OpenClash [Bug] vless节点udp无法连通

[Bug] vless节点udp无法连通

Open Kryo123456 opened this issue 1 year ago • 3 comments

Verify Steps

[X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
[X] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
[X] Core 这是 OpenClash 存在的问题，并非我所使用的 Clash 或 Meta 等内核的特定问题
[X] Meaningful 我提交的不是无意义的催促更新或修复请求

OpenClash Version

v0.45.51-beta

Bug on Environment

Lean

Bug on Platform

Linux-armv8

To Reproduce

开启udp后使用vless节点无法连通udp链接

Describe the Bug

openclash开启udp后使用vless节点无法连通udp链接。使用相同的配置文件在同样支持meta内核的clash verge上进行测试，相同节点却可以连通。

OpenClash Log

[2022-08-27 15:36:42][DEBUG] [DNS] tw-twm-north.twm.geforcenow.nvidiagrid.net --> [210.17.84.196 210.17.84.200 210.17.84.198 210.17.84.201 210.17.84.202 210.17.84.199] [2022-08-27 15:36:42][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:42][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:42][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:42][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:42][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:42][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:42][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:42][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:42][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:42][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:42][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:42][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:42][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:42][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:42][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:42][INFO] [UDP] 192.168.1.74:49702 --> tw-twm-north.twm.geforcenow.nvidiagrid.net:5001 match InType(TPROXY/TUN) using 🐟 漏网之鱼[直连] [2022-08-27 15:36:42][DEBUG] [Process] find process array807.prod.do.dsp.mp.microsoft.com: netlink message: NLMSG_ERROR [2022-08-27 15:36:42][DEBUG] [Process] find process array807.prod.do.dsp.mp.microsoft.com: netlink message: NLMSG_ERROR [2022-08-27 15:36:42][INFO] [TCP] 192.168.1.74:58160 --> array807.prod.do.dsp.mp.microsoft.com:443 match DomainKeyword(microsoft) using Ⓜ️ 微软服务[直连] [2022-08-27 15:36:44][DEBUG] [DNS] tw-twm-north.twm.geforcenow.nvidiagrid.net --> [210.17.84.196 210.17.84.200 210.17.84.198 210.17.84.201 210.17.84.202 210.17.84.199] [2022-08-27 15:36:44][DEBUG] [DNS] tw-twm-north.twm.geforcenow.nvidiagrid.net --> [210.17.84.196 210.17.84.200 210.17.84.198 210.17.84.201 210.17.84.202 210.17.84.199] [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [DNS] tw-twm-north.twm.geforcenow.nvidiagrid.net --> [210.17.84.196 210.17.84.200 210.17.84.198 210.17.84.201 210.17.84.202 210.17.84.199] [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][INFO] [TCP] 192.168.1.74:58162 --> tw-twm-north.twm.geforcenow.nvidiagrid.net:443 match Match using 🚀 节点选择[直连] [2022-08-27 15:36:44][INFO] [TCP] 192.168.1.74:58161 --> tw-twm-north.twm.geforcenow.nvidiagrid.net:443 match Match using 🚀 节点选择[直连] [2022-08-27 15:36:44][DEBUG] [DNS] tw-twm-north.twm.geforcenow.nvidiagrid.net --> [210.17.84.196 210.17.84.200 210.17.84.198 210.17.84.201 210.17.84.202 210.17.84.199] [2022-08-27 15:36:44][DEBUG] [Process] find process 17.57.144.23: netlink message: NLMSG_ERROR [2022-08-27 15:36:44][DEBUG] [Process] find process 17.57.144.23: netlink message: NLMSG_ERROR

