[Bug] 更新最新版本无法opkg update了

[yunyuyuan]

Verify Steps

• [x] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
• [x] Branch 我知道 OpenClash 的 Dev 分支切换开关位于插件设置-版本更新中，或者我会手动下载并安装 Dev 分支的 OpenClash
• [x] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
• [x] Relevant 我知道 OpenClash 与 内核(Core)、控制面板(Dashboard)、在线订阅转换(Subconverter)等项目之间无直接关系，仅相互调用
• [x] Definite 这确实是 OpenClash 出现的问题
• [ ] Contributors 我有能力协助 OpenClash 开发并解决此问题
• [ ] Meaningless 我提交的是无意义的催促更新或修复请求

OpenClash Version

v0.46.075

Bug on Environment

Official OpenWrt

OpenWrt Version

OpenWrt 23.05.5 (r24106-10cc5fcd00)

Bug on Platform

Linux-arm64

Describe the Bug

clashmeta是alpha-gef29e45，更新最新版本后无法opkg update了，无论是直连还是全局还是openwrt的官方源，都会报这个错：

➜  ~ wget https://mirrors.ustc.edu.cn/openwrt/releases/23.05.5/packages/aarch64_cortex-a72/packages/Packages.gz
--2025-02-16 01:47:26--  https://mirrors.ustc.edu.cn/openwrt/releases/23.05.5/packages/aarch64_cortex-a72/packages/Packages.gz
Resolving mirrors.ustc.edu.cn... 2001:da8:d800:95::110, 202.141.176.110
Connecting to mirrors.ustc.edu.cn|2001:da8:d800:95::110|:443... connected.
ERROR: no certificate subject alternative name matches
        requested host name 'mirrors.ustc.edu.cn'.
To connect to mirrors.ustc.edu.cn insecurely, use `--no-check-certificate'.

关闭openclash后可以更新。另外在客户端上可以下载，只是路由器自己wget会报错

To Reproduce

opkg update

OpenClash Log

大陆连接没有走内核，无任何报错日志

OpenClash Config

Expected Behavior

可以正常opkg update

Additional Context

No response

[tonyzhou777]

不写了么，加 --no-check-certificate

[yunyuyuan]

opkg update报错是这样的，我直接把wget拿出来单独跑了下，自己不好改opkg的执行内容吧

Downloading https://mirrors.ustc.edu.cn/openwrt/releases/23.05.5/targets/bcm27xx/bcm2711/packages/Packages.gz
*** Failed to download the package list from https://mirrors.ustc.edu.cn/openwrt/releases/23.05.5/targets/bcm27xx/bcm2711/packages/Packages.gz

Downloading https://mirrors.ustc.edu.cn/openwrt/releases/23.05.5/packages/aarch64_cortex-a72/base/Packages.gz
*** Failed to download the package list from https://mirrors.ustc.edu.cn/openwrt/releases/23.05.5/packages/aarch64_cortex-a72/base/Packages.gz

Downloading https://mirrors.ustc.edu.cn/openwrt/releases/23.05.5/packages/aarch64_cortex-a72/luci/Packages.gz
*** Failed to download the package list from https://mirrors.ustc.edu.cn/openwrt/releases/23.05.5/packages/aarch64_cortex-a72/luci/Packages.gz

Downloading https://mirrors.ustc.edu.cn/openwrt/releases/23.05.5/packages/aarch64_cortex-a72/packages/Packages.gz
*** Failed to download the package list from https://mirrors.ustc.edu.cn/openwrt/releases/23.05.5/packages/aarch64_cortex-a72/packages/Packages.gz

Downloading https://mirrors.ustc.edu.cn/openwrt/releases/23.05.5/packages/aarch64_cortex-a72/routing/Packages.gz
*** Failed to download the package list from https://mirrors.ustc.edu.cn/openwrt/releases/23.05.5/packages/aarch64_cortex-a72/routing/Packages.gz

Downloading https://mirrors.ustc.edu.cn/openwrt/releases/23.05.5/packages/aarch64_cortex-a72/telephony/Packages.gz
*** Failed to download the package list from https://mirrors.ustc.edu.cn/openwrt/releases/23.05.5/packages/aarch64_cortex-a72/telephony/Packages.gz

Collected errors:
 * opkg_download: Failed to download https://mirrors.ustc.edu.cn/openwrt/releases/23.05.5/targets/bcm27xx/bcm2711/packages/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://mirrors.ustc.edu.cn/openwrt/releases/23.05.5/packages/aarch64_cortex-a72/base/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://mirrors.ustc.edu.cn/openwrt/releases/23.05.5/packages/aarch64_cortex-a72/luci/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://mirrors.ustc.edu.cn/openwrt/releases/23.05.5/packages/aarch64_cortex-a72/packages/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://mirrors.ustc.edu.cn/openwrt/releases/23.05.5/packages/aarch64_cortex-a72/routing/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://mirrors.ustc.edu.cn/openwrt/releases/23.05.5/packages/aarch64_cortex-a72/telephony/Packages.gz, wget returned 5.
➜  ~ 

