v2ray-core
v2ray-core copied to clipboard
v2fly
Keep source IP using TPROXY
v2ray is quite useful for filtering content. I'd like to forward traffic from multiple devices through it with TPROXY. But I'd like to keep the original source IP on the packets outgoing from v2ray.
TPROXY seems to be where this could be possible as it keeps the original destination address and doesn’t rely on NAT.
Is this currently possible with v2ray?
I run it with this and I can see on the outgoing packets that the source IP is of the router I run the v2ray on.
{
"log": {
"loglevel": "info"
},
"inbounds": [
{
"port": 12345,
"listen": "127.0.0.1",
"protocol": "dokodemo-door",
"settings": {
"network": "tcp",
"followRedirect": true
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
No it's not possible for the current version. v2ray is designed to proxy and hide your real ip, instead of proxy and show your real ip. So it's unlikely that the feature you want will be developed in the future.
Understood, thanks. v2ray has got the essential features of proxying implemented (filtering, etc.), it provides use of a wide variety of protocols and the configuration via json is very simple. It is easily preferable over Squid, Dante or redsocks, in my eyes.
Implementing this feature would greatly expand the various use cases of proxying on v2ray.
On second thought: It might not be that hard to implement such feature. If you take a look at the vless configuration, you can see a FallbackObject: https://www.v2fly.org/config/protocols/vless.html#fallbackobject in the FallbackObject there'a xver: number, and setting it to be 1 or 2 will have the fallback to send PROXY protocol. However such setting is for fallback only, and fallback is for when v2ray cannot recognize incoming traffic. But if someone is interested in making it available for all outgoing traffic, they can look at the code of fallback and make developing a lot easier. That being said, I don't think such feature will ever be picked up by the official project/master branch.
I'm not sure if this is related to the TPROXY feature I was talking about. It would have to be implemented on dokodemo-door protocol as it deals with TPROXY (or on sockoptobject with a new string under tproxy option, https://www.v2fly.org/config/transport.html#sockoptobject). And, in case of using the freedom outbound protocol, the v2ray process would bind to the foreign IP (this is possible by enabling the SOL_IP, IP_TRANSPARENT socket option) which is the source IP of the proxied client. If it's another outbound protocol which forwards the traffic to another v2ray process, the source IP information would be carried over and the second v2ray process would bind to the client IP.
@arinc9 Check out my fork - https://github.com/grapexy/v2ray-tproxy. It's a very simple patch that should do what you want. I'm running a transparent proxy with tproxy through a VPN tunnel where NAT is unnecessary on all levels, so it's a very similar use case.
Unfortunately, I don't have enough time and knowledge of go & v2ray internals to make a PR out of this, so hopefully someone could pick this up and this feature could make it into official v2ray.
This issue is stale because it has been open 120 days with no activity. Remove stale label or comment or this will be closed in 5 days
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue is stale because it has been open 120 days with no activity. Remove stale label or comment or this will be closed in 5 days
@arinc9 Check out my fork - https://github.com/grapexy/v2ray-tproxy.
Is someone planning to open a pull request to merge this feature addition upstream?
This issue is stale because it has been open 120 days with no activity. Remove stale label or comment or this will be closed in 5 days