[2022-08-27 15:38:55][DEBUG] [DNS] tw-twm-north.twm.geforcenow.nvidiagrid.net --> [210.17.84.201 210.17.84.202 210.17.84.196 210.17.84.198 210.17.84.200 210.17.84.199] [2022-08-27 15:38:55][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:55][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:55][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:55][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:55][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:55][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:55][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:55][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:55][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:55][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:55][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:55][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:55][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:55][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:55][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:55][INFO] [UDP] 192.168.1.74:53249 --> tw-twm-north.twm.geforcenow.nvidiagrid.net:5001 match InType(TPROXY/TUN) using 🐟 漏网之鱼[直连] [2022-08-27 15:38:57][DEBUG] [DNS] tw-twm-north.twm.geforcenow.nvidiagrid.net --> [210.17.84.201 210.17.84.202 210.17.84.196 210.17.84.198 210.17.84.200 210.17.84.199] [2022-08-27 15:38:57][DEBUG] [DNS] tw-twm-north.twm.geforcenow.nvidiagrid.net --> [210.17.84.201 210.17.84.202 210.17.84.196 210.17.84.198 210.17.84.200 210.17.84.199] [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][DEBUG] [Process] find process tw-twm-north.twm.geforcenow.nvidiagrid.net: netlink message: NLMSG_ERROR [2022-08-27 15:38:57][INFO] [TCP] 192.168.1.74:58231 --> tw-twm-north.twm.geforcenow.nvidiagrid.net:443 match InType(TPROXY/TUN) using 🐟 漏网之鱼[直连] [2022-08-27 15:38:57][INFO] [TCP] 192.168.1.74:58232 --> tw-twm-north.twm.geforcenow.nvidiagrid.net:443 match InType(TPROXY/TUN) using 🐟 漏网之鱼[直连] [2022-08-27 15:38:57][DEBUG] [DNS] tw-twm-north.twm.geforcenow.nvidiagrid.net --> [210.17.84.201 210.17.84.202 210.17.84.196 210.17.84.198 210.17.84.200 210.17.84.199]

OpenClash Config

OpenClash 调试日志

生成时间: 2022-08-27 15:50:55
插件版本: v0.45.51-beta
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息



#===================== 系统信息 =====================#

主机型号: Phicomm N1
固件版本: OpenWrt SNAPSHOT r4866-3c0774cf8
LuCI版本: git-22.227.13225-9632640-1
内核版本: 5.18.18-flippy-75+
处理器架构: aarch64_cortex-a53

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
进程pid: 17872
运行权限: 17872: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-armv8

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2022.07.07-14-g6950e48
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.11.4-13-g6e058f8
Dev内核文件: 存在
Dev内核运行权限: 正常

Meta内核版本: alpha-g4b39362
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/sub.yaml
启动配置文件: /etc/openclash/sub.yaml
运行模式: redir-host
默认代理模式: rule
UDP流量转发(tproxy): 启用
DNS劫持: 启用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 启用
DNS远程解析: 停用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

