xray 可以接收到來源ip, 但找不到方法可以在出站時傳遞出去 #1330
Description
客戶端配置:
{
"log": {
"loglevel": "debug"
},
"inbounds": [{
"port": "1080",
"protocol": "socks",
"settings": {
"auth": "noauth",
"udp": true
}
},
{
"tag": "httpEntrance_proxy",
"port": "1088",
"protocol": "http",
"settings": {}
}
],
"outbounds": [
{
"tag": "myProxy",
"protocol": "vless",
"settings": {
"vnext": [{
"address": "xxx.xxx.xxx",
"port": 443,
"users": [{
"id": "xxxxxxxxxxxxx",
"encryption": "none",
"level": 0
}]
}]
},
"streamSettings": {
"network": "ws",
"security": "tls",
"wsSettings": {
"path": "/xx-ray"
},
"tlsSettings": {
"serverName": "xxx.xxx.xxx"
},
"sockopt": {
"domainStrategy": "UseIP"
}
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
}
},
{
"tag": "direct",
"protocol": "freedom",
"settings": {}
},
{
"tag": "blocked",
"protocol": "blackhole",
"settings": {}
}
],
"dns": {
"servers": [{
"address": "https+local://xxx.xxx.xxx.xxx/dns-query",
"domains": [
"xxx.xxx.xxx"
]
},
"1.1.1.1",
"8.8.8.8"
]
},
"routing": {
"rules": [{
"type": "field",
"domain": ["geosite:category-ads-all"],
"outboundTag": "blocked"
},
{
"type": "field",
"inboundTag": ["httpEntrance_direct"],
"outboundTag": "direct"
},
{
"type": "field",
"domain": [
"geosite:cn",
"mozilla.com",
"mozilla.net",
"google.com"
],
"outboundTag": "direct"
}
],
"domainStrategy": "IPOnDemand"
}
}
服務端配置:
{
"log": {
"loglevel": "debug",
"access": "",
"error": ""
},
"inbounds": [
{
"tag": "xx-inbound",
"listen": "0.0.0.0",
"port": 5885,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "xxxxxxxxxxxxx"
}
],
"decryption": "none",
"fallbacks":[
{
"dest": 8080
},
{
"path": "/xx-ray",
"dest": 5886,
"xver": 1
}
]
},
"streamSettings": {
"network": "tcp",
"security": "none",
"tlsSettings": {
"minVersion": "1.3",
"alpn": [
"http/1.1"
],
"certificates": [
{
"certificateFile": "/etc/xray/creds/tls.crt",
"keyFile": "/etc/xray/creds/tls.key"
}
]
}
}
},
{
"tag": "xx-ws-inbound",
"port": 5886,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "19eb2f48-0bf9-4426-8495-5b379e98a698",
"level": 0,
"email": "[email protected]"
}
],
"decryption": "none",
"fallbacks":[
{
"dest": "8080"
}
]
},
"streamSettings": {
"network": "ws",
"security": "none",
"wsSettings": {
"acceptProxyProtocol": true,
"path": "/xx-ray"
}
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom",
"settings": {
}
},
{
"tag": "blocked",
"protocol": "blackhole",
"settings": {}
}
],
"routing":{
"domainStrategy":"IPOnDemand",
"rules":[{
"type": "field",
"inboundTag": ["xx-inbound","xx-ws-inbound"],
"outboundTag": "direct"
}]
}
}
以下說明
整個流程是在本機端把客戶端xray架起來運作後
監聽到流量並用vless協議包起來後
透過自建的dns服務解析到域名ip
之後打到對應的xray服務端(走的是ws的傳輸模式)
初步入站驗證過後
走freedom出站直連
以上流程對應的配置中,敏感資訊已用xxx屏蔽掉
結果上來說路線整個是通的
可以順暢科學上網
但有個需求目前無法完成
我希望能把客戶端的來源ip
一路傳到最後呼叫的目的地
但目前觀察到的現象是
xray inbound可以接收到來源ip(透過觀察log得知)
但目前所有的outbound 協議都找不到對應的設定來讓source ip 可以繼續往下傳
目前我有看到唯一可以讓ip往下傳的只有fallback回落到nginx 時
有設定xver : 1 ,也就是有設定proxy protocol時可以做到
但正常出站的流量我目前找不到方法或者開關
而在這樣的情境下
最終目標處收到的ip
都是xray 服務端這個節點的ip(以我的服務端來說是架在雲上,所以被接收到的便是雲服務對外的NAT IP)
以上說明
再煩請大神們解惑