Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access to website with private IP address does not work with v2rayNG, works with other xray clients #3189

Open
selivan opened this issue Jun 4, 2024 · 5 comments
Open

Access to website with private IP address does not work with v2rayNG, works with other xray clients #3189

selivan opened this issue Jun 4, 2024 · 5 comments

Comments

@selivan
Copy link

selivan commented Jun 4, 2024
edited
Loading

Server-side trobleshoot: access works fine with the same xray server and other xray clients: MiProxy VPN (NekoBox) and HiddifyNG. Also works fine with desktop NekoRay. Does not work only with v2rayNG.

Expected behavior

I have an internal website with private IP address (m.example.net -> 172.23.X.X). I use my own xray server to access this site. This server has a public address(to connect from outside) and a private address from the same private network(172.23.X.Y).

I can not access this internal website using v2rayNG with my own xray server. I can access public sites (like twitter.com), but connecting to the internal website returns "Connection timeout".

Actual behavior

Website resolving to private IP address should be accessible using v2rayNG client, if xray server has access to that website.

Reproduction method

  1. Install xray server with access to some private network (like 172.23.0.0/16)
  2. Create website in the same private network: m.example.net -> 172.23.X.Y, accessible from xray server via https://m.example.net
  3. v2rayNG client configuration:
  • DomainStrategy: IPIfNonMatch
  • Custom Rules -> Proxy URL OR IP -> domain:example.net
  1. Connect to xray server using v2rayNG client
  2. Try to access https://m.example.net on android device, get connection timeout

Log information

adb logcat -s com.v2ray.ang GoLog V2rayConfigUtilGoLog Main

Absolutely nothing happens in logcat when I try to access internal website. There are logs when I access public sites, like twitter.com, so this is not a log collecting problem.

Environment information

v2rayNG version: 1.8.22 (latest available)
xray server version: 1.8.13 3120ca4 (go1.22.3 linux/arm64)

Additional information (optional)
@pulsarice
Copy link

Try these:

  1. Turn off sniffing and test.
  2. Turn on sniffing and routeOnly and test.
  3. Set DomainStrategy to AsIs and test
  4. Clear all routing rules (proxy/direct/block) and set "Predefined rules" to "Global proxy" and test.

From what I've seen, the routing rules are ordered as follows:

  1. DNS rules (proxy then direct)
  2. Custom Proxied rules (Domains then IPs)
  3. Custom Direct rules (Domains then IPs)
  4. Custom Blocked rules (Domains then IPs)
  5. Predefined rules (IPs then Domains)

Export your full configuration and investigate the routing rules.

And a question: How is your domain actually resolved to that private address?
Install a network tools application (like net analyzer) and while connected to v2rayNG, try resolving your domain name and see what is returned.

@selivan
Copy link
Author

selivan commented Jun 11, 2024

@pulsarice Thanks for the advice.

I used PortDroid to check where the problem is. I enabled it in Per-App proxy.

DNS lookup works fine with and without VPN, it always resolves m.example.net to its internal IP address 172.23.X.Y.

With v2rayNG VPN port scanner checking reachability of port 443 on 172.23.X.Y says the port is closed.

If no other programs using VPN are running, and the only thing I do is scanning 172.23.X.Y for an open 443 port, nothing new appears in Logcat. I checked multiple times, clearing it before. Nothing.

Changing options: Sniffing on and off, DomainStrategy AsIs and IPIfNonMatch did not help.

Clearing all routes while Predefined rules remains "Global proxy" did not help.

The same xray connection with NekoBox(MiProxy VPN) works fine, PortDroid shows port 443 on 172.23.X.Y as available.

To check possible misconfiguration: without VPN connection PortDroid shows port 443 on 172.23.X.Y as closed, so this IP is not accessible for my device without VPN.

I suppose, there is some restriction about routing to private IP addresses in v2rayng. Makes sense to prevent clients accessing internal network available to the server, but it breaks configurations like mine.

@dvino
Copy link

dvino commented Aug 11, 2024

After upgrade v2rayNG to new version v1.8.23 I have a same issue. Can`t connect to private IP ranges across proxy. Version 1.8.19 works fine

@dvino
Copy link

dvino commented Aug 13, 2024

Solved for me by cleaning app storage and re-configuring the application

@Homas
Copy link

Homas commented Oct 18, 2024

In the "Routing Settings" (version 1.9.7) disable:

  • 绕过局域网IP [geoip:private]
  • 绕过局域网域名 [geosite:private]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@selivan @pulsarice @Homas @dvino