Add XRay VLESS REALITY protocol support

Ysurac · Oct 17, 2023 · 8369094 · 8369094
1 parent c52f081
commit 8369094
Show file tree

Hide file tree

Showing 5 changed files with 119 additions and 14 deletions.
diff --git a/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua b/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua
@@ -716,12 +716,14 @@ function wizard_add()
 			local sectionname = s[".name"]
 			ucic:set("shadowsocks-rust",sectionname,"disabled","1")
 		end)
-	elseif (default_proxy == "xray" or default_proxy == "xray-vmess" or default_proxy == "xray-trojan" or default_proxy == "xray-shadowsocks" or default_proxy == "xray-socks") and serversnb > 0 and serversnb > disablednb then
+	elseif (default_proxy == "xray" or default_proxy == "xray-vless-reality" or default_proxy == "xray-vmess" or default_proxy == "xray-trojan" or default_proxy == "xray-shadowsocks" or default_proxy == "xray-socks") and serversnb > 0 and serversnb > disablednb then
 		--ucic:set("shadowsocks-libev","sss0","disabled","1")
 		ucic:set("v2ray","main","enabled","0")
 		ucic:set("xray","main","enabled","1")
 		if default_proxy == "xray" then
 			ucic:set("xray","omrout","protocol","vless")
+		elseif default_proxy == "xray-vless-reality" then
+			ucic:set("xray","omrout","protocol","vless-reality")
 		elseif default_proxy == "xray-vmess" then
 			ucic:set("xray","omrout","protocol","vmess")
 		elseif default_proxy == "xray-trojan" then
@@ -800,6 +802,7 @@ function wizard_add()
 					ucic:set("v2ray","omrout","s_socks_address",server_ip)
 					ucic:set("xray","omrout","s_vmess_address",server_ip)
 					ucic:set("xray","omrout","s_vless_address",server_ip)
+					ucic:set("xray","omrout","s_vless_reality_address",server_ip)
 					ucic:set("xray","omrout","s_trojan_address",server_ip)
 					ucic:set("xray","omrout","s_socks_address",server_ip)
 					ucic:set("xray","omrout","s_shadowsocks_address",server_ip)
@@ -845,6 +848,7 @@ function wizard_add()
 				ucic:set("v2ray","omrout","s_socks_address",server_ip)
 				ucic:set("xray","omrout","s_vmess_address",server_ip)
 				ucic:set("xray","omrout","s_vless_address",server_ip)
+				ucic:set("xray","omrout","s_vless_reality_address",server_ip)
 				ucic:set("xray","omrout","s_trojan_address",server_ip)
 				ucic:set("xray","omrout","s_socks_address",server_ip)
 				ucic:set("xray","omrout","s_shadowsocks_address",server_ip)
@@ -906,6 +910,7 @@ function wizard_add()
 		ucic:set("v2ray","omrout","s_socks_user_security","none")
 		ucic:set("xray","omrout","s_vmess_user_security","none")
 		ucic:set("xray","omrout","s_vless_user_security","none")
+		ucic:set("xray","omrout","s_vless_reality_user_security","none")
 		ucic:set("xray","omrout","s_trojan_user_security","none")
 		ucic:set("xray","omrout","s_socks_user_security","none")
 		ucic:set("xray","omrout","s_shadowsocks_method","none")
@@ -923,6 +928,7 @@ function wizard_add()
 		ucic:set("v2ray","omrout","s_socks_user_security","aes-128-gcm")
 		ucic:set("xray","omrout","s_vmess_user_security","aes-128-gcm")
 		ucic:set("xray","omrout","s_vless_user_security","aes-128-gcm")
+		ucic:set("xray","omrout","s_vless_reality_user_security","aes-128-gcm")
 		ucic:set("xray","omrout","s_trojan_user_security","aes-128-gcm")
 		ucic:set("xray","omrout","s_socks_user_security","aes-128-gcm")
 		ucic:set("xray","omrout","s_shadowsocks_method","2022-blake3-aes-256-gcm")
@@ -942,6 +948,7 @@ function wizard_add()
 		ucic:set("v2ray","omrout","s_socks_user_security","aes-128-gcm")
 		ucic:set("xray","omrout","s_vmess_user_security","aes-128-gcm")
 		ucic:set("xray","omrout","s_vless_user_security","aes-128-gcm")
+		ucic:set("xray","omrout","s_vless_reality_user_security","aes-128-gcm")
 		ucic:set("xray","omrout","s_trojan_user_security","aes-128-gcm")
 		ucic:set("xray","omrout","s_socks_user_security","aes-128-gcm")
 		ucic:set("xray","omrout","s_shadowsocks_method","2022-blake3-aes-256-gcm")
@@ -961,6 +968,7 @@ function wizard_add()
 		ucic:set("v2ray","omrout","s_socks_user_security","chacha20-poly1305")
 		ucic:set("xray","omrout","s_vmess_user_security","chacha20-poly1305")
 		ucic:set("xray","omrout","s_vless_user_security","chacha20-poly1305")
+		ucic:set("xray","omrout","s_vless_reality_user_security","chacha20-poly1305")
 		ucic:set("xray","omrout","s_trojan_user_security","chacha20-poly1305")
 		ucic:set("xray","omrout","s_socks_user_security","chacha20-poly1305")
 		ucic:set("xray","omrout","s_shadowsocks_method","2022-blake3-chacha20-poly1305")
@@ -1040,6 +1048,7 @@ function wizard_add()
 	ucic:commit("v2ray")
 	ucic:set("xray","omrout","s_vmess_user_id",v2ray_user)
 	ucic:set("xray","omrout","s_vless_user_id",v2ray_user)
+	ucic:set("xray","omrout","s_vless_reality_user_id",v2ray_user)
 	ucic:set("xray","omrout","s_trojan_user_id",v2ray_user)
 	ucic:set("xray","omrout","s_socks_user_id",v2ray_user)
 	ucic:save("xray")

