Очередное не грузится медиа на нон-премиум аккаунтах

[MaxiJazzer]

Proxy version

1.4.4

OS & kernel

Linux 6.8.0-124-generic

Telegram client & version

12.8.1

Pre-flight checklist

• I am running the latest release (checked Releases).
• System clock is synchronized (timedatectl status shows NTP synchronized: yes).
• The proxy port (default 443) is open in the firewall (ss -tlnp | grep <port> shows LISTEN).
• I can reach the proxy port from the outside (curl -v --connect-timeout 5 https://<server-ip>:<port> returns a TLS error, not a timeout).
• Secret key in config.toml matches the tg:// link I use on the client (I re-checked byte-for-byte).
• RLIMIT_NOFILE warning (if present) is just a warning — I understand it does not block connections.
• I have read the logs with journalctl -u mtproto-proxy -n 200 --no-pager and the full output is attached below.

config.toml (secrets redacted)

[server]
public_ip = 'my_public_ip'
middle_proxy_nat_ip = my_wg_link_ip
port = 443
max_connections = 512
idle_timeout_sec = 120
handshake_timeout_sec = 15
handshake_flood_guard_enabled = false
handshake_flood_guard_threshold = 20
handshake_flood_guard_window_sec = 30
handshake_flood_guard_block_sec = 120
tag = "my_tag_from_bot"

[upstream]
type = "tunnel"

[censorship]
tls_domain = "rutube.ru"
mask = true
desync = true
drs = false
fast_mode = false
mask_port = 8444

[general]
use_middle_proxy = true

[access.users]
user = "user_id"

Full proxy log (last 200 lines)

Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]:       proxy · zig edition · v1.4.4
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]:       keeping your people connected
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]:   ─── SERVER ──────────────────────────────────────
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]:       Listen       0.0.0.0:443
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]:       Public IP    'MY IP'
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]:       TLS Domain   rutube.ru
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]:       Masking      enabled
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]:   ─── CAPACITY ────────────────────────────────────
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]:       Host RAM     1966 MiB
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]:       Per conn     ~4104 KiB (middleproxy mode)
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]:       Safe cap     ~278 connections
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]:   ─── USERS (1) ────────────────────────────────────
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]:       ● user
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]:   ─── SECURITY ───────────────────────────────────
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]:       User secrets and proxy links are hidden in runtime logs.
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]:       Use mtbuddy install output or trusted local tooling to generate links.
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]:   ──────────────────────────────────────────────────
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]:   ⏳ Your door is open. Waiting for the people you love...
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy): mask_port=8444 configured, using local mask target 127.0.0.1
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy): Mask target '127.0.0.1:8444' resolved at startup
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy): Using server.middle_proxy_nat_ip for middle-proxy NAT translation: WIREGUARD_IP
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy): Upstream mode: tunnel (socket policy routing via SO_MARK=200)
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy): Listening on [::]:443 (epoll)
Jun 16 09:29:28 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=x25519 0x001d)
Jun 16 09:29:29 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: warning(proxy): [0] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 09:29:31 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=x25519 0x001d)
Jun 16 09:29:32 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=x25519 0x001d)
Jun 16 09:29:38 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=x25519 0x001d)
Jun 16 09:29:38 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=x25519 0x001d)
Jun 16 09:29:38 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy): conn stats: active=6/278 hs_inflight=5 accepted+=99 closed+=93 tracked_fds=12 total=99 paused=false/false users_total=5 unassigned=1 users{user=5}
Jun 16 09:29:38 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy):   drops: cap+=0 sat+=0 rate+=0 flood_guard+=0 hs_budget+=0 hs_timeout+=0 mp_fallback+=1 pool+=0
Jun 16 09:29:38 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: warning(proxy): ad-tag likely inactive: 1 middle-proxy handshake(s) fell back to direct this interval — those connections carry no ad-tag/ME media. Check egress reachability and [server].middle_proxy_nat_ip.
Jun 16 09:29:46 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=x25519 0x001d)
Jun 16 09:29:46 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=x25519 0x001d)
Jun 16 09:29:46 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=x25519 0x001d)
Jun 16 09:29:47 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: warning(proxy): [171] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 09:29:47 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=x25519 0x001d)
Jun 16 09:29:47 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: warning(proxy): [176] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 09:29:47 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: warning(proxy): [175] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 09:29:47 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=x25519 0x001d)
Jun 16 09:29:47 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=x25519 0x001d)
Jun 16 09:29:48 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy): conn stats: active=6/278 hs_inflight=3 accepted+=102 closed+=102 tracked_fds=12 total=201 paused=false/false users_total=6 unassigned=0 users{user=6}
Jun 16 09:29:48 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy):   drops: cap+=0 sat+=0 rate+=0 flood_guard+=0 hs_budget+=0 hs_timeout+=2 mp_fallback+=3 pool+=0
Jun 16 09:29:48 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: warning(proxy): ad-tag likely inactive: 3 middle-proxy handshake(s) fell back to direct this interval — those connections carry no ad-tag/ME media. Check egress reachability and [server].middle_proxy_nat_ip.
Jun 16 09:29:48 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: warning(proxy): [188] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 09:29:49 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=x25519 0x001d)
Jun 16 09:29:50 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: warning(proxy): [205] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 09:29:51 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=x25519 0x001d)

