v2ray-core icon indicating copy to clipboard operation
v2ray-core copied to clipboard

Published 20 hours ago verified publisher icon v2fly

内网其他设备请求时,子域名匹配路由规则未在泛域名上生效,只在子域名上起作用

Open ah-its-andy opened this issue 2 years ago • 2 comments

你正在使用哪个版本的 V2Ray?

V2Ray 4.44.0 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.17.3 linux/arm64) A unified platform for anti-censorship.

你的使用场景是什么?

内网服务器上的透明代理,转发内网其他设备请求到另一台服务器

你看到的异常现象是什么?

内网其他设备经v2ray网关发起http请求时,domain规则中的泛域名没有分流到正确的 outBound 上 v2ray网关本机发起http请求时,没有问题

你期待看到的正常表现是怎样的?

内网其他设备经v2ray网关发起http请求时,domain规则中的泛域名可以分流到正确的 outBound 上

请附上你的配置

服务端配置:

{
   "log": {
      "access": "/var/log/v2rayaccess.log",
      "error": "/var/log/v2rayerror.log",
      "logLevel": "warning"
   },
   "inbounds": [
      {
         "port": 1080,
         "protocol": "socks",
         "settings": {
            "auth": "noauth",
            "udp": true
          }
      },
      {
         "port": 1081,
         "protocol": "http",
         "settings": {
             "auth": "noauth"
         }
      },
      {
         "port": 12315,
         "protocol": "dokodemo-door",
         "settings": {
            "network": "tcp,udp",
            "followRedirect": true 
          },
          "sniffing": {
             "enabled": true,
             "destOverride": ["http", "tls"]
          }
       }
    ],
    "outbounds": [
        {
            "mux": {
                "concurrency": 2,
                "enabled": true
            },
            "protocol": "vless",
            "sendThrough": "0.0.0.0",
            "settings": {
                "vnext": [
                    {
                        "address": "remote sever addr",
                        "port": 443,
                        "users": [
                            {
                                "encryption": "none",
                                "id": "***********"
                            }
                        ]
                    }
                ]
            },
            "streamSettings": {
                "dsSettings": {
                    "path": "/"
                },
                "httpSettings": {
                    "host": [
                    ],
                    "path": "/"
                },
                "kcpSettings": {
                    "congestion": false,
                    "downlinkCapacity": 20,
                    "header": {
                        "type": "none"
                    },
                    "mtu": 1350,
                    "readBufferSize": 1,
                    "seed": "",
                    "tti": 20,
                    "uplinkCapacity": 5,
                    "writeBufferSize": 1
                },
                "network": "tcp",
                "quicSettings": {
                    "header": {
                        "type": "none"
                    },
                    "key": "",
                    "security": ""
                },
                "security": "tls",
                "sockopt": {
                    "mark": 255,
                    "tcpFastOpen": false,
                    "tproxy": "off"
                },
                "tcpSettings": {
                    "header": {
                        "request": {
                            "headers": {
                            },
                            "method": "GET",
                            "path": [
                            ],
                            "version": "1.1"
                        },
                        "response": {
                            "headers": {
                            },
                            "reason": "OK",
                            "status": "200",
                            "version": "1.1"
                        },
                        "type": "none"
                    }
                },
                "tlsSettings": {
                    "allowInsecure": false,
                    "allowInsecureCiphers": false,
                    "alpn": [
                    ],
                    "certificates": [
                    ],
                    "disableSessionResumption": true,
                    "disableSystemRoot": false,
                    "serverName": ""
                },
                "wsSettings": {
                    "headers": {
                    },
                    "path": "/"
                }
            },
            "tag": "proxy"
        },
        {
           "tag": "direct",
           "protocol": "freedom",
           "settings": {}
        }
    ],
    "routing":{
       "domainStrategy": "IPOnDemand",
       "rules": [
          {
              "type": "field",
              "outboundTag": "proxy",
              "domain": [
                 "domain:github.com",
                 "domain:google.com",
                 "domain:dns.google",
                 "domain:githubusercontent.com",
                 "domain:docker.io",
                 "domain:docker.com"
              ]
          },
          {
              "type": "field",
              "outboundTag": "direct",
              "domain": ["regexp:.*"]
          }
       ]
    }
}

