Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

添加 interface 指定出口网卡名称 #1494

Merged
merged 7 commits into from
Jan 9, 2023
Merged

添加 interface 指定出口网卡名称 #1494

merged 7 commits into from
Jan 9, 2023
+43 −23

Conversation

aeeq
Copy link
Contributor

@aeeq aeeq commented Jan 7, 2023

"outbounds": [
{
// Protocol name of the outbound proxy.
"protocol": "freedom",

// "sendThrough": "172.16.0.2",

// Settings of the protocol. Varies based on protocol.
"settings": {"domainStrategy": "AsIs"},

  "streamSettings": {
    "sockopt": {
      "tcpFastOpen": true,
      "interface": "wg0"
    }
  },
    "mux": { "enabled": false,
              "concurrency": 8
    },
// Tag of the outbound. May be used for routing.

"tag": "direct"
}]

yuhan6665
yuhan6665 reviewed Jan 9, 2023
View reviewed changes
transport/internet/config.pb.go Outdated
@@ -425,6 +425,7 @@ type SocketConfig struct {
TcpKeepAliveInterval int32 `protobuf:"varint,10,opt,name=tcp_keep_alive_interval,json=tcpKeepAliveInterval,proto3" json:"tcp_keep_alive_interval,omitempty"`
TcpKeepAliveIdle int32 `protobuf:"varint,11,opt,name=tcp_keep_alive_idle,json=tcpKeepAliveIdle,proto3" json:"tcp_keep_alive_idle,omitempty"`
TcpCongestion string `protobuf:"bytes,12,opt,name=tcp_congestion,json=tcpCongestion,proto3" json:"tcp_congestion,omitempty"`
Interface string `protobuf:"bytes,12,opt,name=interface,json=interface,proto3" json:"interface,omitempty"`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your work! Can you try update transport/internet/config.proto and then generate this file from protoc?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes I'll try.

@yuhan6665 yuhan6665 merged commit b60e608 into XTLS:main Jan 9, 2023
@yuhan6665
Copy link
Member

再次感谢!

@BI7PRK
Copy link

BI7PRK commented Jan 9, 2023

这个配置参数与已有的 send_through (发送IP地址) 有什么样的不同意义呢?

@RPRX
Copy link
Member

RPRX commented Jan 9, 2023

@yuhan6665 麻烦把 commit message 改成英文)

yuhan6665 pushed a commit to yuhan6665/Xray-core that referenced this pull request Jan 9, 2023
@aeeq @yuhan6665
Add sockopt interface setting for binding outbound to a particular de…
620eb63 
…vice like "eth0" (XTLS#1494)

* Update sockopt_linux.go

add Interface Name

* Update config.pb.go

add Interface Name

* Update transport_internet.go

add Interface Name

* Update config.pb.go

* update config.proto add interface

* Update config.pb.go
@yuhan6665
Copy link
Member

那我只好强推了。。
@BI7PRK 这个方法可以 bind linux 设备名 比如 eth0 不需要知道 IP

@rosebe rosebe mentioned this pull request Jan 10, 2023
Merged
rosebe added a commit to rosebe/Xray-core that referenced this pull request Jan 10, 2023
@rosebe
Merge pull request #36 from XTLS/main
6098402 
Add new uTLS fingerprints  && Refine the logic of security type AUTO  && Make sure that 0 <= b.start <= b.end && Add sockopt interface setting for binding outbound to a particular device like "eth0" (XTLS#1494)
@LearnForDreamK
Copy link

@aeeq @yuhan6665 似乎无法识别虚拟网卡,我用eht1:1、eth1:2这种命名的虚拟网卡会提示无法识别设备,但使用sendThrough这个参数指定虚拟网卡的ip是有用的

@aeeq
Copy link
Contributor Author

aeeq commented Jan 31, 2023

我是参考gost的代码改的,这个涉及系统底层api,估计很难改动了。我试了 curl --interface 也是不认虚拟网卡,应该是同样的道理。

@lelemka0 lelemka0 mentioned this pull request Feb 3, 2023
Closed
@heygo1345678
Copy link

