Replies: 270 comments 56 replies
-
|
据说是GFW专门针对优选ip的手段,使用优选ip访问非cloudflare域名就会触发,猜测是常用的优选ip段可能有一个sni白名单。 如果是要中转梯子,解决方法其实也简单,不套tls不发sni,用80/8080等http端口连接cloudflare就行了。 |
Beta Was this translation helpful? Give feedback.
-
|
我也遇到同样的情况,四川联通。 |
Beta Was this translation helpful? Give feedback.
-
|
@wy580477 自从几个月前时间 Cloudflare 节点与国内联通的某条线路出问题后,常见的 104 172 这两个 IP 段里(且它们也是默认分配 IP 的范围)大部分 IP 在我这边联通就几乎不可用了(延迟高、丢包高)。。。 不过我一直以来都用的是自选 IP(我只是用来加速访问使用 Cloudflare CDN 的网站),所以没啥感觉,直到最近(大概半个月内吧),才遇到我 1L 描述的情况。 因此我很怀疑,前者的情况也和墙脱不了干系。。。 总之,目前的情况就是,我这边 Cloudflare CDN 可用性大幅降低了(不管是默认还是自选)。 |
Beta Was this translation helpful? Give feedback.
-
|
我这也是,用
|
Beta Was this translation helpful? Give feedback.
-
|
@chenyaofo 就像我说的:一旦访问很快就超时了(但不是立马超时,会延迟几秒,所以刚开始能打开一两个网页的样子)。 |
Beta Was this translation helpful? Give feedback.
-
|
四川电信,现象完全一样 |
Beta Was this translation helpful? Give feedback.
-
|
楼上给个测试ip |
Beta Was this translation helpful? Give feedback.
-
workers.dev已经确认是被干扰了, 现在有人的改用pages,有的人用自己的域名,设置路由指向worker |
Beta Was this translation helpful? Give feedback.
-
|
workers很早就确认干扰了,目前cf的ip干扰现象还没发现 |
Beta Was this translation helpful? Give feedback.
-
|
跟楼主的阻断时间重合,将来不能嵌套cf了吗? |
Beta Was this translation helpful? Give feedback.
-
这个原理是什么? |
Beta Was this translation helpful? Give feedback.
-
sni阻断原理是根据tls握手时候的明文sni(域名)进行tcp阻断。绕过去方法有两个:
|
Beta Was this translation helpful? Give feedback.
-
可以理解为把vless or vmess中的tls改为quic协议对吗? |
Beta Was this translation helpful? Give feedback.
-
梯子中转不能用quic过cf,cf不支持quic回源。cf中转梯子可以用vmess ws无tls协议。 梯子直连情况下遇到sni阻断,可以改成quic协议绕过去。 |
Beta Was this translation helpful? Give feedback.
-
|
北京联通/宽带通似乎有,但有随机性 |
Beta Was this translation helpful? Give feedback.
-
|
看了下监控,从本月16号开始有点放松了?大多数时间都能连上 (广东惠州电信) |
Beta Was this translation helpful? Give feedback.
-
|
GitHub又偶发性地能连了,难蚌,温水煮青蛙 |
Beta Was this translation helpful? Give feedback.
-
不能上网,歪果仁都跑了 |
Beta Was this translation helpful? Give feedback.
-
|
貌似又出现了阻断三分钟的情况,难道因为访美 |
Beta Was this translation helpful? Give feedback.
-
|
这几天是不是又开始阻断了??? |
Beta Was this translation helpful? Give feedback.
-
|
上海移动,这几天shadowtls似乎奇卡无比,我还以为是出口的问题 |
Beta Was this translation helpful? Give feedback.
-
|
shadowtls能走cdn? |
Beta Was this translation helpful? Give feedback.
-
|
见鬼,教育网出口没有直接阻断,但是每过12h优选出来的ip就会从50ms变到250ms |
Beta Was this translation helpful? Give feedback.
-
测出来的逆天ip
|
Beta Was this translation helpful? Give feedback.
-
|
贵州毕节电信好像全部给我SNI阻断了,昨天好好的,今天代理不了了 |
Beta Was this translation helpful? Give feedback.
-
|
最近开会,墙是不是疯了。。。?你们tls还精准识别么? |
Beta Was this translation helpful? Give feedback.
-
|
vless谁敢不用tls。。。 |
Beta Was this translation helpful? Give feedback.
-
|
勇哥说的:你不做非法的事,开不开无所谓! |
Beta Was this translation helpful? Give feedback.
-
|
哈哈哈哈哈,笑死,一条内裤的梗么 |
Beta Was this translation helpful? Give feedback.
-
|
我试过了,关了tls一样用不成,改用ipv6吧! |
Beta Was this translation helpful? Give feedback.
-
|
倒是有些大佬分享的ipv4能用,速度也快,不知道怎么找到的 |
Beta Was this translation helpful? Give feedback.
-
|
基本上测出的IP都不能用,偶尔能连上,但立即又断了!准备试试ipv6怎么样。 |
Beta Was this translation helpful? Give feedback.
