Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tag-based routing not working for wireguard-inbounds on version 24.11.30 #4121

Closed
4 tasks done
00svd00 opened this issue Dec 6, 2024 · 0 comments
Closed
4 tasks done

tag-based routing not working for wireguard-inbounds on version 24.11.30 #4121

00svd00 opened this issue Dec 6, 2024 · 0 comments

Comments

@00svd00
Copy link

00svd00 commented Dec 6, 2024

Integrity requirements

  • I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
  • I provided the complete config and logs, rather than just providing the truncated parts based on my own judgment.
  • I searched issues and did not find any similar issues.
  • The problem can be successfully reproduced in the latest Release

Description

With xray-core 24.9.30 everything worked as expected. After updating to 24.11.30 all traffic, received with wireguard inbounds, now goes to default destination(direct outbound)

Reproduction Method

1.Run container with xray-core 24.9.30, connect to one of wireguard-inbounds, send some packets,
2. Go to metrics /debug/vars, corresponding outbound will have non-zero value in uplink
3. Run container with xray-core 24.11.30 with same config, connect to one of wireguard-inbounds, send some packets
4. Only direct outbound will have non-zero values

Client config

Wireguard clients

Server config

{
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"inboundTag": [
"metrics_in"
],
"outboundTag": "metrics_out"
},
{
"type": "field",
"ip": [
"geoip:private",
"192.168.88.0/24"
],
"outboundTag": "direct"
},
{
"type": "field",
"inboundTag": [
"inbound-wg-1"
],
"outboundTag": "outbound-1"
},
{
"type": "field",
"inboundTag": [
"inbound-wg-2"
],
"outboundTag": "outbound-2"
},
{
"type": "field",
"inboundTag": [
"inbound-wg-3"
],
"outboundTag": "outbound-3"
}
]
},
"dns": null,
"inbounds": [
{
"listen": "172.20.0.2",
"port": 9995,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"streamSettings": null,
"tag": "metrics_in",
"sniffing": null
},
{
"listen": "172.20.0.2",
"port": 3124,
"protocol": "wireguard",
"settings": {
"kernelMode": false
},
"streamSettings": null,
"tag": "inbound-wg-1",
"sniffing": {
"enabled": false,
"destOverride": [
"http",
"tls",
"quic",
"fakedns"
],
"metadataOnly": false,
"routeOnly": false
}
},
{
"listen": "172.20.0.2",
"port": 3125,
"protocol": "wireguard",
"settings": {
"kernelMode": false
},
"streamSettings": null,
"tag": "inbound-wg-2",
"sniffing": {
"enabled": false,
"destOverride": [
"http",
"tls",
"quic",
"fakedns"
],
"metadataOnly": false,
"routeOnly": false
}
},
{
"listen": "172.20.0.2",
"port": 3126,
"protocol": "wireguard",
"settings": {
"kernelMode": false
},
"streamSettings": null,
"tag": "inbound-wg-3",
"sniffing": {
"enabled": false,
"destOverride": [
"http",
"tls",
"quic",
"fakedns"
],
"metadataOnly": false,
"routeOnly": false
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "AsIs"
}
},
{
"tag": "blocked",
"protocol": "blackhole",
"settings": {}
},
{
"tag": "outbound-3",
"protocol": "vless",
"settings": {
},
"streamSettings": {
}
},
{
"tag": "outbound-1",
"protocol": "shadowsocks",
"settings": {
},
"streamSettings": {
}
},
{
"tag": "outbound-2",
"protocol": "socks",
"settings": {
"servers": [
]
},
"streamSettings": {
}
}
],
"transport": null,
"policy": {
"levels": {
"0": {
"statsUserDownlink": true,
"statsUserUplink": true
}
},
"system": {
"statsInboundDownlink": true,
"statsInboundUplink": true,
"statsOutboundDownlink": true,
"statsOutboundUplink": true
}
},
"metrics": {
"tag": "metrics_out"
},
"stats": {},
"reverse": null,
"fakedns": null,
"observatory": null,
"burstObservatory": null
}