"outbounds": [ { // Protocol name of the outbound proxy. "protocol": "freedom",

// "sendThrough": "172.16.0.2",

// Settings of the protocol. Varies based on protocol.
"settings": {"domainStrategy": "AsIs"},

  "streamSettings": {
    "sockopt": {
      "tcpFastOpen": true,
      "interface": "wg0"
    }
  },
    "mux": { "enabled": false,
              "concurrency": 8
    },
// Tag of the outbound. May be used for routing.

"tag": "direct" }]

这个出站流量重定向功能我有参考官方教程https://xtls.github.io/document/level-2/redirect.html#_3%E3%80%81%E5%90%AF%E7%94%A8-wireguard-%E7%BD%91%E7%BB%9C%E6%8E%A5%E5%8F%A3
实验,有dns污染的问题,就是使用sendThrough,fwmark,包括1.7.3版本新出的 interface都一样,inbound一个socks给tg使用没问题,毕竟tg不需要域名访问,还有通过这个socks透过浏览器socks插件访问VPN服务器所在的内网也没有问题,
访问国内网站也没有问题, 一些IP查询网站能够查到走了VPN服务器,就是被墙网站全部不行的,我是使用ssh方式搭建的tun隧道,vps有做好这个tun网卡的nat转换:iptables -t nat -I POSTROUTING -s 192.168.244.0/24 -o eth0 -j MASQUERADE:
ssh客户端和服务器搭建了一个点对点tun隧道
ssh -f -o ServerAliveInterval=20 -o ServerAliveCountMax=919 -o StrictHostKeyChecking=yes -o UserKnownHostsFile=/root/.ssh/known_hosts -o PermitLocalCommand=yes -o LocalCommand="ifconfig tun6 192.168.244.2 pointopoint 192.168.244.1 netmask 255.255.255.0" -w 6:6 -i /root/.ssh/id_rsa -p 22 [email protected] 'ifconfig tun6 192.168.244.1 pointopoint 192.168.244.2 netmask 255.255.255.0'

xray三种的配置分别如下:
sendThrough方式:
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 10800,
// "listen": "127.0.0.1",
"protocol": "socks",
"settings": {
"udp": true
}
}
],
"outbounds": [
{
"sendThrough": "192.168.244.1",
"protocol": "freedom",
"settings": {}
}
]
}

ip -4 rule add from "192.168.244.1" lookup 2222
ip -4 route add default dev tun6 table 2222
ip -4 rule add table main suppress_prefixlength 0

fwmark方式:
{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 10800,
// "listen": "127.0.0.1",
"protocol": "socks",
"settings": {
"udp": false
}
}
],
"outbounds": [
{
"protocol": "freedom",
"streamSettings": {
"sockopt": {
"mark": 51820
}
}
}
]
}

ip -4 rule add fwmark 51820 lookup 51820
ip -4 route add default dev tun6 table 51820
ip -4 rule add table main suppress_prefixlength 0

interface方式:

{
"log": {
"loglevel": "warning"
},
"inbounds": [
{
"port": 10800,
// "listen": "127.0.0.1",
"protocol": "socks",
"settings": {
"udp": true
}
}
],
"outbounds": [
{

	   "protocol": "freedom",

// "sendThrough": "172.16.0.2",

// Settings of the protocol. Varies based on protocol.
"settings": {"domainStrategy": "AsIs"},

"streamSettings": {
"sockopt": {
"tcpFastOpen": true,
"interface": "tun6"
}
},
"mux": { "enabled": false,
"concurrency": 8
}
}
]
}

@heygo1345678
Copy link

"outbounds": [ { // Protocol name of the outbound proxy. "protocol": "freedom",
// "sendThrough": "172.16.0.2",

// Settings of the protocol. Varies based on protocol.
"settings": {"domainStrategy": "AsIs"},

  "streamSettings": {
    "sockopt": {
      "tcpFastOpen": true,
      "interface": "wg0"
    }
  },
    "mux": { "enabled": false,
              "concurrency": 8
    },
// Tag of the outbound. May be used for routing.

