vernesong
[Bug] 关tailscale的ipv4打洞问题
Verify Steps
- [x] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
- [x] Branch 我知道 OpenClash 的 Dev 分支切换开关位于插件设置-版本更新中,或者我会手动下载并安装 Dev 分支的 OpenClash
- [x] Latest 我已经使用最新 Dev 版本测试过,问题依旧存在
- [x] Relevant 我知道 OpenClash 与 内核(Core)、控制面板(Dashboard)、在线订阅转换(Subconverter)等项目之间无直接关系,仅相互调用
- [x] Definite 这确实是 OpenClash 出现的问题
- [ ] Contributors 我有能力协助 OpenClash 开发并解决此问题
- [ ] Meaningless 我提交的是无意义的催促更新或修复请求
OpenClash Version
v0.46.081
Bug on Environment
Istoreos
OpenWrt Version
22.03.7 2025040711
Bug on Platform
Linux-amd64(x86-64)
Describe the Bug
我的tailscale(docker布署)与openclash在软路由,ipv6打洞一切正常,但ipv4打同正常一段时间后无法打洞,重启openclash后恢复正常,但一段时间后又无法打洞。 观察:与端口域名规则无关,问题关键是刚重启一定时间tailscale打洞没有大量漏网之鱼,运行一定时间后产生大量漏网之鱼连结因为走了代理造成不通,漏网之鱼换直连会稍微改善ipv4打洞。 重启openclash后又恢复正常1小时左右。 从0.46.06+以后版本一直有这个奇怪的问题。
To Reproduce
一直复现
OpenClash Log
没有日志
OpenClash Config
Expected Behavior
希望与早期版本一样,稳定。
Additional Context
No response
为啥要 Docker 部署? 群晖/黑群晖? OpenWrt ‘opkg install tailscale’ 不香么?
https://openwrt.org/docs/guide-user/services/vpn/tailscale/start
Docker 部署等于多一层 NAT; 而且你也没说是 Tproxy 还是 TUN...
Tailscale 要放行 control panel 规则之外 UDP 3478/ 41641 需要走 tailscale0 Interface. Derp 确认的连接得 走 TCP 443 或者 “Derp 自签名的端口"
mihomo 新版的 TUN 也能写 tun add exclude-src-port,exclude-src-port-range,exclude-dst-port and exclude-dst-port-range on Linux https://github.com/MetaCubeX/mihomo/releases/tag/v1.19.5
tailscale tun conflict citation: https://github.com/MetaCubeX/mihomo/issues/1769
为啥要 Docker 部署? 群晖/黑群晖? OpenWrt ‘opkg install tailscale’ 不香么?
https://openwrt.org/docs/guide-user/services/vpn/tailscale/start
Docker 部署等于多一层 NAT; 而且你也没说是 Tproxy 还是 TUN...
Tailscale 要放行 control panel 规则之外 UDP 3478/ 41641 需要走 tailscale0 Interface. Derp 确认的连接得 走 TCP 443 或者 “Derp 自签名的端口"
mihomo 新版的 TUN 也能写 tun add exclude-src-port,exclude-src-port-range,exclude-dst-port and exclude-dst-port-range on Linux https://github.com/MetaCubeX/mihomo/releases/tag/v1.19.5
tailscale tun conflict citation: MetaCubeX/mihomo#1769
大佬,请问我这个情况怎么解决 我在软路由上开的openclash,模式为redir-host兼容模式 针对tailscale添加了2条放行规则:
DST-PORT,3478,DIRECT #NAT打洞端口(直连) DOMAIN-SUFFIX,tailscale.com,DIRECT 然后我电脑开启tailscale,能直连手机(手机用的流量) 软路由上开启tailscale就不行,只能通过中转连接手机
