sing-box
sing-box copied to clipboard
SagerNet
"tun" interface with "auto_route" option limited performance on routers
Operating system
Linux
System version
OpenWRT 23.05.0
Installation type
Original sing-box Command Line
If you are using a graphical client, please provide the version of the client.
No response
Version
1.6.6
Description
Hi! First of all - I really like the sing-box application. It works perfectly on my OpenWRT router. The only problem I'm facing is the speed cap of about 200Mbps. I'm using the pretty powerful router: Redmi AX6000 RB06 router. It has a MediaTek MT7986AV (2.0 GHz, 4 cores), but anyway with "auto_route" set to true it gets overloaded by the CPU and limits the tun interface bandwidth to 200-220 Mbit (I have 1Gbit internet channel). At the same time the socks inboud shows the full speed. Is there anything we can do about this?
Reproduction
My config.json
{
"log": {
"disabled": false,
"level": "warn",
"output": "/tmp/sing-box.log",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "local",
"address": "37.153.1.2"
},
{
"tag": "google",
"address": "tls://8.8.8.8"
},
{
"tag": "block",
"address": "rcode://success"
}
],
"rules": [
{
"domain": [
"somesite.io"
],
"domain_keyword": [
"somekey"
],
"domain_suffix": [
"some"
],
"server": "google"
},
{
"outbound": "direct",
"server": "local"
},
{
"outbound": "reality-out",
"server": "google"
}
],
"final": "local",
"strategy": "ipv4_only",
"disable_cache": false,
"disable_expire": false
},
"inbounds": [
{
"type": "mixed",
"tag": "mixed-in",
"listen": "192.168.1.1",
"listen_port": 1080,
"tcp_fast_open": false,
"sniff": true,
"sniff_override_destination": false,
"set_system_proxy": false
},
{
"type": "tun",
"tag": "tun-in",
"interface_name": "singtun0",
"inet4_address": "172.19.16.1/30",
"stack": "gvisor",
"mtu": 9000,
"auto_route": true,
"strict_route": true,
"endpoint_independent_nat": false,
"sniff": true,
"sniff_override_destination": true
}
],
"outbounds": [
{
"type": "vless",
"tag": "reality-out",
"server": "1.1.1.1",
"server_port": 443,
"uuid": "uuid-xxx",
"flow": "xtls-rprx-vision",
"network": "tcp",
"tls": {
"enabled": true,
"insecure": false,
"server_name": "site.com",
"utls": {
"enabled": true,
"fingerprint": "chrome"
},
"reality": {
"enabled": true,
"public_key": "key",
"short_id": "id"
}
}
},
{
"type": "direct",
"tag": "direct"
},
{
"type": "block",
"tag": "block"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"ip_cidr": [
"10.0.0.0/32"
],
"domain": [
"dom.com"
],
"domain_keyword": [
"word"
],
"domain_suffix": [
"suffix"
],
"outbound": "reality-out"
}
],
"final": "direct",
"auto_detect_interface": true
}
}
Logs
No response
Integrity requirements
- [X] I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
- [X] I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
- [X] I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
- [X] I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.
"stack": "gvisor",
try to use "system" stack since OpenWrt has it's own powerful tun stack.
try to use "system" stack since OpenWrt has it's own powerful tun stack.
I tried it and unfortunately it didn't work: no traffic goes through with this type of stack (with "mixed" stack - too).
try to use "system" stack since OpenWrt has it's own powerful tun stack.
I tried it and unfortunately it didn't work: no traffic goes through with this type of stack (with "mixed" stack - too).
I used "system" and it works well. I think there may be other issues in your sing-box config or some settings of OpenWrt itself, for example, firewall settings.
Below is my config of inbounds:
"inbounds": [
{
"domain_strategy": "ipv4_only",
"endpoint_independent_nat": true,
"interface_name": "singboxtun0",
"inet4_address": [
"172.19.0.1/28"
],
"mtu": 9000,
"sniff": true,
"sniff_override_destination": false,
"stack": "system",
"auto_route": true,
"strict_route": false,
"tag": "tun-in",
"type": "tun"
}
]
@PiggyRan Thanks for sharing. What is your OpenWRT version?
OpenWrt 23.05.0-rc4 build @ 10.07.2023 by Kiddin' / LuCI Master git-24.273.66868-f106339 Kernel 5.15.132
@PiggyRan Very interesting. I'm on the release version (23.05.0 with 5.15.134 kernel). I'll try to play with the sing-box tun config more and maybe upgrade to the latest (23.05.2 OpenWRT).
@PiggyRan Very interesting. I'm on the release version (23.05.0 with 5.15.134 kernel). I'll try to play with the sing-box tun config more and maybe upgrade to the latest (23.05.2 OpenWRT).
Did you use command "curl" to try to access some website in shell of OpenWrt when you use "system" stack?
Yes, "curl" or "nc". Then I change gvisor to system: all my connections through the router or from the router CLI are refused:
# nc google.com 443
nc: can't connect to remote host (142.251.1.101): Connection refused
Yes, "curl" or "nc". Then I change gvisor to system: all my connections through the router or from the router CLI are refused:
# nc google.com 443 nc: can't connect to remote host (142.251.1.101): Connection refused
How about upgrade sing-box to new version like "1.8.0-rc.7"?
