github.com/v2fly/v2ray-core/v5@v5.16.2-0.20240507031116-8191faa6e095/testing/scenarios/tls_test.go (about)

     1  package scenarios
     2  
     3  import (
     4  	"crypto/x509"
     5  	"runtime"
     6  	"testing"
     7  	"time"
     8  
     9  	"golang.org/x/sync/errgroup"
    10  	"google.golang.org/protobuf/types/known/anypb"
    11  
    12  	core "github.com/v2fly/v2ray-core/v5"
    13  	"github.com/v2fly/v2ray-core/v5/app/proxyman"
    14  	"github.com/v2fly/v2ray-core/v5/common"
    15  	"github.com/v2fly/v2ray-core/v5/common/net"
    16  	"github.com/v2fly/v2ray-core/v5/common/protocol"
    17  	"github.com/v2fly/v2ray-core/v5/common/protocol/tls/cert"
    18  	"github.com/v2fly/v2ray-core/v5/common/serial"
    19  	"github.com/v2fly/v2ray-core/v5/common/uuid"
    20  	"github.com/v2fly/v2ray-core/v5/proxy/dokodemo"
    21  	"github.com/v2fly/v2ray-core/v5/proxy/freedom"
    22  	"github.com/v2fly/v2ray-core/v5/proxy/vmess"
    23  	"github.com/v2fly/v2ray-core/v5/proxy/vmess/inbound"
    24  	"github.com/v2fly/v2ray-core/v5/proxy/vmess/outbound"
    25  	"github.com/v2fly/v2ray-core/v5/testing/servers/tcp"
    26  	"github.com/v2fly/v2ray-core/v5/testing/servers/udp"
    27  	"github.com/v2fly/v2ray-core/v5/transport/internet"
    28  	"github.com/v2fly/v2ray-core/v5/transport/internet/http"
    29  	"github.com/v2fly/v2ray-core/v5/transport/internet/tls"
    30  	"github.com/v2fly/v2ray-core/v5/transport/internet/websocket"
    31  )
    32  
    33  func TestSimpleTLSConnection(t *testing.T) {
    34  	tcpServer := tcp.Server{
    35  		MsgProcessor: xor,
    36  	}
    37  	dest, err := tcpServer.Start()
    38  	common.Must(err)
    39  	defer tcpServer.Close()
    40  
    41  	userID := protocol.NewID(uuid.New())
    42  	serverPort := tcp.PickPort()
    43  	serverConfig := &core.Config{
    44  		Inbound: []*core.InboundHandlerConfig{
    45  			{
    46  				ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
    47  					PortRange: net.SinglePortRange(serverPort),
    48  					Listen:    net.NewIPOrDomain(net.LocalHostIP),
    49  					StreamSettings: &internet.StreamConfig{
    50  						SecurityType: serial.GetMessageType(&tls.Config{}),
    51  						SecuritySettings: []*anypb.Any{
    52  							serial.ToTypedMessage(&tls.Config{
    53  								Certificate: []*tls.Certificate{tls.ParseCertificate(cert.MustGenerate(nil))},
    54  							}),
    55  						},
    56  					},
    57  				}),
    58  				ProxySettings: serial.ToTypedMessage(&inbound.Config{
    59  					User: []*protocol.User{
    60  						{
    61  							Account: serial.ToTypedMessage(&vmess.Account{
    62  								Id: userID.String(),
    63  							}),
    64  						},
    65  					},
    66  				}),
    67  			},
    68  		},
    69  		Outbound: []*core.OutboundHandlerConfig{
    70  			{
    71  				ProxySettings: serial.ToTypedMessage(&freedom.Config{}),
    72  			},
    73  		},
    74  	}
    75  
    76  	clientPort := tcp.PickPort()
    77  	clientConfig := &core.Config{
    78  		Inbound: []*core.InboundHandlerConfig{
    79  			{
    80  				ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
    81  					PortRange: net.SinglePortRange(clientPort),
    82  					Listen:    net.NewIPOrDomain(net.LocalHostIP),
    83  				}),
    84  				ProxySettings: serial.ToTypedMessage(&dokodemo.Config{
    85  					Address: net.NewIPOrDomain(dest.Address),
    86  					Port:    uint32(dest.Port),
    87  					NetworkList: &net.NetworkList{