为啥要 Docker 部署? 群晖/黑群晖? OpenWrt ‘opkg install tailscale’ 不香么? https://openwrt.org/docs/guide-user/services/vpn/tailscale/start Docker 部署等于多一层 NAT; 而且你也没说是 Tproxy 还是 TUN... Tailscale 要放行 control panel 规则之外 UDP 3478/ 41641 需要走 tailscale0 Interface. Derp 确认的连接得 走 TCP 443 或者 “Derp 自签名的端口" mihomo 新版的 TUN 也能写 tun add exclude-src-port,exclude-src-port-range,exclude-dst-port and exclude-dst-port-range on Linux https://github.com/MetaCubeX/mihomo/releases/tag/v1.19.5 tailscale tun conflict citation: MetaCubeX/mihomo#1769
大佬,请问我这个情况怎么解决 我在软路由上开的openclash,模式为redir-host兼容模式 针对tailscale添加了2条放行规则:
DST-PORT,3478,DIRECT #NAT打洞端口(直连) DOMAIN-SUFFIX,tailscale.com,DIRECT 然后我电脑开启tailscale,能直连手机(手机用的流量) 软路由上开启tailscale就不行,只能通过中转连接手机
为啥要 Docker 部署?群晖/黑群晖? OpenWrt 'opkg install tailscale' 不香么? https://openwrt.org/docs/guide-user/services/vpn/tailscale/start Docker部署相邻多层NAT; 而且你也没有说是 Tproxy 还是 TUN... Tailscale 要放行控制面板规则排除 UDP 3478/ 41641 需要走 tailscale0 接口。 Derp 确认的连接得走 TCP 443 或者“Derp 自签名的端口” mihomo 新版的 TUN 也可以在 Linux 上编写 tun add exclude-src-port,exclude-src-port-range,exclude-dst-port 和 excule-dst-port-range https://github.com/MetaCubeX/mihomo/releases/tag/v1.19.5 尾鳞冲突引用:MetaCubeX/mihomo#1769
大佬,请问我这种情况怎么解决 我在软路由上开的openclash,模式为redir-host兼容模式 针对tailscale添加了2条放行规则:
DST-PORT,3478,DIRECT #NAT打洞端口(直连) DOMAIN-SUFFIX,tailscale.com,DIRECT 然后我电脑开启tailscale,能直连手机(手机用的流量) 软路由上开启tailscale就不行,只能通过中转连接手机
可以明确告诉你与端口放行,域名规则,tun还是tproxy,是装在docker还是openwrt直接安装均无关,用进程规则在漏网之鱼这上直连会有所改善。
楼上不信邪的可以 两个docker 打洞试试看.. 即使是阿里腾讯火山的自建 Derp.. "漏网之鱼" 并不是九漏鱼
rules:
# AND,((NETWORK,UDP),(DEST-PORT,443)),REJECT
- DOMAIN,dl.tailscale.com,Proxy //非联通网络更新障碍
- DOMAIN,pkgs.tailscale.com,Proxy //非联通网络更新障碍
- IP-CIDR,#Derp 或者 Remote 可直连的VPS_IPv4地址/32,DIRECT,no-resolve
........
........
# Tailscale Patsec RDP control
- DOMAIN-SUFFIX,xedge.cc,DIRECT //国内开源替代
- DOMAIN,log.tailscale.io,DIRECT
- DOMAIN,cxp.tailscale.io,DIRECT
- DOMAIN-SUFFIX,ts.net,DIRECT
- DOMAIN-SUFFIX,tailscale.io,DIRECT
- DOMAIN-SUFFIX,tailscale.com,DIRECT
- DOMAIN,stun.parsec.app,DIRECT
- DOMAIN,stun6.parsec.app,DIRECT
- DOMAIN,builds.parsec.app,📌 手动选择 //parsec login
- DOMAIN,public.parsec.app,📌 手动选择
- DOMAIN,kessel-api.parsec.app,📌 手动选择
- DOMAIN,kessel-ws.parsec.app,📌 手动选择
- DOMAIN,parsecusercontent.com,📌 手动选择
........
........