@PiggyRan I've just tried the "1.8.0-rc.7" version: the "system" stack still doesn't work for me. But I enabled the new 1.8 "gso" feature and got a nice performance boost. Even with "gvisor" I can now reach 700-800 Mbits on wireless.
@PiggyRan I've just tried the "1.8.0-rc.7" version: the "system" stack still doesn't work for me. But I enabled the new 1.8 "gso" feature and got a nice performance boost. Even with "gvisor" I can now reach 700-800 Mbits on wireless.
Cloud you please check your openwrt installed package "kmod-tun" or not?
I did more tests:
- Upgraded OpenWRT from 23.05.0 to 23.05.2 (Linux kernel 5.15.137)
- Simplified the sing-box config file to this:
"log": {
"level": "debug",
"timestamp": true
},
"inbounds": [
{
"type": "tun",
"interface_name": "singtun0",
"inet4_address": "172.19.0.1/30",
"stack": "system",
"auto_route": false
}
],
"outbounds": [
{
"type": "socks",
"tag": "socks-out",
"server": "someip",
"server_port": someport,
"version": "5",
"username": "someuser",
"password": "somepass",
"network": "tcp"
}
],
"route": {
"final": "socks-out",
"auto_detect_interface": true
}
}
- collected these logs with various stacks: system:
Fri Dec 29 12:20:06 2023 daemon.err sing-box[23446]: +0000 2023-12-29 09:20:06 INFO router: using socks[socks-out] as default outbound for connection
Fri Dec 29 12:20:06 2023 daemon.err sing-box[23446]: +0000 2023-12-29 09:20:06 INFO router: using direct[direct] as default outbound for packet connection
Fri Dec 29 12:20:06 2023 daemon.err sing-box[23446]: +0000 2023-12-29 09:20:06 INFO router: updated default interface wan, index 6
Fri Dec 29 12:20:06 2023 daemon.err sing-box[23446]: +0000 2023-12-29 09:20:06 INFO inbound/tun[0]: started at singtun0
Fri Dec 29 12:20:06 2023 daemon.err sing-box[23446]: +0000 2023-12-29 09:20:06 INFO sing-box started (0.00s)
Fri Dec 29 12:20:43 2023 daemon.err sing-box[23446]: +0000 2023-12-29 09:20:43 INFO [212028631 0ms] inbound/tun[0]: inbound packet connection from 172.19.0.1:36787
Fri Dec 29 12:20:43 2023 daemon.err sing-box[23446]: +0000 2023-12-29 09:20:43 INFO [212028631 0ms] inbound/tun[0]: inbound packet connection to 173.194.222.100:443
Fri Dec 29 12:20:43 2023 daemon.err sing-box[23446]: +0000 2023-12-29 09:20:43 INFO [212028631 0ms] outbound/direct: outbound packet connection
gvisor:
Fri Dec 29 12:18:57 2023 daemon.err sing-box[14228]: +0000 2023-12-29 09:18:57 INFO router: using socks[socks-out] as default outbound for connection
Fri Dec 29 12:18:57 2023 daemon.err sing-box[14228]: +0000 2023-12-29 09:18:57 INFO router: using direct[direct] as default outbound for packet connection
Fri Dec 29 12:18:57 2023 daemon.err sing-box[14228]: +0000 2023-12-29 09:18:57 INFO router: updated default interface wan, index 6
Fri Dec 29 12:18:57 2023 daemon.err sing-box[14228]: +0000 2023-12-29 09:18:57 INFO inbound/tun[0]: started at singtun0
Fri Dec 29 12:18:57 2023 daemon.err sing-box[14228]: +0000 2023-12-29 09:18:57 INFO sing-box started (0.00s)
Fri Dec 29 12:19:13 2023 daemon.err sing-box[14228]: +0000 2023-12-29 09:19:13 INFO [2207206780 0ms] inbound/tun[0]: inbound connection from 172.19.0.1:60196
Fri Dec 29 12:19:13 2023 daemon.err sing-box[14228]: +0000 2023-12-29 09:19:13 INFO [2207206780 0ms] inbound/tun[0]: inbound connection to 195.201.201.35:443
Fri Dec 29 12:19:13 2023 daemon.err sing-box[14228]: +0000 2023-12-29 09:19:13 INFO [2207206780 0ms] outbound/socks[socks-out]: outbound connection to 195.201.201.35:443
I'm using sing-box 1.8.0-rc7 + pbr routing (no auto_route true option). Note that the system stack routes to direct instead of socks-out. And I haven't been able to route any traffic through this stack. Can I get more debugging info for you?
Can I get more debugging info for you?
Sorry for I am not very convenience to test gvisor.
Sorry, I wrote this for the app author. I hope he will join our discussion.
I've just tested the latest version 1.8.0 and got the same results.
This is not an issue if you can't reproduce on high-performance machines. TUN of course has larger overhead. Some tests said that TProxy has better performance compared to TUN.
openwrt官方源里安装的singbox的启动脚本里有有一条iptables命令
iptables -I FORWARD -o sb-tun+ -j ACCEPT
把sb-tun+换成自己配置里的tun接口名称试试
