-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathxray_config.json
85 lines (85 loc) · 2.79 KB
/
xray_config.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
{
"log": {
"access": "none",
"loglevel": "warning",
"dnsLog": false
},
"dns": {
"queryStrategy": "UseIP",
"disableCache": false,
"disableFallback": false,
"disableFallbackIfMatch": false,
"hosts": {
"dns.google": ["8.8.8.8", "8.8.4.4"]
},
"servers": [
"https+local://dns.google/dns-query",
"https+local://1.1.1.1/dns-query"
]
},
"routing": {
"domainStrategy": "IPIfNonMatch",
"rules": [
{ //DNS requests from the router itself -> dns module
"ruleTag": "dns_router",
"inboundTag": ["in_dns"],
"outboundTag": "out_dns"
},
{ //DNS requests from clients to external servers -> dns module
//although DNS requests from clients satisfying any rule above this one (by any other criteria) should not be captured by dns module, in reality they PARTLY DO because of sniffing in inbounds (which is required if you use routing rules by domains)
"ruleTag": "dns_clients",
"port": 53,
"network": "tcp,udp",
"outboundTag": "out_dns"
}
//Not matched -> direct
]
},
"inbounds": [
{ //input from TPROXY
"tag": "in_tproxy",
"listen": "127.0.0.1",
"port": 12345,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"streamSettings": {
"sockopt": {
"tproxy": "tproxy"
}
}
},
{ //input from OpenWrt DNS resolver (dnsmasq), append "list server '127.0.0.1#5353'" to "config dnsmasq" section in '/etc/config/dhcp'
"tag": "in_dns",
"listen": "127.0.0.1",
"port": 5353,
"protocol": "dokodemo-door",
"settings": {
"address": "8.8.8.8", //DNS module should take over that connection (through specific routing rule) so this address shouldn't matter much, leave as Google just in case
"port": 53,
"network": "tcp,udp",
"followRedirect": false
}
}
],
"outbounds": [
{ //output to conventional routing
"tag": "out_direct",
"protocol": "freedom"
},
{ //output to DNS module
"tag": "out_dns",
"protocol": "dns"
},
{ //output to blackhole
"tag": "out_block",
"protocol": "blackhole"
}
]
}