OpenClash icon indicating copy to clipboard operation
OpenClash copied to clipboard

Published 20 hours ago verified publisher icon vernesong

[Bug] IPv6 tun模式会导致无法从海外通过公网IPv6访问路由器,国内无影响。

Open Acris opened this issue 1 year ago • 0 comments

Verify Steps

  • [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
  • [X] Latest 我已经使用最新 Dev 版本测试过,问题依旧存在
  • [X] Core 这是 OpenClash 存在的问题,并非我所使用的 Clash 或 Meta 等内核的特定问题
  • [X] Meaningful 我提交的不是无意义的 催促更新或修复 请求

OpenClash Version

v0.45.121-beta

Bug on Environment

Official OpenWrt

Bug on Platform

Linux-amd64(x86-64)

To Reproduce

开启IPv6并选择tun模式,分别从境外服务器和境内通过公网IPv6访问路由器,境外无法访问,境内正常访问。

Describe the Bug

该问题仅在开启IPv6并选择tun模式才出现,tproxy和redirect模式无影响。

OpenClash Log

暂未在日志中发现有用信息,如有需要会进一步提供。

OpenClash Config


config openclash 'config'
	option proxy_port '25500'
	option tproxy_port '25505'
	option mixed_port '25520'
	option socks_port '25515'
	option http_port '25510'
	option dns_port '25300'
	option enable '1'
	option update '0'
	option en_mode 'fake-ip-mix'
	option auto_update '0'
	option auto_update_time '0'
	option cn_port '29595'
	option dashboard_password 'shallowmo'
	option dashboard_forward_ssl '0'
	option rule_source '1'
	option enable_custom_dns '0'
	option ipv6_enable '1'
	option ipv6_dns '1'
	option enable_custom_clash_rules '0'
	option other_rule_auto_update '1'
	option core_version 'linux-amd64'
	option enable_redirect_dns '1'
	option servers_if_update '0'
	option disable_masq_cache '1'
	option servers_update '0'
	option log_level 'warning'
	option proxy_mode 'rule'
	option intranet_allowed '1'
	option disable_udp_quic '0'
	option operation_mode 'fake-ip'
	option enable_rule_proxy '1'
	option redirect_dns '1'
	option cachesize_dns '1'
	option filter_aaaa_dns '1'
	option small_flash_memory '0'
	option interface_name '0'
	option log_size '1024'
	option tolerance '0'
	option store_fakeip '1'
	option custom_fallback_filter '0'
	option custom_fakeip_filter '0'
	option custom_host '0'
	option custom_name_policy '0'
	option append_wan_dns '0'
	option bypass_gateway_compatible '0'
	option github_address_mod '0'
	option urltest_address_mod '0'
	option urltest_interval_mod '0'
	option delay_start '0'
	option router_self_proxy '1'
	option release_branch 'master'
	option enable_meta_core '1'
	option dashboard_type 'Meta'
	option yacd_type 'Meta'
	option append_default_dns '0'
	option geo_custom_url 'https://testingcf.jsdelivr.net/gh/alecthw/mmdb_china_ip_list@release/lite/Country.mmdb'
	option chnr_custom_url 'https://ispip.clang.cn/all_cn.txt'
	option chnr6_custom_url 'https://ispip.clang.cn/all_cn_ipv6.txt'
	option cndomain_custom_url 'https://testingcf.jsdelivr.net/gh/felixonmars/dnsmasq-china-list@master/accelerated-domains.china.conf'
	option enable_custom_domain_dns_server '0'
	option china_ip_route '1'
	option geo_auto_update '1'
	option geo_update_week_time '2'
	option geo_update_day_time '1'
	option geoip_auto_update '1'
	option geosite_auto_update '1'
	option chnr_auto_update '1'
	option chnr_update_week_time '3'
	option chnr_update_day_time '2'
	option auto_restart '0'
	option auto_restart_week_time '5'
	option auto_restart_day_time '5'
	option custom_china_domain_dns_server '114.114.114.114'
	option other_rule_update_week_time '1'
	option other_rule_update_day_time '2'
	option geoip_update_week_time '2'
	option geoip_update_day_time '3'
	option geoip_custom_url 'https://testingcf.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat'
	option geosite_update_week_time '2'
	option geosite_update_day_time '5'
	option geosite_custom_url 'https://testingcf.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat'
	option fakeip_range '198.18.0.1/16'
	option find_process_mode 'off'
	option global_client_fingerprint 'chrome'
	option geodata_loader 'standard'
	option enable_geoip_dat '1'
	option enable_meta_sniffer '1'
	option config_path '/etc/openclash/config/config.yaml'
	option config_reload '1'
	option restricted_mode '0'
	option core_type 'Meta'
	option default_resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option dnsmasq_noresolv '0'
	option dnsmasq_resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option ipv6_mode '0'
	option china_ip6_route '1'
	option enable_meta_sniffer_pure_ip '1'
	option enable_meta_sniffer_custom '0'
	option stream_domains_prefetch '0'
	option stream_auto_select '0'
	option enable_tcp_concurrent '1'
	option stack_type 'system'
	option enable_v6_udp_proxy '1'
	option dnsmasq_cachesize '10000'

