OpenClash
OpenClash copied to clipboard
Published
20 hours ago •
vernesong
vernesong
[Bug] fake-ip增强模式下,tproxy不能代理udp流量-无udp
Verify Steps
- [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
- [X] Latest 我已经使用最新 Dev 版本测试过,问题依旧存在
- [X] Core 这是 OpenClash 存在的问题,并非我所使用的 Clash 或 Meta 等内核的特定问题
- [X] Meaningful 我提交的不是无意义的 催促更新或修复 请求
OpenClash Version
v0.45.33-beta
Bug on Environment
Official OpenWrt, Docker
Bug on Platform
Linux-amd64(x86-64)
To Reproduce
官方原版openwrt 22.03编译,只加入了openclash和ddns(我另外还试过编译immortalwrt等流行的openwrt,同样没有udp流量;唯一的是使用kiddin9的定制固件,是有udp流量的,可以看到tproxy(udp)) fake-ip模式下,redir-host模式下,完全没有任何的udp流量,启动ms team等也没有udp流量,switch nat是F 换成tun,或者fake-ip,就有udp流量tun(udp)<- 但是这个tun模式又不能外网访问小米摄像机:(
我特意另外编译了passwall,就有tproxy的udp流量……
我在想是不是我编译的时候有什么没有选择,特意看过tproxy相关组件,都选上了,从下面日志里面也能看出来tproxy是正常的,也没有安装多拨等组件
Describe the Bug
同上
OpenClash Log
OpenClash 调试日志
生成时间: 2022-06-22 11:48:43 插件版本: 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================#
主机型号: Apple Inc. MacBookPro15,1
固件版本: OpenWrt 22.03.0-rc4 r19426-2b1941e47d
LuCI版本: git-20.074.84698-ead5e81
内核版本: 5.17.1-t2
处理器架构: x86_64
#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP:
#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置:
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
ruby-dbm: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
#===================== 内核检查 =====================#
运行状态: 运行中
进程pid: 22381
运行权限: 22381: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2022.06.19
Tun内核文件: 存在
Tun内核运行权限: 正常
Dev内核版本: v1.11.0
Dev内核文件: 存在
Dev内核运行权限: 正常
Meta内核版本: alpha-g30a0834
Meta内核文件: 存在
Meta内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/config_20220611.yaml
启动配置文件: /etc/openclash/config_20220611.yaml
运行模式: fake-ip
默认代理模式: rule
UDP流量转发(tproxy): 启用
DNS劫持: 启用
自定义DNS: 停用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
DNS远程解析: 停用
路由本机代理: 启用
#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用
#启动异常时建议关闭此项后重试
第三方规则: 停用
#===================== 配置文件 =====================#
port: 7890
socks-port: 7891
redir-port: 7892
tproxy-port: 7895
allow-lan: true
bind-address: "*"
mode: rule
log-level: silent
external-controller: 0.0.0.0:9090
hosts:
dns:
enable: true
listen: 0.0.0.0:7874
ipv6: false
default-nameserver:
- 223.5.5.5
- 114.114.114.114
- 119.29.29.29
- 8.8.4.4
- 192.168.1.1
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
fake-ip-filter:
- "*.lan"
- "*.localdomain"
- "*.example"
- "*.invalid"
- "*.localhost"
- "*.test"
- "*.local"
- "*.home.arpa"
- time.*.com
- time.*.gov
- time.*.edu.cn
- time.*.apple.com
- time1.*.com
- time2.*.com
- time3.*.com
- time4.*.com
- time5.*.com
- time6.*.com
- time7.*.com
- ntp.*.com
- ntp1.*.com
- ntp2.*.com
- ntp3.*.com
- ntp4.*.com
- ntp5.*.com
- ntp6.*.com
- ntp7.*.com
- "*.time.edu.cn"
- "*.ntp.org.cn"
- "+.pool.ntp.org"
- time1.cloud.tencent.com
- music.163.com
- "*.music.163.com"
- "*.126.net"
- musicapi.taihe.com
- music.taihe.com
- songsearch.kugou.com
- trackercdn.kugou.com
- "*.kuwo.cn"
- api-jooxtt.sanook.com
- api.joox.com
- joox.com
- y.qq.com
- "*.y.qq.com"
- streamoc.music.tc.qq.com
- mobileoc.music.tc.qq.com
- isure.stream.qqmusic.qq.com
- dl.stream.qqmusic.qq.com
- aqqmusic.tc.qq.com
- amobile.music.tc.qq.com
- "*.xiami.com"