客户端配置:

// 在这里附上客户端配置

请附上出错时软件输出的错误日志

服务器端错误日志:

// 在这里附上服务器端日志

客户端错误日志:

// 在这里附上客户端日志

请附上访问日志

// v2ray 网关发起请求时,泛域名可以正确路由到 proxy 上
2022/03/25 16:05:26 127.0.0.1:35506 accepted //github.com:443 [proxy]
2022/03/25 16:05:27 127.0.0.1:35508 accepted //objects.githubusercontent.com:443 [proxy]
2022/03/25 16:08:20 127.0.0.1:35510 accepted //github.com:443 [proxy]
2022/03/25 16:08:21 127.0.0.1:35512 accepted //objects.githubusercontent.com:443 [proxy]
2022/03/25 16:10:29 127.0.0.1:35514 accepted //github.com:443 [proxy]
2022/03/25 16:10:30 127.0.0.1:35516 accepted //objects.githubusercontent.com:443 [proxy]
2022/03/25 16:35:20 127.0.0.1:35518 accepted //www.google.com:443 [proxy]
// 内网其他设备发起请求时,泛域名被路由到了 direct 上
2022/03/25 16:58:33 192.168.31.91:46162 accepted //github.com:443 [direct]
2022/03/25 17:00:02 192.168.31.91:46554 accepted //registry-1.docker.io:443 [direct]
2022/03/25 17:00:03 192.168.31.91:46568 accepted //auth.docker.io:443 [direct]
2022/03/25 17:00:04 192.168.31.91:46570 accepted //registry-1.docker.io:443 [direct]
2022/03/25 17:00:35 192.168.31.91:46740 accepted //github.com:443 [direct]
2022/03/25 17:01:14 192.168.31.91:47184 accepted //gitee.com:443 [direct]
2022/03/25 17:01:52 192.168.31.91:47646 accepted //github.com:443 [direct]
2022/03/25 17:06:11 192.168.31.91:49352 accepted //github.com:443 [direct]
2022/03/25 17:06:11 192.168.31.91:49350 accepted //github.com:443 [direct]

其它相关的配置文件(如 Nginx)和相关日志

如果 V2Ray 无法启动,请附上 --test 命令的输出

如果 V2Ray 服务运行异常,请附上 journal 日志

ah-its-andy avatar Mar 25 '22 09:03 ah-its-andy

当我在路由中加入以下规则(full规则),内网其他设备才可以被正确的路由到 proxy 上面:

"routing":{
     "domainStrategy": "IPOnDemand",
     "rules": [
        {
            "type": "field",
            "outboundTag": "proxy",
            "domain": [
               "domain:github.com",
               "domain:google.com",
               "domain:dns.google",
               "domain:githubusercontent.com",
               "domain:docker.io",
               "domain:docker.com",
               "full:github.com",
               "full:google.com",
               "full:dns.google",
               "full:githubusercontent.com",
               "full:docker.io",
               "full:docker.com"
            ]
        },
        {
            "type": "field",
            "outboundTag": "direct",
            "domain": ["regexp:.*"]
        }
     ]
  }

ah-its-andy avatar Mar 25 '22 09:03 ah-its-andy

我遇到了一个和你类似的问题,我是内网设备请求国内站的时候时不时会dns解析出问题,尝试了改了一下规则顺序和指定freedom出口的dns,都没效果。

raphael008 avatar Jul 13 '22 11:07 raphael008

This issue is stale because it has been open 120 days with no activity. Remove stale label or comment or this will be closed in 5 days

github-actions[bot] avatar Nov 11 '22 02:11 github-actions[bot]