port: 7890
socks-port: 7891
allow-lan: true
mode: rule
log-level: silent
external-controller: 0.0.0.0:9090
proxy-groups:
- name: "\U0001F680 节点选择"
  type: select
  disable-udp: false
  proxies:
  - "♻️ 自动选择"
  - "\U0001F52F 故障转移"
  - "\U0001F52E 负载均衡"
  - "\U0001F1ED\U0001F1F0 香港节点"
  - "\U0001F1E8\U0001F1F3 台湾节点"
  - "\U0001F1F8\U0001F1EC 狮城节点"
  - "\U0001F1EF\U0001F1F5 日本节点"
  - "\U0001F1FA\U0001F1F2 美国节点"
  - "\U0001F1F0\U0001F1F7 韩国节点"
  - "\U0001F680 手动切换"
  - DIRECT
- name: "\U0001F680 手动切换"
  type: select
  disable-udp: false
  proxies:
  - 上海CN2-香港1
  - 上海CN2-香港2
  - 直连
  - 内网
  - IPLC
  - 上海移动-日本
  use:
  - 薯条HK
  - 薯条TW
  - 薯条SG
  - 薯条US
  - 薯条JP
  - 薯条KR
- name: "♻️ 自动选择"
  type: url-test
  disable-udp: false
  proxies:
  - 上海CN2-香港1
  - 上海CN2-香港2
  - 直连
  - 内网
  - IPLC
  - 上海移动-日本
  use:
  - 薯条HK
  - 薯条TW
  - 薯条SG
  - 薯条US
  - 薯条JP
  - 薯条KR
  url: http://www.gstatic.com/generate_204
  interval: '300'
  tolerance: '50'
- name: "\U0001F52F 故障转移"
  type: fallback
  disable-udp: false
  proxies:
  - 上海CN2-香港1
  - 上海CN2-香港2
  - 直连
  - 内网
  - IPLC
  - 上海移动-日本
  use:
  - 薯条HK
  url: http://www.gstatic.com/generate_204
  interval: '300'
- name: "\U0001F52E 负载均衡"
  type: load-balance
  strategy: consistent-hashing
  disable-udp: false
  proxies:
  - 上海CN2-香港1
  - 上海CN2-香港2
  - 直连
  - 内网
  - IPLC
  - 上海移动-日本
  url: http://www.gstatic.com/generate_204
  interval: '300'
- name: "\U0001F4F2 电报消息"
  type: select
  proxies:
  - "\U0001F680 节点选择"
  - "♻️ 自动选择"
  - "\U0001F1F8\U0001F1EC 狮城节点"
  - "\U0001F1ED\U0001F1F0 香港节点"
  - "\U0001F1E8\U0001F1F3 台湾节点"
  - "\U0001F1EF\U0001F1F5 日本节点"
  - "\U0001F1FA\U0001F1F2 美国节点"
  - "\U0001F1F0\U0001F1F7 韩国节点"
  - "\U0001F680 手动切换"
  - DIRECT
- name: "\U0001F4F9 油管视频"
  type: select
  disable-udp: false
  proxies:
  - "\U0001F680 节点选择"
  - "♻️ 自动选择"
  - "\U0001F1F8\U0001F1EC 狮城节点"
  - "\U0001F1ED\U0001F1F0 香港节点"
  - "\U0001F1E8\U0001F1F3 台湾节点"
  - "\U0001F1EF\U0001F1F5 日本节点"
  - "\U0001F1FA\U0001F1F2 美国节点"
  - "\U0001F1F0\U0001F1F7 韩国节点"
  - "\U0001F680 手动切换"
  - "\U0001F30D 国外媒体"
- name: "\U0001F3A5 奈飞视频"
  type: select
  disable-udp: false
  proxies:
  - "\U0001F680 节点选择"
  - "♻️ 自动选择"
  - "\U0001F1F8\U0001F1EC 狮城节点"
  - "\U0001F1ED\U0001F1F0 香港节点"
  - "\U0001F1E8\U0001F1F3 台湾节点"
  - "\U0001F1EF\U0001F1F5 日本节点"
  - "\U0001F1FA\U0001F1F2 美国节点"
  - "\U0001F1F0\U0001F1F7 韩国节点"
  - "\U0001F680 手动切换"
  - DIRECT
- name: "\U0001F4FA 巴哈姆特"
  type: select
  proxies:
  - "\U0001F1E8\U0001F1F3 台湾节点"
  - "\U0001F680 节点选择"
  - "\U0001F680 手动切换"
  - DIRECT
- name: "\U0001F4FA 哔哩哔哩"
  type: select
  proxies:
  - "\U0001F3AF 全球直连"
  - "\U0001F1E8\U0001F1F3 台湾节点"
  - "\U0001F1ED\U0001F1F0 香港节点"
- name: "\U0001F30D 国外媒体"
  type: select
  proxies:
  - "\U0001F680 节点选择"
  - "♻️ 自动选择"
  - "\U0001F1ED\U0001F1F0 香港节点"
  - "\U0001F1E8\U0001F1F3 台湾节点"
  - "\U0001F1F8\U0001F1EC 狮城节点"
  - "\U0001F1EF\U0001F1F5 日本节点"
  - "\U0001F1FA\U0001F1F2 美国节点"
  - "\U0001F1F0\U0001F1F7 韩国节点"
  - "\U0001F680 手动切换"
  - DIRECT
- name: "\U0001F30F 国内媒体"
  type: select
  proxies:
  - DIRECT
  - "\U0001F1ED\U0001F1F0 香港节点"
  - "\U0001F1E8\U0001F1F3 台湾节点"
  - "\U0001F1F8\U0001F1EC 狮城节点"
  - "\U0001F1EF\U0001F1F5 日本节点"