[tonyzhou777]

你开IPv6了吗？把IPv6关了试试？

[yunyuyuan]

个人需要ipv6，我降级到v0.46.064后正常用了

[EarSum]

immortalwrt has same issue 临时解决方式是使用特定的上游dns解析器（如smartdns或者adgh）对opkg源的域名进行ipv6地址解析屏蔽

smartdns自定义设置配置参考示例，现在的immortalwrt源会被自动重定向到南京大学镜像站，因此需要对mirror.nju.edu.cn进行v6地址解析屏蔽，其他源自行更换//中间的地址 address /mirror.nju.edu.cn/#6

在配置完后需要重启smartdns和openclash插件，路由器本机nslookup mirror.nju.edu.cn后无ipv6解析结果再行opkg update即可。

[TOPGUUN]

我把OPENCLASH的UDP转发关了就好了

[hv0905]

似乎是开启OpenClash后路由器所有IPV6连接都会受影响，暂时不知道什么原因

root@AtriAirport:~# curl -v https://test6.ustc.edu.cn
* Failed to connect to test6.ustc.edu.cn port 443 after 1 ms: Error
curl: (7) Failed to connect to test6.ustc.edu.cn port 443 after 1 ms: Error

内网下其它设备的ipv6连接正常

[ky-bd]

疑似是ipv6连接直接打回localhost了，curl 出来的是 luci 界面

$ curl -6 -kkvvv
 www.baidu.com
> GET / HTTP/1.1
> Host: www.baidu.com
> User-Agent: curl/8.7.1
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Connection: Keep-Alive
< Transfer-Encoding: chunked
< Keep-Alive: timeout=20
< x-luci-login-required: yes
< content-type: text/html
< cache-control: no-cache
< expires: 0
< x-frame-options: SAMEORIGIN
< x-xss-protection: 1; mode=block
< x-content-type-options: nosniff
<
<!DOCTYPE html>
<html lang="en">

<head>
        <meta charset="utf-8">
        <title>
                OpenWrt
                - LuCI</title>
        <meta content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" name="viewport" />
        <meta name="format-detection" content="telephone=no, email=no" />
        <meta name="apple-mobile-web-app-capable" content="yes">
        <meta name="mobile-web-app-capable" content="yes">
        <meta name="x5-fullscreen" content="true">
        <meta name="full-screen" content="yes">
        <meta name="x5-page-mode" content="app">
        <meta name="browsermode" content="application">
        <meta name="msapplication-tap-highlight" content="no">
        <meta name="msapplication-TileColor" content="#5e72e4">
        <meta name="application-name" content="OpenWrt - LuCI">
        <meta name="apple-mobile-web-app-title" content="OpenWrt - LuCI">
...

$ curl -kkvvv https://test6.ustc.edu.cn
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
> GET / HTTP/1.1
> Host: test6.ustc.edu.cn
> User-Agent: curl/8.7.1
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/1.1 403 Forbidden
< Connection: Keep-Alive
< Transfer-Encoding: chunked
< Keep-Alive: timeout=20
< x-luci-login-required: yes
< content-type: text/html
< cache-control: no-cache
< expires: 0
< x-frame-options: SAMEORIGIN
< x-xss-protection: 1; mode=block
< x-content-type-options: nosniff
<
<!DOCTYPE html>
<html lang="en">

<head>
        <meta charset="utf-8">
        <title>
                OpenWrt
                - LuCI</title>
        <meta content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" name="viewport" />
        <meta name="format-detection" content="telephone=no, email=no" />
        <meta name="apple-mobile-web-app-capable" content="yes">
...

[panda-mute]

这个问题有线索了么？

[Yzzzed]

同样问题。

[2536]

我也是这样的问题

[EarSum]

我个人把ipv6转发模式从tproxy改成redirect后似乎就好了，仅供参考

[2536]

我个人把ipv6转发模式从tproxy改成redirect后好像就可以了，仅供参考

我都没有开过IP v6

[zw654321]

我个人把ipv6转发模式从tproxy改成redirect后似乎就好了，仅供参考

谢谢，通过你的办法解决了，环境是nanopc t6 openwrt24，最新版openclash

[akanoaka]

找到一个方法：取消插件设置 -> IPv6设置的 允许 IPv6 类型 DNS 解析 就可以正常连上软件源了。猜测可能是openclash代理了IPv6的DNS查询但是配置的全都是IPv4的，所以返回不了解析结果。

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days