- "*.music.migu.cn"
- music.migu.cn
- "*.msftconnecttest.com"
- "*.msftncsi.com"
- msftconnecttest.com
- msftncsi.com
- localhost.ptlogin2.qq.com
- localhost.sec.qq.com
- "+.srv.nintendo.net"
- "+.stun.playstation.net"
- xbox.*.microsoft.com
- xnotify.xboxlive.com
- "+.battlenet.com.cn"
- "+.wotgame.cn"
- "+.wggames.cn"
- "+.wowsgame.cn"
- "+.wargaming.net"
- proxy.golang.org
- stun.*.*
- stun.*.*.*
- "+.stun.*.*"
- "+.stun.*.*.*"
- "+.stun.*.*.*.*"
- heartbeat.belkin.com
- "*.linksys.com"
- "*.linksyssmartwifi.com"
- "*.router.asus.com"
- mesu.apple.com
- swscan.apple.com
- swquery.apple.com
- swdownload.apple.com
- swcdn.apple.com
- swdist.apple.com
- lens.l.google.com
- stun.l.google.com
- "+.nflxvideo.net"
- "*.square-enix.com"
- "*.finalfantasyxiv.com"
- "*.ffxiv.com"
- "*.mcdn.bilivideo.cn"
- time-ios.apple.com
- "+.msftconnecttest.com"
- "+.msftncsi.com"
- "*.n.n.srv.nintendo.net"
- xbox.*.*.microsoft.com
- "*.*.xboxlive.com"
- "+.stun.*.*.*.*.*"
- "*.ff14.sdo.com"
- ff.dorado.sdo.com
- "+.media.dssott.com"
- shark007.net
- "+.mi.com"
nameserver:
- 223.5.5.5
- 119.29.29.29
- 8.8.4.4
- 192.168.1.1
- 114.114.114.114
- https://doh.pub/dns-query
- https://dns.alidns.com/dns-query
fallback-filter:
geoip: false
ipcidr:
- 0.0.0.0/8
- 10.0.0.0/8
- 100.64.0.0/10
- 127.0.0.0/8
- 169.254.0.0/16
- 172.16.0.0/12
- 192.0.0.0/24
- 192.0.2.0/24
- 192.88.99.0/24
- 192.168.0.0/16
- 198.18.0.0/15
- 198.51.100.0/24
- 203.0.113.0/24
- 224.0.0.0/4
- 240.0.0.0/4
- 255.255.255.255/32
domain:
- "+.google.com"
- "+.facebook.com"
- "+.youtube.com"
- "+.githubusercontent.com"
- "+.googlevideo.com"
fallback:
- https://dns.cloudflare.com/dns-query
- https://public.dns.iij.jp/dns-query
- https://jp.tiar.app/dns-query
- https://jp.tiarap.org/dns-query
- tls://dot.tiar.app
proxy-groups:
- name: Proxy
type: select
proxies:
- ss-aws-lightsail
- trojan-aws-lightsail
- trojan-xtls
rule-providers:
reject:
type: http
behavior: domain
url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/reject.txt
path: "./rule_provider/reject.yaml"
interval: 86400
icloud:
type: http
behavior: domain
url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/icloud.txt
path: "./rule_provider/icloud.yaml"
interval: 86400
apple:
type: http
behavior: domain
url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/apple.txt
path: "./rule_provider/apple.yaml"
interval: 86400
google:
type: http
behavior: domain
url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/google.txt
path: "./rule_provider/google.yaml"
interval: 86400
proxy:
type: http
behavior: domain
url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/proxy.txt
path: "./rule_provider/proxy.yaml"
interval: 86400
direct:
type: http
behavior: domain
url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/direct.txt
path: "./rule_provider/direct.yaml"
interval: 86400
private:
type: http
behavior: domain
url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/private.txt
path: "./rule_provider/private.yaml"
interval: 86400
gfw:
type: http
behavior: domain
url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/gfw.txt
path: "./rule_provider/gfw.yaml"
interval: 86400
greatfire:
type: http
behavior: domain
url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/greatfire.txt