config dns_servers
	option group 'nameserver'
	option type 'udp'
	option ip '114.114.114.114'
	option enabled '1'

config dns_servers
	option group 'nameserver'
	option type 'udp'
	option ip '119.29.29.29'
	option enabled '1'

config dns_servers
	option group 'nameserver'
	option type 'udp'
	option ip '119.28.28.28'
	option enabled '0'

config dns_servers
	option group 'nameserver'
	option type 'udp'
	option ip '223.5.5.5'
	option enabled '0'

config dns_servers
	option type 'https'
	option ip 'doh.pub/dns-query'
	option group 'nameserver'
	option enabled '1'

config dns_servers
	option type 'https'
	option ip 'dns.alidns.com/dns-query'
	option group 'nameserver'
	option enabled '1'

config dns_servers
	option type 'https'
	option group 'fallback'
	option ip 'dns.cloudflare.com/dns-query'
	option enabled '1'

config dns_servers
	option group 'fallback'
	option ip 'dns.google'
	option port '853'
	option type 'tls'
	option enabled '0'

config dns_servers
	option group 'fallback'
	option type 'https'
	option ip '1.1.1.1/dns-query'
	option enabled '0'

config dns_servers
	option group 'fallback'
	option ip '1.1.1.1'
	option port '853'
	option type 'tls'
	option enabled '0'

config dns_servers
	option enabled '0'
	option group 'fallback'
	option ip '8.8.8.8'
	option port '853'
	option type 'tls'

config dns_servers
	option type 'udp'
	option group 'fallback'
	option ip '2001:4860:4860::8888'
	option port '53'
	option enabled '0'

config dns_servers
	option type 'udp'
	option group 'fallback'
	option ip '2001:4860:4860::8844'
	option port '53'
	option enabled '0'

config dns_servers
	option type 'udp'
	option group 'fallback'
	option ip '2001:da8::666'
	option port '53'
	option enabled '0'

config dns_servers
	option group 'fallback'
	option type 'https'
	option ip 'public.dns.iij.jp/dns-query'
	option enabled '1'

config dns_servers
	option group 'fallback'
	option type 'https'
	option ip 'jp.tiar.app/dns-query'
	option enabled '1'

config dns_servers
	option group 'fallback'
	option type 'https'
	option ip 'jp.tiarap.org/dns-query'
	option enabled '1'

config dns_servers
	option group 'fallback'
	option ip 'jp.tiar.app'
	option type 'tls'
	option enabled '0'

config dns_servers
	option group 'fallback'
	option ip 'dot.tiar.app'
	option type 'tls'
	option enabled '1'

config authentication
	option enabled '1'
	option username 'Clash'
	option password '*********************'

另外附上对应的running config:

