Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

使用一段时间之后被TCP干扰 #2179

Closed
ttc0419 opened this issue Jun 5, 2023 · 7 comments
Closed

使用一段时间之后被TCP干扰 #2179

ttc0419 opened this issue Jun 5, 2023 · 7 comments

Comments

@ttc0419
Copy link

ttc0419 commented Jun 5, 2023
edited
Loading

配置如下:

{
	"log": {
		"loglevel": "debug",
		"dnsLog": true
	},
	"inbounds": [
		{
			"tag": "tp",
			"port": 5419,
			"protocol": "dokodemo-door",
			"settings": {
				"network": "tcp,udp",
				"followRedirect": true
			},
			"streamSettings": {
				"sockopt": {
					"tproxy": "tproxy"
				}
			}
		}
	],
	"routing": {
		"domainStrategy": "IPIfNonMatch",
		"rules": [
			{
				"type": "field",
				"inboundTag": [
					"tp"
				],
				"port": 53,
				"outboundTag": "dns-out"
			},
			{
				"type": "field",
				"ip": [
					"1.1.1.1",
					"geoip:hk"
				],
				"outboundTag": "hk"
			},
			{
				"type": "field",
				"ip": [
					"geoip:cn",
					"geoip:private"
				],
				"outboundTag": "direct"
			}
		]
	},
	"outbounds": [
		{
			"tag": "us",
			"protocol": "vless",
			"settings": {
				"vnext": [
					{
						"address": "2.2.2.2",
						"port": 8443,
						"users": [
							{
								"id": "password",
								"encryption": "none",
								"flow": "xtls-rprx-vision"
							}
						]
					}
				]
			},
			"streamSettings": {
				"network": "tcp",
				"security": "tls",
				"tlsSettings": {
					"fingerprint": "chrome",
					"serverName": "server.com"
				}
			}
		},
		{
			"tag": "hk",
			"protocol": "vless",
			"settings": {
				"vnext": [
					{
						"address": "hk-server.com",
						"port": 8443,
						"users": [
							{
								"id": "password",
								"encryption": "none",
								"flow": "xtls-rprx-vision"
							}
						]
					}
				]
			},
			"streamSettings": {
				"network": "tcp",
				"security": "tls",
				"sockopt": {
					"tcpFastOpen": true
				},
				"tlsSettings": {
					"fingerprint": "chrome"
				}
			}
		},
		{
			"tag": "direct",
			"protocol": "freedom"
		},
		{
			"tag": "dns-out",
			"protocol": "dns"
		}
	],
	"dns": {
		"disableCache": true,
		"queryStrategy": "UseIPv4",
		"servers": [
			"8.8.8.8",
			{
				"address": "1.1.1.1",
				"port": 53,
				"domains": [
					"domain:alipayhk.com",
					"domain:bochk.com",
					"domain:hk",
					"domain:hk.chinamobile.com",
					"geosite:nintendo",
					"geosite:playstation"
				]
			},
			{
				"address": "114.114.114.114",
				"port": 53,
				"domains": [
					"geosite:cn"
				],
				"expectIPs": [
					"geoip:cn"
				]
			}
		]
	}
}

网络拓扑结构:
拓扑

收到干扰以后在连接光猫的电脑上进行tcping,大部分超时;关掉透明代理之后,又恢复正常延迟。使用ping.pe多地服务器都出现端口8443(xray)和80(HTTP redirect)都出现类似以下日志表现