    88  						Network: []net.Network{net.Network_TCP},
    89  					},
    90  				}),
    91  			},
    92  		},
    93  		Outbound: []*core.OutboundHandlerConfig{
    94  			{
    95  				ProxySettings: serial.ToTypedMessage(&outbound.Config{
    96  					Receiver: []*protocol.ServerEndpoint{
    97  						{
    98  							Address: net.NewIPOrDomain(net.LocalHostIP),
    99  							Port:    uint32(serverPort),
   100  							User: []*protocol.User{
   101  								{
   102  									Account: serial.ToTypedMessage(&vmess.Account{
   103  										Id: userID.String(),
   104  									}),
   105  								},
   106  							},
   107  						},
   108  					},
   109  				}),
   110  				SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{
   111  					StreamSettings: &internet.StreamConfig{
   112  						SecurityType: serial.GetMessageType(&tls.Config{}),
   113  						SecuritySettings: []*anypb.Any{
   114  							serial.ToTypedMessage(&tls.Config{
   115  								AllowInsecure: true,
   116  							}),
   117  						},
   118  					},
   119  				}),
   120  			},
   121  		},
   122  	}
   123  
   124  	servers, err := InitializeServerConfigs(serverConfig, clientConfig)
   125  	common.Must(err)
   126  	defer CloseAllServers(servers)
   127  
   128  	if err := testTCPConn(clientPort, 1024, time.Second*20)(); err != nil {
   129  		t.Fatal(err)
   130  	}
   131  }
   132  
   133  func TestAutoIssuingCertificate(t *testing.T) {
   134  	if runtime.GOOS == "windows" {
   135  		// Not supported on Windows yet.
   136  		return
   137  	}
   138  
   139  	if runtime.GOARCH == "arm64" {
   140  		return
   141  	}
   142  
   143  	tcpServer := tcp.Server{
   144  		MsgProcessor: xor,
   145  	}
   146  	dest, err := tcpServer.Start()
   147  	common.Must(err)
   148  	defer tcpServer.Close()
   149  
   150  	caCert, err := cert.Generate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageDigitalSignature|x509.KeyUsageKeyEncipherment|x509.KeyUsageCertSign))
   151  	common.Must(err)
   152  	certPEM, keyPEM := caCert.ToPEM()
   153  
   154  	userID := protocol.NewID(uuid.New())
   155  	serverPort := tcp.PickPort()
   156  	serverConfig := &core.Config{
   157  		Inbound: []*core.InboundHandlerConfig{
   158  			{
   159  				ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
   160  					PortRange: net.SinglePortRange(serverPort),
   161  					Listen:    net.NewIPOrDomain(net.LocalHostIP),
   162  					StreamSettings: &internet.StreamConfig{
   163  						SecurityType: serial.GetMessageType(&tls.Config{}),
   164  						SecuritySettings: []*anypb.Any{
   165  							serial.ToTypedMessage(&tls.Config{
   166  								Certificate: []*tls.Certificate{{
   167  									Certificate: certPEM,
   168  									Key:         keyPEM,
   169  									Usage:       tls.Certificate_AUTHORITY_ISSUE,
   170  								}},
   171  							}),
   172  						},
   173  					},
   174  				}),
   175  				ProxySettings: serial.ToTypedMessage(&inbound.Config{
   176  					User: []*protocol.User{
   177  						{
   178  							Account: serial.ToTypedMessage(&vmess.Account{
   179  								Id: userID.String(),
   180  							}),
   181  						},
   182  					},
   183  				}),
   184  			},
   185  		},
   186  		Outbound: []*core.OutboundHandlerConfig{
   187  			{
   188  				ProxySettings: serial.ToTypedMessage(&freedom.Config{}),
   189  			},
   190  		},
   191  	}
   192  
   193  	clientPort := tcp.PickPort()
   194  	clientConfig := &core.Config{