---
mode: rule
log-level: warning
ipv6: true
external-controller: 0.0.0.0:29595
geodata-mode: true
geox-url:
  geoip: https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.dat
  geosite: https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geosite.dat
  mmdb: https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/country.mmdb
tun:
  enable: true
  stack: system
  device: utun
  auto-route: false
  auto-detect-interface: false
  dns-hijack:
  - tcp://any:53
dns:
  enable: true
  prefer-h3: true
  listen: 0.0.0.0:25300
  ipv6: true
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  fake-ip-filter:
  - "*"
  - "+.lan"
  default-nameserver:
  - tls://223.5.5.5:853
  nameserver:
  - https://doh.pub/dns-query
  - https://dns.alidns.com/dns-query#h3=true
  nameserver-policy:
    geosite:cn,private:
    - https://doh.pub/dns-query
    - https://dns.alidns.com/dns-query#h3=true
proxies:
- name: PROXY
  type: ss
  server: **************
  port: *******
  cipher: ****************
  password: ****************
  udp: true
  plugin: shadow-tls
  client-fingerprint: chrome
  plugin-opts:
    host: ****************
    password: ****************
    version: 3
rule-providers:
  reject:
    type: http
    behavior: domain
    url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt
    path: "./rule_provider/reject.yaml"
    interval: 86400
  icloud:
    type: http
    behavior: domain
    url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt
    path: "./rule_provider/icloud.yaml"
    interval: 86400
  apple:
    type: http
    behavior: domain
    url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt
    path: "./rule_provider/apple.yaml"
    interval: 86400
  google:
    type: http
    behavior: domain
    url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt
    path: "./rule_provider/google.yaml"
    interval: 86400
  proxy:
    type: http
    behavior: domain
    url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt
    path: "./rule_provider/proxy.yaml"
    interval: 86400
  direct:
    type: http
    behavior: domain
    url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt
    path: "./rule_provider/direct.yaml"
    interval: 86400
  private:
    type: http
    behavior: domain
    url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt
    path: "./rule_provider/private.yaml"
    interval: 86400
  gfw:
    type: http
    behavior: domain
    url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt
    path: "./rule_provider/gfw.yaml"
    interval: 86400
  tld-not-cn:
    type: http
    behavior: domain
    url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt
    path: "./rule_provider/tld-not-cn.yaml"
    interval: 86400
  telegramcidr:
    type: http
    behavior: ipcidr
    url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt
    path: "./rule_provider/telegramcidr.yaml"
    interval: 86400
  cncidr:
    type: http
    behavior: ipcidr
    url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt
    path: "./rule_provider/cncidr.yaml"
    interval: 86400
  lancidr:
    type: http
    behavior: ipcidr
    url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt
    path: "./rule_provider/lancidr.yaml"
    interval: 86400