  - "\U0001F680 手动切换"
- name: "\U0001F4E2 谷歌FCM"
  type: select
  proxies:
  - DIRECT
  - "\U0001F680 节点选择"
  - "\U0001F1FA\U0001F1F2 美国节点"
  - "\U0001F1ED\U0001F1F0 香港节点"
  - "\U0001F1E8\U0001F1F3 台湾节点"
  - "\U0001F1F8\U0001F1EC 狮城节点"
  - "\U0001F1EF\U0001F1F5 日本节点"
  - "\U0001F1F0\U0001F1F7 韩国节点"
  - "\U0001F680 手动切换"
- name: Ⓜ️ 微软云盘
  type: select
  proxies:
  - DIRECT
  - "\U0001F680 节点选择"
  - "\U0001F1FA\U0001F1F2 美国节点"
  - "\U0001F1ED\U0001F1F0 香港节点"
  - "\U0001F1E8\U0001F1F3 台湾节点"
  - "\U0001F1F8\U0001F1EC 狮城节点"
  - "\U0001F1EF\U0001F1F5 日本节点"
  - "\U0001F1F0\U0001F1F7 韩国节点"
  - "\U0001F680 手动切换"
- name: Ⓜ️ 微软服务
  type: select
  proxies:
  - DIRECT
  - "\U0001F680 节点选择"
  - "\U0001F1FA\U0001F1F2 美国节点"
  - "\U0001F1ED\U0001F1F0 香港节点"
  - "\U0001F1E8\U0001F1F3 台湾节点"
  - "\U0001F1F8\U0001F1EC 狮城节点"
  - "\U0001F1EF\U0001F1F5 日本节点"
  - "\U0001F1F0\U0001F1F7 韩国节点"
  - "\U0001F680 手动切换"
- name: "\U0001F34E 苹果服务"
  type: select
  proxies:
  - DIRECT
  - "\U0001F680 节点选择"
  - "\U0001F1FA\U0001F1F2 美国节点"
  - "\U0001F1ED\U0001F1F0 香港节点"
  - "\U0001F1E8\U0001F1F3 台湾节点"
  - "\U0001F1F8\U0001F1EC 狮城节点"
  - "\U0001F1EF\U0001F1F5 日本节点"
  - "\U0001F1F0\U0001F1F7 韩国节点"
  - "\U0001F680 手动切换"
- name: "\U0001F3AE 游戏平台"
  type: select
  proxies:
  - DIRECT
  - "\U0001F680 节点选择"
  - "\U0001F1FA\U0001F1F2 美国节点"
  - "\U0001F1ED\U0001F1F0 香港节点"
  - "\U0001F1E8\U0001F1F3 台湾节点"
  - "\U0001F1F8\U0001F1EC 狮城节点"
  - "\U0001F1EF\U0001F1F5 日本节点"
  - "\U0001F1F0\U0001F1F7 韩国节点"
  - "\U0001F680 手动切换"
- name: "\U0001F3B6 网易音乐"
  type: select
  proxies:
  - DIRECT
  - "\U0001F680 节点选择"
  - "♻️ 自动选择"
- name: "\U0001F3AF 全球直连"
  type: select
  proxies:
  - DIRECT
  - "\U0001F680 节点选择"
  - "♻️ 自动选择"
- name: "\U0001F6D1 广告拦截"
  type: select
  proxies:
  - REJECT
  - DIRECT
- name: "\U0001F343 应用净化"
  type: select
  proxies:
  - REJECT
  - DIRECT
- name: "\U0001F41F 漏网之鱼"
  type: select
  proxies:
  - "\U0001F680 节点选择"
  - "♻️ 自动选择"
  - DIRECT
  - "\U0001F1ED\U0001F1F0 香港节点"
  - "\U0001F1E8\U0001F1F3 台湾节点"
  - "\U0001F1F8\U0001F1EC 狮城节点"
  - "\U0001F1EF\U0001F1F5 日本节点"
  - "\U0001F1FA\U0001F1F2 美国节点"
  - "\U0001F1F0\U0001F1F7 韩国节点"
  - "\U0001F680 手动切换"
- name: "\U0001F1ED\U0001F1F0 香港节点"
  type: url-test
  use:
  - 薯条HK
  url: http://www.gstatic.com/generate_204
  interval: '300'
  tolerance: '50'
- name: "\U0001F1EF\U0001F1F5 日本节点"
  type: url-test
  proxies:
  - DIRECT
  - 上海移动-日本
  use:
  - 薯条JP
  url: http://www.gstatic.com/generate_204
  interval: '300'
  tolerance: '50'
- name: "\U0001F1FA\U0001F1F2 美国节点"
  type: url-test
  proxies:
  - DIRECT
  use:
  - 薯条US
  url: http://www.gstatic.com/generate_204
  interval: '300'
  tolerance: '150'
- name: "\U0001F1E8\U0001F1F3 台湾节点"
  type: url-test
  proxies:
  - DIRECT
  use:
  - 薯条TW
  url: http://www.gstatic.com/generate_204
  interval: '300'
  tolerance: '50'
- name: "\U0001F1F8\U0001F1EC 狮城节点"
  type: url-test
  proxies:
  - DIRECT
  use:
  - 薯条SG
  url: http://www.gstatic.com/generate_204
  interval: '300'
  tolerance: '50'
- name: "\U0001F1F0\U0001F1F7 韩国节点"
  type: url-test
  proxies:
  - DIRECT
  use:
  - 薯条KR
  url: http://www.gstatic.com/generate_204
  interval: '300'
  tolerance: '50'
  redir-port: 7892

