V2ray-core: 功能请求 或者 bug修复? 透明代理 tproxy 配置 能同时支持 redirect 和 tproxy 吗
1) 你正在使用哪个版本的 V2Ray?(如果服务器和客户端使用了不同版本,请注明)
V2Ray 3.47 (die Commanderin) 20181011
2) 你的使用场景是什么?比如使用 Chrome 通过 Socks/VMess 代理观看 YouTube 视频。
在openwrt 上运行 v2ray客户端 inbound 使用透明代理, 配置了 tproxy 选项
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
},
然后 在 PREROUTING 链 mangle 表中 使用 -j TPROXY 转发透明代理
# 匹配 gfwlist 中 PREROUTING 流量 转发到 透明代理 端口
iptables -t mangle -I PREROUTING -p tcp -m set --match-set $IPSER_GFW_IPV4 dst -j TPROXY --on-port $V2RAY_PORT --tproxy-mark 0x01/0x01
iptables -t mangle -I PREROUTING -p udp -m set --match-set $IPSER_GFW_IPV4 dst -j TPROXY --on-port $V2RAY_PORT --tproxy-mark 0x01/0x01
此时在网关lan侧 下挂pc设备上运行 curl -4 google.com
v2ray 收到透明代理流量 日志如下:
2018/10/12 16:31:59 [Debug] [4126210575] v2ray.com/core/proxy/dokodemo: processing connection from: 192.168.4.40:58993
2018/10/12 16:31:59 [Info] [4126210575] v2ray.com/core/app/dispatcher: sniffed domain: google.com
2018/10/12 16:31:59 [Info] [4126210575] v2ray.com/core/app/dispatcher: default route for tcp:google.com:80
2018/10/12 16:31:59 [Info] [4126210575] v2ray.com/core/app/proxyman/mux: dispatching request to tcp:google.com:80
识别到地址为 google.com:80 正常返回结果
3) 你看到的不正常的现象是什么?(请描述具体现象,比如访问超时,TLS 证书错误等)
因为 -j TPROXY 仅能用于 PREROUTING 链 mangle 表 代理网口进入数据
我想让路由器本身 用户空间 也能走透明代理 于是在 OUTPUT 链 中添加了 -j REDIRECT 规则
# 匹配 gfwlist 中 本机 OUTPUT 流量 转发到 透明代理 端口
iptables -t nat -I OUTPUT -p tcp -m set --match-set $IPSER_GFW_IPV4 dst -j REDIRECT --to-port $V2RAY_PORT
iptables -t nat -I OUTPUT -p udp -m set --match-set $IPSER_GFW_IPV4 dst -j REDIRECT --to-port $V2RAY_PORT
此时在路由器ssh执行 curl -4 google.com
v2ray 收到透明代理流量 日志如下:
2018/10/12 16:32:25 [Debug] [1063014310] v2ray.com/core/proxy/dokodemo: processing connection from: 100.64.5.16:47834
2018/10/12 16:32:25 [Info] [1063014310] v2ray.com/core/app/dispatcher: sniffed domain: google.com
2018/10/12 16:32:25 [Info] [1063014310] v2ray.com/core/app/dispatcher: default route for tcp:google.com:7070
2018/10/12 16:32:25 [Info] [1063014310] v2ray.com/core/app/proxyman/mux: dispatching request to tcp:google.com:7070
识别到地址为 google.com:7070 端口错误识别为 7070 为透明代理端口
导致连接失败 一直无返回
4) 你期待看到的正确表现是怎样的?
而我在 Dokodemo-door 透明代理配置样例 中 有看到 3.44 之前版本 无
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
},
配置 同时有配置 OUTPUT -p tcp -j REDIRECT 和 PREROUTING -p udp -j TPROXY
即透明代理同时 支持 REDIRECT 和 TPROXY
请问 新版本还支持吗 或者是我配置问题?