  applications:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt
    path: "./rule_provider/applications.yaml"
    interval: 86400
rules:
- DST-PORT,25505,REJECT
- DST-PORT,25500,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- DOMAIN-SUFFIX,awesome-hd.me,DIRECT
- DOMAIN-SUFFIX,broadcasthe.net,DIRECT
- DOMAIN-SUFFIX,chdbits.co,DIRECT
- DOMAIN-SUFFIX,classix-unlimited.co.uk,DIRECT
- DOMAIN-SUFFIX,empornium.me,DIRECT
- DOMAIN-SUFFIX,gazellegames.net,DIRECT
- DOMAIN-SUFFIX,hdchina.org,DIRECT
- DOMAIN-SUFFIX,hdsky.me,DIRECT
- DOMAIN-SUFFIX,icetorrent.org,DIRECT
- DOMAIN-SUFFIX,jpopsuki.eu,DIRECT
- DOMAIN-SUFFIX,keepfrds.com,DIRECT
- DOMAIN-SUFFIX,madsrevolution.net,DIRECT
- DOMAIN-SUFFIX,m-team.cc,DIRECT
- DOMAIN-SUFFIX,nanyangpt.com,DIRECT
- DOMAIN-SUFFIX,ncore.cc,DIRECT
- DOMAIN-SUFFIX,open.cd,DIRECT
- DOMAIN-SUFFIX,ourbits.club,DIRECT
- DOMAIN-SUFFIX,passthepopcorn.me,DIRECT
- DOMAIN-SUFFIX,privatehd.to,DIRECT
- DOMAIN-SUFFIX,redacted.ch,DIRECT
- DOMAIN-SUFFIX,springsunday.net,DIRECT
- DOMAIN-SUFFIX,tjupt.org,DIRECT
- DOMAIN-SUFFIX,totheglory.im,DIRECT
- DOMAIN-SUFFIX,smtp,DIRECT
- DOMAIN-KEYWORD,announce,DIRECT
- DOMAIN-KEYWORD,torrent,DIRECT
- DOMAIN-KEYWORD,tracker,DIRECT
- RULE-SET,applications,DIRECT
- DOMAIN,clash.razord.top,DIRECT
- DOMAIN,yacd.haishan.me,DIRECT
- RULE-SET,private,DIRECT
- RULE-SET,reject,REJECT
- RULE-SET,icloud,DIRECT
- RULE-SET,apple,DIRECT
- RULE-SET,google,DIRECT
- RULE-SET,proxy,PROXY
- RULE-SET,gfw,PROXY
- RULE-SET,direct,DIRECT
- RULE-SET,lancidr,DIRECT
- RULE-SET,cncidr,DIRECT
- RULE-SET,telegramcidr,PROXY
- GEOIP,LAN,DIRECT
- GEOIP,CN,DIRECT
- PROCESS-NAME,aria2c,DIRECT
- PROCESS-NAME,BitComet,DIRECT
- PROCESS-NAME,fdm,DIRECT
- PROCESS-NAME,NetTransport,DIRECT
- PROCESS-NAME,qbittorrent,DIRECT
- PROCESS-NAME,Thunder,DIRECT
- PROCESS-NAME,transmission-daemon,DIRECT
- PROCESS-NAME,transmission-qt,DIRECT
- PROCESS-NAME,uTorrent,DIRECT
- PROCESS-NAME,WebTorrent,DIRECT
- PROCESS-NAME,aria2c,DIRECT
- PROCESS-NAME,fdm,DIRECT
- PROCESS-NAME,Folx,DIRECT
- PROCESS-NAME,NetTransport,DIRECT
- PROCESS-NAME,qbittorrent,DIRECT
- PROCESS-NAME,Thunder,DIRECT
- PROCESS-NAME,Transmission,DIRECT
- PROCESS-NAME,transmission,DIRECT
- PROCESS-NAME,uTorrent,DIRECT
- PROCESS-NAME,WebTorrent,DIRECT
- PROCESS-NAME,WebTorrent Helper,DIRECT
- PROCESS-NAME,v2ray,DIRECT
- PROCESS-NAME,ss-local,DIRECT
- PROCESS-NAME,ssr-local,DIRECT
- PROCESS-NAME,ss-redir,DIRECT
- PROCESS-NAME,ssr-redir,DIRECT
- PROCESS-NAME,ss-server,DIRECT
- PROCESS-NAME,trojan-go,DIRECT
- PROCESS-NAME,xray,DIRECT
- PROCESS-NAME,hysteria,DIRECT
- PROCESS-NAME,UUBooster,DIRECT
- PROCESS-NAME,uugamebooster,DIRECT
- DST-PORT,80,PROXY
- DST-PORT,443,PROXY
- DST-PORT,22,PROXY
- MATCH,DIRECT
redir-port: 25500
tproxy-port: 25505
port: 25510
socks-port: 25515
mixed-port: 25520
allow-lan: true
secret: shallowmo
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
geodata-loader: standard
tcp-concurrent: true
find-process-mode: 'off'
global-client-fingerprint: chrome
sniffer:
  enable: true
  parse-pure-ip: true
profile:
  store-selected: true
  store-fake-ip: true
authentication:
- Clash:*******************

Expected Behavior

境内和境外都能正常访问。

Screenshots

No response

Acris avatar Jun 15 '23 09:06 Acris