diff --git a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm
@@ -238,6 +238,7 @@ <h3><%=servername%></h3>
 			<% if nixio.fs.access("/etc/init.d/v2ray") then %><option value="v2ray-trojan" <% if uci:get("openmptcprouter","settings","proxy") == "v2ray-trojan" then %>selected="selected"<% end %>>V2Ray TROJAN</option><% end %>
 			<% if nixio.fs.access("/etc/init.d/v2ray") then %><option value="v2ray-socks" <% if uci:get("openmptcprouter","settings","proxy") == "v2ray-socks" then %>selected="selected"<% end %>>V2Ray SOCKS</option><% end %>
 			<% if nixio.fs.access("/etc/init.d/xray") then %><option value="xray" <% if uci:get("openmptcprouter","settings","proxy") == "xray" then %>selected="selected"<% end %>>XRay VLESS</option><% end %>
+			<% if nixio.fs.access("/etc/init.d/xray") then %><option value="xray-vless-reality" <% if uci:get("openmptcprouter","settings","proxy") == "xray-vless-reality" then %>selected="selected"<% end %>>XRay VLESS Reality</option><% end %>
 			<% if nixio.fs.access("/etc/init.d/xray") then %><option value="xray-vmess" <% if uci:get("openmptcprouter","settings","proxy") == "xray-vmess" then %>selected="selected"<% end %>>XRay VMESS</option><% end %>
 			<% if nixio.fs.access("/etc/init.d/xray") then %><option value="xray-trojan" <% if uci:get("openmptcprouter","settings","proxy") == "xray-trojan" then %>selected="selected"<% end %>>XRay Trojan</option><% end %>
 			<% if nixio.fs.access("/etc/init.d/xray") then %><option value="xray-socks" <% if uci:get("openmptcprouter","settings","proxy") == "xray-socks" then %>selected="selected"<% end %>>XRay Socks</option><% end %>

diff --git a/openmptcprouter/files/etc/init.d/openmptcprouter-vps b/openmptcprouter/files/etc/init.d/openmptcprouter-vps
@@ -351,16 +351,22 @@ _set_v2ray_server_vps() {
 