"tag": "direct" }]

这个出站流量重定向功能我有参考官方教程https://xtls.github.io/document/level-2/redirect.html#_3%E3%80%81%E5%90%AF%E7%94%A8-wireguard-%E7%BD%91%E7%BB%9C%E6%8E%A5%E5%8F%A3 实验,有dns污染的问题,就是使用sendThrough,fwmark,包括1.7.3版本新出的 interface都一样,inbound一个socks给tg使用没问题,毕竟tg不需要域名访问,还有通过这个socks透过浏览器socks插件访问VPN服务器所在的内网也没有问题, 访问国内网站也没有问题, 一些IP查询网站能够查到走了VPN服务器,就是被墙网站全部不行的,我是使用ssh方式搭建的tun隧道,vps有做好这个tun网卡的nat转换:iptables -t nat -I POSTROUTING -s 192.168.244.0/24 -o eth0 -j MASQUERADE: ssh客户端和服务器搭建了一个点对点tun隧道 ssh -f -o ServerAliveInterval=20 -o ServerAliveCountMax=919 -o StrictHostKeyChecking=yes -o UserKnownHostsFile=/root/.ssh/known_hosts -o PermitLocalCommand=yes -o LocalCommand="ifconfig tun6 192.168.244.2 pointopoint 192.168.244.1 netmask 255.255.255.0" -w 6:6 -i /root/.ssh/id_rsa -p 22 [email protected] 'ifconfig tun6 192.168.244.1 pointopoint 192.168.244.2 netmask 255.255.255.0'

xray三种的配置分别如下: sendThrough方式: { "log": { "loglevel": "warning" }, "inbounds": [ { "port": 10800, // "listen": "127.0.0.1", "protocol": "socks", "settings": { "udp": true } } ], "outbounds": [ { "sendThrough": "192.168.244.1", "protocol": "freedom", "settings": {} } ] }

ip -4 rule add from "192.168.244.1" lookup 2222 ip -4 route add default dev tun6 table 2222 ip -4 rule add table main suppress_prefixlength 0

fwmark方式: { "log": { "loglevel": "warning" }, "inbounds": [ { "port": 10800, // "listen": "127.0.0.1", "protocol": "socks", "settings": { "udp": false } } ], "outbounds": [ { "protocol": "freedom", "streamSettings": { "sockopt": { "mark": 51820 } } } ] }

ip -4 rule add fwmark 51820 lookup 51820 ip -4 route add default dev tun6 table 51820 ip -4 rule add table main suppress_prefixlength 0

interface方式:

{ "log": { "loglevel": "warning" }, "inbounds": [ { "port": 10800, // "listen": "127.0.0.1", "protocol": "socks", "settings": { "udp": true } } ], "outbounds": [ {

	   "protocol": "freedom",

// "sendThrough": "172.16.0.2",

// Settings of the protocol. Varies based on protocol. "settings": {"domainStrategy": "AsIs"},

"streamSettings": { "sockopt": { "tcpFastOpen": true, "interface": "tun6" } }, "mux": { "enabled": false, "concurrency": 8 } } ] }

我是个小白不懂,不过dns部分找v2ray白话文:https://guide.v2fly.org/basics/dns.html 解决了,实现上面的 socks2tun 功能 v2ray配置还需要使用 内置dns ,而且应注意freedom的 outbound 应配置了"domainStrategy"为"UseIP" | "UseIPv4" | "UseIPv6"几种的时候才会使用内置 DNS

@yuhan6665 yuhan6665 mentioned this pull request Jun 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuhan6665 yuhan6665 yuhan6665 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@aeeq @yuhan6665 @BI7PRK @RPRX @LearnForDreamK @heygo1345678