Diagnostics output

echo "=== systemctl ===" && systemctl status mtproto-proxy --no-pager -l 2>/dev/null || echo "N/A"
=== date ===
Tue Jun 16 09:31:46 UTC 2026
=== timedatectl ===
               Local time: Tue 2026-06-16 09:31:46 UTC
           Universal time: Tue 2026-06-16 09:31:46 UTC
                 RTC time: Tue 2026-06-16 09:31:46
                Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no
=== ulimit ===
1024
=== ss ===
LISTEN 0      4096               *:443              *:*    users:(("mtproto-proxy",pid=71578,fd=4))
LISTEN 0      4096               *:8443             *:*    users:(("xray-linux-amd6",pid=1223,fd=7))
=== uname ===
Linux epd2ulc3m22vhm0sf80r 6.8.0-124-generic #124-Ubuntu SMP PREEMPT_DYNAMIC Tue May 26 13:00:45 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux
=== memory ===
               total        used        free      shared  buff/cache   available
Mem:           1.9Gi       484Mi       960Mi       1.3Mi       673Mi       1.4Gi
Swap:             0B          0B          0B
=== systemctl ===
● mtproto-proxy.service - MTProto Proxy (Zig) via Tunnel Policy Routing
     Loaded: loaded (/etc/systemd/system/mtproto-proxy.service; enabled; preset: enabled)
    Drop-In: /etc/systemd/system/mtproto-proxy.service.d
             └─10-nginx.conf
     Active: active (running) since Tue 2026-06-16 09:29:28 UTC; 2min 18s ago
       Docs: https://github.com/sleep3r/mtproto.zig
    Process: 71503 ExecStartPre=/usr/local/bin/setup_tunnel.sh (code=exited, status=0/SUCCESS)
   Main PID: 71578 (mtproto-proxy)
      Tasks: 3 (limit: 65535)
     Memory: 6.5M (peak: 7.0M)
        CPU: 640ms
     CGroup: /system.slice/mtproto-proxy.service
             ├─71578 /opt/mtproto-proxy/mtproto-proxy /opt/mtproto-proxy/config.toml
             └─72874 curl --silent --fail --show-error --location --max-redirs 3 --proto =https --proto-redir =https --max-time 10 --interface awg17 https://core.telegram.org/getProxyConfig

Jun 16 09:30:48 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy): conn stats: active=5/278 hs_inflight=1 accepted+=95 closed+=96 tracked_fds=10 total=722 paused=false/false users_total=5 unassigned=0 users{user=5}
Jun 16 09:30:58 epd2ulc3m22vhm0sf80r mtproto-proxy[71578]: info(proxy): conn stats: active=5/278 hs_infli

Additional context

Не могу понять в чем причина. Почитал, что нужно обязательно настраивать use_middle_proxy = true, сделал.
Зарегистрировал через @MTProxybot свою прокси, тэг вставил в конфиг
Через mtbuddy setup egress 'wireguard://' устанавливаю подключение через вг. (В конфиге вписал middle_proxy_nat_ip = айпи_ваергард сервера )
Премиум юзеры работают идеально, нон-премиум только текстовый режим. На не-премиум даже стикеры не грузятся.

Где я допустил ошибку? Очень нужна помощь.

