Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

使用VLESS-TCP-XTLS-WHATEVER模板 日志提示:rejected proxy/trojan: not trojan protocol #47

Closed
venorz opened this issue Nov 11, 2021 · 11 comments
Closed

使用VLESS-TCP-XTLS-WHATEVER模板 日志提示:rejected proxy/trojan: not trojan protocol #47

venorz opened this issue Nov 11, 2021 · 11 comments

Comments

@venorz
Copy link

venorz commented Nov 11, 2021
edited

大佬好,我在用大佬的配置中遇到了点小问题请教下。
客户端和服务端都是最新的1.4.5,按照VLESS-TCP-XTLS-WHATEVER中的配置,服务端日志会有大量的:rejected proxy/trojan: not trojan protocol提示,请问是哪里配置不对吗?

xray 服务端的设置如下,按照VLESS-TCP-XTLS-WHATEVER中的配置,仅修改uuid和回落端口80改8001

{
    "log": {
        "loglevel": "warning"
    },
    "inbounds": [
        {
            "port": 443,
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "我的UUID", // 填写你的 UUID
                        "flow": "xtls-rprx-direct",
                        "level": 0,
                        "email": "love@example.com"
                    }
                ],
                "decryption": "none",
                "fallbacks": [
                    {
                        "dest": 1310, // 默认回落到 Xray 的 Trojan 协议
                        "xver": 1
                    },
                    {
                        "path": "/websocket", // 必须换成自定义的 PATH
                        "dest": 1234,
                        "xver": 1
                    },
                    {
                        "path": "/vmesstcp", // 必须换成自定义的 PATH
                        "dest": 2345,
                        "xver": 1
                    },
                    {
                        "path": "/vmessws", // 必须换成自定义的 PATH
                        "dest": 3456,
                        "xver": 1
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "xtls",
                "xtlsSettings": {
                    "alpn": [
                        "http/1.1"
                    ],
                    "certificates": [
                        {
                            "certificateFile": "fullchain.cer", // 换成你的证书,绝对路径
                            "keyFile": "domain.key" // 换成你的私钥,绝对路径
                        }
                    ]
                }
            }
        },
        {
            "port": 1310,
            "listen": "127.0.0.1",
            "protocol": "trojan",
            "settings": {
                "clients": [
                    {
                        "password": "wahah", // 填写你的密码
                        "level": 0,
                        "email": "love@example.com"
                    }
                ],
                "fallbacks": [
                    {
                        "dest": 8001// 或者回落到其它也防探测的代理
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "none",
                "tcpSettings": {
                    "acceptProxyProtocol": true
                }
            }
        },
        {
            "port": 1234,
            "listen": "127.0.0.1",
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "我的UUID", // 填写你的 UUID
                        "level": 0,
                        "email": "love@example.com"
                    }
                ],
                "decryption": "none"
            },
            "streamSettings": {
                "network": "ws",
                "security": "none",
                "wsSettings": {
                    "acceptProxyProtocol": true, // 提醒:若你用 Nginx/Caddy 等反代 WS,需要删掉这行
                    "path": "/websocket" // 必须换成自定义的 PATH,需要和分流的一致
                }
            }
        },
        {
            "port": 2345,
            "listen": "127.0.0.1",
            "protocol": "vmess",
            "settings": {
                "clients": [
                    {
                        "id": "我的UUID", // 填写你的 UUID
                        "level": 0,
                        "email": "love@example.com"
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "none",
                "tcpSettings": {
                    "acceptProxyProtocol": true,
                    "header": {
                        "type": "http",
                        "request": {
                            "path": [
                                "/vmesstcp" // 必须换成自定义的 PATH,需要和分流的一致
                            ]
                        }
                    }
                }
            }
        },
        {
            "port": 3456,
            "listen": "127.0.0.1",
            "protocol": "vmess",
            "settings": {
                "clients": [
                    {
                        "id": "我的UUID", // 填写你的 UUID
                        "level": 0,
                        "email": "love@example.com"
                    }
                ]
            },
            "streamSettings": {
                "network": "ws",
                "security": "none",
                "wsSettings": {
                    "acceptProxyProtocol": true, // 提醒:若你用 Nginx/Caddy 等反代 WS,需要删掉这行
                    "path": "/vmessws" // 必须换成自定义的 PATH,需要和分流的一致
                }
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom"
        }
    ]
}

nginx.conf配置如下,8888端口是docker搭建的nextcloud网盘

server {
  listen 80;
  server_name domain.com;
  return 301 https://$host$request_uri;
}

server {
    server_name domain.com www.domain.com;
    listen 8001;
    client_max_body_size 10G;
    location / {
        proxy_redirect off;
        proxy_pass http://127.0.0.1:8888;
        proxy_set_header Host $http_host;
    }
    location = /.htaccess {
        return 404;
    }
    location = /.well-known/carddav {
             return 301 https://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
             return 301 https://$host/remote.php/dav;
    }
}