5) 请附上你的配置(提交 Issue 前请隐藏服务器端IP地址)。
客户端配置:
{
"log": {
"access": "/root/proxy/v2ray-access.log",
"error": "/root/proxy/v2ray-error.log",
"loglevel": "debug"
// "loglevel": "none"
},
"inbound": {
"protocol": "dokodemo-door",
"port": 7070,
"settings": {
"address": "",
// "network": "tcp,udp",
"timeout": 300,
"followRedirect": true
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
}
},
"inboundDetour": [
{
"protocol": "socks",
"port": 1080,
"listen": "0.0.0.0",
"settings": {
"auth": "noauth",
"udp": true,
"ip": "127.0.0.1"
}
},
{
"protocol": "http",
"port": 1081,
"listen": "0.0.0.0",
"settings": {
"timeout": 300
}
}
],
"outbound": {
"protocol": "vmess",
"settings": {
"vnext": [{
*********************
}]
}]
},
"streamSettings": {
"network": "ws"
},
"mux": {
"enabled": true
}
},
"dns": {
"servers": ["localhost"]
}
}
6) 请附上出错时软件输出的错误日志。在 Linux 中,日志通常在 /var/log/v2ray/error.log 文件中。
7) 请附上访问日志。在 Linux 中,日志通常在 /var/log/v2ray/access.log 文件中。
8) 其它相关的配置文件(如 Nginx)和相关日志。
9) 如果 V2Ray 无法启动,请附上 --test 输出。
10) 如果 V2Ray 服务运行不正常,请附上 journal 日志。
另外请问下 在 ipv6环境 下 无 nat 使用
ip6tables -t mangle -I PREROUTING -p tcp -m set --match-set $IPSER_GFW_IPV6 dst -j TPROXY --on-port $V2RAY_PORT --tproxy-mark 0x01/0x01
ip6tables -t mangle -I PREROUTING -p udp -m set --match-set $IPSER_GFW_IPV6 dst -j TPROXY --on-port $V2RAY_PORT --tproxy-mark 0x01/0x01
可透明代理下挂设备ipv6流量 有能透明代理路由器 用户空间本身ipv6流量的办法吗
hcwhan
All 6 comments
今天下午有空 使用新版3.47 全面测试了下
"inbound": {
"protocol": "dokodemo-door",
"port": 7074,
"settings": {
"address": "127.0.0.1",
"network": "tcp,udp",
"timeout": 300,
"followRedirect": true
},
"streamSettings": {
"sockopt": {
"tproxy": "redirect" // redirect tproxy
}
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
}
},
"inboundDetour": [
{
"protocol": "dokodemo-door",
"port": 7076,
"settings": {
"address": "::1",
"network": "tcp,udp",
"timeout": 300,
"followRedirect": true
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy" // redirect tproxy
}
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
}
}
]
修改 sockopt.sockopt的值 测试如下
测试tcp使用 curl -4 google.com curl -6 google.com
测试udp使用 nslookup baidu.com 8.8.8.8 nslookup ipv6.baidu.com [2001:4860:4860::8844]
| 作用 | 规则 | ipv4 配置为redirect | ipv4 配置为tproxy | ipv6 配置为redirect | ipv6 配置为tproxy |
| :---: | :---: | :---: | :---: | :---: | :---: |
| 路由器 tcp | OUTPUT nat -j REDIRECT -d tcp | ok | 错误, 日志0 | 无nat | 无nat |
| 路由器 udp | OUTPUT nat -j REDIRECT -d udp | 错误, 日志1 | 错误, 日志2 | 无nat | 无nat |
| 下挂设备 tcp | PREROUTING nat -j REDIRECT -d tcp | ok | 错误, 日志3 | 无nat | 无nat |
| 下挂设备 udp | PREROUTING nat -j REDIRECT -d udp | 错误,日志4 | 错误,日志5 | 无nat | 无nat |
| 下挂设备 tcp | PREROUTING mangle -j TPROXY -d tcp | ok | ok | 错误 | ok |
| 下挂设备 udp | PREROUTING mangle -j TPROXY -d udp | ok | ok | 错误 | 错误,日志6 |
结果显示
ipv4下
配置为redirect 也可以代理 -j TPROXY
而 切换配置为tproxy后 没有任何好处 支持的更少了
ipv6下
配置为tproxy 无法代理 udp
## 依次ipv4的配置规则
iptables -t nat -I OUTPUT -p tcp -m set --match-set $IPSER_GFW_IPV4 dst -j REDIRECT --to-port $V2RAY_PORT_v4
iptables -t nat -I OUTPUT -p udp -m set --match-set $IPSER_GFW_IPV4 dst -j REDIRECT --to-port $V2RAY_PORT_v4
iptables -t nat -I PREROUTING -p tcp -m set --match-set $IPSER_GFW_IPV4 dst -j REDIRECT --to-port $V2RAY_PORT_v4
iptables -t nat -I PREROUTING -p udp -m set --match-set $IPSER_GFW_IPV4 dst -j REDIRECT --to-port $V2RAY_PORT_v4
iptables -t mangle -I PREROUTING -p tcp -m set --match-set $IPSER_GFW_IPV4 dst -j TPROXY --on-port $V2RAY_PORT_v4 --tproxy-mark 0x01/0x01