[MaxiJazzer]

Трафик до вг точно есть

[sleep3r]

Приветствую, попробуйте обновиться сначала

[MaxiJazzer]

Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]:       |  \/  |_   _|  _ \ _ __ ___ | |_ ___
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]:       | |\/| | | | | |_) | '__/ _ \| __/ _ \
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]:       | |  | | | | |  __/| | | (_) | || (_) |
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]:       |_|  |_| |_| |_|   |_|  \___/ \__\___/
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]:       proxy · zig edition · v1.9.0
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]:       keeping your people connected
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]:   ─── SERVER ──────────────────────────────────────
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]:       Listen       0.0.0.0:443
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]:       Public IP    'MY  IP'
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]:       TLS Domain   rutube.ru
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]:       Masking      enabled
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]:   ─── CAPACITY ────────────────────────────────────
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]:       Host RAM     1966 MiB
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]:       Per conn     ~4104 KiB (middleproxy mode)
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]:       Safe cap     ~278 connections
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]:   ─── USERS (1) ────────────────────────────────────
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]:       ● user
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]:   ─── SECURITY ───────────────────────────────────
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]:       User secrets and proxy links are hidden in runtime logs.
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]:       Use mtbuddy install output or trusted local tooling to generate links.
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]:   ──────────────────────────────────────────────────
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]:   ⏳ Your door is open. Waiting for the people you love...
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: info(proxy): mask_port=8444 configured, using local mask target 127.0.0.1
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: info(proxy): Mask target '127.0.0.1:8444' resolved at startup
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: info(proxy): Using server.middle_proxy_nat_ip for middle-proxy NAT translation: MY WG IP
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: info(proxy): Upstream mode: tunnel (socket policy routing via SO_MARK=200)
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: info(proxy): Listening on [::]:443 (epoll)
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 09:46:07 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 09:46:08 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: warning(proxy): [3] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 09:46:08 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: warning(proxy): [1] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 09:46:08 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: warning(proxy): [0] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 09:46:10 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 09:46:10 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 09:46:11 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: warning(proxy): [25] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 09:46:11 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: warning(proxy): [26] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 09:46:11 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 09:46:11 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 09:46:12 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 09:46:13 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: warning(proxy): [48] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 09:46:17 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: info(proxy): conn stats: active=7/278 hs_inflight=2 accepted+=99 closed+=92 tracked_fds=13 total=99 paused=false/false users_total=6 unassigned=1 users{user=6}
Jun 16 09:46:17 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: info(proxy):   drops: cap+=0 sat+=0 rate+=0 flood_guard+=0 hs_budget+=0 hs_timeout+=0 mp_fallback+=6 pool+=0
Jun 16 09:46:17 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: warning(proxy): ad-tag likely inactive: 6 middle-proxy handshake(s) fell back to direct this interval — those connections carry no ad-tag/ME media. Check egress reachability and [server].middle_proxy_nat_ip.
Jun 16 09:46:19 epd2ulc3m22vhm0sf80r mtproto-proxy[82472]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
root@epd2ulc3m22vhm0sf80r:~#

Обновил

[sleep3r]

У вас middle_proxy_nat_ip задан вручную и не совпадает с реальным egress-IP, который видит Telegram

В новых версиях это автоматическая штука. Так что, главная рекомендация: просто убрать/закомментировать middle_proxy_nat_ip из конфига и дать прокси самому определить egress-IP зондом

[MaxiJazzer]

Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]:       |  \/  |_   _|  _ \ _ __ ___ | |_ ___
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]:       | |\/| | | | | |_) | '__/ _ \| __/ _ \
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]:       | |  | | | | |  __/| | | (_) | || (_) |
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]:       |_|  |_| |_| |_|   |_|  \___/ \__\___/
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]:       proxy · zig edition · v1.9.0
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]:       keeping your people connected
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]:   ─── SERVER ──────────────────────────────────────
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]:       Listen       0.0.0.0:443
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]:       Public IP    'MY-IP'
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]:       TLS Domain   rutube.ru
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]:       Masking      enabled
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]:   ─── CAPACITY ────────────────────────────────────
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]:       Host RAM     1966 MiB
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]:       Per conn     ~4104 KiB (middleproxy mode)
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]:       Safe cap     ~278 connections
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]:   ─── USERS (1) ────────────────────────────────────
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]:       ● user
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]:   ─── SECURITY ───────────────────────────────────
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]:       User secrets and proxy links are hidden in runtime logs.
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]:       Use mtbuddy install output or trusted local tooling to generate links.
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]:   ──────────────────────────────────────────────────
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]:   ⏳ Your door is open. Waiting for the people you love...
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): mask_port=8444 configured, using local mask target 127.0.0.1
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): Mask target '127.0.0.1:8444' resolved at startup
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): Detected egress public IPv4 for middle-proxy NAT translation: MY WG (upstream=tunnel)
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): Upstream mode: tunnel (socket policy routing via SO_MARK=200)
Jun 16 10:00:59 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): Listening on [::]:443 (epoll)
Jun 16 10:01:03 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:01:04 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: warning(proxy): [0] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 10:01:04 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:01:05 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: warning(proxy): [18] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 10:01:06 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:01:06 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:01:06 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:01:06 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:01:07 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: warning(proxy): [33] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 10:01:07 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: warning(proxy): [36] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 10:01:07 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: warning(proxy): [34] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 10:01:07 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: warning(proxy): [35] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 10:01:08 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:01:09 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:01:09 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:01:09 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): conn stats: active=7/278 hs_inflight=3 accepted+=76 closed+=69 tracked_fds=12 total=76 paused=false/false users_total=5 unassigned=2 users{user=5}
Jun 16 10:01:09 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy):   drops: cap+=0 sat+=0 rate+=0 flood_guard+=0 hs_budget+=0 hs_timeout+=0 mp_fallback+=6 pool+=0
Jun 16 10:01:09 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: warning(proxy): ad-tag likely inactive: 6 middle-proxy handshake(s) fell back to direct this interval — those connections carry no ad-tag/ME media. Check egress reachability and [server].middle_proxy_nat_ip.
Jun 16 10:01:09 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:01:09 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:01:09 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: warning(proxy): [66] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 10:01:10 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: warning(proxy): [74] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 10:01:10 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: warning(proxy): [77] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 10:01:10 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:01:10 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: warning(proxy): [80] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 10:01:12 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: warning(proxy): [73] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 10:01:12 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:01:18 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:01:19 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): conn stats: active=8/278 hs_inflight=2 accepted+=110 closed+=109 tracked_fds=16 total=186 paused=false/false users_total=8 unassigned=0 users{user=8}
Jun 16 10:01:19 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy):   drops: cap+=0 sat+=0 rate+=0 flood_guard+=0 hs_budget+=0 hs_timeout+=0 mp_fallback+=5 pool+=0
Jun 16 10:01:19 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: warning(proxy): ad-tag likely inactive: 5 middle-proxy handshake(s) fell back to direct this interval — those connections carry no ad-tag/ME media. Check egress reachability and [server].middle_proxy_nat_ip.
Jun 16 10:01:21 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:01:27 epd2ulc3m22vhm0sf80r mtproto-proxy[91308]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)

[server]
public_ip = 'MY IP'
port = 443
max_connections = 512
idle_timeout_sec = 120
handshake_timeout_sec = 15
handshake_flood_guard_enabled = false
handshake_flood_guard_threshold = 20
handshake_flood_guard_window_sec = 30
handshake_flood_guard_block_sec = 120
tag = "tag from bot"

[upstream]
type = "tunnel"

[censorship]
tls_domain = "rutube.ru"
mask = true
desync = true
drs = false
fast_mode = true
mask_port = 8444

[general]
use_middle_proxy = true

[access.users]
user = "user id"


[upstream.tunnel]
interface = "awg20"
interfaces = ["awg20"]

Убрал вообще строку, принципиально не изменилось ничего

[MaxiJazzer]

Если какие-то наводки даст, то у меня ваш пакет крутится на российской площадке, где DC телеги в блоке. Без mtbuddy setup egress 'wireguard://' у меня в принципе даже не поднималась прокси. С Egress всё работает, но только для премиумов, для обычных только текстовой режим.
ВГ в Нидерландах, доступность до него есть.

[sleep3r]

Смущает, что туннель был 17ый а потом стал 20ый. И что их так много)

ВГ ваш личный? Проверьте на нём curl -4 ifconfig.me (должно совпасть с IP из лога Detected egress public IPv4…) и что NAT не за двойным NAT/CGNAT

[MaxiJazzer]

Я затираю в конфиге старый апстрим, сохраняю конфиг, потом через setup egress ребутаю прокси с этой же ссылкой, он плодит +1 к имени туннелю.
ВГ мой личный

Проверил на ВПС Нидерландах команду - айпи совпадают

[sleep3r]

Похоже, ваш голландский выход переписывает source-порт

[sleep3r]

Проверьте на VPS в Нидерландах:

1. Правило NAT: iptables -t nat -S POSTROUTING (и nft list ruleset). Если в MASQUERADE/SNAT есть --random или --random-fully - это рандомит порт и убивает MiddleProxy. Уберите флаг, оставьте обычный MASQUERADE
2. VPS не за NAT провайдера? ip -4 addr show - на интерфейсе должен висеть тот же белый IP, что отдаёт ifconfig.me. Если там приватный (10./172./192.168.) - вас NAT-ит провайдер, порт переписывается у него, и MiddleProxy так работать не будет (нужен VPS с реальным белым IP)
3. Почистите старые туннели: накопились awg17…awg20 (старые .conf не удаляются при пересоздании egress). Оставьте один - погасите лишние awg-quick down awgN и удалите их конфиги в /etc/amnezia/amneziawg/, чтобы не мешали

После этого перезапустите и гляньте mp_fallback в логе - при исправном порте он упадёт к нулю, и медиа у нон-премиума поедет

[MaxiJazzer]

Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:        __  __ _____ ____            _
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:       |  \/  |_   _|  _ \ _ __ ___ | |_ ___
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:       | |\/| | | | | |_) | '__/ _ \| __/ _ \
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:       | |  | | | | |  __/| | | (_) | || (_) |
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:       |_|  |_| |_| |_|   |_|  \___/ \__\___/
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:       proxy · zig edition · v1.9.0
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:       keeping your people connected
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:   ─── SERVER ──────────────────────────────────────
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:       Listen       0.0.0.0:443
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:       Public IP    'MY IP'
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:       TLS Domain   rutube.ru
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:       Masking      enabled
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:   ─── CAPACITY ────────────────────────────────────
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:       Host RAM     1966 MiB
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:       Per conn     ~4104 KiB (middleproxy mode)
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:       Safe cap     ~278 connections
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:   ─── USERS (1) ────────────────────────────────────
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:       ● user
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:   ─── SECURITY ───────────────────────────────────
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:       User secrets and proxy links are hidden in runtime logs.
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:       Use mtbuddy install output or trusted local tooling to generate links.
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:   ──────────────────────────────────────────────────
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]:   ⏳ Your door is open. Waiting for the people you love...
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): mask_port=8444 configured, using local mask target 127.0.0.1
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): Mask target '127.0.0.1:8444' resolved at startup
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): Detected egress public IPv4 for middle-proxy NAT translation: WG-IP (upstream=tunnel)
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): Upstream mode: tunnel (socket policy routing via SO_MARK=200)
Jun 16 10:58:16 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): Listening on [::]:443 (epoll)
Jun 16 10:58:26 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): conn stats: active=0/278 hs_inflight=0 accepted+=0 closed+=0 tracked_fds=0 total=0 paused=false/false users_total=0 unassigned=0 users{user=0}
Jun 16 10:58:36 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): conn stats: active=0/278 hs_inflight=0 accepted+=0 closed+=0 tracked_fds=0 total=0 paused=false/false users_total=0 unassigned=0 users{user=0}
Jun 16 10:58:38 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:58:38 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:58:39 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: warning(proxy): [0] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 10:58:40 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:58:42 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:58:42 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:58:42 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:58:42 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:58:43 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:58:46 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:58:46 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: warning(proxy): [1] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 10:58:46 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): conn stats: active=9/278 hs_inflight=9 accepted+=9 closed+=0 tracked_fds=18 total=9 paused=false/false users_total=9 unassigned=0 users{user=9}
Jun 16 10:58:46 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy):   drops: cap+=0 sat+=0 rate+=0 flood_guard+=0 hs_budget+=0 hs_timeout+=0 mp_fallback+=2 pool+=0
Jun 16 10:58:46 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: warning(proxy): ad-tag likely inactive: 2 middle-proxy handshake(s) fell back to direct this interval — those connections carry no ad-tag/ME media. Check egress reachability and [server].middle_proxy_nat_ip.
Jun 16 10:58:47 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:58:47 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:58:49 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:58:49 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:58:49 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:58:49 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:58:49 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): client ClientHello [ciphers=1301,1302,1303,c02b,c02f,c02c,c030,cca9,cca8,c013,c014,009c,009d,002f,0035 groups=caca,11ec,001d,0017,0018 keyshare=caca,11ec,001d] (we serve: cipher echoes client, key_share=X25519MLKEM768 0x11ec)
Jun 16 10:58:56 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: warning(proxy): [21] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 10:58:56 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy): conn stats: active=11/278 hs_inflight=11 accepted+=13 closed+=11 tracked_fds=21 total=22 paused=false/false users_total=10 unassigned=1 users{user=10}
Jun 16 10:58:56 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: info(proxy):   drops: cap+=0 sat+=0 rate+=0 flood_guard+=0 hs_budget+=0 hs_timeout+=0 mp_fallback+=1 pool+=0
Jun 16 10:58:56 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: warning(proxy): ad-tag likely inactive: 1 middle-proxy handshake(s) fell back to direct this interval — those connections carry no ad-tag/ME media. Check egress reachability and [server].middle_proxy_nat_ip.
Jun 16 10:58:57 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: warning(proxy): [20] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 10:58:57 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: warning(proxy): [13] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 10:58:57 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: warning(proxy): [12] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 10:58:57 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: warning(proxy): [18] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 10:58:57 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: warning(proxy): [16] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 10:58:58 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: warning(proxy): [22] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 10:58:58 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: warning(proxy): [23] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 10:58:58 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: warning(proxy): [24] middle-proxy handshake failed, reconnecting direct to [ipv4]:443
Jun 16 10:58:58 epd2ulc3m22vhm0sf80r mtproto-proxy[112095]: warning(proxy): [25] middle-proxy handshake failed, reconnecting direct to [ipv4]:443

