Dokodemo-door: Add simple `tunnel` config (alias and default values) #4968

RPRX · 2025-08-01T10:35:56Z

Xray-core 一直都支持类似于 gost、realm 等软件所谓的“隧道”功能（通过代理协议来端口转发），也就是 dokodemo-door 入站，但是由于当初 v2 起的这个名字不太直观，知道 *ray 还能当“隧道”用的人并不多，导致 dokodemo-door 入站几乎仅用于透明代理

~~这也提醒各位记得在服务端 block "geoip:private"，防止用户通过代理直接穿透到服务端的内网~~

现在更名为了 tunnel、设置了些默认值以方便使用，顺便给 freedom 加了别名 direct、blackhole 加了别名 block 以追求直观

Tunnel 的 address 即目标地址默认为服务端的 127.0.0.1/::1，port 即目标端口默认等于本地监听端口，对于多个端口尤其有用：

（146b14a 新增 portMap 配置项，可以按本地监听端口指定走代理后的目标地址/端口，优先级高于原有的 address/port）

// client
{
    "inbounds": [
        {
            "listen": "0.0.0.0",
            "port": "5000-6000,6001",
            "protocol": "tunnel",
            "settings": {
                "network": "", // default: TCP
                "address": "", // default: remote 127.0.0.1
                "port": 0, // default: equals to local listening port
                "portMap": {
                    "5555": "1.1.1.1:7777",
                    "5556": ":8888", // overrides port only
                    "5557": "example.com:" // overrides address only
                }
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "vless",
            "settings": {
            },
            "streamSettings": {
            }
        }
    ]
}

// server
{
    "inbounds": [
        {
            "listen": "0.0.0.0",
            "port": 443,
            "protocol": "vless",
            "settings": {
            },
            "streamSettings": {
            }
        }
    ],
    "outbounds": [
        {
            "protocol": "direct",
            "settings": {
                "redirect": ""
            }
        }
    ]
}

通过以上配置即可简单地把客户端的 IPv4/TCP/5000-6001 端口通过 VLESS 协议转发到服务端相应的 IPv4/TCP/5000-6001 端口

当然你也可以设置 tunnel 入站 settings 的 address/port 或 direct 出站的 redirect 以强制覆写目标地址或端口，或都覆写

（特别地，由 tunnel 入站 5555 端口接收的流量会通过 VLESS 协议转发到 1.1.1.1:7777，优先级高于原有的 address/port）

本次久违地放出了一些 REALITY NFT 和几个 Project X NFT

请支持一个 REALITY NFT：https://opensea.io/assets/ethereum/0x5ee362866001613093361eb8569d59c4141b76d1/2

如果你有余力，请支持一个 Project X NFT：https://opensea.io/assets/ethereum/0x5ee362866001613093361eb8569d59c4141b76d1/1

dokodemo-door -> tunnel freedom -> direct blackhole -> block #4966 (comment)

RPRX · 2025-08-01T10:47:29Z

@Fangliding 文档里写的 network 默认 TCP，但我看代码中似乎会炸？你测试下

Fangliding · 2025-08-01T10:57:14Z

啊？

RPRX · 2025-08-01T11:03:27Z

~~总之你测试下示例配置能不能直接跑吧，没问题的话我就合了~~

Fangliding · 2025-08-01T11:13:21Z

这。。
试了下可以跑

Fangliding · 2025-08-01T11:14:13Z

还有如果出站是freedom的话自己倒自己会无限回环

RPRX · 2025-08-01T11:15:52Z

~~可以跑就行，真正使用时客户端和服务端是分开的，不会无限回环~~

RPRX · 2025-08-01T12:16:18Z

有点想加个配置项 portMaps，可以指定把 "5500" 端口映射到 "7000" 这种

Fangliding · 2025-08-01T12:37:54Z

很久以前写过这种恶趣味功能输入一个公式然后计算 RemotePort = f(LocalPort) mod 65536

atlanticfirst · 2025-08-01T14:20:32Z

大佬，请问如果转发的端口设置为1-65535，xray现在是可以直接当gateway使用了吗？

Fangliding · 2025-08-01T14:21:46Z

这和三层的gateway可不是一个东西啊。。

…specified port) Completes #4968

…specified address/port) Completes #4968

RPRX · 2025-08-02T15:24:54Z

146b14a 新增 portMap 配置项，可以按本地监听端口指定走代理后的目标地址/端口，优先级高于原有的 address/port

已更新本 PR 正文与配置示例，~~这下终于更舒服了~~

patterniha · 2025-08-02T16:04:08Z

@RPRX

I use this new alias for serverless-for-Iran to force clients use latest version, to benefit from the latest features and bug fixes.

///

also, I think adding minVersion option in config to force clients to use version>=minVersion.

what's your idea?

RPRX · 2025-08-02T16:07:59Z

also, I think adding minVersion option in config to force clients to use version>=minVersion.

what's your idea?

这个我也想过，可以做，你写吧

RPRX · 2025-08-02T16:10:06Z

因为以后出配置订阅肯定要加 minVersion，现在加也行，顺便你加个 maxVersion 吧，因为有些配置只适用于特定时期的 Xray

patterniha · 2025-08-02T16:13:02Z

Should it be added to ‍‍policy settings?

