mihomo icon indicating copy to clipboard operation
mihomo copied to clipboard

Published 20 hours ago verified publisher icon MetaCubeX

[Bug] IPSec兼容性

Open zephy358 opened this issue 1 year ago • 1 comments

Verify steps

  • [X] 确保你使用的是本仓库最新的的 mihomo 或 mihomo Alpha 版本 Ensure you are using the latest version of Mihomo or Mihomo Alpha from this repository.
  • [ ] 如果你可以自己 debug 并解决的话,提交 PR 吧 Is this something you can debug and fix? Send a pull request! Bug fixes and documentation fixes are welcome.
  • [X] 我已经在 Issue Tracker 中找过我要提出的问题 I have searched on the issue tracker for a related issue.
  • [X] 我已经使用 Alpha 分支版本测试过,问题依旧存在 I have tested using the dev branch, and the issue still exists.
  • [X] 我已经仔细看过 Documentation 并无法自行解决问题 I have read the documentation and was unable to solve the issue.
  • [X] 这是 Mihomo 核心的问题,并非我所使用的 Mihomo 衍生版本(如 OpenMihomo、KoolMihomo 等)的特定问题 This is an issue of the Mihomo core per se, not to the derivatives of Mihomo, like OpenMihomo or KoolMihomo.

Mihomo version

1.17

What OS are you seeing the problem on?

Linux

Mihomo config

port: 7890
socks-port: 7891
redir-port: 7892
mixed-port: 7893
allow-lan: true
mode: rule
log-level: info
ipv6: false
hosts:
dns:
  enable: true
  ipv6: false
  listen: 0.0.0.0:7874
  use-hosts: true
  default-nameserver:
  - 119.29.29.29
  - 8.8.8.8
  - 1.1.1.1
  nameserver:
  - 223.5.5.5
  - 119.29.29.29
  fake-ip-range: 198.18.0.1/16
  fake-ip-filter:
  - "*.lan"
  - "*.localdomain"
  - "*.example"
  - "*.invalid"
  - "*.localhost"
  - "*.test"
  - "*.local"
  - "*.home.arpa"
  - time.*.com
  - time.*.gov
  - time.*.edu.cn
  - time.*.apple.com
  - time1.*.com
  - time2.*.com
  - time3.*.com
  - time4.*.com
  - time5.*.com
  - time6.*.com
  - time7.*.com
  - ntp.*.com
  - ntp1.*.com
  - ntp2.*.com
  - ntp3.*.com
  - ntp4.*.com
  - ntp5.*.com
  - ntp6.*.com
  - ntp7.*.com
  - "*.time.edu.cn"
  - "*.ntp.org.cn"
  - "+.pool.ntp.org"
  - time1.cloud.tencent.com
  - stun.*.*
  - stun.*.*.*
  - swscan.apple.com
  - mesu.apple.com
  - music.163.com
  - "*.music.163.com"
  - "*.126.net"
  - musicapi.taihe.com
  - music.taihe.com
  - songsearch.kugou.com
  - trackercdn.kugou.com
  - "*.kuwo.cn"
  - api-jooxtt.sanook.com
  - api.joox.com
  - y.qq.com
  - "*.y.qq.com"
  - streamoc.music.tc.qq.com
  - mobileoc.music.tc.qq.com
  - isure.stream.qqmusic.qq.com
  - dl.stream.qqmusic.qq.com
  - aqqmusic.tc.qq.com
  - amobile.music.tc.qq.com
  - localhost.ptlogin2.qq.com
  - "*.msftconnecttest.com"
  - "*.msftncsi.com"
  - "*.xiami.com"
  - "*.music.migu.cn"
  - music.migu.cn
  - "+.wotgame.cn"
  - "+.wggames.cn"
  - "+.wowsgame.cn"
  - "+.wargaming.net"
  - "*.*.*.srv.nintendo.net"
  - "*.*.stun.playstation.net"
  - xbox.*.*.microsoft.com
  - "*.*.xboxlive.com"
  - "*.ipv6.microsoft.com"
  - teredo.*.*.*
  - teredo.*.*
  - speedtest.cros.wr.pvp.net
  - "+.jjvip8.com"
  - www.douyu.com
  - activityapi.huya.com
  - activityapi.huya.com.w.cdngslb.com
  - www.bilibili.com
  - api.bilibili.com
  - a.w.bilicdn1.com
  enhanced-mode: fake-ip
external-controller: 0.0.0.0:9090
clash-for-android:
  append-system-dns: false
profile:
  tracing: true
  store-selected: true

