OpenClash
OpenClash copied to clipboard
[Bug] IPv6 tun模式会导致无法从海外通过公网IPv6访问路由器,国内无影响。
Verify Steps
- [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
- [X] Latest 我已经使用最新 Dev 版本测试过,问题依旧存在
- [X] Core 这是 OpenClash 存在的问题,并非我所使用的 Clash 或 Meta 等内核的特定问题
- [X] Meaningful 我提交的不是无意义的 催促更新或修复 请求
OpenClash Version
v0.45.121-beta
Bug on Environment
Official OpenWrt
Bug on Platform
Linux-amd64(x86-64)
To Reproduce
开启IPv6并选择tun模式,分别从境外服务器和境内通过公网IPv6访问路由器,境外无法访问,境内正常访问。
Describe the Bug
该问题仅在开启IPv6并选择tun模式才出现,tproxy和redirect模式无影响。
OpenClash Log
暂未在日志中发现有用信息,如有需要会进一步提供。
OpenClash Config
config openclash 'config'
option proxy_port '25500'
option tproxy_port '25505'
option mixed_port '25520'
option socks_port '25515'
option http_port '25510'
option dns_port '25300'
option enable '1'
option update '0'
option en_mode 'fake-ip-mix'
option auto_update '0'
option auto_update_time '0'
option cn_port '29595'
option dashboard_password 'shallowmo'
option dashboard_forward_ssl '0'
option rule_source '1'
option enable_custom_dns '0'
option ipv6_enable '1'
option ipv6_dns '1'
option enable_custom_clash_rules '0'
option other_rule_auto_update '1'
option core_version 'linux-amd64'
option enable_redirect_dns '1'
option servers_if_update '0'
option disable_masq_cache '1'
option servers_update '0'
option log_level 'warning'
option proxy_mode 'rule'
option intranet_allowed '1'
option disable_udp_quic '0'
option operation_mode 'fake-ip'
option enable_rule_proxy '1'
option redirect_dns '1'
option cachesize_dns '1'
option filter_aaaa_dns '1'
option small_flash_memory '0'
option interface_name '0'
option log_size '1024'
option tolerance '0'
option store_fakeip '1'
option custom_fallback_filter '0'
option custom_fakeip_filter '0'
option custom_host '0'
option custom_name_policy '0'
option append_wan_dns '0'
option bypass_gateway_compatible '0'
option github_address_mod '0'
option urltest_address_mod '0'
option urltest_interval_mod '0'
option delay_start '0'
option router_self_proxy '1'
option release_branch 'master'
option enable_meta_core '1'
option dashboard_type 'Meta'
option yacd_type 'Meta'
option append_default_dns '0'
option geo_custom_url 'https://testingcf.jsdelivr.net/gh/alecthw/mmdb_china_ip_list@release/lite/Country.mmdb'
option chnr_custom_url 'https://ispip.clang.cn/all_cn.txt'
option chnr6_custom_url 'https://ispip.clang.cn/all_cn_ipv6.txt'
option cndomain_custom_url 'https://testingcf.jsdelivr.net/gh/felixonmars/dnsmasq-china-list@master/accelerated-domains.china.conf'
option enable_custom_domain_dns_server '0'
option china_ip_route '1'
option geo_auto_update '1'
option geo_update_week_time '2'
option geo_update_day_time '1'
option geoip_auto_update '1'
option geosite_auto_update '1'
option chnr_auto_update '1'
option chnr_update_week_time '3'
option chnr_update_day_time '2'
option auto_restart '0'
option auto_restart_week_time '5'
option auto_restart_day_time '5'
option custom_china_domain_dns_server '114.114.114.114'
option other_rule_update_week_time '1'
option other_rule_update_day_time '2'
option geoip_update_week_time '2'
option geoip_update_day_time '3'
option geoip_custom_url 'https://testingcf.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat'
option geosite_update_week_time '2'
option geosite_update_day_time '5'
option geosite_custom_url 'https://testingcf.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat'
option fakeip_range '198.18.0.1/16'
option find_process_mode 'off'
option global_client_fingerprint 'chrome'
option geodata_loader 'standard'
option enable_geoip_dat '1'
option enable_meta_sniffer '1'
option config_path '/etc/openclash/config/config.yaml'
option config_reload '1'
option restricted_mode '0'
option core_type 'Meta'
option default_resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option dnsmasq_noresolv '0'
option dnsmasq_resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option ipv6_mode '0'
option china_ip6_route '1'
option enable_meta_sniffer_pure_ip '1'
option enable_meta_sniffer_custom '0'
option stream_domains_prefetch '0'
option stream_auto_select '0'
option enable_tcp_concurrent '1'
