njj's blog

proxy, Xray

Xray xhttp+reality上下行分离

njj发表评论 在 Xray xhttp+reality上下行分离

xhttp的上传和下载新版本开始可以拆分连接,也能拆分服务器ip,甚至可以拆分源ip,一个ipv4一个ipv6,一个电信一个联通,我先来讲一下我能想到的一些能玩的点。

首先做上下行分离是可以在不影响曾经的vless节点下,使用曾经的入口,增加一个xhttp,配置大概是这样的,@xhttp这个监听法只能用在unix系统上,windows要改成ip和端口,这个时候已经可以将上下行拆分成两套连接,而且tcp-reality还可以继续使用,要用xhttp-reality只需要传输层和uuid换一下,要拆分多ip也很简单,比如增加两个前置服务器B、C,配置一模一样。

A
{
	"inbounds": [
		{
			"listen": "@xhttp",
			"port": 0,
			"protocol": "vless",
			"settings": {
				"decryption": "none",
				"clients": [
					{
						"id": "1111"
					}
				]
			},
			"streamSettings": {
				"network": "xhttp",
				"xhttpSettings": {
					"path": "/1111"
				}
			}
		},
		{
			"listen": null,
			"port": 443,
			"protocol": "vless",
			"settings": {
				"clients": [
					{
						"id": "2222",
						"flow": "xtls-rprx-vision"
					}
				],
				"decryption": "none",
				"fallbacks": [
					{
						"dest": "@xhttp"
					}
				]
			},
			"streamSettings": {
				"network": "tcp",
				"security": "reality",
				"realitySettings": {
					"show": false,
					"dest": "1.1.1.1:443",
					"xver": 0,
					"serverNames": [
						""
					],
					"privateKey": "xxxx",
					"maxTimeDiff": 0,
					"shortIds": [
						""
					]
				}
			}
		}
	]
}

B、C
{
	"inbounds": [
		{
			"port": 443,
			"protocol": "Dokodemo-Door",
			"settings": {
				"address": "",//A服务器ip
				"port": 443,
				"network": "tcp,udp",
				"timeout": 120
			}
		}
	]
}

BC服务器可以不使用xray,只使用简单的端口转发即可,只不过我在windows上测试,还是xray方便。

客户端配置也很简单

客户端
{
	"inbounds": [
		{
			"port": 10808,
			"listen": "127.0.0.1",
			"protocol": "socks"
		}
	],
	"outbounds": [
		{
			"protocol": "vless",
			"tag": "proxy",
			"settings": {
				"vnext": [
					{
						"address": "B服务器ip",
						"port": 443,
						"users": [
							{
								"id": "1111",
								"encryption": "none"
							}
						]
					}
				]
			},
			"streamSettings": {
				"network": "xhttp",
				"xhttpSettings": {
					"path": "/111",
					"downloadSettings": {
						"address": "C服务器ip",
						"port": 443,
						"network": "xhttp",
						"xhttpSettings": {
							"path": "/111"
						},
						"security": "reality",
						"realitySettings": {
							"fingerprint": "chrome",
							"serverName": "1.1.1.1",
							"publicKey": "xxxx",
							"shortId": ""
						}
					}
				},
				"security": "reality",
				"realitySettings": {
					"fingerprint": "chrome",
					"serverName": "1.1.1.1",
					"publicKey": "xxxx",
					"shortId": ""
				}
			}
		}
	]
}

这个示例没有使用任何域名,所以不会发送sni。

源ip想分离稍有困难,尤其是动态ip,当然我指得是本机获取的ip是动态的,比较简单的就是一个Ipv4,一个ipv6,现在家宽和移动网络基本都有ipv6,还有就依然是靠Dokodemo-Door,比如家里一台电脑充当服务器,用Dokodemo-Door转发到B或C中一台服务器,然后在家宽网络外访问自己的电脑建立上行,下行直连墙外服务器,至于怎么连到家里电脑多种多样,比如用tailscale这种p2p vpn,还有做ddns然后端口转发等等。

