V2ray-core: v2ray端口无论修改什么端口一直被禁，shadowsocks却可以正常使用

上配置文件

用的什么底层传输协议，是ws吗

上配置文件

{
"log": {
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log",
"loglevel": "warning"
},
"inbounds": [
{
"port": 25595,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "86a2027c-426a-453e-92ee-00d765cb81ae",
"level": 1,
"alterId": 233
}
]
},
"streamSettings": {
"network": "kcp",
"kcpSettings": {
"header": {
"type": "wireguard"
}
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
,
{
"protocol": "shadowsocks",
"port": 8284,
"settings": {
"method": "aes-256-cfb",
"password": "xxxxxx",
"network": "tcp,udp",
"level": 1,
"ota": false

建议只用websocket伪装，
{
"log": {
"access": "",
"error": "",
"loglevel": "warning"
},
"inbounds": [{
"port": 3858,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "xxxxxxxx--uuid--xxxxxx",
"level": 1,
"alterId": 60
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/vtest"
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
}]
}

然后在Nginx上配置一个server：
server {
listen 2333 ssl; #监听2333 ssl端口，防火墙要开放2333端口给相关人员访问
server_name tencent.com; #此域名为虚构的，尽量用国内知名的，不易被屏蔽
ssl_certificate /etc/v2ray/tencent.com.crt; #证书及key文件可自己创建
ssl_certificate_key /etc/v2ray/tencent.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location /vtest { #必须和v2ray配置里的"path"一致
proxy_redirect off;
proxy_pass http://127.0.0.1:3858; #把访问/vtest路径的分流到3858端口
proxy_http_version 1.1; #这个本地3858端口为v2ray进程监听
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors on;
}
location / {
root /vtest; #服务器的/vtest目录作为 tencent.com站点的根目录
index index.html; #当GFW做主动监测时，会访问此站点，所以要放几个正常的
} # html文件，以便让它相信这是一个网站
}

上配置文件

{
"log": {
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log",
"loglevel": "warning"
},
"inbounds": [
{
"port": 25595,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "86a2027c-426a-453e-92ee-00d765cb81ae",
"level": 1,
"alterId": 233
}
]
},
"streamSettings": {
"network": "kcp",
"kcpSettings": {
"header": {
"type": "wireguard"
}
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
,
{
"protocol": "shadowsocks",
"port": 8284,
"settings": {
"method": "aes-256-cfb",
"password": "xxxxxx",
"network": "tcp,udp",
"level": 1,
"ota": false

哪家宽带 kcp不行了

建议只用websocket伪装，
{
"log": {
"access": "",
"error": "",
"loglevel": "warning"
},
"inbounds": [{
"port": 3858,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "xxxxxxxx--uuid--xxxxxx",
"level": 1,
"alterId": 60
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/vtest"
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
}]
}

然后在Nginx上配置一个server：
server {
listen 2333 ssl; #监听2333 ssl端口，防火墙要开放2333端口给相关人员访问
server_name tencent.com; #此域名为虚构的，尽量用国内知名的，不易被屏蔽
ssl_certificate /etc/v2ray/tencent.com.crt; #证书及key文件可自己创建
ssl_certificate_key /etc/v2ray/tencent.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location /vtest { #必须和v2ray配置里的"path"一致
proxy_redirect off;
proxy_pass http://127.0.0.1:3858; #把访问/vtest路径的分流到3858端口
proxy_http_version 1.1; #这个本地3858端口为v2ray进程监听
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors on;
}
location / {
root /vtest; #服务器的/vtest目录作为 tencent.com站点的根目录
index index.html; #当GFW做主动监测时，会访问此站点，所以要放几个正常的
} # html文件，以便让它相信这是一个网站
}

好的，多谢老哥，今天刚好买了个域名，我去试一下

上配置文件

{
"log": {
"access": "/var/log/v2ray/access.log",
"error": "/var/log/v2ray/error.log",
"loglevel": "warning"
},
"inbounds": [
{
"port": 25595,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "86a2027c-426a-453e-92ee-00d765cb81ae",
"level": 1,
"alterId": 233
}
]
},
"streamSettings": {
"network": "kcp",
"kcpSettings": {
"header": {
"type": "wireguard"
}
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
,
{
"protocol": "shadowsocks",
"port": 8284,
"settings": {
"method": "aes-256-cfb",
"password": "xxxxxx",
"network": "tcp,udp",
"level": 1,
"ota": false

哪家宽带 kcp不行了

联通的，我换一种协议试试

在客户端那边，不用域名去找此服务器，直接写ip，伪装的域名的话，可以随便写一个，用大厂的域名，关于ssl证书，可自己生成。

我把传输协议换成ws，就可以正常使用了，稍后会对进行流量伪装，多谢各位老哥帮忙。 @limaofu @fbion

有问题可找我学习