path: "./rule_provider/greatfire.yaml"
interval: 86400
tld-not-cn:
type: http
behavior: domain
url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/tld-not-cn.txt
path: "./rule_provider/tld-not-cn.yaml"
interval: 86400
telegramcidr:
type: http
behavior: ipcidr
url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/telegramcidr.txt
path: "./rule_provider/telegramcidr.yaml"
interval: 86400
cncidr:
type: http
behavior: ipcidr
url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/cncidr.txt
path: "./rule_provider/cncidr.yaml"
interval: 86400
lancidr:
type: http
behavior: ipcidr
url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/lancidr.txt
path: "./rule_provider/lancidr.yaml"
interval: 86400
applications:
type: http
behavior: classical
url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/applications.txt
path: "./rule_provider/applications.yaml"
interval: 86400
my_rule_direct:
type: http
behavior: classical
url: https://raw.githubusercontent.com/laye0619/ImageBuilder-Docker-OpenWRT/main/clash_rule/my_rule_direct.yaml
path: "./rule_provider/my_rule_direct.yaml"
interval: 3600
my_rule_proxy:
type: http
behavior: classical
url: https://raw.githubusercontent.com/laye0619/ImageBuilder-Docker-OpenWRT/main/clash_rule/my_rule_proxy.yaml
path: "./rule_provider/my_rule_proxy.yaml"
interval: 3600
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- IP-CIDR,52.112.0.0/14,DIRECT
- RULE-SET,my_rule_proxy,Proxy
- RULE-SET,my_rule_direct,DIRECT
- RULE-SET,applications,DIRECT
- DOMAIN,clash.razord.top,DIRECT
- DOMAIN,yacd.haishan.me,DIRECT
- RULE-SET,private,DIRECT
- RULE-SET,reject,REJECT
- RULE-SET,icloud,DIRECT
- RULE-SET,apple,DIRECT
- RULE-SET,google,DIRECT
- RULE-SET,proxy,Proxy
- RULE-SET,direct,DIRECT
- RULE-SET,lancidr,DIRECT
- RULE-SET,cncidr,DIRECT
- RULE-SET,telegramcidr,Proxy
- GEOIP,LAN,DIRECT
- GEOIP,CN,DIRECT
- MATCH,Proxy
mixed-port: 7893
external-ui: "/usr/share/openclash/ui"
ipv6: false
geodata-mode: false
geodata-loader: memconservative
tcp-concurrent: true
sniffer:
enable: true
sniffing:
- tls
- http
profile:
store-selected: true
store-fake-ip: true
#===================== 防火墙设置 =====================#
#IPv4 NAT chain
# Generated by iptables-save v1.8.7 on Wed Jun 22 11:48:44 2022
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:DOCKER_OUTPUT - [0:0]
:DOCKER_POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -p tcp -j openclash
-A OUTPUT -d 127.0.0.11/32 -j DOCKER_OUTPUT
-A OUTPUT -j openclash_output
-A POSTROUTING -d 127.0.0.11/32 -j DOCKER_POSTROUTING
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A DOCKER_OUTPUT -d 127.0.0.11/32 -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.11:32991
-A DOCKER_OUTPUT -d 127.0.0.11/32 -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.11:47316
-A DOCKER_POSTROUTING -s 127.0.0.11/32 -p tcp -m tcp --sport 32991 -j SNAT --to-source :53
-A DOCKER_POSTROUTING -s 127.0.0.11/32 -p udp -m udp --sport 47316 -j SNAT --to-source :53
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Wed Jun 22 11:48:44 2022
#IPv4 Mangle chain
# Generated by iptables-save v1.8.7 on Wed Jun 22 11:48:44 2022
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:openclash - [0:0]
-A PREROUTING -p udp -j openclash