iptables -t mangle -I PREROUTING -p udp -m set --match-set $IPSER_GFW_IPV4 dst -j TPROXY --on-port $V2RAY_PORT_v4 --tproxy-mark 0x01/0x01
## 依次ipv6的配置规则
ip6tables -t mangle -I PREROUTING -p tcp -m set --match-set $IPSER_GFW_IPV6 dst -j TPROXY --on-port $V2RAY_PORT_v6 --tproxy-mark 0x01/0x01
ip6tables -t mangle -I PREROUTING -p udp -m set --match-set $IPSER_GFW_IPV6 dst -j TPROXY --on-port $V2RAY_PORT_v6 --tproxy-mark 0x01/0x01
日志0:
2018/10/13 08:45:33 [Debug] [1881440195] v2ray.com/core/proxy/dokodemo: processing connection from: 100.64.52.216:46884
2018/10/13 08:45:33 [Info] [1881440195] v2ray.com/core/app/dispatcher: sniffed domain: google.com
2018/10/13 08:45:33 [Info] [1881440195] v2ray.com/core/app/dispatcher: default route for tcp:google.com:7074
2018/10/13 08:45:33 [Info] [1881440195] v2ray.com/core/app/proxyman/mux: dispatching request to tcp:google.com:7074
日志1:
2018/10/13 08:52:06 [Debug] v2ray.com/core/transport/internet/udp: UDP original destination: udp:127.0.0.1:7074
2018/10/13 08:52:06 [Debug] v2ray.com/core/transport/internet/udp: UDP original destination: udp:127.0.0.1:7074
2018/10/13 08:52:06 [Debug] [692991108] v2ray.com/core/proxy/dokodemo: processing connection from: 100.64.52.216:44129
2018/10/13 08:52:06 [Info] [692991108] v2ray.com/core/app/dispatcher: default route for udp:127.0.0.1:7074
2018/10/13 08:52:06 [Info] [692991108] v2ray.com/core/app/proxyman/mux: dispatching request to udp:127.0.0.1:7074
2018/10/13 08:52:06 [Info] v2ray.com/core/transport/internet: failed to bind source address to udp:127.0.0.1:7074 > address already in use
2018/10/13 08:52:06 [Info] v2ray.com/core/transport/internet/websocket: creating connection to tcp:108.61.182.18:554
2018/10/13 08:52:06 [Info] v2ray.com/core/proxy/vmess/outbound: tunneling request to tcp:v1.mux.cool:9527 via tcp:108.61.182.18:554
2018/10/13 08:52:06 [Info] [692991108] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2018/10/13 08:52:06 [Info] [692991108] v2ray.com/core/app/proxyman/mux: failed to fetch all input > io: read/write on closed pipe
2018/10/13 08:52:08 [Debug] v2ray.com/core/transport/internet/udp: UDP original destination: udp:127.0.0.1:7074
2018/10/13 08:52:08 [Debug] v2ray.com/core/transport/internet/udp: UDP original destination: udp:127.0.0.1:7074
2018/10/13 08:52:08 [Debug] [2280256937] v2ray.com/core/proxy/dokodemo: processing connection from: 100.64.52.216:44129
2018/10/13 08:52:08 [Info] v2ray.com/core/transport/internet: failed to bind source address to udp:127.0.0.1:7074 > address already in use
2018/10/13 08:52:08 [Info] [2280256937] v2ray.com/core/app/dispatcher: default route for udp:127.0.0.1:7074
2018/10/13 08:52:08 [Info] [2280256937] v2ray.com/core/app/proxyman/mux: dispatching request to udp:127.0.0.1:7074
2018/10/13 08:52:08 [Info] [2280256937] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2018/10/13 08:52:08 [Info] [2280256937] v2ray.com/core/app/proxyman/mux: failed to fetch all input > io: read/write on closed pipe
日志2:
2018/10/13 08:53:17 [Debug] v2ray.com/core/transport/internet/udp: UDP original destination: udp:127.0.0.1:7074
2018/10/13 08:53:17 [Debug] [2778733003] v2ray.com/core/proxy/dokodemo: processing connection from: 100.64.52.216:38636
2018/10/13 08:53:17 [Info] v2ray.com/core/transport/internet: failed to bind source address to udp:127.0.0.1:7074 > address already in use
2018/10/13 08:53:17 [Info] [2778733003] v2ray.com/core/app/dispatcher: default route for udp:127.0.0.1:7074