TCPinging 2.2.2.2 on port 8443
No reply from 2.2.2.2 on port 8443 TCP_conn=1
No response received for 1 second
Reply from 2.2.2.2 on port 8443 TCP_conn=1 time=278.555 ms
No reply from 2.2.2.2 on port 8443 TCP_conn=2
No reply from 2.2.2.2 on port 8443 TCP_conn=3
No response received for 2 seconds
Reply from 2.2.2.2 on port 8443 TCP_conn=2 time=256.858 ms
No reply from 2.2.2.2 on port 8443 TCP_conn=4
No reply from 2.2.2.2 on port 8443 TCP_conn=5
No reply from 2.2.2.2 on port 8443 TCP_conn=6
No reply from 2.2.2.2 on port 8443 TCP_conn=7
No reply from 2.2.2.2 on port 8443 TCP_conn=8
No reply from 2.2.2.2 on port 8443 TCP_conn=9
No reply from 2.2.2.2 on port 8443 TCP_conn=10
No response received for 7 seconds
Reply from 2.2.2.2 on port 8443 TCP_conn=3 time=174.386 ms
Reply from 2.2.2.2 on port 8443 TCP_conn=4 time=143.557 ms
No reply from 2.2.2.2 on port 8443 TCP_conn=11
No reply from 2.2.2.2 on port 8443 TCP_conn=12
No response received for 2 seconds
Reply from 2.2.2.2 on port 8443 TCP_conn=5 time=239.382 ms
Reply from 2.2.2.2 on port 8443 TCP_conn=6 time=237.589 ms
No reply from 2.2.2.2 on port 8443 TCP_conn=13
No reply from 2.2.2.2 on port 8443 TCP_conn=14
No reply from 2.2.2.2 on port 8443 TCP_conn=15
No response received for 3 seconds
Reply from 2.2.2.2 on port 8443 TCP_conn=7 time=247.644 ms
No reply from 2.2.2.2 on port 8443 TCP_conn=16
No reply from 2.2.2.2 on port 8443 TCP_conn=17
No reply from 2.2.2.2 on port 8443 TCP_conn=18
No reply from 2.2.2.2 on port 8443 TCP_conn=19
No reply from 2.2.2.2 on port 8443 TCP_conn=20
No reply from 2.2.2.2 on port 8443 TCP_conn=21
No reply from 2.2.2.2 on port 8443 TCP_conn=22
No reply from 2.2.2.2 on port 8443 TCP_conn=23
No reply from 2.2.2.2 on port 8443 TCP_conn=24
No reply from 2.2.2.2 on port 8443 TCP_conn=25
No reply from 2.2.2.2 on port 8443 TCP_conn=26
No reply from 2.2.2.2 on port 8443 TCP_conn=27
No reply from 2.2.2.2 on port 8443 TCP_conn=28
No reply from 2.2.2.2 on port 8443 TCP_conn=29
No response received for 14 seconds
Reply from 2.2.2.2 on port 8443 TCP_conn=8 time=250.247 ms
No reply from 2.2.2.2 on port 8443 TCP_conn=30
No reply from 2.2.2.2 on port 8443 TCP_conn=31
No reply from 2.2.2.2 on port 8443 TCP_conn=32
No response received for 3 seconds
Reply from 2.2.2.2 on port 8443 TCP_conn=9 time=233.713 ms
Reply from 2.2.2.2 on port 8443 TCP_conn=10 time=232.872 ms
No reply from 2.2.2.2 on port 8443 TCP_conn=33
No response received for 1 second
Reply from 2.2.2.2 on port 8443 TCP_conn=11 time=237.444 ms
Reply from 2.2.2.2 on port 8443 TCP_conn=12 time=133.214 ms
Reply from 2.2.2.2 on port 8443 TCP_conn=13 time=130.723 ms
Reply from 2.2.2.2 on port 8443 TCP_conn=14 time=131.319 ms
Reply from 2.2.2.2 on port 8443 TCP_conn=15 time=136.604 ms
Reply from 2.2.2.2 on port 8443 TCP_conn=16 time=143.006 ms
Reply from 2.2.2.2 on port 8443 TCP_conn=17 time=129.907 ms
Reply from 2.2.2.2 on port 8443 TCP_conn=18 time=133.397 ms
Reply from 2.2.2.2 on port 8443 TCP_conn=19 time=134.004 ms
Reply from 2.2.2.2 on port 8443 TCP_conn=20 time=144.952 ms
Reply from 2.2.2.2 on port 8443 TCP_conn=21 time=132.945 ms
Reply from 2.2.2.2 on port 8443 TCP_conn=22 time=129.953 ms
Reply from 2.2.2.2 on port 8443 TCP_conn=23 time=132.959 ms
Reply from 2.2.2.2 on port 8443 TCP_conn=24 time=128.799 ms
Reply from 2.2.2.2 on port 8443 TCP_conn=25 time=133.193 ms
Reply from 2.2.2.2 on port 8443 TCP_conn=26 time=130.015 ms
Reply from 2.2.2.2 on port 8443 TCP_conn=27 time=127.913 ms
Reply from 2.2.2.2 on port 8443 TCP_conn=28 time=136.096 ms

--- 2.2.2.2 TCPing statistics ---
61 probes transmitted on port 8443 | 28 received, 54.10% packet loss
successful probes:   28
unsuccessful probes: 33
last successful probe:   2023-06-06 14:52:56
last unsuccessful probe: 2023-06-06 14:52:38
total uptime:   28 seconds
total downtime: 33 seconds
longest consecutive uptime:   18 seconds from 2023-06-06 14:52:39 to 2023-06-06 14:52:56
longest consecutive downtime: 14 seconds from 2023-06-06 14:52:18 to 2023-06-06 14:52:32
rtt min/avg/max: 127.913/171.473/278.555 ms
--------------------------------------
TCPing started at: 2023-06-06 14:51:55
TCPing ended at:   2023-06-06 14:52:56
duration (HH:MM:SS): 00:01:01

路由器日志也是大量连接失败,但是过一段时间以后会自动恢复:

2023/06/05 12:37:31 [Warning] [99830566] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [dial tcp 2.2.2.2:8443: operation was canceled] > common/retry: all retry attempts failed
2023/06/05 12:37:44 [Error] app/dns: UDP:8.8.8.8:53 cannot find the pending request

之前怀疑是类似DNS的TCP连接过长,但是使用local policy设置最长idle时间到75s以后(和NGINX一样),还是一样。服务器线路为搬瓦工洛杉矶CN2,本地网络环境电信。服务器配置了只通过ssh和80,8443的防火墙规则。
@ttc0419 ttc0419 closed this as completed Jun 5, 2023
@ttc0419 ttc0419 changed the title 内置DNS仅第一次使用出站代理请求? 使用一段时间之后TCP干扰 Jun 6, 2023
@ttc0419 ttc0419 reopened this Jun 6, 2023
@ttc0419 ttc0419 changed the title 使用一段时间之后TCP干扰 使用一段时间之后TCP超时 Jun 6, 2023
@ttc0419 ttc0419 changed the title 使用一段时间之后TCP超时 使用一段时间之后被TCP干扰 Jun 6, 2023
@ttc0419 ttc0419 closed this as completed Jun 6, 2023
@ttc0419 ttc0419 reopened this Jun 6, 2023
@chika0801
Copy link
Contributor

net4people/bbs#257 (comment)

是不是你用为客户端用户,用户发现突然遇到外网打不开了。你本机tcpping vps ip也是超时。此时你可换比如手机5G看看连VPS通不通。这现象可能约3分钟后自己消息,一天不定时遇到。

@ttc0419
Copy link
Author

ttc0419 commented Jun 7, 2023
edited
Loading

net4people/bbs#257 (comment)

是不是你用为客户端用户,用户发现突然遇到外网打不开了。你本机tcpping vps ip也是超时。此时你可换比如手机5G看看连VPS通不通。这现象可能约3分钟后自己消息,一天不定时遇到。

今天用ping.pe和腾讯云的tcping也试了一下国内多地也是超时。过一段时间后,或者关闭透明代理就能立马恢复。

@chika0801
Copy link
Contributor

chika0801 commented Jun 7, 2023
edited
Loading

过一段时间后恢复可能和上述现象有关。

你确认当遇到不通时,立刻关闭透明代理就能立马恢复。这里的立马恢复指具体的?比如你立马关后,手机客户端立马上能连上服务端?你需要详细描述一下。(如果你愿意)

@ttc0419
Copy link
Author

ttc0419 commented Jun 7, 2023
edited
Loading

你确认当遇到不通时,立刻关闭透明代理就能立马恢复。这里的立马恢复指具体的?

当发生阻断后我尝试使用ping.pe和其他服务器持续tcping,似乎当OpenWrt路由器关闭xray和清空规则后的一瞬间,所有tcping都恢复正常延迟。OpenWrt再次开启透明代理后,手机Youtube等客户端也能再次正常连接。也有可能是正好阻断结束?但是我实验的很多次都是类似现象。感觉很像熔断措施,在一定流量以后必会干扰。

@chika0801
Copy link
Contributor

chika0801 commented Jun 7, 2023
edited
Loading

当发生阻断后我尝试使用ping.pe和其他服务器持续tcping

此时结果是什么?

另外,你是否尝试以下几种对比测试

  1. 保持这个VPS不变,开不同的协议组合,看是否复现

  2. 保持协议组合不变,用不同的VPS进行测试,看是否复现

从你上面的描述来看,我没有印象,有与你相近现象,其它人的反馈。

建议不要大惊,自己需要一段逻辑排查法进行对比实验了。你在这报告,别人也只是根据你的描述,猜可能的原因给你一些建议。你的环境(地点),只有靠你自己处理。

补充:比如你现在是openwrt上用透明代理环境,你遇到现象了。你改为在如WIN系统上用http/scoks代理。或由sing-box提供TUN模式,也是一个做对比试验的途径。

@ttc0419
Copy link
Author

ttc0419 commented Jun 7, 2023
edited
Loading

当发生阻断后我尝试使用ping.pe和其他服务器持续tcping

就是类似描述中的tcping的日志,延迟上升,并且大部分连接超时。

你改为在如WIN系统上用http/scoks代理。或由sing-box提供TUN模式

在macos上使用socks5尝试过,也过一段时间出现过大量failed to process outbound traffic。

保持协议组合不变,用不同的VPS进行测试,看是否复现

我觉得的确有可能IP不干净,我有一个香港住宅的VPS,挂SS都没事。但是搬瓦工必封IP。香港线路虽然慢点,但是从来没有碰到过TCP干扰或者超时。

@ttc0419
Copy link
Author

ttc0419 commented Jun 10, 2023

似乎最近几天又好了,也有可能是CN2线路拥堵?暂时关闭。

@ttc0419 ttc0419 closed this as completed Jun 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ttc0419 @chika0801