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -p udp -j TPROXY --on-port 7892 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
COMMIT
# Completed on Wed Jun 22 11:48:44 2022
#IPv4 Filter chain
# Generated by iptables-save v1.8.7 on Wed Jun 22 11:48:44 2022
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Wed Jun 22 11:48:44 2022
#IPv6 NAT chain
#IPv6 Mangle chain
#IPv6 Filter chain
#===================== IPSET状态 =====================#
Name: china_ip_route
Name: localnetwork
#===================== 路由表状态 =====================#
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 br-lan
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
#ip route list
default via 192.168.1.1 dev br-lan proto static
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.2
#ip rule show
0: from all lookup local
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
#===================== 端口占用状态 =====================#
tcp 0 0 :::9090 :::* LISTEN 22381/clash
tcp 0 0 :::7892 :::* LISTEN 22381/clash
tcp 0 0 :::7893 :::* LISTEN 22381/clash
tcp 0 0 :::7895 :::* LISTEN 22381/clash
tcp 0 0 :::7890 :::* LISTEN 22381/clash
tcp 0 0 :::7891 :::* LISTEN 22381/clash
udp 0 0 :::7874 :::* 22381/clash
udp 0 0 :::7891 :::* 22381/clash
udp 0 0 :::7892 :::* 22381/clash
udp 0 0 :::7893 :::* 22381/clash
udp 0 0 :::7895 :::* 22381/clash
#===================== 测试本机DNS查询 =====================#
Server: 127.0.0.11
Address: 127.0.0.11:53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address: 110.242.68.4
Name: www.a.shifen.com
Address: 110.242.68.3
#===================== resolv.conf.d =====================#
# Interface lan
nameserver 223.5.5.5
nameserver 119.29.29.29
nameserver 8.8.4.4
#===================== 测试本机网络连接 =====================#
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Wed, 22 Jun 2022 11:48:47 GMT
Etag: "575e1f59-115"
Last-Modified: Mon, 13 Jun 2016 02:50:01 GMT
Pragma: no-cache
Server: bfe/1.0.8.18
#===================== 测试本机网络下载 =====================#
#===================== 最近运行日志 =====================#
2022-06-22 11:47:51 Step 6: Wait For The File Downloading...
2022-06-22 11:47:51 Step 7: Set Firewall Rules...
2022-06-22 11:47:51 Step 8: Restart Dnsmasq...
2022-06-22 11:47:55 Step 9: Add Cron Rules, Start Daemons...
2022-06-22 11:47:55 OpenClash Start Successful!
2022-06-22 11:48:36 OpenClash Stoping...
2022-06-22 11:48:36 Step 1: Backup The Current Groups State...
2022-06-22 11:48:36 Step 2: Delete OpenClash Firewall Rules...
2022-06-22 11:48:37 Step 3: Close The OpenClash Daemons...
2022-06-22 11:48:37 Step 4: Close The Clash Core Process...
2022-06-22 11:48:37 Step 5: Restart Dnsmasq...
2022-06-22 11:48:40 Step 6: Delete OpenClash Residue File...
2022-06-22 11:48:40 OpenClash Start Running...
2022-06-22 11:48:40 Step 1: Get The Configuration...
2022-06-22 11:48:40 Step 2: Check The Components...
2022-06-22 11:48:40 Tip: Because of the file【 /etc/config/openclash 】modificated, Pause quick start...
2022-06-22 11:48:40 Step 3: Modify The Config File...
2022-06-22 11:48:40 Setting Secondary DNS Server List...
2022-06-22 11:48:40 Step 4: Start Running The Clash Core...
2022-06-22 11:48:40 Tip: Detected The Exclusive Function of The Meta Core, Use Meta Core to Start...