   195  		Inbound: []*core.InboundHandlerConfig{
   196  			{
   197  				ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
   198  					PortRange: net.SinglePortRange(clientPort),
   199  					Listen:    net.NewIPOrDomain(net.LocalHostIP),
   200  				}),
   201  				ProxySettings: serial.ToTypedMessage(&dokodemo.Config{
   202  					Address: net.NewIPOrDomain(dest.Address),
   203  					Port:    uint32(dest.Port),
   204  					NetworkList: &net.NetworkList{
   205  						Network: []net.Network{net.Network_TCP},
   206  					},
   207  				}),
   208  			},
   209  		},
   210  		Outbound: []*core.OutboundHandlerConfig{
   211  			{
   212  				ProxySettings: serial.ToTypedMessage(&outbound.Config{
   213  					Receiver: []*protocol.ServerEndpoint{
   214  						{
   215  							Address: net.NewIPOrDomain(net.LocalHostIP),
   216  							Port:    uint32(serverPort),
   217  							User: []*protocol.User{
   218  								{
   219  									Account: serial.ToTypedMessage(&vmess.Account{
   220  										Id: userID.String(),
   221  									}),
   222  								},
   223  							},
   224  						},
   225  					},
   226  				}),
   227  				SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{
   228  					StreamSettings: &internet.StreamConfig{
   229  						SecurityType: serial.GetMessageType(&tls.Config{}),
   230  						SecuritySettings: []*anypb.Any{
   231  							serial.ToTypedMessage(&tls.Config{
   232  								ServerName: "v2fly.org",
   233  								Certificate: []*tls.Certificate{{
   234  									Certificate: certPEM,
   235  									Usage:       tls.Certificate_AUTHORITY_VERIFY,
   236  								}},
   237  							}),
   238  						},
   239  					},
   240  				}),
   241  			},
   242  		},
   243  	}
   244  
   245  	servers, err := InitializeServerConfigs(serverConfig, clientConfig)
   246  	common.Must(err)
   247  	defer CloseAllServers(servers)
   248  
   249  	for i := 0; i < 10; i++ {
   250  		if err := testTCPConn(clientPort, 1024, time.Second*20)(); err != nil {
   251  			t.Error(err)
   252  		}
   253  	}
   254  }
   255  
   256  func TestTLSOverKCP(t *testing.T) {
   257  	tcpServer := tcp.Server{
   258  		MsgProcessor: xor,
   259  	}
   260  	dest, err := tcpServer.Start()
   261  	common.Must(err)
   262  	defer tcpServer.Close()
   263  
   264  	userID := protocol.NewID(uuid.New())
   265  	serverPort := udp.PickPort()
   266  	serverConfig := &core.Config{
   267  		Inbound: []*core.InboundHandlerConfig{
   268  			{
   269  				ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
   270  					PortRange: net.SinglePortRange(serverPort),
   271  					Listen:    net.NewIPOrDomain(net.LocalHostIP),
   272  					StreamSettings: &internet.StreamConfig{
   273  						Protocol:     internet.TransportProtocol_MKCP,
   274  						SecurityType: serial.GetMessageType(&tls.Config{}),
   275  						SecuritySettings: []*anypb.Any{
   276  							serial.ToTypedMessage(&tls.Config{
   277  								Certificate: []*tls.Certificate{tls.ParseCertificate(cert.MustGenerate(nil))},
   278  							}),
   279  						},
   280  					},
   281  				}),
   282  				ProxySettings: serial.ToTypedMessage(&inbound.Config{
   283  					User: []*protocol.User{
   284  						{
   285  							Account: serial.ToTypedMessage(&vmess.Account{
   286  								Id: userID.String(),
   287  							}),
   288  						},
   289  					},
   290  				}),
   291  			},
   292  		},
   293  		Outbound: []*core.OutboundHandlerConfig{
   294  			{