-
|
经常这样啊,已经放弃cdn了。改reality吧。 |
Beta Was this translation helpful? Give feedback.
-
|
该用ipv6吧,测出的IP都能用,速度也可以!IP4折腾了我一整天,我就说是哪里出问题了,重置worker,测了许多遍,换电脑,换手机,换app,都不能用,原来是被阻断了! |
Beta Was this translation helpful? Give feedback.
-
|
curl -v 地址是不是显示NSS error -5938 (PR_END_OF_FILE_ERROR),套CDN完全打不开了,能排除的都排除了 |
Beta Was this translation helpful? Give feedback.
-
|
2024.4.15号起又开始搞事情了,我的点一被探测到使用 SS + V2RAY PLUG 直接阻断PORT。。过2-3分钟又可以用了,就是不能挂ss + v2rayplug 有没有大佬出个解决方案?更换域名吗? |
Beta Was this translation helpful? Give feedback.
-
|
我这里移动cloudflare又开始走香港了,104.19.0.0/16这种段都只有40ms左右的延迟,23年1月之后本来都走美西。奇怪的是ipv6并没有恢复,不知道能放风几天。而且之前用cdn+ws+tls都会被阻断3分钟,我现在改用cdn+grpc+tls就没有毛病。 |
Beta Was this translation helpful? Give feedback.
-
|
2024.6.7,又开始出现大规模阻断了 |
Beta Was this translation helpful? Give feedback.
-
|
我的是被域名拦截了,换了一个域名又被拦截了 |
Beta Was this translation helpful? Give feedback.
-
开tls分片 |
Beta Was this translation helpful? Give feedback.
-
|
试试ping谷歌的dns能不能ping通,延迟怎么样。能用的话用谷歌的dns(8.8.8.8),那样各个网站访问情况都能好很多。比如我山东东营联通用谷歌dns上Github和cf官网都一直是通的(从今年1月山东开始屏蔽cf到现在)。 |
Beta Was this translation helpful? Give feedback.
-
|
最近租的房子没有ipv6,一天能断好几次,不只是cf 的IP被阻断,似乎是针对个人宽带的,所有国际流量都出不去,ssh quic,包括一些正常的网站都不行。一般断个几分钟,联通。 |
Beta Was this translation helpful? Give feedback.
-
全国机房在升级整顿pcdn,能精准监控端口流量,估计顺带把出国的也干了,我就说这几天连梯子端口都是日日封 |
Beta Was this translation helpful? Give feedback.
-
|
2024/10/12 浙江电信扫100+个ip后稳定复现收不到SYN包,疑似阻断,而且不止是cf段阻断,网易云音乐也加载不出来,数分钟后恢复,ipv6无此问题,阻断期间ipv6依然可以访问,不确定是电信问题还是GFW问题,感觉是轮段触发了GFW针对优选ip的什么CDN检测机制然后被黑洞了几分钟 |
Beta Was this translation helpful? Give feedback.
-
|
成都 家宽被阻断,使用手机流量不会(联通流量) 单位电信宽带也不会 |
Beta Was this translation helpful? Give feedback.
and others
-
以前一直看到有人说 Cloudflare CDN 的 IP 被干扰阻断,但是我联通一直没遇到,不过最近(2022年5月)我这边也出现了类似的情况。
而且我这次很确定是 运营商/墙 干的,干扰的很厉害。
同一个 IP,不访问时一切正常(ICMP、TCP 通顺),一旦 HTTPS 访问很快就 443 端口 TCP 超时了(但不是立马超时,会给你预留几秒,ICMP、TCP 80 通顺),而且还是标准的 3 分钟整,太规律了就显得太假了。
这让我想到了 Steam、Github 的 SNI 干扰(不过这个是根据域名来超时 IP 的,不在乎是什么 IP。而 Cloudflare 这个是针对其CDN IP 的,暂时称为 IP 干扰吧),也是一但访问可能就会超时 3 分钟整,都是只局限于单个宽带用户(即只有你超时,其他人哪怕是邻居也完全不受影响)。
因此大家可能会遇到,测速完成后,延迟正常、下载速度也挺快,但是拿去使用却用不了(或者 IP 的 443 端口超时了),就是因为在下载测速阶段(HTTPS 访问)触发了上面说的 IP 阻断情况,导致该 IP 刚测速完就 G 了。。。
有时候刚用 CloudflareST 测完速(有下载速度就代表 IP 可用),得到的 IP 就 443 端口超时 3 分钟了,非常规律。
看来距离 Cloudflare "自愿" 退出中国不远了,我已经完全改用 IPv6 了,应该会多撑一段时间,且用且珍惜。
目前已知 Cloudflare CDN、AWS CloudFront CDN、Gcore CDN、Fastly CDN 都出现了同样的干扰阻断现象(仅 IPv4)。
有遇见类似情况的没有?可以讨论交流下。
Beta Was this translation helpful? Give feedback.
All reactions