option stack_type 'system'
option enable_v6_udp_proxy '1'
option dnsmasq_cachesize '10000'
config dns_servers
option group 'nameserver'
option type 'udp'
option ip '114.114.114.114'
option enabled '1'
config dns_servers
option group 'nameserver'
option type 'udp'
option ip '119.29.29.29'
option enabled '1'
config dns_servers
option group 'nameserver'
option type 'udp'
option ip '119.28.28.28'
option enabled '0'
config dns_servers
option group 'nameserver'
option type 'udp'
option ip '223.5.5.5'
option enabled '0'
config dns_servers
option type 'https'
option ip 'doh.pub/dns-query'
option group 'nameserver'
option enabled '1'
config dns_servers
option type 'https'
option ip 'dns.alidns.com/dns-query'
option group 'nameserver'
option enabled '1'
config dns_servers
option type 'https'
option group 'fallback'
option ip 'dns.cloudflare.com/dns-query'
option enabled '1'
config dns_servers
option group 'fallback'
option ip 'dns.google'
option port '853'
option type 'tls'
option enabled '0'
config dns_servers
option group 'fallback'
option type 'https'
option ip '1.1.1.1/dns-query'
option enabled '0'
config dns_servers
option group 'fallback'
option ip '1.1.1.1'
option port '853'
option type 'tls'
option enabled '0'
config dns_servers
option enabled '0'
option group 'fallback'
option ip '8.8.8.8'
option port '853'
option type 'tls'
config dns_servers
option type 'udp'
option group 'fallback'
option ip '2001:4860:4860::8888'
option port '53'
option enabled '0'
config dns_servers
option type 'udp'
option group 'fallback'
option ip '2001:4860:4860::8844'
option port '53'
option enabled '0'
config dns_servers
option type 'udp'
option group 'fallback'
option ip '2001:da8::666'
option port '53'
option enabled '0'
config dns_servers
option group 'fallback'
option type 'https'
option ip 'public.dns.iij.jp/dns-query'
option enabled '1'
config dns_servers
option group 'fallback'
option type 'https'
option ip 'jp.tiar.app/dns-query'
option enabled '1'
config dns_servers
option group 'fallback'
option type 'https'
option ip 'jp.tiarap.org/dns-query'
option enabled '1'
config dns_servers
option group 'fallback'
option ip 'jp.tiar.app'
option type 'tls'
option enabled '0'
config dns_servers
option group 'fallback'
option ip 'dot.tiar.app'
option type 'tls'
option enabled '1'
config authentication
option enabled '1'
option username 'Clash'
option password '*********************'
另外附上对应的running config:
---
mode: rule
log-level: warning
ipv6: true
external-controller: 0.0.0.0:29595
geodata-mode: true
geox-url:
geoip: https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.dat
geosite: https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geosite.dat
mmdb: https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/country.mmdb
tun:
enable: true
stack: system
device: utun
auto-route: false
auto-detect-interface: false
dns-hijack:
- tcp://any:53
dns:
enable: true
prefer-h3: true
listen: 0.0.0.0:25300
ipv6: true
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
fake-ip-filter:
- "*"
- "+.lan"
default-nameserver:
- tls://223.5.5.5:853
nameserver:
- https://doh.pub/dns-query
- https://dns.alidns.com/dns-query#h3=true
nameserver-policy:
geosite:cn,private:
- https://doh.pub/dns-query
- https://dns.alidns.com/dns-query#h3=true
proxies:
- name: PROXY
type: ss
server: **************
port: *******
cipher: ****************
password: ****************
udp: true
plugin: shadow-tls
client-fingerprint: chrome
plugin-opts:
host: ****************
password: ****************
version: 3
rule-providers:
reject:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt
path: "./rule_provider/reject.yaml"
interval: 86400
icloud:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt
path: "./rule_provider/icloud.yaml"
interval: 86400
apple:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt
path: "./rule_provider/apple.yaml"
interval: 86400
google:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt
path: "./rule_provider/google.yaml"
interval: 86400
proxy:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt
path: "./rule_provider/proxy.yaml"