   295  				ProxySettings: serial.ToTypedMessage(&freedom.Config{}),
   296  			},
   297  		},
   298  	}
   299  
   300  	clientPort := tcp.PickPort()
   301  	clientConfig := &core.Config{
   302  		Inbound: []*core.InboundHandlerConfig{
   303  			{
   304  				ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
   305  					PortRange: net.SinglePortRange(clientPort),
   306  					Listen:    net.NewIPOrDomain(net.LocalHostIP),
   307  				}),
   308  				ProxySettings: serial.ToTypedMessage(&dokodemo.Config{
   309  					Address: net.NewIPOrDomain(dest.Address),
   310  					Port:    uint32(dest.Port),
   311  					NetworkList: &net.NetworkList{
   312  						Network: []net.Network{net.Network_TCP},
   313  					},
   314  				}),
   315  			},
   316  		},
   317  		Outbound: []*core.OutboundHandlerConfig{
   318  			{
   319  				ProxySettings: serial.ToTypedMessage(&outbound.Config{
   320  					Receiver: []*protocol.ServerEndpoint{
   321  						{
   322  							Address: net.NewIPOrDomain(net.LocalHostIP),
   323  							Port:    uint32(serverPort),
   324  							User: []*protocol.User{
   325  								{
   326  									Account: serial.ToTypedMessage(&vmess.Account{
   327  										Id: userID.String(),
   328  									}),
   329  								},
   330  							},
   331  						},
   332  					},
   333  				}),
   334  				SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{
   335  					StreamSettings: &internet.StreamConfig{
   336  						Protocol:     internet.TransportProtocol_MKCP,
   337  						SecurityType: serial.GetMessageType(&tls.Config{}),
   338  						SecuritySettings: []*anypb.Any{
   339  							serial.ToTypedMessage(&tls.Config{
   340  								AllowInsecure: true,
   341  							}),
   342  						},
   343  					},
   344  				}),
   345  			},
   346  		},
   347  	}
   348  
   349  	servers, err := InitializeServerConfigs(serverConfig, clientConfig)
   350  	common.Must(err)
   351  	defer CloseAllServers(servers)
   352  
   353  	if err := testTCPConn(clientPort, 1024, time.Second*20)(); err != nil {
   354  		t.Error(err)
   355  	}
   356  }
   357  
   358  func TestTLSOverWebSocket(t *testing.T) {
   359  	tcpServer := tcp.Server{
   360  		MsgProcessor: xor,
   361  	}
   362  	dest, err := tcpServer.Start()
   363  	common.Must(err)
   364  	defer tcpServer.Close()
   365  
   366  	userID := protocol.NewID(uuid.New())
   367  	serverPort := tcp.PickPort()
   368  	serverConfig := &core.Config{
   369  		Inbound: []*core.InboundHandlerConfig{
   370  			{
   371  				ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
   372  					PortRange: net.SinglePortRange(serverPort),
   373  					Listen:    net.NewIPOrDomain(net.LocalHostIP),
   374  					StreamSettings: &internet.StreamConfig{
   375  						Protocol:     internet.TransportProtocol_WebSocket,
   376  						SecurityType: serial.GetMessageType(&tls.Config{}),
   377  						SecuritySettings: []*anypb.Any{
   378  							serial.ToTypedMessage(&tls.Config{
   379  								Certificate: []*tls.Certificate{tls.ParseCertificate(cert.MustGenerate(nil))},
   380  							}),
   381  						},
   382  					},
   383  				}),
   384  				ProxySettings: serial.ToTypedMessage(&inbound.Config{
   385  					User: []*protocol.User{
   386  						{
   387  							Account: serial.ToTypedMessage(&vmess.Account{
   388  								Id: userID.String(),
   389  							}),
   390  						},
   391  					},
   392  				}),
   393  			},
   394  		},