还可以利用机场,大多数机场都是中转节点,过墙不一定会使用xhttp,可以让上行或下行走机场,另一条直连,这就可以让源ip分离,并且如果真能识别,这就是两个不同的协议,而且其中一条混在众多人中,城市相隔也大概率会很远,大致的配置如下。

机场部分用mihomo,切换节点方便,xray的配置看起来太麻烦了,不要问为什么是127.1.1.1,问就是我喜欢,防冲突的,过机场的时候要注意一个问题,机场一般会嗅探域名重新解析,所以不能偷其他人的域名,要么就和我一样写1.1.1.1这样就没有域名,要么就用自己的域名真实的解析到服务器上

mihomo
mixed-port: 7890
mode: rule
log-level: silent
global-client-fingerprint: chrome
sniffer:
  enable: false
tunnels:
  - tcp/udp,127.1.1.1:1443,自己的服务ip:端口,上行 #需要修改
  - tcp/udp,127.1.1.1:2443,自己的服务ip:端口,下行 #需要修改
geox-url:
  geoip: "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip-lite.dat"
  geosite: "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geosite.dat"
  mmdb: "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/country-lite.mmdb"
  asn: "https://mirror.ghproxy.com/https://github.com/xishang0128/geoip/releases/download/latest/GeoLite2-ASN.mmdb"
dns:
  enable: true
  ipv6: true
  use-hosts: true
  enhanced-mode: redir-host
  nameserver:
    - https://223.5.5.5/dns-query
  nameserver-policy:
    "geosite:cn,private":
      - https://223.5.5.5/dns-query
    "geosite:geolocation-!cn,google@cn":
      - https://1.1.1.1/dns-query
proxy-providers:
  jc:
    url: "机场的订阅链接" #需要修改
    type: http
    interval: 86400
    proxy: DIRECT
    health-check: {enable: true,url: "https://www.gstatic.com/generate_204",interval: 300}
    override:
      additional-prefix: "[机场]"
      udp: true
      udp-over-tcp: true
proxies:
  - {name: xray10808, server: 127.0.0.1, port: 10808, type: socks5, skip-cert-verify: false, udp: true}
proxy-groups:
  - name: 上行
    type: select
    proxies: [DIRECT]
    include-all: true
  - name: 下行
    type: select
    proxies: [DIRECT]
    include-all: true
rules:
  - GEOSITE,CN,DIRECT
  - GEOIP,CN,DIRECT
  - MATCH,xray10808

xray
{
	"inbounds": [
		{
			"port": 10808,
			"listen": "127.0.0.1",
			"protocol": "socks"
		}
	],
	"outbounds": [
		{
			"protocol": "vless",
			"tag": "proxy",
			"settings": {
				"vnext": [
					{
						"address": "127.1.1.1",
						"port": 1443,
						"users": [
							{
								"id": "1111",
								"encryption": "none"
							}
						]
					}
				]
			},
			"streamSettings": {
				"network": "xhttp",
				"xhttpSettings": {
					"path": "/111",
					"downloadSettings": {
						"address": "127.1.1.1",
						"port": 2443,
						"network": "xhttp",
						"xhttpSettings": {
							"path": "/111"
						},
						"security": "reality",
						"realitySettings": {
							"fingerprint": "chrome",
							"serverName": "1.1.1.1",
							"publicKey": "xxxx",
							"shortId": ""
						}
					}
				},
				"security": "reality",
				"realitySettings": {
					"fingerprint": "chrome",
					"serverName": "1.1.1.1",
					"publicKey": "xxxx",
					"shortId": ""
				}
			}
		}
	]
}
网站 https://blog.njj0121.com
文章已创建 33

发表评论

相关文章

开始在上面输入您的搜索词,然后按回车进行搜索。按ESC取消。

返回顶部

了解 njj's blog 的更多信息

立即订阅以继续阅读并访问完整档案。

继续阅读

了解 njj's blog 的更多信息

立即订阅以继续阅读并访问完整档案。

继续阅读