interval: 86400
direct:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt
path: "./rule_provider/direct.yaml"
interval: 86400
private:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt
path: "./rule_provider/private.yaml"
interval: 86400
gfw:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt
path: "./rule_provider/gfw.yaml"
interval: 86400
tld-not-cn:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt
path: "./rule_provider/tld-not-cn.yaml"
interval: 86400
telegramcidr:
type: http
behavior: ipcidr
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt
path: "./rule_provider/telegramcidr.yaml"
interval: 86400
cncidr:
type: http
behavior: ipcidr
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt
path: "./rule_provider/cncidr.yaml"
interval: 86400
lancidr:
type: http
behavior: ipcidr
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt
path: "./rule_provider/lancidr.yaml"
interval: 86400
applications:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt
path: "./rule_provider/applications.yaml"
interval: 86400
rules:
- DST-PORT,25505,REJECT
- DST-PORT,25500,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- DOMAIN-SUFFIX,awesome-hd.me,DIRECT
- DOMAIN-SUFFIX,broadcasthe.net,DIRECT
- DOMAIN-SUFFIX,chdbits.co,DIRECT
- DOMAIN-SUFFIX,classix-unlimited.co.uk,DIRECT
- DOMAIN-SUFFIX,empornium.me,DIRECT
- DOMAIN-SUFFIX,gazellegames.net,DIRECT
- DOMAIN-SUFFIX,hdchina.org,DIRECT
- DOMAIN-SUFFIX,hdsky.me,DIRECT
- DOMAIN-SUFFIX,icetorrent.org,DIRECT
- DOMAIN-SUFFIX,jpopsuki.eu,DIRECT
- DOMAIN-SUFFIX,keepfrds.com,DIRECT
- DOMAIN-SUFFIX,madsrevolution.net,DIRECT
- DOMAIN-SUFFIX,m-team.cc,DIRECT
- DOMAIN-SUFFIX,nanyangpt.com,DIRECT
- DOMAIN-SUFFIX,ncore.cc,DIRECT
- DOMAIN-SUFFIX,open.cd,DIRECT
- DOMAIN-SUFFIX,ourbits.club,DIRECT
- DOMAIN-SUFFIX,passthepopcorn.me,DIRECT
- DOMAIN-SUFFIX,privatehd.to,DIRECT
- DOMAIN-SUFFIX,redacted.ch,DIRECT
- DOMAIN-SUFFIX,springsunday.net,DIRECT
- DOMAIN-SUFFIX,tjupt.org,DIRECT
- DOMAIN-SUFFIX,totheglory.im,DIRECT
- DOMAIN-SUFFIX,smtp,DIRECT
- DOMAIN-KEYWORD,announce,DIRECT
- DOMAIN-KEYWORD,torrent,DIRECT
- DOMAIN-KEYWORD,tracker,DIRECT
- RULE-SET,applications,DIRECT
- DOMAIN,clash.razord.top,DIRECT
- DOMAIN,yacd.haishan.me,DIRECT
- RULE-SET,private,DIRECT
- RULE-SET,reject,REJECT
- RULE-SET,icloud,DIRECT
- RULE-SET,apple,DIRECT
- RULE-SET,google,DIRECT
- RULE-SET,proxy,PROXY
- RULE-SET,gfw,PROXY
- RULE-SET,direct,DIRECT
- RULE-SET,lancidr,DIRECT
- RULE-SET,cncidr,DIRECT
- RULE-SET,telegramcidr,PROXY
- GEOIP,LAN,DIRECT
- GEOIP,CN,DIRECT
- PROCESS-NAME,aria2c,DIRECT
- PROCESS-NAME,BitComet,DIRECT
- PROCESS-NAME,fdm,DIRECT
- PROCESS-NAME,NetTransport,DIRECT
- PROCESS-NAME,qbittorrent,DIRECT
- PROCESS-NAME,Thunder,DIRECT
- PROCESS-NAME,transmission-daemon,DIRECT
- PROCESS-NAME,transmission-qt,DIRECT
- PROCESS-NAME,uTorrent,DIRECT
- PROCESS-NAME,WebTorrent,DIRECT
- PROCESS-NAME,aria2c,DIRECT
- PROCESS-NAME,fdm,DIRECT
- PROCESS-NAME,Folx,DIRECT
- PROCESS-NAME,NetTransport,DIRECT
- PROCESS-NAME,qbittorrent,DIRECT
- PROCESS-NAME,Thunder,DIRECT
- PROCESS-NAME,Transmission,DIRECT
- PROCESS-NAME,transmission,DIRECT
- PROCESS-NAME,uTorrent,DIRECT
- PROCESS-NAME,WebTorrent,DIRECT
- PROCESS-NAME,WebTorrent Helper,DIRECT
- PROCESS-NAME,v2ray,DIRECT
- PROCESS-NAME,ss-local,DIRECT
- PROCESS-NAME,ssr-local,DIRECT
- PROCESS-NAME,ss-redir,DIRECT
- PROCESS-NAME,ssr-redir,DIRECT
- PROCESS-NAME,ss-server,DIRECT
- PROCESS-NAME,trojan-go,DIRECT
- PROCESS-NAME,xray,DIRECT
- PROCESS-NAME,hysteria,DIRECT
- PROCESS-NAME,UUBooster,DIRECT
- PROCESS-NAME,uugamebooster,DIRECT
- DST-PORT,80,PROXY
- DST-PORT,443,PROXY
- DST-PORT,22,PROXY
- MATCH,DIRECT
redir-port: 25500
tproxy-port: 25505
port: 25510
socks-port: 25515
mixed-port: 25520
allow-lan: true
secret: shallowmo
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
geodata-loader: standard
tcp-concurrent: true
find-process-mode: 'off'
global-client-fingerprint: chrome
sniffer:
enable: true
parse-pure-ip: true
profile:
store-selected: true
store-fake-ip: true
authentication:
- Clash:*******************
Expected Behavior
境内和境外都能正常访问。
Screenshots
No response