tproxy-port: 7895
mixed-port: 7893
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: false
interface-name: eth0
geodata-mode: false
geodata-loader: memconservative
tcp-concurrent: false
dns:
  enable: true
  ipv6: false
  enhanced-mode: redir-host
  listen: 0.0.0.0:7874
  nameserver:
  - 114.114.114.114
  - 119.29.29.29
  - 119.28.28.28
  - 223.5.5.5
  - https://doh.pub/dns-query
  - https://dns.alidns.com/dns-query
  fallback:
  - https://dns.cloudflare.com/dns-query
  - tls://dns.google:853
  - https://1.1.1.1/dns-query
  - tls://1.1.1.1:853
  - tls://8.8.8.8:853
  fallback-filter:
    geoip: true
    geoip-code: CN
    ipcidr:
    - 0.0.0.0/8
    - 10.0.0.0/8
    - 100.64.0.0/10
    - 127.0.0.0/8
    - 169.254.0.0/16
    - 172.16.0.0/12
    - 192.0.0.0/24
    - 192.0.2.0/24
    - 192.88.99.0/24
    - 192.168.0.0/16
    - 198.18.0.0/15
    - 198.51.100.0/24
    - 203.0.113.0/24
    - 224.0.0.0/4
    - 240.0.0.0/4
    - 255.255.255.255/32
    domain:
    - "+.google.com"
    - "+.facebook.com"
    - "+.youtube.com"
    - "+.githubusercontent.com"
    - "+.googlevideo.com"
    - "+.msftconnecttest.com"
    - "+.msftncsi.com"
    - "+.sh-cn2.exacc.need.sh"
    - msftconnecttest.com
    - msftncsi.com
profile:
  store-selected: true
  store-fake-ip: true
authentication:
- Clash:bJmEJ1s4