root@yappy-lavender:~# iptables -t nat -S POSTROUTING
-P POSTROUTING ACCEPT
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 443 -j MASQUERADE
root@yappy-lavender:~# nft list ruleset
# Warning: table ip nat is managed by iptables-nft, do not touch!
table ip nat {
        chain DOCKER {
                iifname "docker0" counter packets 0 bytes 0 return
                iifname != "docker0" tcp dport 2053 counter packets 3106 bytes 193140 dnat to 172.17.0.2:443
        }

        chain POSTROUTING {
                type nat hook postrouting priority srcnat; policy accept;
                oifname != "docker0" ip saddr 172.17.0.0/16 counter packets 230200 bytes 13812010 masquerade
                ip saddr 172.17.0.2 ip daddr 172.17.0.2 tcp dport 443 counter packets 0 bytes 0 masquerade
        }

        chain PREROUTING {
                type nat hook prerouting priority dstnat; policy accept;
                fib daddr type local counter packets 57364 bytes 3107452 jump DOCKER
        }

        chain OUTPUT {
                type nat hook output priority -100; policy accept;
                ip daddr != 127.0.0.0/8 fib daddr type local counter packets 0 bytes 0 jump DOCKER
        }
}
# Warning: table ip filter is managed by iptables-nft, do not touch!
table ip filter {
        chain DOCKER {
                iifname != "docker0" oifname "docker0" ip daddr 172.17.0.2 tcp dport 443 counter packets 3107 bytes 193200 accept
        }

        chain DOCKER-ISOLATION-STAGE-1 {
                iifname "docker0" oifname != "docker0" counter packets 1760175 bytes 326924113 jump DOCKER-ISOLATION-STAGE-2
                counter packets 3066075 bytes 635239139 return
        }

        chain DOCKER-ISOLATION-STAGE-2 {
                oifname "docker0" counter packets 0 bytes 0 drop
                counter packets 1760175 bytes 326924113 return
        }

        chain FORWARD {
                type filter hook forward priority filter; policy drop;
                counter packets 3066075 bytes 635239139 jump DOCKER-USER
                counter packets 3066075 bytes 635239139 jump DOCKER-ISOLATION-STAGE-1
                oifname "docker0" ct state related,established counter packets 1302793 bytes 308121826 accept
                oifname "docker0" counter packets 3107 bytes 193200 jump DOCKER
                iifname "docker0" oifname != "docker0" counter packets 1760175 bytes 326924113 accept
                iifname "docker0" oifname "docker0" counter packets 0 bytes 0 accept
        }

        chain DOCKER-USER {
                counter packets 3066075 bytes 635239139 return
        }
}
root@yappy-lavender:~# ip -4 addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP group default qlen 1000
    inet WHITE IP/32 brd WHITE IP scope global enp0s3
       valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever

Потёр конфиги, сейчас awg0
Трафик идёт только на премиуме, на нон-премиуме только текст идёт

[sleep3r]

Ваш WireGuard запущен в Docker в bridge-режиме
То есть трафик до Telegram проходит через двойной NAT