12 KiB
luci-app-xray
luci-app-v2ray refined to client side rendering (and switched to xray as well).
Focus on making the most of Xray (HTTP/HTTPS/Socks/TProxy inbounds, multiple protocols support, DNS server, bridge (reverse proxy), even HTTPS proxy server for actual HTTP services) while keeping thin and elegant.
Warnings
-
Since the last OpenWrt version with
firewall3
as default firewall implementation (which is OpenWrt 21.02.7) is now EoL, thefw3
variant of this project is no longer maintained.- It is strongly recommended to use
fw4
variant. - The old version is still kept there and should work but no new features (added after Xray v1.8.1) or bugfixes will be added there.
- It is strongly recommended to use
-
Since version 2.0.0 this project is split into
fw3
andfw4
variants and this breaks compatibility:- Configuration files and init scripts are renamed. Manually refill configurations or run
mv /etc/config/xray /etc/config/xray_fw4
(for fw4, similar for fw3) for migration. - installation method is changed. See
Installation
below for details.
- Configuration files and init scripts are renamed. Manually refill configurations or run
-
About experimental REALITY support
- may change quite frequently so keep in mind about following warnings
- server role support involves breaking changes if you use HTTPS server: certificate settings are now bound to stream security, so previously uploaded certificate and key files will disappear in LuCI, but this won't prevent Xray from using them. Your previously uploaded file are still there, just select them again in LuCI. If Xray fails to start up and complains about missing certificate files, also try picking them again.
- legacy XTLS support has already been removed in version 1.8.0 and is also removed by this project since version 2.0.0.
-
There will be a series of BREAKING CHANGES in the following months due to some major refactor of DNS module. Please read changelog carefully to know about breaking changes and always backup your configuration files before updating.
-
If you see
WARNING: at least one of asset files (geoip.dat, geosite.dat) is not found under /usr/share/xray. Xray may not work properly
and don't know what to do:- try
opkg update && opkg install xray-geodata
(at least OpenWrt 21.02 releases) - if that doesn't work or you are using OpenWrt 19.07 releases, see #52
- try
-
This project DOES NOT SUPPORT the following versions of OpenWrt due to the fact that client side rendering requires LuCI client side APIs shipped with at least OpenWrt 19.07 releases.
- LEDE 17.01
- OpenWrt 18.06
- Lean's OpenWrt Source (which uses a variant of LuCI shipped with OpenWrt 18.06)
If this is your case, use Passwall or similar projects instead (you could find links in XTLS/Xray-core).
-
For OpenWrt 19.07 releases, you need to prepare your own xray-core package (just download from Releases · yichya/openwrt-xray and install that) because building Xray from source requires Go 1.17 which is currently only available in at least OpenWrt 21.02 releases.
-
This project may change its code structure, configuration files format, user interface or dependencies quite frequently since it is still in its very early stage.
Installation (Fw4 only)
Just use opkg -i *
to install both ipks from Releases.
Installation (Manually building OpenWrt)
Choose one below:
- Add
src-git-full luci_app_xray https://github.com/yichya/luci-app-xray
tofeeds.conf.default
and run./scripts/feeds update -a; ./scripts/feeds install -a
- Clone this repository under
package
Then find luci-app-xray
under Extra Packages
.
Changelog 2023
- 2023-01-01 feat: optional restart of dnsmasq on interface change
- 2023-01-18
[OpenWrt 22.03 or above only]
feat: option to ignore TP_SPEC_DEF_GW - 2023-01-23
[OpenWrt 22.03 or above only]
feat: custom configurations in outbounds. Say if you want to try XTLS/Xray-core#1540 before its release, you can specify{"streamSettings": {"tlsSettings": {"fingerprint": "xray_random"}}}
in "Custom Options" tab of the corresponding outbound. See the help text in LuCI ui for the rules of configuration override. - 2023-03-10
[OpenWrt 22.03 or above only]
feat: experimental REALITY support - 2023-03-11 feat: h2 read_idle_timeout and health_check_timeout settings
- 2023-04-03 feat: split this project into
fw3
andfw4
variants - 2023-04-17 chore: provide prebuilt packages for
fw4
variant - 2023-04-29 fix: make
fw3
variant actually usable; add REALITY support forfw3
variant - 2023-05-24 feat:
[OpenWrt 22.03 or above only]
support transparent proxy ports filter (fw4) - 2023-05-29 feat:
[OpenWrt 22.03 or above only]
add counter in fw4 - 2023-05-29 chore: change default config to not using proxy
Changelog 2022
- 2022-01-08 feat: bridge; add DomainStrategy for outbound; minor UI changes
- 2022-01-31 fix: multiple hosts in lan access control; simplify init script
- 2022-02-01 feat: refactor transparent-proxy-ipset to use lua
- 2022-02-02 feat: return certain domain names as NXDOMAIN
- 2022-02-03 fix: failed to start Xray when blocked domain list is empty
- 2022-02-15 feat: add a large
rlimit_data
option - 2022-02-19 fix:
rlimit_data
andrlimit_nofile
does not work together - 2022-02-20 fix: return a discarded address instead of nxdomain to let dnsmasq cache these queries
- 2022-03-25 feat: remove web and add metrics configurations (recommended to use with metrics support)
- 2022-04-24 feat: metrics is now out of optional features; add basic ubus wrapper for xray apis
- 2022-05-13 feat: shadowsocks-2022 protocols support
- 2022-06-04
[OpenWrt 22.03 or above only]
feat: nftables support (experimental) - 2022-06-05 feat: shadowsocks-2022 UDP over TCP support
- 2022-06-14 feat: multiple geoip direct code
- 2022-06-19
[OpenWrt 22.03 or above only]
feat: skip proxy for specific uids / gids - 2022-08-07 fix: avoid duplicated items in generated nftables ruleset
- 2022-08-13 fix: make sure forwarded IPs are always forwarded to Xray even for reserved addresses. Xray may not forward those requests so that manner may be changed later.