 _set_xray_server_vps() {
 	enabled=$(uci -q get xray.main.enabled)
-	[ "$enabled" != "1" ] && return
 	userid=$(uci -q get xray.omrout.s_vless_user_id)
+	protocol=$(uci -q get xray.omrout.protocol)
+	if [ "$protocol" = "vless-reality" ] && [ "$enabled" = "1" ]; then
+		vless_reality='true'
+	else
+		vless_reality='false'
+	fi
 	[ -z "$userid" ] && return
 	[ -z "$vps_config" ] && vps_config=$(_get_json "config")
 	[ -z "$vps_config" ] && return
 	current_userid="$(echo "$vps_config" | jsonfilter -q -e '@.xray.config.key')"
+	current_vlessreality="$(echo "$vps_config" | jsonfilter -q -e '@.xray.config.vless_reality')"
 
-	if [ "$current_userid" != "$userid" ]; then
+	if [ "$current_userid" != "$userid" ] || [ "$current_vlessreality" != "$vless_reality" ]; then
 		local settings
-		settings='{"userid": "'$userid'"}'
+		settings='{"userid": "'$userid'","vless_reality": '$vless_reality'}'
 		echo $(_set_json "xray" "$settings")
 	fi
 }
@@ -521,6 +527,8 @@ _get_vps_config() {
 		uci -q batch <<-EOF >/dev/null
 			set v2ray.omrout.s_vmess_address="$vpsip"
 			set v2ray.omrout.s_vless_address="$vpsip"
+			set v2ray.omrout.s_trojan_address="$vpsip"
+			set v2ray.omrout.s_socks_address="$vpsip"
 			commit v2ray
 		EOF
 		if [ "$(uci -q get v2ray.main.enabled)" = "1" ]; then
@@ -532,6 +540,10 @@ _get_vps_config() {
 		uci -q batch <<-EOF >/dev/null
 			set xray.omrout.s_vmess_address="$vpsip"
 			set xray.omrout.s_vless_address="$vpsip"
+			set xray.omrout.s_trojan_address="$vpsip"
+			set xray.omrout.s_socks_address="$vpsip"
+			set xray.omrout.s_shadowsocks_address="$vpsip"
+			set xray.omrout.s_vless_reality_address="$vpsip"
 			commit xray
 		EOF
 		if [ "$(uci -q get xray.main.enabled)" = "1" ]; then
@@ -1635,6 +1647,7 @@ _set_config_from_vps() {
 	# XRay settings
 	xray_key="$(echo "$vps_config" | jsonfilter -q -e '@.xray.config.key')"
 	xray_sskey="$(echo "$vps_config" | jsonfilter -q -e '@.xray.config.sskey')"
+	xray_vless_reality_key="$(echo "$vps_config" | jsonfilter -q -e '@.xray.config.vless_reality_key')"
 	#v2ray_port="$(echo "$vps_config" | jsonfilter -q -e '@.v2ray.config.port')"
 	xray_port="65248"
 	if ([ -n "$xray_key" ] && [ "$xray_key" != "$(uci -q get xray.omrout.s_vmess_user_id)" ]) || ([ -n "$xray_port" ] && [ "$xray_port" != "$(uci -q get xray.omrout.s_vmess.port)" ]); then
@@ -1649,11 +1662,14 @@ _set_config_from_vps() {
 			set xray.omrout.s_vmess_port="$((xray_port+2))"
 			set xray.omrout.s_vless_user_id="$xray_key"
 			set xray.omrout.s_vless_port="$xray_port"
+			set xray.omrout.s_vless_reality_user_id="$xray_key"
+			set xray.omrout.s_vless_reality_public_key="$xray_vless_reality_key"
 		EOF
 		#uci -q set xray.omrout.s_shadowsocks_password=$xray_sskey
 		if [ "$(uci -q get xray.omrout.s_vmess_address)" != "127.0.0.1" ]; then
 			uci -q set xray.omrout.s_vmess_address="$vpsip"
 			uci -q set xray.omrout.s_vless_address="$vpsip"
+			uci -q set xray.omrout.s_vless_reality_address="$vpsip"
 			uci -q set xray.omrout.s_trojan_address="$vpsip"
 			uci -q set xray.omrout.s_socks_address="$vpsip"
 			uci -q set xray.omrout.s_shadowsocks_address="$vpsip"