#===================== 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Sat Aug 27 15:51:01 2022
*nat
:PREROUTING ACCEPT [26:6288]
:INPUT ACCEPT [57:7512]
:OUTPUT ACCEPT [715:45358]
:POSTROUTING ACCEPT [753:48494]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_docker_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:prerouting_docker_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:zone_docker_postrouting - [0:0]
:zone_docker_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i docker0 -m comment --comment "!fw3" -j zone_docker_prerouting
-A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o docker0 -m comment --comment "!fw3" -j zone_docker_postrouting
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -m owner ! --uid-owner 65534 -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_docker_postrouting -m comment --comment "!fw3: Custom docker postrouting rule chain" -j postrouting_docker_rule
-A zone_docker_prerouting -m comment --comment "!fw3: Custom docker prerouting rule chain" -j prerouting_docker_rule
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -j MINIUPNPD
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
COMMIT
# Completed on Sat Aug 27 15:51:01 2022

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Sat Aug 27 15:51:01 2022
*mangle
:PREROUTING ACCEPT [7727:1943920]
:INPUT ACCEPT [7258:1887863]
:FORWARD ACCEPT [475:56513]
:OUTPUT ACCEPT [7040:2214179]
:POSTROUTING ACCEPT [7516:2270854]
:RRDIPT_FORWARD - [0:0]
:RRDIPT_INPUT - [0:0]
:RRDIPT_OUTPUT - [0:0]
:openclash - [0:0]
-A PREROUTING -p udp -j openclash
-A INPUT -j RRDIPT_INPUT
-A FORWARD -j RRDIPT_FORWARD
-A OUTPUT -j RRDIPT_OUTPUT
-A RRDIPT_FORWARD -s 192.168.1.2/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.2/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.176/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.176/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.177/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.177/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.178/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.178/32 -j RETURN
-A RRDIPT_INPUT -i eth0 -j RETURN
-A RRDIPT_OUTPUT -o eth0 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
COMMIT
# Completed on Sat Aug 27 15:51:01 2022

#IPv4 Filter chain

# Generated by iptables-save v1.8.7 on Sat Aug 27 15:51:01 2022
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:SOCAT - [0:0]
:forwarding_docker_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:input_docker_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:output_docker_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:reject - [0:0]
:zone_docker_dest_ACCEPT - [0:0]
:zone_docker_forward - [0:0]
:zone_docker_input - [0:0]
:zone_docker_output - [0:0]
:zone_docker_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
-A INPUT -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT
-A INPUT -j SOCAT
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i docker0 -m comment --comment "!fw3" -j zone_docker_input
-A FORWARD -m policy --dir out --pol ipsec --proto esp -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec --proto esp -j ACCEPT
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i docker0 -m comment --comment "!fw3" -j zone_docker_forward
-A OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o docker0 -m comment --comment "!fw3" -j zone_docker_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A zone_docker_dest_ACCEPT -o docker0 -m comment --comment "!fw3" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Custom docker forwarding rule chain" -j forwarding_docker_rule
-A zone_docker_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_input -m comment --comment "!fw3: Custom docker input rule chain" -j input_docker_rule
-A zone_docker_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_docker_input -m comment --comment "!fw3" -j zone_docker_src_ACCEPT
-A zone_docker_output -m comment --comment "!fw3: Custom docker output rule chain" -j output_docker_rule
-A zone_docker_output -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_src_ACCEPT -i docker0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
COMMIT
# Completed on Sat Aug 27 15:51:01 2022

#IPv6 NAT chain

# Generated by ip6tables-save v1.8.7 on Sat Aug 27 15:51:01 2022
*nat
:PREROUTING ACCEPT [1289:411210]
:INPUT ACCEPT [1289:411210]
:OUTPUT ACCEPT [64865:4991894]
:POSTROUTING ACCEPT [64865:4991894]
COMMIT
# Completed on Sat Aug 27 15:51:01 2022

#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.7 on Sat Aug 27 15:51:01 2022
*mangle
:PREROUTING ACCEPT [353138:56969249]
:INPUT ACCEPT [353138:56969249]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [299643:38296506]
:POSTROUTING ACCEPT [299779:38336064]
COMMIT
# Completed on Sat Aug 27 15:51:01 2022

#IPv6 Filter chain

# Generated by ip6tables-save v1.8.7 on Sat Aug 27 15:51:01 2022
*filter
:INPUT ACCEPT [98:33728]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [160:39920]
:MINIUPNPD - [0:0]
:SOCAT - [0:0]
:forwarding_docker_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:input_docker_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:output_docker_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:reject - [0:0]
:zone_docker_dest_ACCEPT - [0:0]
:zone_docker_forward - [0:0]
:zone_docker_input - [0:0]
:zone_docker_output - [0:0]
:zone_docker_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
-A INPUT -j SOCAT
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i docker0 -m comment --comment "!fw3" -j zone_docker_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i docker0 -m comment --comment "!fw3" -j zone_docker_forward
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o docker0 -m comment --comment "!fw3" -j zone_docker_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A zone_docker_dest_ACCEPT -o docker0 -m comment --comment "!fw3" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Custom docker forwarding rule chain" -j forwarding_docker_rule
-A zone_docker_forward -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_input -m comment --comment "!fw3: Custom docker input rule chain" -j input_docker_rule
-A zone_docker_input -m comment --comment "!fw3" -j zone_docker_src_ACCEPT
-A zone_docker_output -m comment --comment "!fw3: Custom docker output rule chain" -j output_docker_rule
-A zone_docker_output -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_src_ACCEPT -i docker0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
COMMIT
# Completed on Sat Aug 27 15:51:01 2022