2018/10/13 08:53:17 [Info] [2778733003] v2ray.com/core/app/proxyman/mux: dispatching request to udp:127.0.0.1:7074
2018/10/13 08:53:17 [Info] v2ray.com/core/transport/internet/websocket: creating connection to tcp:108.61.182.18:554
2018/10/13 08:53:17 [Debug] v2ray.com/core/transport/internet/udp: UDP original destination: udp:127.0.0.1:7074
2018/10/13 08:53:18 [Info] v2ray.com/core/proxy/vmess/outbound: tunneling request to tcp:v1.mux.cool:9527 via tcp:108.61.182.18:554
2018/10/13 08:53:18 [Info] [2778733003] v2ray.com/core/app/proxyman/mux: failed to fetch all input > io: read/write on closed pipe
2018/10/13 08:53:18 [Info] [2778733003] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2018/10/13 08:53:20 [Debug] v2ray.com/core/transport/internet/udp: UDP original destination: udp:127.0.0.1:7074
2018/10/13 08:53:20 [Debug] v2ray.com/core/transport/internet/udp: UDP original destination: udp:127.0.0.1:7074
2018/10/13 08:53:20 [Debug] [2637456910] v2ray.com/core/proxy/dokodemo: processing connection from: 100.64.52.216:38636
2018/10/13 08:53:20 [Info] [2637456910] v2ray.com/core/app/dispatcher: default route for udp:127.0.0.1:7074
2018/10/13 08:53:20 [Info] [2637456910] v2ray.com/core/app/proxyman/mux: dispatching request to udp:127.0.0.1:7074
2018/10/13 08:53:20 [Info] v2ray.com/core/transport/internet: failed to bind source address to udp:127.0.0.1:7074 > address already in use
2018/10/13 08:53:20 [Info] [2637456910] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2018/10/13 08:53:20 [Info] [2637456910] v2ray.com/core/app/proxyman/mux: failed to fetch all input > io: read/write on closed pipe
2018/10/13 08:53:33 [Info] v2ray.com/core/app/proxyman/mux: failed to read metadata > io: read/write on closed pipe
2018/10/13 08:53:38 [Info] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: connection ends > context canceled
日志3:
2018/10/13 08:59:06 [Debug] [323487233] v2ray.com/core/proxy/dokodemo: processing connection from: 192.168.4.40:55635
2018/10/13 08:59:06 [Info] [323487233] v2ray.com/core/app/dispatcher: sniffed domain: google.com
2018/10/13 08:59:06 [Info] [323487233] v2ray.com/core/app/dispatcher: default route for tcp:google.com:7074
2018/10/13 08:59:06 [Info] [323487233] v2ray.com/core/app/proxyman/mux: dispatching request to tcp:google.com:7074
日志4:
2018/10/13 09:01:30 [Debug] v2ray.com/core/transport/internet/udp: UDP original destination: udp:192.168.4.1:7074
2018/10/13 09:01:30 [Debug] [625723116] v2ray.com/core/proxy/dokodemo: processing connection from: 192.168.4.40:65062
2018/10/13 09:01:30 [Info] v2ray.com/core/transport/internet: failed to bind source address to udp:192.168.4.1:7074 > address already in use
2018/10/13 09:01:30 [Info] [625723116] v2ray.com/core/app/dispatcher: default route for udp:192.168.4.1:7074
2018/10/13 09:01:30 [Info] [625723116] v2ray.com/core/app/proxyman/mux: dispatching request to udp:192.168.4.1:7074
2018/10/13 09:01:30 [Info] [625723116] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2018/10/13 09:01:30 [Info] [625723116] v2ray.com/core/app/proxyman/mux: failed to fetch all input > io: read/write on closed pipe
2018/10/13 09:01:32 [Info] v2ray.com/core/app/proxyman/mux: failed to read metadata > io: read/write on closed pipe
2018/10/13 09:01:32 [Debug] v2ray.com/core/transport/internet/udp: UDP original destination: udp:192.168.4.1:7074
2018/10/13 09:01:32 [Debug] [581518734] v2ray.com/core/proxy/dokodemo: processing connection from: 192.168.4.40:53008