客户端按照vless_tcp_xtls.json这个配置。能正常上网,服务器上的网盘所有功能也正常使用,服务端部分日志如下

Xray 1.4.5 (Xray, Penetrates Everything.) Custom (go1.17.1 linux/amd64)
A unified platform for anti-censorship.
2021/11/10 20:12:33 [Info] infra/conf/serial: Reading config: config-sample.json
2021/11/10 20:12:33 [Warning] transport/internet/tcp: accepting PROXY protocol
2021/11/10 20:12:33 [Warning] transport/internet/websocket: accepting PROXY protocol
2021/11/10 20:12:33 [Warning] transport/internet/tcp: accepting PROXY protocol
2021/11/10 20:12:33 [Warning] transport/internet/websocket: accepting PROXY protocol
2021/11/10 20:12:33 [Warning] core: Xray 1.4.5 started
2021/11/10 20:13:01 IP地址:58217 accepted tcp:github.com:443 email: love@example.com
2021/11/10 20:13:02 IP地址:58241 accepted tcp:avatars.githubusercontent.com:443 email: love@example.com
2021/11/10 20:13:08 IP地址:58347 rejected  proxy/trojan: not trojan protocol
2021/11/10 20:13:17 IP地址:58516 rejected  proxy/trojan: not trojan protocol
2021/11/10 20:13:18 IP地址:60864 rejected  proxy/trojan: not trojan protocol
2021/11/10 20:13:18 IP地址:56871 rejected  proxy/trojan: not trojan protocol
2021/11/10 20:14:18 IP地址:59664 rejected  proxy/trojan: not trojan protocol
2021/11/10 20:15:21 IP地址:60837 rejected  proxy/trojan: not trojan protocol
2021/11/10 20:16:23 IP地址:61857 rejected  proxy/trojan: not trojan protocol
2021/11/10 20:17:12 IP地址:61868 accepted tcp:github.com:443 email: love@example.com
2021/11/10 20:17:13 IP地址:61870 accepted tcp:github.githubassets.com:443 email: love@example.com
2021/11/10 20:17:13 IP地址:61872 accepted tcp:avatars.githubusercontent.com:443 email: love@example.com
2021/11/10 20:17:15 IP地址:61876 accepted tcp:api.github.com:443 email: love@example.com
2021/11/10 20:17:25 IP地址:61880 rejected  proxy/trojan: not trojan protocol
2021/11/10 20:18:11 IP地址:65409 accepted tcp:raw.githubusercontent.com:443 email: love@example.com
2021/11/10 20:18:27 IP地址:65411 rejected  proxy/trojan: not trojan protocol
2021/11/10 20:19:29 IP地址:65419 rejected  proxy/trojan: not trojan protocol
2021/11/10 20:20:28 IP地址:65431 rejected  proxy/trojan: not trojan protocol
2021/11/10 20:20:31 IP地址:65433 rejected  proxy/trojan: not trojan protocol
2021/11/10 20:21:25 IP地址:64519 accepted tcp:www.google.com:443 email: love@example.com
2021/11/10 20:21:27 IP地址:64522 accepted tcp:apis.google.com:443 email: love@example.com
2021/11/10 20:21:28 IP地址:64524 accepted tcp:adservice.google.com:443 email: love@example.com
2021/11/10 20:21:33 IP地址:53517 rejected  proxy/trojan: not trojan protocol
@jinlin-teck
Copy link

正常,因为你trojan回落了web,当你访问网站的时候trojan就会判断它不是trojan协议而是普通的web访问。

@Tun2Sucks
Copy link

正常谁没事如此频繁的访问自己的伪装网站呢

@venorz
Copy link
Author

venorz commented Dec 2, 2021

@akw5454521 @jinlin-teck 伪装网站是网盘,存有东西的。刚开始我也怀疑是访问伪装网站产生的,但是后来我退出所有的网盘客户端,也不访问网站 ,我发现仍然有这个rejected 输出,倒是不影响使用,就是有点强迫症犯了 想弄清楚为什么