Mihomo log

[36mINFO[0m[2023-12-26T18:14:50.083826868+08:00] [TCP] 192.168.100.236:55133 --> hm.baidu.com:443 match DomainSuffix(baidu.com) using China-Websites[DIRECT] 
[36mINFO[0m[2023-12-26T18:14:50.080987037+08:00] [TCP] 192.168.100.236:55134 --> www.youtube.com:443 match DomainSuffix(youtube.com) using 🎬 YouTube[🇯🇵 Japan 04] 
[37mDEBU[0m[2023-12-26T18:14:50.070277377+08:00] use initial random HelloID:Safari            
[36mINFO[0m[2023-12-26T18:14:50.064562836+08:00] [TCP] 192.168.100.236:55132 --> www.youtube.com:443 match DomainSuffix(youtube.com) using 🎬 YouTube[🇯🇵 Japan 04] 
[37mDEBU[0m[2023-12-26T18:14:50.063035652+08:00] [DNS] cache hit for 53929e6.pfoleb.lol., expire at 2023-12-26 18:14:51 
[37mDEBU[0m[2023-12-26T18:14:50.062957869+08:00] [DNS] www.youtube.com --> 157.240.12.35      
[37mDEBU[0m[2023-12-26T18:14:50.062944758+08:00] [DNS] cache hit for www.youtube.com., expire at 2023-12-26 18:16:18 
[37mDEBU[0m[2023-12-26T18:14:50.062888306+08:00] [Rule] use default rules                     
[37mDEBU[0m[2023-12-26T18:14:50.055945044+08:00] [DNS] cache hit for hm.baidu.com., expire at 2023-12-26 18:16:23 
[37mDEBU[0m[2023-12-26T18:14:50.055868379+08:00] [Process] find process hm.baidu.com error: process not found 
[37mDEBU[0m[2023-12-26T18:14:50.055575742+08:00] [DNS] hm.baidu.com --> 220.181.33.11         
[37mDEBU[0m[2023-12-26T18:14:50.055534067+08:00] [DNS] hm.baidu.com --> [220.181.33.11] A from udp://223.5.5.5:53 
[37mDEBU[0m[2023-12-26T18:14:50.054585347+08:00] [DNS] 53929e6.pfoleb.lol --> [120.204.94.43] A from udp://223.5.5.5:53 
[37mDEBU[0m[2023-12-26T18:14:50.054249212+08:00] use initial random HelloID:Safari            
[37mDEBU[0m[2023-12-26T18:14:50.053952457+08:00] [DNS] www.youtube.com --> [157.240.12.35] A from udp://223.5.5.5:53 
[37mDEBU[0m[2023-12-26T18:14:50.048806149+08:00] [DNS] resolve hm.baidu.com from udp://223.5.5.5:53 
[37mDEBU[0m[2023-12-26T18:14:50.048774981+08:00] [DNS] resolve hm.baidu.com from udp://119.29.29.29:53 
[37mDEBU[0m[2023-12-26T18:14:50.048712187+08:00] [Rule] use default rules                     
[37mDEBU[0m[2023-12-26T18:14:50.04796394+08:00] [DNS] resolve 53929e6.pfoleb.lol from udp://223.5.5.5:53 
[37mDEBU[0m[2023-12-26T18:14:50.047880664+08:00] [DNS] resolve 53929e6.pfoleb.lol from udp://119.29.29.29:53 
[37mDEBU[0m[2023-12-26T18:14:50.04778707+08:00] [DNS] cache hit for 53929e6.pfoleb.lol., expire at 2023-12-26 18:14:47 
[37mDEBU[0m[2023-12-26T18:14:50.047760844+08:00] [DNS] resolve www.youtube.com from udp://223.5.5.5:53 
[37mDEBU[0m[2023-12-26T18:14:50.047708779+08:00] [DNS] resolve www.youtube.com from udp://119.29.29.29:53 
[37mDEBU[0m[2023-12-26T18:14:50.047638713+08:00] [DNS] www.youtube.com --> 202.160.128.205    
[37mDEBU[0m[2023-12-26T18:14:50.047621687+08:00] [DNS] cache hit for www.youtube.com., expire at 2023-12-26 18:08:11 
[37mDEBU[0m[2023-12-26T18:14:50.047531247+08:00] [Rule] use default rules                     
[36mINFO[0m[2023-12-26T18:14:49.449128289+08:00] [TCP] 192.168.100.159:58749 --> core.api.io.mi.com:443 match GeoIP(CN) using China-Websites[DIRECT] 
[37mDEBU[0m[2023-12-26T18:14:49.419530854+08:00] [DNS] cache hit for core.api.io.mi.com., expire at 2023-12-26 18:15:47 
[37mDEBU[0m[2023-12-26T18:14:49.419411185+08:00] [Process] find process core.api.io.mi.com error: process not found 
[37mDEBU[0m[2023-12-26T18:14:49.419094377+08:00] [DNS] core.api.io.mi.com --> 110.43.87.35    
[37mDEBU[0m[2023-12-26T18:14:49.419073303+08:00] [DNS] cache hit for core.api.io.mi.com., expire at 2023-12-26 18:15:47 
[37mDEBU[0m[2023-12-26T18:14:49.41898295+08:00] [Rule] use default rules
[36mINFO[0m[2023-12-26T18:14:47.87150275+08:00] [TCP] 192.168.100.159:58748 --> core.api.io.mi.com:443 match GeoIP(CN) using China-Websites[DIRECT] 
