国内环境的不友好, 相比懂互联网的老鸟们都有体会.
最近更新了一直用的 v2ray 的客户端, 突然发现电脑频繁的出现代理抽风的问题, 折腾了1天算解决了
问题表现
chrome 打开任意网页, 大概率报错提示 ERR_PROXY_CONNECTION_FAILED, 反复刷新后, 偶尔正常一会
无论用 黑名单模式, 还是全局, 都一样, 彻底禁用代理一切正常
问题根源
-
v2ray 7.x 连接复用策略 及 通讯协议废弃
v2rayN 启动日志
2026/03/10 09:59:31.901786 [Warning] common/errors: The feature WebSocket transport (with ALPN http/1.1, etc.) is deprecated, not recommended for using and might be removed. Please migrate to XHTTP H2 & H3 as soon as possible. 2026/03/10 09:59:31.901786 [Warning] common/errors: The feature VMess (with no Forward Secrecy, etc.) is deprecated, not recommended for using and might be removed. Please migrate to VLESS Encryption as soon as possible. -
本地端口耗尽
netstat -ano | findstr TIME_WAIT TCP 127.0.0.1:1576 192.168.1.2:9999 TIME_WAIT 0 TCP 127.0.0.1:1638 192.168.1.2:9999 TIME_WAIT 0 TCP 127.0.0.1:1944 192.168.1.2:9999 TIME_WAIT 0 TCP 127.0.0.1:1982 192.168.1.2:9999 TIME_WAIT 0 ... TCP 127.0.0.1:63668 192.168.1.2:9999 TIME_WAIT 0 TCP 127.0.0.1:64405 192.168.1.2:9999 TIME_WAIT 0 ... -
Tun 模式打开
解决方法
Chrome 关闭 QUIC (可选)
- chrome 地址栏输入
chrome://flags - 搜索
QUIC - 找到
Experimental QUIC protocol改为Disabled
TCP端口池清理 (必须)
这一步可以在更换协议后进行
-
检查确认端口池是否耗尽
netstat -ano | findstr TIME_WAIT发现大量的 TIME_WAIT, 说明已耗尽
-
清理重启TCP端口池
netsh int ip reset netsh winsock reset需要重启电脑
更换传输协议 (关键)
将目前的 VMESS + WebSocket 改为 VLESS + Reality
网络架构
隔离 Reality 和 Nginx 站点服务, 仅对本地服务, 443 统一由 Nginx 代理
Internet
│
▼
VPS:443
│
▼
Nginx stream (SNI 分流)
│
├── www.microsoft.com → 127.0.0.1:4432 (Reality)
│
└── default → 127.0.0.1:4431 (网站)
│
▼
Nginx HTTPS
服务器调整
- 关闭并禁用 v2ray 服务
systemctl stop v2ray
systemctl disable v2ray
- 安装 xray-core 服务
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install
- 生成 Reality 密钥
xray x25519
得到
PrivateKey: aaaaaa
Password: bbbbbb
Hash32: cccccc
PrivateKey用于 服务器配置的inbounds[].streamSettings.privateKeyPassword用于 客户端配置的outbounds[].streamSettings.realitySettings.publicKey
- 配置 xray-core
vim /usr/local/etc/xray/config.json
配置内容
{
"log": {
"loglevel": "warning",
"access": "/var/log/xray/access.log",
"error": "/var/log/xray/error.log"
},
"inbounds": [
{
"tag": "reality-in",
"port": 4432,
"listen": "127.0.0.1",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "你的UUID 1",
"flow": "xtls-rprx-vision",
"email": "你的邮箱 1"
},
{
"id": "你的UUID 2",
"flow": "xtls-rprx-vision",
"email": "你的邮箱 2"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"dest": "www.microsoft.com:443",
"serverNames": [
"www.microsoft.com"
],
"privateKey": "你的私钥",
"shortIds": [
"a1",
"b2"
]
}
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
UUID 可通过
xray uuid新生成 或 自己随便定义shortId 可通过
openssl rand -hex 8新生成 或 自己随便定义
- 修改 Nginx 配置
stream 分流
stream {
map $ssl_preread_server_name $proxy {
www.microsoft.com 127.0.0.1:4432;
default 127.0.0.1:4431;
}
server {
listen 443 reuseport;
listen [::]:443 reuseport;
ssl_preread on;
proxy_pass $proxy;
}
}
其他现存网站改为监听 本机 4431 端口
server {
listen 127.0.0.1:4431 ssl http2;
server_name a1.yourdomain.com;
}
server {
listen 127.0.0.1:4431 ssl http2;
server_name b2.yourdomain.com;
}
...
- 客户端配置
以 v2rayN 为例
协议: VLESS
地址: VPS 公网IP 或 自定义域名 (推荐)
端口: 443
用户ID: 你的UUID 1
流控: xtls-rprx-vision
加密方式: none
开启Mux: 否
传输协议: tcp
伪装类型: none
伪装域名: 空
路径: 空
TLS: reality
SNI: www.microsoft.com
Fingerprint: chrome
PublicKey: Reality 密钥生成的 password
ShortId: 服务器配置里的
SpiderX: /