   395  		Outbound: []*core.OutboundHandlerConfig{
   396  			{
   397  				ProxySettings: serial.ToTypedMessage(&freedom.Config{}),
   398  			},
   399  		},
   400  	}
   401  
   402  	clientPort := tcp.PickPort()
   403  	clientConfig := &core.Config{
   404  		Inbound: []*core.InboundHandlerConfig{
   405  			{
   406  				ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
   407  					PortRange: net.SinglePortRange(clientPort),
   408  					Listen:    net.NewIPOrDomain(net.LocalHostIP),
   409  				}),
   410  				ProxySettings: serial.ToTypedMessage(&dokodemo.Config{
   411  					Address: net.NewIPOrDomain(dest.Address),
   412  					Port:    uint32(dest.Port),
   413  					NetworkList: &net.NetworkList{
   414  						Network: []net.Network{net.Network_TCP},
   415  					},
   416  				}),
   417  			},
   418  		},
   419  		Outbound: []*core.OutboundHandlerConfig{
   420  			{
   421  				ProxySettings: serial.ToTypedMessage(&outbound.Config{
   422  					Receiver: []*protocol.ServerEndpoint{
   423  						{
   424  							Address: net.NewIPOrDomain(net.LocalHostIP),
   425  							Port:    uint32(serverPort),
   426  							User: []*protocol.User{
   427  								{
   428  									Account: serial.ToTypedMessage(&vmess.Account{
   429  										Id: userID.String(),
   430  									}),
   431  								},
   432  							},
   433  						},
   434  					},
   435  				}),
   436  				SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{
   437  					StreamSettings: &internet.StreamConfig{
   438  						Protocol: internet.TransportProtocol_WebSocket,
   439  						TransportSettings: []*internet.TransportConfig{
   440  							{
   441  								Protocol: internet.TransportProtocol_WebSocket,
   442  								Settings: serial.ToTypedMessage(&websocket.Config{}),
   443  							},
   444  						},
   445  						SecurityType: serial.GetMessageType(&tls.Config{}),
   446  						SecuritySettings: []*anypb.Any{
   447  							serial.ToTypedMessage(&tls.Config{
   448  								AllowInsecure: true,
   449  							}),
   450  						},
   451  					},
   452  				}),
   453  			},
   454  		},
   455  	}
   456  
   457  	servers, err := InitializeServerConfigs(serverConfig, clientConfig)
   458  	common.Must(err)
   459  	defer CloseAllServers(servers)
   460  
   461  	var errg errgroup.Group
   462  	for i := 0; i < 10; i++ {
   463  		errg.Go(testTCPConn(clientPort, 10240*1024, time.Second*20))
   464  	}
   465  	if err := errg.Wait(); err != nil {
   466  		t.Error(err)
   467  	}
   468  }
   469  
   470  func TestHTTP2(t *testing.T) {
   471  	tcpServer := tcp.Server{
   472  		MsgProcessor: xor,
   473  	}
   474  	dest, err := tcpServer.Start()
   475  	common.Must(err)
   476  	defer tcpServer.Close()
   477  
   478  	userID := protocol.NewID(uuid.New())
   479  	serverPort := tcp.PickPort()
   480  	serverConfig := &core.Config{
   481  		Inbound: []*core.InboundHandlerConfig{
   482  			{
   483  				ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
   484  					PortRange: net.SinglePortRange(serverPort),
   485  					Listen:    net.NewIPOrDomain(net.LocalHostIP),
   486  					StreamSettings: &internet.StreamConfig{
   487  						Protocol: internet.TransportProtocol_HTTP,
   488  						TransportSettings: []*internet.TransportConfig{
   489  							{
   490  								Protocol: internet.TransportProtocol_HTTP,
   491  								Settings: serial.ToTypedMessage(&http.Config{
   492  									Host: []string{"v2fly.org"},
   493  									Path: "/testpath",