Client log

none

Server log

access.log:
2024/12/06 09:14:33 from tcp:0.0.0.0:0 accepted tcp:[mocked]:443 [direct]
2024/12/06 09:14:33 from tcp:0.0.0.0:0 accepted tcp:[mocked]:443 [direct]
2024/12/06 09:14:33 from tcp:0.0.0.0:0 accepted tcp:[mocked]:443 [direct]
2024/12/06 09:14:33 from tcp:0.0.0.0:0 accepted tcp:[mocked]:443 [direct]
2024/12/06 09:14:33 from tcp:0.0.0.0:0 accepted tcp:[mocked]:443 [direct]
2024/12/06 09:14:33 from tcp:0.0.0.0:0 accepted tcp:[mocked]:443 [direct]
2024/12/06 09:14:33 from tcp:0.0.0.0:0 accepted tcp:[mocked]:443 [direct]
2024/12/06 09:14:33 from tcp:0.0.0.0:0 accepted tcp:[mocked]:443 [direct]
2024/12/06 09:14:33 from tcp:0.0.0.0:0 accepted tcp:[mocked]:443 [direct]
2024/12/06 09:14:33 from tcp:0.0.0.0:0 accepted tcp:[mocked]:443 [direct]
2024/12/06 09:14:33 from tcp:0.0.0.0:0 accepted tcp:[mocked]:443 [direct]
2024/12/06 09:14:33 from tcp:0.0.0.0:0 accepted tcp:[mocked]:443 [direct]
error.log:
2024/12/06 07:46:53 [Warning] proxy/wireguard: Using gVisor TUN. WG inbound doesn't support kernel TUN yet.
2024/12/06 07:46:56 [Warning] proxy/wireguard: Using gVisor TUN. WG inbound doesn't support kernel TUN yet.
2024/12/06 07:46:59 [Warning] proxy/wireguard: Using gVisor TUN. WG inbound doesn't support kernel TUN yet.
2024/12/06 07:47:03 [Warning] core: Xray 24.11.30 started
2024/12/06 07:49:14 [Error] proxy/wireguard: operation timed out
2024/12/06 07:50:22 [Warning] proxy/wireguard: Using gVisor TUN. WG inbound doesn't support kernel TUN yet.
2024/12/06 07:50:22 [Warning] proxy/wireguard: Using gVisor TUN. WG inbound doesn't support kernel TUN yet.
2024/12/06 07:50:22 [Warning] proxy/wireguard: Using gVisor TUN. WG inbound doesn't support kernel TUN yet.
2024/12/06 07:50:22 [Warning] core: Xray 24.11.30 started
2024/12/06 07:57:24 [Warning] proxy/wireguard: Using gVisor TUN. WG inbound doesn't support kernel TUN yet.
2024/12/06 07:57:27 [Warning] proxy/wireguard: Using gVisor TUN. WG inbound doesn't support kernel TUN yet.
2024/12/06 07:57:31 [Warning] proxy/wireguard: Using gVisor TUN. WG inbound doesn't support kernel TUN yet.
2024/12/06 07:57:34 [Warning] core: Xray 24.11.30 started
2024/12/06 07:57:35 [Error] proxy/wireguard: connection was refused
2024/12/06 07:59:42 [Error] proxy/wireguard: operation timed out
2024/12/06 07:59:42 [Error] proxy/wireguard: operation timed out
2024/12/06 07:59:42 [Error] proxy/wireguard: operation timed out
2024/12/06 07:59:42 [Error] proxy/wireguard: operation timed out
2024/12/06 07:59:42 [Error] proxy/wireguard: operation timed out
2024/12/06 07:59:42 [Error] proxy/wireguard: operation timed out
2024/12/06 07:59:42 [Error] proxy/wireguard: operation timed out
2024/12/06 07:59:42 [Error] proxy/wireguard: operation timed out
2024/12/06 07:59:42 [Error] proxy/wireguard: operation timed out
2024/12/06 07:59:42 [Error] proxy/wireguard: operation timed out
2024/12/06 07:59:42 [Error] proxy/wireguard: operation timed out
2024/12/06 07:59:42 [Error] proxy/wireguard: operation timed out
2024/12/06 07:59:42 [Error] proxy/wireguard: operation timed out
2024/12/06 07:59:42 [Error] proxy/wireguard: operation timed out
2024/12/06 07:59:42 [Error] proxy/wireguard: operation timed out
2024/12/06 07:59:42 [Error] proxy/wireguard: operation timed out
2024/12/06 07:59:42 [Error] proxy/wireguard: operation timed out
2024/12/06 07:59:42 [Error] proxy/wireguard: operation timed out
2024/12/06 08:02:09 [Error] proxy/wireguard: operation timed out
2024/12/06 08:02:10 [Error] proxy/wireguard: operation timed out