2018/10/13 09:01:32 [Info] v2ray.com/core/transport/internet: failed to bind source address to udp:192.168.4.1:7074 > address already in use
2018/10/13 09:01:32 [Info] [581518734] v2ray.com/core/app/dispatcher: default route for udp:192.168.4.1:7074
2018/10/13 09:01:32 [Info] [581518734] v2ray.com/core/app/proxyman/mux: dispatching request to udp:192.168.4.1:7074
2018/10/13 09:01:32 [Info] v2ray.com/core/transport/internet/websocket: creating connection to tcp:108.61.182.18:554
2018/10/13 09:01:32 [Info] v2ray.com/core/proxy/vmess/outbound: tunneling request to tcp:v1.mux.cool:9527 via tcp:108.61.182.18:554
2018/10/13 09:01:32 [Info] [581518734] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2018/10/13 09:01:32 [Info] [581518734] v2ray.com/core/app/proxyman/mux: failed to fetch all input > io: read/write on closed pipe
2018/10/13 09:01:34 [Debug] v2ray.com/core/transport/internet/udp: UDP original destination: udp:192.168.4.1:7074
2018/10/13 09:01:34 [Debug] [1642577974] v2ray.com/core/proxy/dokodemo: processing connection from: 192.168.4.40:53009
2018/10/13 09:01:34 [Info] [1642577974] v2ray.com/core/app/dispatcher: default route for udp:192.168.4.1:7074
2018/10/13 09:01:34 [Info] [1642577974] v2ray.com/core/app/proxyman/mux: dispatching request to udp:192.168.4.1:7074
2018/10/13 09:01:34 [Info] v2ray.com/core/transport/internet: failed to bind source address to udp:192.168.4.1:7074 > address already in use
2018/10/13 09:01:34 [Info] [1642577974] v2ray.com/core/app/proxyman/mux: failed to fetch all input > io: read/write on closed pipe
2018/10/13 09:01:34 [Info] [1642577974] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2018/10/13 09:01:36 [Debug] v2ray.com/core/transport/internet/udp: UDP original destination: udp:192.168.4.1:7074
2018/10/13 09:01:36 [Debug] [305464977] v2ray.com/core/proxy/dokodemo: processing connection from: 192.168.4.40:57467
2018/10/13 09:01:36 [Info] v2ray.com/core/transport/internet: failed to bind source address to udp:192.168.4.1:7074 > address already in use
2018/10/13 09:01:36 [Info] [305464977] v2ray.com/core/app/dispatcher: default route for udp:192.168.4.1:7074
2018/10/13 09:01:36 [Info] [305464977] v2ray.com/core/app/proxyman/mux: dispatching request to udp:192.168.4.1:7074
2018/10/13 09:01:36 [Info] [305464977] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2018/10/13 09:01:36 [Info] [305464977] v2ray.com/core/app/proxyman/mux: failed to fetch all input > io: read/write on closed pipe
2018/10/13 09:01:37 [Info] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: connection ends > context canceled
2018/10/13 09:01:38 [Debug] v2ray.com/core/transport/internet/udp: UDP original destination: udp:192.168.4.1:7074
2018/10/13 09:01:38 [Debug] [1317770460] v2ray.com/core/proxy/dokodemo: processing connection from: 192.168.4.40:57468
2018/10/13 09:01:38 [Info] v2ray.com/core/transport/internet: failed to bind source address to udp:192.168.4.1:7074 > address already in use
2018/10/13 09:01:38 [Info] [1317770460] v2ray.com/core/app/dispatcher: default route for udp:192.168.4.1:7074
2018/10/13 09:01:38 [Info] [1317770460] v2ray.com/core/app/proxyman/mux: dispatching request to udp:192.168.4.1:7074
2018/10/13 09:01:38 [Info] [1317770460] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2018/10/13 09:01:38 [Info] [1317770460] v2ray.com/core/app/proxyman/mux: failed to fetch all input > io: read/write on closed pipe
2018/10/13 09:01:48 [Info] v2ray.com/core/app/proxyman/mux: failed to read metadata > io: read/write on closed pipe