diff --git a/xray-core/files/etc/init.d/xray b/xray-core/files/etc/init.d/xray
@@ -379,6 +379,15 @@ outbound_section_validate() {
 		's_vless_user_security:or("auto", "aes-128-gcm", "chacha20-poly1305", "none")' \
 		's_vless_user_encryption:or("auto", "none")' \
 		's_vless_user_level:uinteger' \
+		's_vless_reality_address:host' \
+		's_vless_reality_port:port' \
+		's_vless_reality_user_id:string' \
+		's_vless_reality_user_alter_id:and(uinteger, max(65535))' \
+		's_vless_user_security:or("auto", "aes-128-gcm", "chacha20-poly1305", "none")' \
+		's_vless_reality_user_encryption:or("auto", "none")' \
+		's_vless_reality_flow:string' \
+		's_vless_reality_public_key:string' \
+		's_vless_reality_user_level:uinteger' \
 		's_trojan_address:host' \
 		's_trojan_port:port' \
 		's_trojan_user_id:string' \
@@ -455,7 +464,7 @@ add_xray_redirect_rules() {
 	[ "$(uci -q get xray.main.inbounds | grep omr6)" != "" ] && [ -n "$OUTBOUND_SERVERS_V6" ] && {
 		xray-rules6 -f
 		commandline="-l $((port+1)) -L $((port+1)) -s $OUTBOUND_SERVERS_V6 --rule-name def --src-default forward --dst-default forward --local-default forward"
-		[ "$(uci -q get xray.main_transparent_proxy.redirect_udp)" = "1" ] && ([ "$(uci -q get xray.omrout.protocol)" = "vless" ] || [ "$(uci -q get xray.omrout.protocol)" = "vmess" ]) && commandline="$commandline -L ${port+1}"
+		[ "$(uci -q get xray.main_transparent_proxy.redirect_udp)" = "1" ] && ([ "$(uci -q get xray.omrout.protocol)" = "vless-reality" ] || [ "$(uci -q get xray.omrout.protocol)" = "vless" ] || [ "$(uci -q get xray.omrout.protocol)" = "vmess" ]) && commandline="$commandline -L ${port+1}"
 		xray-rules6 $commandline
 	}
 	[ -f /etc/init.d/omr-bypass ] && [ -z "$(pgrep -f omr-bypass)" ] && {
@@ -1428,7 +1437,11 @@ add_outbound_setting() {
 
 	test -n "$send_through" && \
 		json_add_string "sendThrough" "$send_through"
-	json_add_string "protocol" "$protocol"
+	if [ "$protocol" = "vless-reality" ]; then
+		json_add_string "protocol" "vless"
+	else
+		json_add_string "protocol" "$protocol"
+	fi
 
 	case "${protocol:-x}" in
 		"blackhole")
@@ -1576,6 +1589,37 @@ add_outbound_setting() {
 
