[Bug]: 用SING-BOX生成的服务端TUIC配置还是错误。

[shan869]

描述您遇到的bug

我之前提交过BUG，/usr/lib/lua/luci/passwall/util_sing-box.lua 文件TUIC出错。 后来FIX了，虽然启动不报错，但是配置文件貌似连不上的，好像不对的。以下为生成的配置。
{
"tls": {
"enabled": true,
"key_path": "/root/private.key",
"certificate_path": "/root/self-sign.cer"
},
"type": "tuic",
"zero_rtt_handshake": false,
"listen": "::",
"users": [
{
"password": "1234",
"uuid": "2c697aa0-4db3-4af2-846a-26cac340277f",
"name": "2c697aa0-4db3-4af2-846a-26cac340277f"
},
{
"password": "1234",
"uuid": "61dc05b6-022d-4c7d-a5c1-2ad0a7f55b53",
"name": "61dc05b6-022d-4c7d-a5c1-2ad0a7f55b53"
}
],
"heartbeat": "3s",
"congestion_control": "cubic",
"listen_port": 33344,
"tag": "inbound"
}
但是我查阅TUIC服务端配置： "users": {
"00000000-0000-0000-0000-000000000000": "PASSWORD_0",
"00000000-0000-0000-0000-000000000001": "PASSWORD_1"
},关于USER格式是这样才对。其他字段有无错，我暂时也确认不了。
我发一下官网配置吧。
{
// The socket address to listen on
"server": "[::]:443",

// User list, contains user UUID and password
"users": {
    "00000000-0000-0000-0000-000000000000": "PASSWORD_0",
    "00000000-0000-0000-0000-000000000001": "PASSWORD_1"
},

// The path to the certificate file
"certificate": "PATH/TO/CERTIFICATE",

// The path to the private key file
"private_key": "PATH/TO/PRIVATE_KEY",

// Optional. Congestion control algorithm, available options:
// "cubic", "new_reno", "bbr"
// Default: "cubic"
"congestion_control": "cubic",

// Optional. Application layer protocol negotiation
// Default being empty (no ALPN)
"alpn": ["h3", "spdy/3.1"],

// Optional. If the server should create separate UDP sockets for relaying IPv6 UDP packets
// Default: true
"udp_relay_ipv6": true,

// Optional. Enable 0-RTT QUIC connection handshake on the server side
// This is not impacting much on the performance, as the protocol is fully multiplexed
// WARNING: Disabling this is highly recommended, as it is vulnerable to replay attacks. See https://blog.cloudflare.com/even-faster-connection-establishment-with-quic-0-rtt-resumption/#attack-of-the-clones
// Default: false
"zero_rtt_handshake": false,

// Optional. Set if the listening socket should be dual-stack
// If this option is not set, the socket behavior is platform dependent
"dual_stack": true,

// Optional. How long the server should wait for the client to send the authentication command
// Default: 3s
"auth_timeout": "3s",

// Optional. Maximum duration server expects for task negotiation
// Default: 3s
"task_negotiation_timeout": "3s",

// Optional. How long the server should wait before closing an idle connection
// Default: 10s
"max_idle_time": "10s",

// Optional. Maximum packet size the server can receive from outbound UDP sockets, in bytes
// Default: 1500
"max_external_packet_size": 1500,

// Optional. Maximum number of bytes to transmit to a peer without acknowledgment
// Should be set to at least the expected connection latency multiplied by the maximum desired throughput
// Default: 8MiB * 2
"send_window": 16777216,

// Optional. Maximum number of bytes the peer may transmit without acknowledgement on any one stream before becoming blocked
// Should be set to at least the expected connection latency multiplied by the maximum desired throughput
// Default: 8MiB
"receive_window": 8388608,

// Optional. Interval between UDP packet fragment garbage collection
// Default: 3s
"gc_interval": "3s",

// Optional. How long the server should keep a UDP packet fragment. Outdated fragments will be dropped
// Default: 15s
"gc_lifetime": "15s",

// Optional. Set the log level
// Default: "warn"
"log_level": "warn"

}

复现此Bug的步骤

SING-BOX 服务端 TUIC 配置不报错 但是连不上。

您想要实现的目的

FIX

日志信息

FIX

截图

No response

系统相关信息

最新版

其他信息

No response

[shan869]

我改了发现原来FIX好像还是对的，这个先让我测试一下。

[shan869]

查了一下，配置为这样的：{
"server": "[::]:52408",
"users": {
"8e21e704-9ac8-4fb8-bef1-6c9d7d7e390b": "RnJ5BfJ3"
},
"certificate": "/opt/tuic/fullchain.pem",
"private_key": "/opt/tuic/privkey.pem",
"congestion_control": "bbr",
"alpn": ["h3", "spdy/3.1"],
"udp_relay_ipv6": true,
"zero_rtt_handshake": false,
"auth_timeout": "3s",
"max_idle_time": "10s",
"max_external_packet_size": 1500,
"gc_interval": "3s",
"gc_lifetime": "15s",
"log_level": "warn"
}

其中 "certificate": "/opt/tuic/fullchain.pem",
"private_key": "/opt/tuic/privkey.pem", 跟自动生成的"key_path": "/root/private.key",
"certificate_path": "/root/self-sign.cer" 字段都对不上，又鉴于TUIC作者自己都不要项目了，所以这个ISSUE随便吧。

[lwb1978]

你上次提供的fix代码整体是没有问题的，你不要去查原版tuic的服务端配置，sing-box的tuic配置与原版不一样的，详见:https://github.com/SagerNet/sing-box/blob/dev-next/docs/configuration/inbound/tuic.zh.md?plain=1
如果你有时间的话可以研究下具体哪个参数导致无法链接的。

[shan869]

是我LUCI界面漏了QUIC TLS ALPN参数，写上h3 。然后客户端也加上，就行了。PASSWALL tuic配置没有错了。

[lwb1978]

好