2018/10/13 09:01:53 [Info] failed to handler mux client connection > v2ray.com/core/proxy/vmess/outbound: connection ends > context canceled
日志5:
2018/10/13 09:03:41 [Debug] v2ray.com/core/transport/internet/udp: UDP original destination: udp:192.168.4.1:7074
2018/10/13 09:03:41 [Debug] [3033650664] v2ray.com/core/proxy/dokodemo: processing connection from: 192.168.4.40:56763
2018/10/13 09:03:41 [Info] v2ray.com/core/transport/internet: failed to bind source address to udp:192.168.4.1:7074 > address already in use
2018/10/13 09:03:41 [Info] [3033650664] v2ray.com/core/app/dispatcher: default route for udp:192.168.4.1:7074
2018/10/13 09:03:41 [Info] [3033650664] v2ray.com/core/app/proxyman/mux: dispatching request to udp:192.168.4.1:7074
2018/10/13 09:03:41 [Info] v2ray.com/core/transport/internet/websocket: creating connection to tcp:108.61.182.18:554
2018/10/13 09:03:41 [Info] v2ray.com/core/proxy/vmess/outbound: tunneling request to tcp:v1.mux.cool:9527 via tcp:108.61.182.18:554
2018/10/13 09:03:41 [Info] [3033650664] v2ray.com/core/app/proxyman/mux: failed to fetch all input > io: read/write on closed pipe
2018/10/13 09:03:41 [Info] [3033650664] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2018/10/13 09:03:43 [Debug] v2ray.com/core/transport/internet/udp: UDP original destination: udp:192.168.4.1:7074
2018/10/13 09:03:43 [Debug] [348761590] v2ray.com/core/proxy/dokodemo: processing connection from: 192.168.4.40:56764
2018/10/13 09:03:43 [Info] [348761590] v2ray.com/core/app/dispatcher: default route for udp:192.168.4.1:7074
2018/10/13 09:03:43 [Info] [348761590] v2ray.com/core/app/proxyman/mux: dispatching request to udp:192.168.4.1:7074
2018/10/13 09:03:43 [Info] v2ray.com/core/transport/internet: failed to bind source address to udp:192.168.4.1:7074 > address already in use
2018/10/13 09:03:43 [Info] [348761590] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2018/10/13 09:03:43 [Info] [348761590] v2ray.com/core/app/proxyman/mux: failed to fetch all input > io: read/write on closed pipe
2018/10/13 09:03:45 [Debug] v2ray.com/core/transport/internet/udp: UDP original destination: udp:192.168.4.1:7074
2018/10/13 09:03:45 [Debug] [1518555814] v2ray.com/core/proxy/dokodemo: processing connection from: 192.168.4.40:56765
2018/10/13 09:03:45 [Info] v2ray.com/core/transport/internet: failed to bind source address to udp:192.168.4.1:7074 > address already in use
2018/10/13 09:03:45 [Info] [1518555814] v2ray.com/core/app/dispatcher: default route for udp:192.168.4.1:7074
2018/10/13 09:03:45 [Info] [1518555814] v2ray.com/core/app/proxyman/mux: dispatching request to udp:192.168.4.1:7074
2018/10/13 09:03:45 [Info] [1518555814] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2018/10/13 09:03:45 [Info] [1518555814] v2ray.com/core/app/proxyman/mux: failed to fetch all input > io: read/write on closed pipe
2018/10/13 09:03:47 [Debug] v2ray.com/core/transport/internet/udp: UDP original destination: udp:192.168.4.1:7074
2018/10/13 09:03:47 [Debug] [3715999357] v2ray.com/core/proxy/dokodemo: processing connection from: 192.168.4.40:56766
2018/10/13 09:03:47 [Info] [3715999357] v2ray.com/core/app/dispatcher: default route for udp:192.168.4.1:7074
2018/10/13 09:03:47 [Info] [3715999357] v2ray.com/core/app/proxyman/mux: dispatching request to udp:192.168.4.1:7074
2018/10/13 09:03:47 [Info] v2ray.com/core/transport/internet: failed to bind source address to udp:192.168.4.1:7074 > address already in use