 			json_close_object
 
+			json_close_array # vnext
+			json_close_object # settings
+			;;
+		"vless-reality")
+			json_add_object "settings"
+
+			json_add_array "vnext"
+			json_add_object ""
+
+			json_add_string "address" "$s_vless_reality_address"
+			append_server_address "$s_vless_reality_address"
+
+			json_add_int "port" "$s_vless_reality_port"
+
+			json_add_array "users"
+			json_add_object ""
+			json_add_string "id" "$s_vless_reality_user_id"
+			json_add_int "alterId" "$s_vless_reality_user_alter_id"
+			test -n "$s_vless_reality_user_security" && \
+				json_add_string "security" "$s_vless_reality_user_security"
+			test -n "$s_vless_reality_user_encryption" && \
+				json_add_string "encryption" "$s_vless_reality_user_encryption"
+			test -n "$s_vless_reality_user_level" && \
+				json_add_int "level" "$s_vless_reality_user_level"
+			test -n "$s_vless_reality_flow" && \
+				json_add_string "flow" "$s_vless_reality_flow"
+			json_close_object
+			json_close_array # users
+
+			json_close_object
+
 			json_close_array # vnext
 			json_close_object # settings
 			;;
@@ -1660,6 +1704,16 @@ add_outbound_setting() {
 			json_close_object # tlsSettings
 		fi
 	fi
+	if [ "x$protocol" = "xvless-reality" ]; then
+		json_add_string "security" "reality"
+		json_add_object "realitySettings"
+		json_add_string "fingerprint" "chrome"
+		json_add_string "serverName" ""
+		json_add_string "publicKey" "$s_vless_reality_public_key"
+		json_add_string "spiderX" ""
+		json_add_string "shortId" ""
+		json_close_object
+	fi
 
 	case "${ss_network:-x}" in
 		"tcp")
@@ -2206,6 +2260,9 @@ rules_up() {
 	if [ "$(uci -q get xray.omrout.protocol)" = "vless" ]; then
 		OUTBOUND_SERVERS_V4="$(uci -q get xray.omrout.s_vless_address)"
 		OUTBOUND_SERVERS_V6="$(uci -q get xray.omrout.s_vless_address)"
+	elif [ "$(uci -q get xray.omrout.protocol)" = "vless-reality" ]; then
+		OUTBOUND_SERVERS_V4="$(uci -q get xray.omrout.s_vless_reality_address)"
+		OUTBOUND_SERVERS_V6="$(uci -q get xray.omrout.s_vless_reality_address)"
 	elif [ "$(uci -q get xray.omrout.protocol)" = "vmess" ]; then
 		OUTBOUND_SERVERS_V4="$(uci -q get xray.omrout.s_vmess_address)"
 		OUTBOUND_SERVERS_V6="$(uci -q get xray.omrout.s_vmess_address)"
@@ -2215,6 +2272,9 @@ rules_up() {
 	elif [ "$(uci -q get xray.omrout.protocol)" = "socks" ]; then
 		OUTBOUND_SERVERS_V4="$(uci -q get xray.omrout.s_socks_address)"
 		OUTBOUND_SERVERS_V6="$(uci -q get xray.omrout.s_socks_address)"
+	elif [ "$(uci -q get xray.omrout.protocol)" = "shadowsocks" ]; then
+		OUTBOUND_SERVERS_V4="$(uci -q get xray.omrout.s_shadowsocks_address)"
+		OUTBOUND_SERVERS_V6="$(uci -q get xray.omrout.s_shadowsocks_address)"
 	fi
 	TRANSPARENT_PROXY_PORT="$(uci -q get xray.omr.port)"
 	[ -n "$OUTBOUND_SERVERS_V4" ] || [ -n "$OUTBOUND_SERVERS_V6" ] && {

