Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

服务端outbounds存在两个wireguard出站时,只有先使用的wireguard出站能够正常连接 #2817

Open
Aniark opened this issue Dec 15, 2023 · 6 comments
Open

服务端outbounds存在两个wireguard出站时,只有先使用的wireguard出站能够正常连接 #2817

Aniark opened this issue Dec 15, 2023 · 6 comments

Comments

@Aniark
Copy link

Aniark commented Dec 15, 2023

版本 1.8.6

服务端配置中有两个wireguard出站(以下简称wg),路由配置为访问eu网站时,使用tag为eu的wg出站,访问us网站时,使用tag为us的wg出站

两个wg出站都是可用的,但是如果客户端先访问了eu网站,会导致us网站无法访问,重启服务端后,如果先访问us网站,就会反过来导致eu网站无法访问

题外话:我知道tls套tls现在不安全,但是我的使用场景特殊

{
  "inbounds": [
    {
      "port": 443,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "null"
          }
        ],
        "decryption": "none"
      },
      "streamSettings": {
        "network": "tcp",
        "security": "tls",
        "tlsSettings": {
          "certificates": [
            {
              "certificateFile": "null",
              "keyFile": "null"
            }
          ]
        }
      }
    }
  ],
  "routing": {
    "rules": [
      {
        "type": "field",
        "domain": [
          "domain:site.eu"
        ],
        "outboundTag": "eu"
      },
      {
        "type": "field",
        "domain": [
          "domain:site.us"
        ],
        "outboundTag": "us"
      }
    ]
  },
  "outbounds": [
    {
      "protocol": "freedom"
    },
    {
      "protocol": "wireguard",
      "tag": "eu",
      "settings": {
        "secretKey": "null",
        "peers": [
          {
            "publicKey": "null",
            "endpoint": "null"
          }
        ]
      }
    },
    {
      "protocol": "wireguard",
      "tag": "us",
      "settings": {
        "secretKey": "null",
        "peers": [
          {
            "publicKey": "null",
            "endpoint": "null"
          }
        ]
      }
    }
  ]
}
@hkbase
Copy link

hkbase commented Dec 15, 2023

在两个wg出站里配置里都加上"kernelMode": false 再试试看

@Aniark
Copy link
Author

Aniark commented Dec 15, 2023

在两个wg出站里配置里都加上"kernelMode": false 再试试看

已测试,不行

@yomnxkcs
Copy link

不太懂golang,我猜测是wireguard需要创建虚拟网卡,但xray只能创建一张。

Xray-core/proxy/wireguard/gvisortun/tun.go

Line 54 in 38b175d

tcpipErr := dev.stack.CreateNIC(1, dev.ep)

在en切换到us时,服务器有这么一行日志吗?

CreateNIC: duplicate nic id

试下把服务器的配置文件拆分成两个,比如一个vless(443)->wireguard(en),另一个vless(444)->wireguard(us),然后开两个xray-core看能不能通过不同端口访问en和us?

@Aniark
Copy link
Author

Aniark commented Dec 16, 2023

@yomnxkcs
回答问题1:没有此日志
回答问题2:已测试,不能

@xqzr
Copy link
Contributor

xqzr commented Sep 30, 2024

客户端是否启用 Mux?

@Aniark
Copy link
Author

Aniark commented Oct 1, 2024

客户端是否启用 Mux?

没有启用

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@hkbase @Aniark @xqzr @yomnxkcs