[36mINFO[0m[2023-12-26T18:14:47.867657621+08:00] [TCP] 192.168.100.159:58747 --> core.api.io.mi.com:443 match GeoIP(CN) using China-Websites[DIRECT] 
[36mINFO[0m[2023-12-26T18:14:47.860449644+08:00] [TCP] 192.168.100.159:58746 --> core.api.io.mi.com:443 match GeoIP(CN) using China-Websites[DIRECT] 
[37mDEBU[0m[2023-12-26T18:14:47.841181038+08:00] [DNS] cache hit for core.api.io.mi.com., expire at 2023-12-26 18:15:47 
[37mDEBU[0m[2023-12-26T18:14:47.841079788+08:00] [Process] find process core.api.io.mi.com error: process not found 
[37mDEBU[0m[2023-12-26T18:14:47.840808669+08:00] [DNS] core.api.io.mi.com --> 220.181.106.180 
[37mDEBU[0m[2023-12-26T18:14:47.84078303+08:00] [DNS] cache hit for core.api.io.mi.com., expire at 2023-12-26 18:15:47 
[37mDEBU[0m[2023-12-26T18:14:47.840713006+08:00] [Rule] use default rules                     
[37mDEBU[0m[2023-12-26T18:14:47.835441576+08:00] [DNS] cache hit for core.api.io.mi.com., expire at 2023-12-26 18:15:47 
[37mDEBU[0m[2023-12-26T18:14:47.83534016+08:00] [Process] find process core.api.io.mi.com error: process not found 
[37mDEBU[0m[2023-12-26T18:14:47.835095857+08:00] [DNS] core.api.io.mi.com --> 220.181.106.180 
[37mDEBU[0m[2023-12-26T18:14:47.835080318+08:00] [DNS] cache hit for core.api.io.mi.com., expire at 2023-12-26 18:15:47 
[37mDEBU[0m[2023-12-26T18:14:47.83502645+08:00] [Rule] use default rules                     
[37mDEBU[0m[2023-12-26T18:14:47.829987945+08:00] [DNS] cache hit for core.api.io.mi.com., expire at 2023-12-26 18:15:47 
[37mDEBU[0m[2023-12-26T18:14:47.82988145+08:00] [Process] find process core.api.io.mi.com error: process not found 
[37mDEBU[0m[2023-12-26T18:14:47.829595497+08:00] [DNS] core.api.io.mi.com --> 220.181.106.180 
[37mDEBU[0m[2023-12-26T18:14:47.829578518+08:00] [DNS] cache hit for core.api.io.mi.com., expire at 2023-12-26 18:15:47 
[37mDEBU[0m[2023-12-26T18:14:47.829512592+08:00] [Rule] use default rules
[36mINFO[0m[2023-12-26T18:14:45.882909443+08:00] [TCP] 192.168.100.159:58745 --> api.io.mi.com:443 match GeoIP(CN) using China-Websites[DIRECT] 
[36mINFO[0m[2023-12-26T18:14:45.876534524+08:00] [TCP] 192.168.100.159:58744 --> api.io.mi.com:443 match GeoIP(CN) using China-Websites[DIRECT] 
[36mINFO[0m[2023-12-26T18:14:45.87292826+08:00] [TCP] 192.168.100.159:58743 --> core.api.io.mi.com:443 match GeoIP(CN) using China-Websites[DIRECT] 
[36mINFO[0m[2023-12-26T18:14:45.869272959+08:00] [TCP] 192.168.100.159:58742 --> api.io.mi.com:443 match GeoIP(CN) using China-Websites[DIRECT] 
[37mDEBU[0m[2023-12-26T18:14:45.852445779+08:00] [DNS] cache hit for api.io.mi.com., expire at 2023-12-26 18:15:12 
[37mDEBU[0m[2023-12-26T18:14:45.852352479+08:00] [Process] find process api.io.mi.com error: process not found 
[37mDEBU[0m[2023-12-26T18:14:45.852116078+08:00] [DNS] api.io.mi.com --> 118.26.252.107       
[37mDEBU[0m[2023-12-26T18:14:45.852102509+08:00] [DNS] cache hit for api.io.mi.com., expire at 2023-12-26 18:15:12 
[37mDEBU[0m[2023-12-26T18:14:45.852050487+08:00] [Rule] use default rules                     
[37mDEBU[0m[2023-12-26T18:14:45.846438195+08:00] [DNS] cache hit for api.io.mi.com., expire at 2023-12-26 18:15:12 
[37mDEBU[0m[2023-12-26T18:14:45.846349375+08:00] [Process] find process api.io.mi.com error: process not found 
[37mDEBU[0m[2023-12-26T18:14:45.846106177+08:00] [DNS] api.io.mi.com --> 220.181.106.173      
[37mDEBU[0m[2023-12-26T18:14:45.846092971+08:00] [DNS] cache hit for api.io.mi.com., expire at 2023-12-26 18:15:12 
[37mDEBU[0m[2023-12-26T18:14:45.846040057+08:00] [Rule] use default rules                     
[37mDEBU[0m[2023-12-26T18:14:45.842243891+08:00] [DNS] cache hit for core.api.io.mi.com., expire at 2023-12-26 18:15:47