   494  								}),
   495  							},
   496  						},
   497  						SecurityType: serial.GetMessageType(&tls.Config{}),
   498  						SecuritySettings: []*anypb.Any{
   499  							serial.ToTypedMessage(&tls.Config{
   500  								Certificate: []*tls.Certificate{tls.ParseCertificate(cert.MustGenerate(nil))},
   501  							}),
   502  						},
   503  					},
   504  				}),
   505  				ProxySettings: serial.ToTypedMessage(&inbound.Config{
   506  					User: []*protocol.User{
   507  						{
   508  							Account: serial.ToTypedMessage(&vmess.Account{
   509  								Id: userID.String(),
   510  							}),
   511  						},
   512  					},
   513  				}),
   514  			},
   515  		},
   516  		Outbound: []*core.OutboundHandlerConfig{
   517  			{
   518  				ProxySettings: serial.ToTypedMessage(&freedom.Config{}),
   519  			},
   520  		},
   521  	}
   522  
   523  	clientPort := tcp.PickPort()
   524  	clientConfig := &core.Config{
   525  		Inbound: []*core.InboundHandlerConfig{
   526  			{
   527  				ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
   528  					PortRange: net.SinglePortRange(clientPort),
   529  					Listen:    net.NewIPOrDomain(net.LocalHostIP),
   530  				}),
   531  				ProxySettings: serial.ToTypedMessage(&dokodemo.Config{
   532  					Address: net.NewIPOrDomain(dest.Address),
   533  					Port:    uint32(dest.Port),
   534  					NetworkList: &net.NetworkList{
   535  						Network: []net.Network{net.Network_TCP},
   536  					},
   537  				}),
   538  			},
   539  		},
   540  		Outbound: []*core.OutboundHandlerConfig{
   541  			{
   542  				ProxySettings: serial.ToTypedMessage(&outbound.Config{
   543  					Receiver: []*protocol.ServerEndpoint{
   544  						{
   545  							Address: net.NewIPOrDomain(net.LocalHostIP),
   546  							Port:    uint32(serverPort),
   547  							User: []*protocol.User{
   548  								{
   549  									Account: serial.ToTypedMessage(&vmess.Account{
   550  										Id: userID.String(),
   551  									}),
   552  								},
   553  							},
   554  						},
   555  					},
   556  				}),
   557  				SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{
   558  					StreamSettings: &internet.StreamConfig{
   559  						Protocol: internet.TransportProtocol_HTTP,
   560  						TransportSettings: []*internet.TransportConfig{
   561  							{
   562  								Protocol: internet.TransportProtocol_HTTP,
   563  								Settings: serial.ToTypedMessage(&http.Config{
   564  									Host: []string{"v2fly.org"},
   565  									Path: "/testpath",
   566  								}),
   567  							},
   568  						},
   569  						SecurityType: serial.GetMessageType(&tls.Config{}),
   570  						SecuritySettings: []*anypb.Any{
   571  							serial.ToTypedMessage(&tls.Config{
   572  								AllowInsecure: true,
   573  							}),
   574  						},
   575  					},
   576  				}),
   577  			},
   578  		},
   579  	}
   580  
   581  	servers, err := InitializeServerConfigs(serverConfig, clientConfig)
   582  	common.Must(err)
   583  	defer CloseAllServers(servers)
   584  
   585  	var errg errgroup.Group
   586  	for i := 0; i < 10; i++ {
   587  		errg.Go(testTCPConn(clientPort, 7168*1024, time.Second*40))
   588  	}
   589  	if err := errg.Wait(); err != nil {
   590  		t.Error(err)
   591  	}
   592  }
   593  
   594  func TestSimpleTLSConnectionPinned(t *testing.T) {
   595  	tcpServer := tcp.Server{
   596  		MsgProcessor: xor,
   597  	}
   598  	dest, err := tcpServer.Start()