2022-06-22 11:48:41 Step 5: Check The Core Status...
time="2022-06-22T11:48:41Z" level=info msg="Start initial configuration in progress"
time="2022-06-22T11:48:41Z" level=info msg="Geodata Loader mode: memconservative"
time="2022-06-22T11:48:41Z" level=info msg="Initial configuration complete, total time: 2ms"
time="2022-06-22T11:48:41Z" level=info msg="Sniffer is loaded and working"
time="2022-06-22T11:48:41Z" level=info msg="DNS server listening at: [::]:7874"
time="2022-06-22T11:48:41Z" level=info msg="Start initial compatible provider default"
time="2022-06-22T11:48:41Z" level=info msg="Start initial compatible provider Proxy"
time="2022-06-22T11:48:41Z" level=info msg="Start initial provider proxy"
time="2022-06-22T11:48:41Z" level=info msg="Start initial provider gfw"
time="2022-06-22T11:48:41Z" level=info msg="RESTful API listening at: [::]:9090"
time="2022-06-22T11:48:41Z" level=info msg="Start initial provider applications"
time="2022-06-22T11:48:41Z" level=info msg="Start initial provider cncidr"
time="2022-06-22T11:48:41Z" level=info msg="Start initial provider lancidr"
time="2022-06-22T11:48:41Z" level=info msg="Start initial provider tld-not-cn"
time="2022-06-22T11:48:41Z" level=info msg="Start initial provider apple"
time="2022-06-22T11:48:41Z" level=info msg="Start initial provider my_rule_direct"
time="2022-06-22T11:48:41Z" level=info msg="Start initial provider google"
time="2022-06-22T11:48:41Z" level=info msg="Start initial provider direct"
time="2022-06-22T11:48:41Z" level=info msg="Start initial provider telegramcidr"
time="2022-06-22T11:48:41Z" level=info msg="Start initial provider my_rule_proxy"
time="2022-06-22T11:48:41Z" level=info msg="Start initial provider icloud"
time="2022-06-22T11:48:41Z" level=info msg="Start initial provider private"
time="2022-06-22T11:48:41Z" level=info msg="Start initial provider greatfire"
time="2022-06-22T11:48:41Z" level=info msg="Start initial provider reject"
2022-06-22 11:48:44 Step 6: Wait For The File Downloading...
2022-06-22 11:48:44 Step 7: Set Firewall Rules...
2022-06-22 11:48:44 Step 8: Restart Dnsmasq...
2022-06-22 11:48:47 Step 9: Add Cron Rules, Start Daemons...
2022-06-22 11:48:47 OpenClash Start Successful!
#===================== 活动连接信息 =====================#
1. SourceIP:【192.168.1.191】 - Host:【p211-caldav.icloud.com.cn】 - DestinationIP:【111.206.109.120】 - Network:【tcp】 - RulePayload:【icloud】 - Lastchain:【DIRECT】
2. SourceIP:【192.168.1.105】 - Host:【Empty】 - DestinationIP:【123.125.46.76】 - Network:【tcp】 - RulePayload:【cncidr】 - Lastchain:【DIRECT】
OpenClash Config
No response
Expected Behavior
系统fake-ip增强模式可以代理udp流量,连接中可以看到tproxy(udp)
Screenshots
No response
我也是,退回到openclash 客户端v0.45.22-beta, core v1.10.6-9-g9d2fc97后正常了,在新版下nat类型为F,回退后是A
我也是,退回到openclash 客户端v0.45.22-beta, core v1.10.6-9-g9d2fc97后正常了,在新版下nat类型为F,回退后是A
前面有个issue提过了 手动将dev core回退到v1.10.6-12-g09d49ba版本及以前就可以了 openclash版本不限
不是这个问题 我回滚了版本也不行 用koolcenter的openwrt 或者kiddin9的固件就可以 其他固件 包括我自己编译的官方固件都不行 好奇怪
不是这个问题 我回滚了版本也不行 用koolcenter的openwrt 或者kiddin9的固件就可以 其他固件 包括我自己编译的官方固件都不行 好奇怪
那你和我们就不是一个问题 你的问题类似于固件tproxy用不了
我找到解决方法了,但是求教大神为什么这么设置就好了? https://github.com/xiaorouji/openwrt-passwall/issues/1320
/etc/sysctl.d/sysctl-br-netfilter-ip.conf 设置为
net.bridge.bridge-nf-call-ip6tables=0 net.bridge.bridge-nf-call-iptables=0
是的v0.45.33-beta tproxy udp直连可以用,但是走节点就没有数据无法使用了。 换tun模式udp走节点就正常了。 在上个版本的openclash上没有这个问题,tproxy udp无论直连还是代理都很正常。
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}