Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

透明代理 dns异常 #2920

Open
Ramona22222 opened this issue Mar 10, 2024 · 4 comments
Open

透明代理 dns异常 #2920

Ramona22222 opened this issue Mar 10, 2024 · 4 comments

Comments

@Ramona22222
Copy link

你正在使用哪个版本的 V2Ray?

v5.14.1

你的使用场景是什么?

v2ray透明代理

你看到的异常现象是什么?

异常1. 终端设备dns设置为8.8.8.8,1.1.1.1,等非大陆dns时,出现大量如下警告:

[Warning] [3269249056] app/dispatcher: default route for tcp:b1sync.zemanta.com:443

异常2. 终端设备dns设置为223.5.5.5,192.168.1.254,等大陆dns或任意内网ip时,出现大量如下警告:

[Warning] [3970399347] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: failed to find an available destination > common/retry: [dial tcp “vmess服务器地址:端口”: operation was canceled] > common/retry: all retry attempts failed

出现警告时访问所有网站及应用均无问题,同样的配置文件在xray-core下无上述警告

异常1测试:域名“b1sync.zemanta.com”经过其他网络环境多个dns测试下可以解析出ip。rule有完整的ip匹配规则,在当前配置下v2ray并没有解析出此域名的ip,导致走默认出站代理。

异常2测试:添加多个vmess出站配置,并将dns-out的proxySettings分别设置为不同的出站,并将rule下域名和ip匹配规则的出站设置为与dns-out proxySettings相反,发现警告是由dns-out导致的。

你期待看到的正常表现是怎样的?

无警告

请附上你的配置

客户端v2ray配置:

{
  "inbounds": [
    {
      "tag":"transparent",
      "listen": "127.0.0.1",
      "port": 12345,
      "protocol": "dokodemo-door",
      "settings": {
        "network": "tcp,udp",
        "followRedirect": true
      },
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls",
          "quic"
        ]
      },
      "streamSettings": {
        "sockopt": {
          "tproxy": "tproxy"
        }
      }
    }
  ],
  "outbounds": [
    {
      "tag": "direct",
      "protocol": "freedom",
      "settings": {
        "domainStrategy": "UseIPv4"
      }
    },
    {
      "tag": "proxy",
      "protocol": "vmess",
      "vmess参数",
      "streamSettings": {
        "network": "tcp"
      }
    },
    {
      "tag": "dns-out",
      "protocol": "dns",
      "settings": {
        "network": "udp",
        "address": "8.8.8.8",
        "port": 53
      },
      "proxySettings": {
        "tag": "proxy"
      }
    }
  ],
  "dns": {
    "queryStrategy": "UseIPv4",
    "servers": [
      "8.8.8.8",
      {
        "address": "223.5.5.5",
        "domains": ["geosite:cn"],
        "skipFallback": true
      }
    ]
  },
  "routing": {
    "domainStrategy": "IPIfNonMatch",
    "rules": [
      {
        "type": "field",
        "inboundTag": ["transparent"],
        "port": 53,
        "outboundTag": "dns-out"
      },
      {
        "type": "field",
        "domain": ["geosite:cn"],
        "outboundTag": "direct"
      },
      {
        "type": "field",
        "domain": ["geosite:geolocation-!cn"],
        "outboundTag": "proxy"
      },
      {
        "type": "field",
        "ip": ["geoip:cn"],
        "outboundTag": "direct"
      },
      {
        "type": "field",
        "ip": ["geoip:!cn"],
        "outboundTag": "proxy"
      }
    ]
  }
}

客户端路由及防火墙配置:

# “helper_lan” 规则容器链,钩子在prerouting,匹配入口设备为br_lan
ip rule add fwmark 50 table 50
ip route add local 0.0.0.0/0 dev lo table 50

nft add rule inet fw4 helper_lan meta nfproto !=ipv4 return
nft add rule inet fw4 helper_lan meta l4proto udp ip daddr { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } udp dport != 53 return
nft add rule inet fw4 helper_lan meta l4proto tcp ip daddr { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } tcp dport != 53 return
nft add rule inet fw4 helper_lan meta l4proto {tcp, udp}  meta mark set 50 tproxy ip to 127.0.0.1:12345 accept
@Ramona22222
Copy link
Author

防火墙和v2ray已经劫持了dns流量,为什么终端配置不同的dns会导致不同的异常?

@kingwilliam
Copy link

试试解答问题(1)
[Warning] [3269249056] app/dispatcher: default route for tcp:b1sync.zemanta.com:443

试试修改 routing

由
      {
        "type": "field",
        "domain": ["geosite:cn"],
        "outboundTag": "direct"
      },
      {
        "type": "field",
        "domain": ["geosite:geolocation-!cn"],
        "outboundTag": "proxy"
      },

到
      {
        "type": "field",
        "domains": ["geosite:cn"],
        "outboundTag": "direct"
      },
      {
        "type": "field",
        "domains": ["geosite:geolocation-!cn"],
        "outboundTag": "proxy"
      },

改: "domain -> domains

@kingwilliam
Copy link

kingwilliam commented Mar 12, 2024
edited

试试解答问题(2)
[Warning] [3970399347] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: failed to find an available destination > common/retry: [dial tcp “vmess服务器地址:端口”: operation was canceled] > common/retry: all retry attempts failed

看是dns不能解释 试试在dns内加入host纪录
如vmess address 是 vps.address.com

    "hosts": {
        "vps.address.com": "x.x.x.x"
    },

@Ramona22222
Copy link
Author

@kingwilliam
服务器地址是ip,domain更改为domains依然报错

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kingwilliam @Ramona22222