2018/10/13 09:03:47 [Info] [3715999357] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2018/10/13 09:03:47 [Info] [3715999357] v2ray.com/core/app/proxyman/mux: failed to fetch all input > io: read/write on closed pipe
2018/10/13 09:03:49 [Debug] v2ray.com/core/transport/internet/udp: UDP original destination: udp:192.168.4.1:7074
2018/10/13 09:03:49 [Debug] [3126562464] v2ray.com/core/proxy/dokodemo: processing connection from: 192.168.4.40:56767
2018/10/13 09:03:49 [Info] v2ray.com/core/transport/internet: failed to bind source address to udp:192.168.4.1:7074 > address already in use
2018/10/13 09:03:49 [Info] [3126562464] v2ray.com/core/app/dispatcher: default route for udp:192.168.4.1:7074
2018/10/13 09:03:49 [Info] [3126562464] v2ray.com/core/app/proxyman/mux: dispatching request to udp:192.168.4.1:7074
2018/10/13 09:03:49 [Info] [3126562464] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > v2ray.com/core/proxy/dokodemo: failed to transport response > io: read/write on closed pipe
2018/10/13 09:03:49 [Info] [3126562464] v2ray.com/core/app/proxyman/mux: failed to fetch all input > io: read/write on closed pipe
日志6
2018/10/13 09:26:44 [Info] [171199227] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > context canceled
2018/10/13 09:26:44 [Info] [2073266155] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: connection ends > context canceled
2018/10/13 09:26:44 [Info] [2073266155] v2ray.com/core/app/proxyman/mux: failed to fetch all input > io: read/write on closed pipe
2018/10/13 09:26:44 [Info] [171199227] v2ray.com/core/app/proxyman/mux: failed to fetch all input > io: read/write on closed pipe
2018/10/13 09:26:45 [Debug] [2322541428] v2ray.com/core/proxy/dokodemo: processing connection from: [2408:824e:d2f:2da0:7116:ecb2:296e:ad8c]:60545
2018/10/13 09:26:45 [Info] [2322541428] v2ray.com/core/app/dispatcher: default route for udp:[::1]:0
2018/10/13 09:26:45 [Info] [2322541428] v2ray.com/core/app/proxyman/mux: dispatching request to udp:[::1]:0
2018/10/13 09:26:45 [Info] v2ray.com/core/app/proxyman/mux: failed to read metadata > io: read/write on closed pipe
现在我使用的是
配置两个透明代理端口
一个用于ipv4 "tproxy": "redirect"
一个用于ipv6 "tproxy": "tproxy"
"inbound": {
"protocol": "dokodemo-door",
"port": 7074,
"listen": "0.0.0.0",
"settings": {
"address": "",
"network": "tcp,udp",
"timeout": 300,
"followRedirect": true
},
"streamSettings": {
"sockopt": {
"tproxy": "redirect"
}
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
}
},
"inboundDetour": [
{
"protocol": "dokodemo-door",
"port": 7076,
"listen": "0.0.0.0",
"settings": {
"address": "",
"network": "tcp,udp",
"timeout": 300,
"followRedirect": true
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
}
}
]
iptables 配置如下:
V2RAY_PORT_v4=7074
V2RAY_PORT_v6=7076
IPSER_GFW_IPV4="gfwlist_ipv4"
IPSER_GFW_IPV6="gfwlist_ipv6"
add_rule_ipv4() {
# 创建 IPSER_GFW_IPV4,格式为 iphash 的集合
ipset -N $IPSER_GFW_IPV4 iphash family inet
# 匹配 gfwlist 中 本机 OUTPUT tcp 流量 转发到 透明代理 端口
iptables -t nat -I OUTPUT -p tcp -m set --match-set $IPSER_GFW_IPV4 dst -j REDIRECT --to-port $V2RAY_PORT_v4
# 匹配 gfwlist 中 PREROUTING tcp 流量 转发到 透明代理 端口
iptables -t nat -I PREROUTING -p tcp -m set --match-set $IPSER_GFW_IPV4 dst -j REDIRECT --to-port $V2RAY_PORT_v4
# # 添加 mark 路由
ip -f inet rule add fwmark 0x01/0x01 table 100
ip -f inet route add local 0.0.0.0/0 dev lo table 100
