Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

服务端outbounds存在两个wireguard出站时,只有先使用的wireguard出站能够正常连接 #2817

Open
Aniark opened this issue Dec 15, 2023 · 4 comments
Open

服务端outbounds存在两个wireguard出站时,只有先使用的wireguard出站能够正常连接 #2817

Aniark opened this issue Dec 15, 2023 · 4 comments

Comments

@Aniark
Copy link

Aniark commented Dec 15, 2023

版本 1.8.6

服务端配置中有两个wireguard出站(以下简称wg),路由配置为访问eu网站时,使用tag为eu的wg出站,访问us网站时,使用tag为us的wg出站

两个wg出站都是可用的,但是如果客户端先访问了eu网站,会导致us网站无法访问,重启服务端后,如果先访问us网站,就会反过来导致eu网站无法访问

题外话:我知道tls套tls现在不安全,但是我的使用场景特殊

{
  "inbounds": [
    {
      "port": 443,
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "null"
          }
        ],
        "decryption": "none"
      },
      "streamSettings": {
        "network": "tcp",
        "security": "tls",
        "tlsSettings": {
          "certificates": [
            {
              "certificateFile": "null",
              "keyFile": "null"
            }
          ]
        }
      }
    }
  ],
  "routing": {
    "rules": [
      {
        "type": "field",
        "domain": [
          "domain:site.eu"
        ],
        "outboundTag": "eu"
      },
      {
        "type": "field",
        "domain": [
          "domain:site.us"
        ],
        "outboundTag": "us"
      }
    ]
  },
  "outbounds": [
    {
      "protocol": "freedom"
    },
    {
      "protocol": "wireguard",
      "tag": "eu",
      "settings": {
        "secretKey": "null",
        "peers": [
          {
            "publicKey": "null",
            "endpoint": "null"
          }
        ]
      }
    },
    {
      "protocol": "wireguard",
      "tag": "us",
      "settings": {
        "secretKey": "null",
        "peers": [
          {
            "publicKey": "null",
            "endpoint": "null"
          }
        ]
      }
    }
  ]
}
@hkbase
Copy link

hkbase commented Dec 15, 2023

在两个wg出站里配置里都加上"kernelMode": false 再试试看

@Aniark
Copy link
Author

Aniark commented Dec 15, 2023

在两个wg出站里配置里都加上"kernelMode": false 再试试看

已测试,不行

@yomnxkcs
Copy link

不太懂golang,我猜测是wireguard需要创建虚拟网卡,但xray只能创建一张。

Xray-core/proxy/wireguard/gvisortun/tun.go

Line 54 in 38b175d

tcpipErr := dev.stack.CreateNIC(1, dev.ep)

在en切换到us时,服务器有这么一行日志吗?

CreateNIC: duplicate nic id

试下把服务器的配置文件拆分成两个,比如一个vless(443)->wireguard(en),另一个vless(444)->wireguard(us),然后开两个xray-core看能不能通过不同端口访问en和us?

@Aniark
Copy link
Author

Aniark commented Dec 16, 2023

@yomnxkcs
回答问题1:没有此日志
回答问题2:已测试,不能

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hkbase @Aniark @yomnxkcs