   599  	common.Must(err)
   600  	defer tcpServer.Close()
   601  	certificateDer := cert.MustGenerate(nil)
   602  	certificate := tls.ParseCertificate(certificateDer)
   603  	certHash := tls.GenerateCertChainHash([][]byte{certificateDer.Certificate})
   604  	userID := protocol.NewID(uuid.New())
   605  	serverPort := tcp.PickPort()
   606  	serverConfig := &core.Config{
   607  		Inbound: []*core.InboundHandlerConfig{
   608  			{
   609  				ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
   610  					PortRange: net.SinglePortRange(serverPort),
   611  					Listen:    net.NewIPOrDomain(net.LocalHostIP),
   612  					StreamSettings: &internet.StreamConfig{
   613  						SecurityType: serial.GetMessageType(&tls.Config{}),
   614  						SecuritySettings: []*anypb.Any{
   615  							serial.ToTypedMessage(&tls.Config{
   616  								Certificate: []*tls.Certificate{certificate},
   617  							}),
   618  						},
   619  					},
   620  				}),
   621  				ProxySettings: serial.ToTypedMessage(&inbound.Config{
   622  					User: []*protocol.User{
   623  						{
   624  							Account: serial.ToTypedMessage(&vmess.Account{
   625  								Id: userID.String(),
   626  							}),
   627  						},
   628  					},
   629  				}),
   630  			},
   631  		},
   632  		Outbound: []*core.OutboundHandlerConfig{
   633  			{
   634  				ProxySettings: serial.ToTypedMessage(&freedom.Config{}),
   635  			},
   636  		},
   637  	}
   638  
   639  	clientPort := tcp.PickPort()
   640  	clientConfig := &core.Config{
   641  		Inbound: []*core.InboundHandlerConfig{
   642  			{
   643  				ReceiverSettings: serial.ToTypedMessage(&proxyman.ReceiverConfig{
   644  					PortRange: net.SinglePortRange(clientPort),
   645  					Listen:    net.NewIPOrDomain(net.LocalHostIP),
   646  				}),
   647  				ProxySettings: serial.ToTypedMessage(&dokodemo.Config{
   648  					Address: net.NewIPOrDomain(dest.Address),
   649  					Port:    uint32(dest.Port),
   650  					NetworkList: &net.NetworkList{
   651  						Network: []net.Network{net.Network_TCP},
   652  					},
   653  				}),
   654  			},
   655  		},
   656  		Outbound: []*core.OutboundHandlerConfig{
   657  			{
   658  				ProxySettings: serial.ToTypedMessage(&outbound.Config{
   659  					Receiver: []*protocol.ServerEndpoint{
   660  						{
   661  							Address: net.NewIPOrDomain(net.LocalHostIP),
   662  							Port:    uint32(serverPort),
   663  							User: []*protocol.User{
   664  								{
   665  									Account: serial.ToTypedMessage(&vmess.Account{
   666  										Id: userID.String(),
   667  									}),
   668  								},
   669  							},
   670  						},
   671  					},
   672  				}),
   673  				SenderSettings: serial.ToTypedMessage(&proxyman.SenderConfig{
   674  					StreamSettings: &internet.StreamConfig{
   675  						SecurityType: serial.GetMessageType(&tls.Config{}),
   676  						SecuritySettings: []*anypb.Any{
   677  							serial.ToTypedMessage(&tls.Config{
   678  								AllowInsecure:                    true,
   679  								PinnedPeerCertificateChainSha256: [][]byte{certHash},
   680  							}),
   681  						},
   682  					},
   683  				}),
   684  			},
   685  		},
   686  	}
   687  
   688  	servers, err := InitializeServerConfigs(serverConfig, clientConfig)
   689  	common.Must(err)
   690  	defer CloseAllServers(servers)
   691  
   692  	if err := testTCPConn(clientPort, 1024, time.Second*20)(); err != nil {
   693  		t.Fatal(err)
   694  	}
   695  }