# 匹配 gfwlist 中 PREROUTING udp 流量 转发到 透明代理 端口
iptables -t mangle -I PREROUTING -p udp -m set --match-set $IPSER_GFW_IPV4 dst -j TPROXY --on-port $V2RAY_PORT_v4 --tproxy-mark 0x01/0x01
}
add_rule_ipv6() {
# 创建 IPSER_GFW_IPV6,格式为 iphash 的集合
ipset -N $IPSER_GFW_IPV6 iphash family inet6
# 添加 mark 路由
ip -f inet6 rule add fwmark 0x01/0x01 table 100
ip -f inet6 route add local ::/0 dev lo table 100
# 匹配 gfwlist 中 PREROUTING tcp 流量 转发到 透明代理 端口
ip6tables -t mangle -I PREROUTING -p tcp -m set --match-set $IPSER_GFW_IPV6 dst -j TPROXY --on-port $V2RAY_PORT_v6 --tproxy-mark 0x01/0x01
# # 匹配 gfwlist 中 PREROUTING udp 流量 转发到 透明代理 端口 (无效)
# ip6tables -t mangle -I PREROUTING -p udp -m set --match-set $IPSER_GFW_IPV6 dst -j TPROXY --on-port $V2RAY_PORT_v6 --tproxy-mark 0x01/0x01
}
透明代理状态
| | ipv4 | ipv6 |
| :----: | :----: | :----: |
| 路由器 tcp | ✅ | ❌ |
| 路由器 udp | ❌ | ❌ |
|下挂设备 tcp | ✅ | ✅ |
|下挂设备 udp | ✅ | ❌ |
hcwhan
on 12 Oct 2018
👍8
UDP的问题应该是一个bug导致的,无法复用IP地址,现在已经修复了。TCP看上去正常,redirect不支持IPv6,而tproxy支持IPv6。
你在本机使用tproxy的时候是不是因为没有过滤V2Ray的出站流量,比如白话文教程中提到的:
iptables -t nat -A V2RAY -p tcp -j RETURN -m mark --mark 0xff # 直连 SO_MARK为 0xff 的流量(0xff 是 16 进制数,数值上等同与上面的 255),此规则目的是避免代理本机(网关)流量出现回环问题
如果redirect用得好就用redirect好了,对tproxy的支持只是为了支持IPv6。
VictoriaRaymond
on 14 Dec 2018
I’m closing this issue because it has been inactive for a few months. This probably means that it is not reproducible or it has been fixed in a newer version. If it’s an enhancement and hasn’t been taken on for so long, then it seems no one has the time to implement this.
Please reopen if you still encounter this issue with the latest stable version. You can also contribute directly by providing a patch – see the developer manual. :)
Thank you!
kslr
on 20 Feb 2019
@VictoriaRaymond 在ipv6下不使用nat,当 sockopt.tproxy 配置为 tproxy 时下挂设备 UDP 仍不可用, TCP 正常。服务端/客户端均为4.20,日志如下(*为下挂设备公网v6地址):
2019/08/05 06:07:20 [Debug] [1949177196] v2ray.com/core/proxy/dokodemo: processing connection from: [***]:58969
2019/08/05 06:07:20 [Info] [1949177196] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: unable to get destination
2019/08/05 06:07:25 [Debug] [2307457270] v2ray.com/core/proxy/dokodemo: processing connection from: [***]:58969
2019/08/05 06:07:25 [Info] [2307457270] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: unable to get destination
2019/08/05 06:07:30 [Debug] [3578481590] v2ray.com/core/proxy/dokodemo: processing connection from: [***]:58969
2019/08/05 06:07:30 [Info] [3578481590] v2ray.com/core/app/proxyman/inbound: connection ends > v2ray.com/core/proxy/dokodemo: unable to get destination
dianlujitao
on 5 Aug 2019
软件环境是openwrt + shadowsocks-libev,分别运行一个ipv4和ipv6的ss-redir实例来透明代理两种流量,路由器有一个公网ipv6地址,下挂设备nat6;
@hcwhan 先前按你的描述来配置防火墙,ipv4的tcp和udp在网关和局域网都没有问题;ipv6只有tcp成功了,也是在网关和局域网都可以。使用了一段时间都没怎么在意过,不晓得udp6不成功对网络体验的影响,后来发现开启了quic的chrome看youtube怎么这么慢,远远达不到路由器cpu加密性能的瓶颈(30Mbps/chacha-ietf-poly1305)。折腾了一圈也没有成功,ipv6用的人不多,网络上也没找到办法…
现在是在路由器上同时运行ss和wireguard来解决这问题,ss只负责tcp/tcp6协议的redirect。其它所有协议都policy routing到wireguard,用
! -p tcp
来过滤,避免tproxy的使用。这样支持的协议更加丰富,ping和traceroute也好用了,目前体验不错。在速度方面,开启quic的chrome看youtube吊打ss,不过有时候速度有些波动。FYI
realconnor
on 22 Oct 2019
Was this page helpful?
0 / 5 - 0 ratings
Related issues
ghost
·
4Comments
choicky
·
4Comments
TheWanderingCoel
·
3Comments
pingma
·
4Comments
ferocknew
·
3Comments
Most helpful comment
现在我使用的是
配置两个透明代理端口
一个用于ipv4 "tproxy": "redirect"
一个用于ipv6 "tproxy": "tproxy"
iptables 配置如下:
透明代理状态
| | ipv4 | ipv6 |
| :----: | :----: | :----: |
| 路由器 tcp | ✅ | ❌ |
| 路由器 udp | ❌ | ❌ |
|下挂设备 tcp | ✅ | ✅ |
|下挂设备 udp | ✅ | ❌ |