diff --git a/xray-core/files/etc/uci-defaults/3010-omr-xray b/xray-core/files/etc/uci-defaults/3010-omr-xray
@@ -36,24 +36,24 @@ if [ -z "$(uci -q get xray.main)" ]; then
 		set xray.omrout.tag='omrout_tunnel'
 		set xray.omrout.protocol='vless'
 		set xray.omrout.s_vmess_address=''
-		set xray.omrout.s_vmess_port='65230'
+		set xray.omrout.s_vmess_port='65250'
 		set xray.omrout.s_vmess_user_id=''
 		set xray.omrout.s_vmess_user_security='none'
 		set xray.omrout.s_vmess_user_alter_id='0'
 		set xray.omrout.s_vless_address=''
-		set xray.omrout.s_vless_port='65228'
+		set xray.omrout.s_vless_port='65248'
 		set xray.omrout.s_vless_user_id=''
 		set xray.omrout.s_vless_user_security='none'
 		set xray.omrout.s_vless_user_encryption='none'
 		set xray.omrout.s_vless_user_alter_id='0'
 		set xray.omrout.s_trojan_address=''
-		set xray.omrout.s_trojan_port='65229'
+		set xray.omrout.s_trojan_port='65249'
 		set xray.omrout.s_trojan_user_id=''
 		set xray.omrout.s_trojan_user_security='none'
 		set xray.omrout.s_trojan_user_encryption='none'
 		set xray.omrout.s_trojan_user_alter_id='0'
 		set xray.omrout.s_socks_address=''
-		set xray.omrout.s_socks_port='65231'
+		set xray.omrout.s_socks_port='65251'
 		set xray.omrout.s_socks_user_id=''
 		set xray.omrout.s_socks_user_security='none'
 		set xray.omrout.s_socks_user_encryption='none'
@@ -170,17 +170,17 @@ if [ "$(uci -q get xray.policy_level_0.conn_idle)" = "2400" ]; then
 	EOF
 fi
 
-if [ "$(uci -q get xray.omrout.s_vmess_port)" = "65228" ]; then
+if [ "$(uci -q get xray.omrout.s_vmess_port)" = "65230" ]; then
 	uci -q batch <<-EOF >/dev/null
-		set xray.omrout.s_vmess_port='65230'
+		set xray.omrout.s_vmess_port='65250'
 		commit xray
 	EOF
 fi
 
 if [ "$(uci -q get xray.omrout.s_trojan_port)" = "" ]; then
 	uci -q batch <<-EOF >/dev/null
 		set xray.omrout.s_trojan_address=''
-		set xray.omrout.s_trojan_port='65229'
+		set xray.omrout.s_trojan_port='65249'
 		set xray.omrout.s_trojan_user_id=''
 		set xray.omrout.s_trojan_user_security='none'
 		set xray.omrout.s_trojan_user_encryption='none'
@@ -191,14 +191,33 @@ fi
 if [ "$(uci -q get xray.omrout.s_socks_port)" = "" ]; then
 	uci -q batch <<-EOF >/dev/null
 		set xray.omrout.s_socks_address=''
-		set xray.omrout.s_socks_port='65231'
+		set xray.omrout.s_socks_port='65251'
 		set xray.omrout.s_socks_user_id=''
 		set xray.omrout.s_socks_user_security='none'
 		set xray.omrout.s_socks_user_encryption='none'
 		set xray.omrout.s_socks_user_alter_id='0'
 		commit xray
 	EOF
 fi
+if [ "$(uci -q get xray.omrout.s_shadowsocks_port)" = "" ]; then
+	uci -q batch <<-EOF >/dev/null
+		set xray.omrout.s_shadowsocks_address=''
+		set xray.omrout.s_shadowsocks_port='65252'
+		commit xray
+	EOF
+fi
+if [ "$(uci -q get xray.omrout.s_vless_reality_port)" = "" ]; then
+	uci -q batch <<-EOF >/dev/null
+		set xray.omrout.s_vless_reality_address=''
+		set xray.omrout.s_vless_reality_port='443'
+		set xray.omrout.s_vless_reality_flow='xtls-rprx-vision'
+		set xray.omrout.s_vless_reality_user_id=''
+		set xray.omrout.s_vless_reality_user_security='none'
+		set xray.omrout.s_vless_reality_user_encryption='none'
+		set xray.omrout.s_vless_reality_user_alter_id='0'
+		commit xray
+	EOF
+fi
 
 if [ "$(uci -q get xray.omrout.ss_sockopt_mptcp)" = "" ]; then
 	uci -q batch <<-EOF >/dev/null