No description
94677aae9b
## 问题 新版 Telegram 客户端将 SNI 数据嵌入在 GREASE 扩展中,而不是作为独立的 SNI 扩展。 导致服务端无法解析到 SNI 扩展(ID=0x0000),连接被拒绝。 ## 解决方案 参考 Python 版本(alexbers-mtprotoproxy)的实现: - Python 版本不解析 SNI,只验证 digest 和 timestamp - 直接使用配置的默认域名 修改 C 版本的行为: - 当 get_sni_domain_info() 返回 NULL 时,不再拒绝连接 - 改为使用 default_domain_info(配置的默认域名) - 只有在未配置默认域名时才拒绝连接 ## 修改内容 文件:net/net-tcp-rpc-ext-server.c (line 1248-1257) 修改前: - 无法解析 SNI → 返回错误 → 转发到上游 修改后: - 无法解析 SNI → 使用默认域名 → 继续处理 - 未配置默认域名 → 返回错误 ## 预期效果 - ✅ 支持新版客户端(SNI 嵌入在 GREASE 中) - ✅ 兼容旧版客户端(带标准 SNI 扩展) - ✅ 与 Python 版本行为一致 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> |
||
|---|---|---|
| common | ||
| crypto | ||
| engine | ||
| jobs | ||
| mtproto | ||
| net | ||
| vv | ||
| .gitignore | ||
| GPLv2 | ||
| LGPLv2 | ||
| Makefile | ||
| README.md | ||
MTProxy
Simple MT-Proto proxy
Building
Install dependencies, you would need common set of tools for building from source, and development packages for openssl and zlib.
On Debian/Ubuntu:
apt install git curl build-essential libssl-dev zlib1g-dev
On CentOS/RHEL:
yum install openssl-devel zlib-devel
yum groupinstall "Development Tools"
Clone the repo:
git clone https://github.com/TelegramMessenger/MTProxy
cd MTProxy
To build, simply run make, the binary will be in objs/bin/mtproto-proxy:
make && cd objs/bin
If the build has failed, you should run make clean before building it again.
Running
- Obtain a secret, used to connect to telegram servers.
curl -s https://core.telegram.org/getProxySecret -o proxy-secret
- Obtain current telegram configuration. It can change (occasionally), so we encourage you to update it once per day.
curl -s https://core.telegram.org/getProxyConfig -o proxy-multi.conf
- Generate a secret to be used by users to connect to your proxy.
head -c 16 /dev/urandom | xxd -ps
- Run
mtproto-proxy:
./mtproto-proxy -u nobody -p 8888 -H 443 -S <secret> --aes-pwd proxy-secret proxy-multi.conf -M 1
... where:
nobodyis the username.mtproto-proxycallssetuid()to drop privileges.443is the port, used by clients to connect to the proxy.8888is the local port. You can use it to get statistics frommtproto-proxy. Likewget localhost:8888/stats. You can only get this stat via loopback.<secret>is the secret generated at step 3. Also you can set multiple secrets:-S <secret1> -S <secret2>.proxy-secretandproxy-multi.confare obtained at steps 1 and 2.1is the number of workers. You can increase the number of workers, if you have a powerful server.
Also feel free to check out other options using mtproto-proxy --help.
- Generate the link with following schema:
tg://proxy?server=SERVER_NAME&port=PORT&secret=SECRET(or let the official bot generate it for you). - Register your proxy with @MTProxybot on Telegram.
- Set received tag with arguments:
-P <proxy tag> - Enjoy.
Random padding
Due to some ISPs detecting MTProxy by packet sizes, random padding is added to packets if such mode is enabled.
It's only enabled for clients which request it.
Add dd prefix to secret (cafe...babe => ddcafe...babe) to enable
this mode on client side.
Systemd example configuration
- Create systemd service file (it's standard path for the most Linux distros, but you should check it before):
nano /etc/systemd/system/MTProxy.service
- Edit this basic service (especially paths and params):
[Unit]
Description=MTProxy
After=network.target
[Service]
Type=simple
WorkingDirectory=/opt/MTProxy
ExecStart=/opt/MTProxy/mtproto-proxy -u nobody -p 8888 -H 443 -S <secret> -P <proxy tag> <other params>
Restart=on-failure
[Install]
WantedBy=multi-user.target
- Reload daemons:
systemctl daemon-reload
- Test fresh MTProxy service:
systemctl restart MTProxy.service
# Check status, it should be active
systemctl status MTProxy.service
- Enable it, to autostart service after reboot:
systemctl enable MTProxy.service
Docker image
Telegram is also providing official Docker image. Note: the image is outdated.