RPRX · 2025-08-02T16:16:47Z

加在根配置吧，policy 有本地策略不太能被订阅

patterniha · 2025-08-02T16:18:55Z

Ok, I'll add it later, anyway it cannot force current users.

RPRX · 2025-08-02T16:20:29Z

"version": {
    "min": "25.8.3",
    "max": ""
}

patterniha · 2025-08-02T16:23:27Z

@RPRX

When will the new version be released?

RPRX · 2025-08-02T16:24:09Z

When will the new version be released?

2025.8.3

patterniha · 2025-08-02T16:25:59Z

ok, i will add in 2 hours at most.

#4968 (comment)

…TLS#4968) dokodemo-door -> tunnel freedom -> direct blackhole -> block XTLS#4966 (comment) XTLS#4967 (comment) (cherry picked from commit 116cd70)

…specified address/port) Completes XTLS#4968 (cherry picked from commit 146b14a)

Dokodemo-door: Add simple tunnel config and default values

b9d4dda

dokodemo-door -> tunnel freedom -> direct blackhole -> block #4966 (comment)

RPRX changed the title ~~Dokodemo-door: Add simple tunnel config and default values~~ Dokodemo-door: Add simple (alias) tunnel config and default values Aug 1, 2025

RPRX changed the title ~~Dokodemo-door: Add simple (alias) tunnel config and default values~~ Dokodemo-door: Add simple tunnel config (alias and default values) Aug 1, 2025

Update dokodemo.go

811b852

RPRX mentioned this pull request Aug 1, 2025

TLS ECH client: Add echForceQuery config #4947

Merged

RPRX merged commit 116cd70 into main Aug 1, 2025
78 checks passed

RPRX deleted the tunnel branch August 1, 2025 12:05

RPRX added a commit that referenced this pull request Aug 2, 2025

Tunnel inbound: Add portTos config (local listening port to remote …

bb5fc3e

…specified port) Completes #4968

RPRX added a commit that referenced this pull request Aug 2, 2025

Tunnel inbound: Add portTos config (local listening port to remote …

ef777a2

…specified port) Completes #4968

This comment was marked as outdated.

Sign in to view

This comment was marked as resolved.

Sign in to view

RPRX added a commit that referenced this pull request Aug 2, 2025

Tunnel inbound: Add portMap config (local listening port -> remote …

146b14a

…specified address/port) Completes #4968

patterniha mentioned this pull request Aug 2, 2025

Root config: Add version config (min and max) #4970

Merged

RPRX pushed a commit that referenced this pull request Aug 3, 2025

Root config: Add version config (min and max) (#4970)

87fff12

#4968 (comment)

BrewTestBot mentioned this pull request Aug 3, 2025

xray 25.8.3 Homebrew/homebrew-core#232225

Merged

1 task

RORYSSS mentioned this pull request Aug 15, 2025

测试发现：通过任意门中转落地的 vless+reality+vision 节点在新版 SSRPLUS 里无法使用（谷歌测试错误） fw876/helloworld#1768

Closed

maoxikun pushed a commit to maoxikun/Xray-core that referenced this pull request Aug 23, 2025

Tunnel inbound: Add portMap config (local listening port -> remote …

a7048c4

…specified address/port) Completes XTLS#4968 (cherry picked from commit 146b14a)

Dokodemo-door: Add simple tunnel config (alias and default values) #4968

Dokodemo-door: Add simple tunnel config (alias and default values) #4968

Conversation

RPRX commented Aug 1, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

RPRX commented Aug 1, 2025

Uh oh!

Fangliding commented Aug 1, 2025

Uh oh!

RPRX commented Aug 1, 2025

Uh oh!

Fangliding commented Aug 1, 2025

Uh oh!

Fangliding commented Aug 1, 2025

Uh oh!

RPRX commented Aug 1, 2025

Uh oh!

Uh oh!

RPRX commented Aug 1, 2025

Uh oh!

Fangliding commented Aug 1, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

atlanticfirst commented Aug 1, 2025

Uh oh!

Fangliding commented Aug 1, 2025

Uh oh!

This comment was marked as outdated.

This comment was marked as resolved.

RPRX commented Aug 2, 2025

Uh oh!

patterniha commented Aug 2, 2025

Uh oh!

RPRX commented Aug 2, 2025

Uh oh!

RPRX commented Aug 2, 2025

Uh oh!

patterniha commented Aug 2, 2025

Uh oh!

RPRX commented Aug 2, 2025

Uh oh!

patterniha commented Aug 2, 2025

Uh oh!

RPRX commented Aug 2, 2025

Uh oh!

patterniha commented Aug 2, 2025

Uh oh!

RPRX commented Aug 2, 2025

Uh oh!

patterniha commented Aug 2, 2025

Uh oh!

Uh oh!

Dokodemo-door: Add simple `tunnel` config (alias and default values) #4968

Dokodemo-door: Add simple `tunnel` config (alias and default values) #4968

RPRX commented Aug 1, 2025 •

edited

Loading

Fangliding commented Aug 1, 2025 •

edited

Loading