- 2022-09-01 feat: specify outbound for manual transparent proxy
- 2022-09-26 feat: show process running status
- 2022-10-02 feat: detect xray binary path; allow changing default HTTPS server port
- 2022-10-03 feat: switch to disable TCP / UDP transparent proxy
- 2022-10-05 feat: dialer proxy
- 2022-10-06
[OpenWrt 22.03 or above only]
feat: use goto instead of jump in nftables rules - 2022-10-29
[OpenWrt 22.03 or above only]
feat: rewrite gen_config in ucode - 2022-11-01 feat: support xtls-rprx-vision
- 2022-12-13 fix: force restart dnsmasq on interface change
Changelog 2021
- 2021-01-01 feature: build Xray from source; various fixes about tproxy and logging
- 2021-01-25 feature: Xray act as HTTPS server
- 2021-01-29 fix: add ipset as dependency to fix transparent proxy problems; remove useless and faulty extra_command in init.d script
- 2021-01-29 feature: decouple with Xray original binary and data files. Use openwrt-xray instead.
- 2021-01-30 feature: select GeoIP set for direct connection. This is considered a BREAKING change because if unspecified, all IP addresses is forwarded through Xray.
- 2021-03-17 feature: support custom configuration files by using Xray integrated Multiple configuration files support. Check
/var/etc/xray/config.json
for tags of generated inbounds and outbounds. - 2021-03-20 fix: no longer be compatible with OpenWrt Packages: xray-core because of naming conflict of configuration file and init script. Again, use openwrt-xray instead.
- 2021-03-21 feature: detailed fallback config for Xray HTTPS server
- 2021-03-27 feature: check data files before using them. If data files don't exist, Xray will run in 'full' mode (all outgoing network traffic will be forwarded through Xray). Make sure you have a working server in this case or you have to disable Xray temporarily (SSH into your router and run
service xray stop
) for debugging. You can download data files from Releases · XTLS/Xray-core or Loyalsoldier/v2ray-rules-dat and upload them to/usr/share/xray
on your router, or just compile your firmware with data files included (recommended in most cases). - 2021-04-02 feature: utls fingerprint (currently not available for xtls and will be supported in Xray-core v1.5.0)
- 2021-04-06 feature: customize DNS bypass rules. This is considered a BREAKING change because if unspecified, all DNS requests is forwarded through Xray.
- 2021-05-15 feature: add gRPC Transport settings; make init script infinite retry optional
- 2021-07-03 fix: write upstream hostname to dnsmasq configurations to avoid infinite loop while resolving upstream hostname
- 2021-08-31 feature: Accept more DNS server formats
- 2021-09-19 fix: compatible with latest dnsmasq (2.86) by adding
strict-order
to dnsmasq options generated by luci-app-xray. This should not affect compatibility with earlier dnsmasq versions (mostly 2.85) but if you encounter problems please report. - 2021-09-26 fix: several issues related to HTTPS server
- 2021-10-01 fix: parsing default gateway in some cases
- 2021-10-06 feature: show information about asset files in LuCI; fix Xray startup when asset files are unavailable
- 2021-10-08 feature: extra DNS Server Port to reduce possibility of temporary DNS lookup failures
- 2021-10-09 fix: temporarily revert DNS over HTTPS related changes to avoid dnsmasq and iptables errors
- 2021-10-12 fix: domain based routing if sniffing is enabled
- 2021-10-19 feat: change upstream DNS resolve method to directly using Xray internal DNS server
- 2021-11-14 feat: LAN access control for transparent proxy. Devices can be set to not being transparently proxied per MAC address.
- 2021-11-15 feat: manual transparent proxy. A use case is accessing IPv6 only websites without any IPv6 address (for example,
192.0.2.1:443 -> tracker.byr.pt:443
and add hosts item192.0.2.1 byr.pt
) - 2021-11-20 feat: alpn settings for outbound
- 2021-11-21 fix: minor adjustments about service reloading, default DNS port, host hints, etc.
- 2021-12-16 feat: expose log and policy settings
- 2021-12-24 feat: grpc health check and initial window size
- 2021-12-25 feat: be compatible with OpenWrt Packages: xray-core again (by replacing its UCI configuration file and init script upon install). Still supports using openwrt-xray. This should work in most cases and your previous configuration file of luci-app-xray is also preserved, but if you encounter problems please report.
- 2021-12-26 feat: support custom DNS port
Changelog 2020
- 2020-11-14 feature: basic transparent proxy function
- 2020-11-15 fix: vless flow settings & compatible with busybox ip command
- 2020-12-04 feature: add xtls-rprx-splice to flow
- 2020-12-26 feature: allow to determine whether to use proxychains during build; trojan xtls flow settings
Todo
- LuCI ACL Settings
- migrate to xray-core
- better server role configurations
- transparent proxy access control for LAN
- try to be compatible with OpenWrt Packages: xray-core
- Better DNS module implementation like DoH (may involve breaking changes)