2024/12/06 08:02:11 [Error] proxy/wireguard: operation timed out
2024/12/06 08:02:12 [Error] proxy/wireguard: operation timed out
2024/12/06 08:04:34 [Warning] proxy/wireguard: Using gVisor TUN. WG inbound doesn't support kernel TUN yet.
2024/12/06 08:04:37 [Warning] proxy/wireguard: Using gVisor TUN. WG inbound doesn't support kernel TUN yet.
2024/12/06 08:04:40 [Warning] proxy/wireguard: Using gVisor TUN. WG inbound doesn't support kernel TUN yet.
2024/12/06 08:04:44 [Warning] core: Xray 24.11.30 started
2024/12/06 08:42:38 [Warning] proxy/wireguard: Using gVisor TUN. WG inbound doesn't support kernel TUN yet.
2024/12/06 08:42:42 [Warning] proxy/wireguard: Using gVisor TUN. WG inbound doesn't support kernel TUN yet.
2024/12/06 08:42:45 [Warning] proxy/wireguard: Using gVisor TUN. WG inbound doesn't support kernel TUN yet.
2024/12/06 08:42:48 [Warning] core: Xray 24.11.30 started
2024/12/06 09:13:24 [Warning] proxy/wireguard: Using gVisor TUN. WG inbound doesn't support kernel TUN yet.
2024/12/06 09:13:24 [Warning] proxy/wireguard: Using gVisor TUN. WG inbound doesn't support kernel TUN yet.
2024/12/06 09:13:27 [Warning] proxy/wireguard: Using gVisor TUN. WG inbound doesn't support kernel TUN yet.
2024/12/06 09:13:31 [Info] transport/internet/tcp: listening TCP on 172.20.0.2:9995
2024/12/06 09:13:31 [Info] transport/internet/udp: listening UDP on 172.20.0.2:3124
2024/12/06 09:13:31 [Info] transport/internet/udp: listening UDP on 172.20.0.2:3125
2024/12/06 09:13:31 [Info] transport/internet/udp: listening UDP on 172.20.0.2:3126
2024/12/06 09:13:31 [Info] transport/internet/tcp: listening TCP on 172.20.0.2:3127
2024/12/06 09:13:31 [Warning] core: Xray 24.11.30 started
2024/12/06 09:14:33 [Info] app/dispatcher: default route for tcp:[mocked]:443
2024/12/06 09:14:33 [Info] transport/internet/tcp: dialing TCP to tcp:[mocked]:443
2024/12/06 09:14:33 [Info] proxy/freedom: connection opened to tcp:[mocked]:443, local endpoint 172.20.0.2:37678, remote endpoint [mocked]:443
2024/12/06 09:14:33 [Info] proxy: CopyRawConn readv
2024/12/06 09:14:33 [Info] app/dispatcher: default route for tcp:[mocked]:443
2024/12/06 09:14:33 [Info] transport/internet/tcp: dialing TCP to tcp:[mocked]:443
2024/12/06 09:14:33 [Info] proxy/freedom: connection opened to tcp:[mocked]:443, local endpoint 172.20.0.2:37680, remote endpoint [mocked]:443
2024/12/06 09:14:33 [Info] proxy: CopyRawConn readv
2024/12/06 09:14:33 [Info] app/dispatcher: default route for tcp:[mocked]:443
2024/12/06 09:14:33 [Info] transport/internet/tcp: dialing TCP to tcp:[mocked]:443
2024/12/06 09:14:33 [Info] proxy/freedom: connection opened to tcp:[mocked]:443, local endpoint 172.20.0.2:37682, remote endpoint [mocked]:443
2024/12/06 09:14:33 [Info] proxy: CopyRawConn readv
2024/12/06 09:14:33 [Info] app/dispatcher: default route for tcp:[mocked]:443
2024/12/06 09:14:33 [Info] transport/internet/tcp: dialing TCP to tcp:[mocked]:443
2024/12/06 09:14:33 [Info] proxy/freedom: connection opened to tcp:[mocked]:443, local endpoint 172.20.0.2:37684, remote endpoint [mocked]:443
2024/12/06 09:14:33 [Info] proxy: CopyRawConn readv
2024/12/06 09:14:33 [Info] app/dispatcher: default route for tcp:[mocked]:443
2024/12/06 09:14:33 [Info] transport/internet/tcp: dialing TCP to tcp:[mocked]:443
2024/12/06 09:14:33 [Info] proxy/freedom: connection opened to tcp:[mocked]:443, local endpoint 172.20.0.2:37686, remote endpoint [mocked]:443
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Fangliding @00svd00