#===================== IPSET状态 =====================#

Name: cn
Name: ct
Name: cnc
Name: cmcc
Name: crtc
Name: cernet
Name: gwbn
Name: othernet
Name: music
Name: mwan3_connected_v4
Name: mwan3_connected_v6
Name: mwan3_source_v6
Name: mwan3_dynamic_v4
Name: mwan3_dynamic_v6
Name: mwan3_custom_v4
Name: mwan3_custom_v6
Name: china_ip_route
Name: china_ip_route_pass
Name: shuntlist
Name: gfwlist
Name: chnroute
Name: blacklist
Name: localnetwork
Name: shuntlist6
Name: gfwlist6
Name: chnroute6
Name: blacklist6
Name: mwan3_connected

#===================== 路由表状态 =====================#

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.2     0.0.0.0         UG    0      0        0 eth0
172.31.0.0      0.0.0.0         255.255.255.0   U     0      0        0 docker0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
#ip route list
default via 192.168.1.2 dev eth0 proto static 
172.31.0.0/24 dev docker0 proto kernel scope link src 172.31.0.1 linkdown 
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.3 
#ip rule show
0:	from all lookup local
32765:	from all fwmark 0x162 lookup 354
32766:	from all lookup main
32767:	from all lookup default

#===================== 端口占用状态 =====================#

tcp        0      0 :::7895                 :::*                    LISTEN      17872/clash
tcp        0      0 :::7892                 :::*                    LISTEN      17872/clash
tcp        0      0 :::7893                 :::*                    LISTEN      17872/clash
tcp        0      0 :::7890                 :::*                    LISTEN      17872/clash
tcp        0      0 :::7891                 :::*                    LISTEN      17872/clash
tcp        0      0 :::9090                 :::*                    LISTEN      17872/clash
udp        0      0 :::7874                 :::*                                17872/clash
udp        0      0 :::7891                 :::*                                17872/clash
udp        0      0 :::7892                 :::*                                17872/clash
udp        0      0 :::7893                 :::*                                17872/clash
udp        0      0 :::7895                 :::*                                17872/clash

#===================== 测试本机DNS查询 =====================#

Server:		127.0.0.1
Address:	127.0.0.1:53


www.baidu.com	canonical name = www.a.shifen.com
Name:	www.a.shifen.com
Address: 180.101.49.12
Name:	www.a.shifen.com
Address: 180.101.49.11


#===================== resolv.conf.d =====================#

# Interface lan
nameserver 114.114.114.114

#===================== 测试本机网络连接 =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Sat, 27 Aug 2022 07:51:02 GMT
Etag: "575e1f60-115"
Last-Modified: Mon, 13 Jun 2016 02:50:08 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

Expected Behavior

可以正常连通vless节点的udp链接

Screenshots

Aug 27 '22 08:08 Kryo123456

日志里面写的直连，跟节点有啥关系

Aug 27 '22 10:08 vernesong

日志里面写的直连，跟节点有啥关系

这个直连的意思是这个节点我没有套中转，直连vps，但是是通的

Aug 27 '22 12:08 Kryo123456

日志里面写的直连，跟节点有啥关系

我在游戏里也测试了下，表现为卡在游戏加载界面或者能进去但是一会儿之后会被踢出来

Aug 27 '22 12:08 Kryo123456

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

Oct 27 '22 08:10 github-actions[bot]

OpenClash OpenClash copied to clipboard

[Bug] vless节点udp无法连通

Verify Steps

OpenClash Version

Bug on Environment

Bug on Platform

To Reproduce

Describe the Bug

OpenClash Log

OpenClash Config

Expected Behavior

Screenshots

OpenClash
OpenClash copied to clipboard