@jinlin-teck
Copy link

nextcloud会在后台运行的时候也会跟对外产生数据的,里面的各种APP都是联网活动的。
要想排除,除非你是静态网站。

@uamrws
Copy link

uamrws commented Jan 26, 2022

我同样的配置,也是这个日志,但是正常的nginx服务我都访问不了,提示无法访问网站

@uamrws
Copy link

uamrws commented Jan 26, 2022

我同样的配置,也是这个日志,但是正常的nginx服务我都访问不了,提示无法访问网站

{
    "log": {
        "loglevel": "warning"
    },
    // 3*分流设置
    "routing": {
        "domainStrategy": "AsIs",
        "rules": [
            // 3.1 防止服务器本地流转问题:如内网被攻击或滥用、错误的本地回环等
            {
                "type": "field",
                "ip": [
                    "geoip:private" // 分流条件:geoip 文件内,名为"private"的规则(本地)
                ],
                "outboundTag": "black" // 分流策略:交给出站"black"处理(黑洞屏蔽)
            },
            // 3.2 屏蔽广告
            {
                "type": "field",
                "domain": [
                    "geosite:category-ads-all" // 分流条件:geosite 文件内,名为"category-ads-all"的规则(各种广告域名)
                ],
                "outboundTag": "black" // 分流策略:交给出站"black"处理(黑洞屏蔽)
            }
        ]
    },
    "inbounds": [
        {
            "port": 443,
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "*********",
                        "flow": "xtls-rprx-direct"
                    }
                ],
                "decryption": "none",
                "fallbacks": [
                    {
                        "path": "/ws",
                        "dest": 1314,
                        "xver": 1
                    },
                    {
                        "dest": 1315,
                        "xver": 1
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "xtls",
                "xtlsSettings": {
                    "allowInsecure": false, // 正常使用应确保关闭
                    "minVersion": "1.2", // TLS 最低版本设置
                    "alpn": [
                        "h2",
                        "http/1.1"
                    ],
                    "certificates": [
                        {
                            "certificateFile": "***",
                            "keyFile": "****"
                        }
                    ]
                }
            }
        },
        {
            "port": 1314,
            "listen": "127.0.0.1",
            "protocol": "vless",
            "settings": {
                "clients": [
                    {
                        "id": "***********",
                        "level": 0,
                        "email": "********"
                    }
                ],
                "decryption": "none"
            },
            "streamSettings": {
                "network": "ws",
                "security": "none",
                "wsSettings": {
                    "acceptdirectProtocol": true,
                    "path": "/ws"
                }
            }
        },
        {
            "port": 1315,
            "listen": "127.0.0.1",
            "protocol": "trojan",
            "settings": {
                "clients": [
                    {
                        "password": "mima",
                        "level": 0,
                        "email": "******"
                    }
                ],
                "fallbacks": [
                    {
                        "dest": "nginx:5001",
                        "xver": 1
                    },
                    {
                        "alpn": "h2",
                        "dest": "nginx:5002",
                        "xver": 1
                    }
                ]
            },
            "streamSettings": {
                "network": "tcp",
                "security": "none",
                "tcpSettings": {
                    "acceptProxyProtocol": true
                }
            }
        }
    ],
    // 5*出站设置
    "outbounds": [
        {
            "tag": "direct",
            "protocol": "freedom"
        },
        {
            "tag": "black",
            "protocol": "blackhole"
        }
    ]
}

@uamrws
Copy link

uamrws commented Jan 26, 2022

我直接将fallback配在vless协议下是可以正常访问的

@uamrws
Copy link

uamrws commented Jan 26, 2022

貌似是trojan fallbacks不支持alpn=h2

@uamrws
Copy link

uamrws commented Jan 26, 2022

应该与这个issure XTLS/Xray-core#793 有关

@blog2020
Copy link

@uamrws 这个问题你解决了吗?我也发现了这个问题,貌似是bug

@chika0801
Copy link
Contributor

参考我的看看
https://github.com/chika0801/Xray-examples/tree/main/VLESS-TCP-TLS%2BVMess-Websocket-TLS%2BTrojan-TCP-TLS

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@venorz @Fangliding @uamrws @blog2020 @Tun2Sucks @jinlin-teck @chika0801