[猜测] 无法嗅探出quic连接的sni #448

wloot · 2021-03-27T17:20:56Z

一个多ip服务器, 其中一个ip被google识别成了大陆, 无法使用youtube premium, 于是服务器xray设置了分流youtube域名, 并开启嗅探http, tls.

安卓手机使用clash for android, 一切正常(通过打开youtube app, 然后测试youtube premium)
使用v2rayng(xray内核1.4.0), youtube premium无法使用.

查看服务器连接日志发现:
accepted udp:173.194.5.172:443
似乎是未能嗅探出quic连接的sni

The text was updated successfully, but these errors were encountered:

wloot · 2021-03-27T17:32:10Z

简单测试了下, 在服务端禁用443端口的udp后恢复正常.

可不可以考虑vmess/vless等tcp协议在inbound默认禁用quic? 毕竟quic over tcp相当于两套流控了.

ghost · 2021-03-28T03:39:50Z

sniffing 不支持 QUIC。(duplicate with dokodemo-door doesn't sniff UDP (QUIC) Connection #328)
嗅探结果不会体现在 access log 上。
可以使用路由禁用 quic。

wloot changed the title ~~[猜测] 无法嗅探出quic连接的域名~~ [猜测] 无法嗅探出quic连接的sni Mar 27, 2021

ghost closed this as completed Mar 28, 2021

ghost added duplicate This issue or pull request already exists enhancement New feature or request labels Mar 28, 2021

heygo1345678 mentioned this issue Mar 17, 2023

tproxy 代理的QUIC网站走了 direct #1804

Closed

This issue was closed.

Provide feedback