Description

貌似mihomo的fake ip模式对ipsec的兼容性有问题。

今天尝试iphone的 wifi calling功能。

可以看到dnsmasq已经返回了ss.epdg.epc.mnc260.mcc310.pub.3gppnetwork.org的fake ip, 但是 core的日志里看不到任何相关记录。在openclash里, 相同配置但是 core换成clash-tun就没有问题, 能看到ss.epdg.epc.mnc260.mcc310.pub.3gppnetwork.org:500和 ss.epdg.epc.mnc260.mcc310.pub.3gppnetwork.org:4500的链接信息。

Dec 26 18:14:46 dnsmasq[3589]: 1383 192.168.100.159/57506 query[A] ss.epdg.epc.mnc260.mcc310.pub.3gppnetwork.org from 192.168.100.159
Dec 26 18:14:46 dnsmasq[3589]: 1383 192.168.100.159/57506 forwarded ss.epdg.epc.mnc260.mcc310.pub.3gppnetwork.org to 127.0.0.1#7874
Dec 26 18:14:46 dnsmasq[3589]: 1383 192.168.100.159/57506 reply ss.epdg.epc.mnc260.mcc310.pub.3gppnetwork.org is 198.18.0.37

zephy358 avatar Dec 26 '23 10:12 zephy358

我这边 Wifi Calling 也是不行,换 tun 就正常

jjaychen1e avatar Sep 19 '24 03:09 jjaychen1e