55+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36860", "reqAddr": "124.8.39.244:59487"}
2023-09-07T20:47:56+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36862", "reqAddr": "20.190.148.165:443"}
2023-09-07T20:47:56+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36866", "reqAddr": "20.190.148.165:443"}
2023-09-07T20:47:57+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36876", "reqAddr": "incoming.telemetry.mozilla.org:443"}
2023-09-07T20:47:57+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36882", "reqAddr": "aus5.mozilla.org:443"}
2023-09-07T20:47:57+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36892", "reqAddr": "cloud.bluestacks.com:443"}
2023-09-07T20:47:57+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36908", "reqAddr": "220.134.192.204:24967"}
2023-09-07T20:47:57+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36918", "reqAddr": "23.95.247.210:59254"}
2023-09-07T20:47:58+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36928", "reqAddr": "54.226.96.64:443"}
2023-09-07T20:47:58+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:36936", "reqAddr": "54.226.96.64:443"}
2023-09-07T20:47:59+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:59288", "reqAddr": "195.201.199.204:49375"}
2023-09-07T20:47:59+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:59302", "reqAddr": "152.67.49.130:51579"}
2023-09-07T20:48:00+08:00 DEBUG SOCKS5 TCP request {"addr": "192.168.200.2:59304", "reqAddr": "193.189.100.186:80"}
5.额外测试
我关闭了openclash/passwall , 在pc上用clash for windows / v2rayn 测试了socks5的代理.是可以正常使用的 所以我怀疑是否有什么循环代理请求.但是我不确定,我检查了clash的log并没有看到爆发性的log(如果有循环请求的话,应该疯狂打log才对)
我之前用的hysteria1.x的版本,同样的拓扑,没有问题 但是我不是用域名(直接指定IP,但是hysteria2不允许这样?),也不是443端口.我不确定和这个是否有关
这个或许跟GSO有关,禁用GSO试试
要如何禁用呢?文档里面没写
export QUIC_DISABLE_GSO=true
一样不行
手误,应该是 export QUIC_GO_DISABLE_GSO=true
似乎和clash的分流规则有关系。我使用订阅转换软件subconverter来生成openclash的配置文件。使用的模版如下
http://****/sub?target=clash&new_name=true&url=*****&insert=false&config=https%3A%2F%2Fraw.githubusercontent.com%2FACL4SSR%2FACL4SSR%2Fmaster%2FClash%2Fconfig%2FACL4SSR_Online.ini
当我设置漏网之鱼走直连的时候。似乎hysteria2就能用了。我不确定hysteria2相比hysteria1究竟会额外请求一些什么网站的信息导致产生了环路。我查看了openclash的log也没有发现有什么值得注意的。
不过有一个是确定的:一旦hysteria2客户端,被使用上述配置的openclash使用了。那他的socks/http代理就不会再响应正常请求----即使我在openclash中不再使用hysteria2客户端的socks端口。改用pc来测试socks代理可用性,依旧不行。直到我手动重启hysteria2 client
ERROR SOCKS5 TCP error {"addr": "xxx.xxx.x.xxx:6582", "reqAddr": "xx.xx.xx.xx:443", "error": "dial error: dial tcp4 xx.xxx.xxx.xx:443: i/o timeout"} ERROR SOCKS5 TCP error {"addr": "xxx.xxx.x.xxx:6589", "reqAddr": "xxx.xxx.xxx.xx:443", "error": "dial error: dial tcp4 xxx.xxx.xxx.xx:443: connect: network is unreachable"}
我是遇到上边问题,修改内核参数net.netfilter.nf_conntrack_udp_timeout_stream=43200貌似有些改善,你可以试试
似乎和clash的分流规则有关系。我使用订阅转换软件subconverter来生成openclash的配置文件。使用的模版如下
http://****/sub?target=clash&new_name=true&url=*****&insert=false&config=https%3A%2F%2Fraw.githubusercontent.com%2FACL4SSR%2FACL4SSR%2Fmaster%2FClash%2Fconfig%2FACL4SSR_Online.ini当我设置
漏网之鱼走直连的时候。似乎hysteria2就能用了。我不确定hysteria2相比hysteria1究竟会额外请求一些什么网站的信息导致产生了环路。我查看了openclash的log也没有发现有什么值得注意的。不过有一个是确定的:一旦hysteria2客户端,被使用上述配置的openclash使用了。那他的socks/http代理就不会再响应正常请求----即使我在openclash中不再使用hysteria2客户端的socks端口。改用pc来测试socks代理可用性,依旧不行。直到我手动重启hysteria2 client
我也发现了这个问题,我使用的lhie1 规则,Others设置非Hysteria2节点,就不会出问题,一旦Others设置为Hysteria2节点,就会出现卡死,不再响应正常请求。
passwall 的路由器本机udp要选择不代理,不然hysteria2是udp的,是发不出来的,在里面兜圈子,我也是你这个方案,关闭了这个才能通。