- DST-PORT,445,DIRECT
# DST-PORT,3478,DIRECT
- SRC-PORT,41641,DIRECT
自建国内 Derp 端请采用防火墙放行 UDP 3478/ 41641 以及自建非自签名证书的 TCP 端口
citation: https://github.com/tailscale/tailscale/issues/11776#issuecomment-2543093012
另外 Surge 或者 mihomo 所使用的 exclude-interface 或者指定 Interface 均在 TUN 模式才才需要考虑兼容性
https://wiki.metacubex.one/config/inbound/tun/#exclude-interface
Surge Mac Beta 更新日志
在之前的版本中,若开启了增强模式,由于系统的路由表已被 Surge 覆盖,所以所有向外发出的数据包,会被强制使用主 interface 发出,而不经由路由表,以避免产生死循环。
但这也导致在存在多网卡或其他 VPN 的情况下,数据包无法被从正确的 interface 上发出。
该版本改进了相关设计,现在 Surge 在增强模式下会自动检查路由,如果存在更高优先级的小路由,则依然使用标准路由发出 UDP 数据包(主要是 DNS,但请注意单域名查询时只能有一个 53 DNS 服务器方可生效),以增强兼容性。但目前暂不支持 TCP 数据包的自动判断,依然需要通过 DIRECT 策略别名进行手动配置
citation: https://t.me/SurgeTestFlightFeed/195
mihomo Android TUN 模式兼容
citation: https://github.com/MetaCubeX/mihomo/issues/1571#issuecomment-2397947492
另外 sing-box 1.11.0 之后也考虑了兼容 Tailscale 方案
https://sing-box.sagernet.org/configuration/dns/server/tailscale/
citation: https://x.com/nek0hasekai/status/1859555474468970585
AI找的吧,呵呵
tun: skip-auth-prefixes: - 100.64.0.0/10 - 192.168.0.0/16
- DOMAIN-REGEX,^derp.*tailscale.com,DIRECT
- PROCESS-NAME,tailscaled,DIRECT(放漏网之鱼上面,打开进程,用exitnode会漏一点)
至于端口很少有设备默认不放行,至一个设备上的docker和fakeip(由于可映射ipv6反面提升连通率)什么的虽不在一个网段,但这也叫NAT?
问题的关键是本来是通的,一段时间后不通
一看就是用的 Tailscale 官方非自建的 Derp... 你还差得远 建议多学学
建议先看看 Tailscale 官方是怎么样说 Docker 安装在 Linux Kernel networking 区分的.
https://youtu.be/tqvvZhGrciQ?feature=shared&t=1081
我自己是在openwrt 上直接安装 tailscale ,没有搞docker,openclash fakeip + tproxy 模式 ,长期使用没有什么问题。
增加两条优先自定义规则:
rules:
- PROCESS-NAME,tailscaled,DIRECT
- DOMAIN-KEYWORD,derp,DIRECT
另外写了个脚本,定时更新官方derp服务器的域名和ip列表:
import requests
from requests.exceptions import RequestException
import json
url = "https://login.tailscale.com/derpmap/default"
try:
response = requests.get(url)
except RequestException as e:
print(f"RequestException: {e}")
raise e
data = response.json()
with open("./derp.json", "w", buffering=1, encoding="utf-8") as derp_json:
json.dump(data, derp_json, indent=2)
with open("./derp.list", "w", buffering=1, encoding="utf-8") as derp_file:
derp_file.write("# Rule list of tailscale derpers\n")
# print(json.dumps(data, indent=2))
regions = data["Regions"].items()
# print(regions)
for rid, region in regions:
name = region["RegionName"]
# print(name)
derp_file.write(f"\n# --------------------\n")
derp_file.write(f"# Region {rid}: {name}\n")
for node in region["Nodes"]:
derp_file.write(f"# {node['Name']}\n")
derp_file.write(f"DOMAIN,{node['HostName']}\n")
derp_file.write(f"IP-CIDR,{node['IPv4']}/32,no-resolve\n")
derp_file.write(f"IP-CIDR6,{node['IPv6']}/128,no-resolve\n")
搞出来的列表长这样,可以塞给subconverter 的ruleset 然后分配直连规则。
# Rule list of tailscale derpers
# --------------------
# Region 1: New York City
# 1f
DOMAIN,derp1f.tailscale.com
IP-CIDR,199.38.181.104/32,no-resolve
IP-CIDR6,2607:f740:f::bc/128,no-resolve
# 1g
DOMAIN,derp1g.tailscale.com
IP-CIDR,209.177.145.120/32,no-resolve
IP-CIDR6,2607:f740:f::3eb/128,no-resolve
# 1h
DOMAIN,derp1h.tailscale.com
IP-CIDR,199.38.181.93/32,no-resolve
IP-CIDR6,2607:f740:f::afd/128,no-resolve
# 1i
DOMAIN,derp1i.tailscale.com
IP-CIDR,199.38.181.103/32,no-resolve
IP-CIDR6,2607:f740:f::e19/128,no-resolve
# --------------------
# Region 10: Seattle
# 10b
DOMAIN,derp10b.tailscale.com
IP-CIDR,192.73.240.161/32,no-resolve
IP-CIDR6,2607:f740:14::61c/128,no-resolve
# 10c
DOMAIN,derp10c.tailscale.com
IP-CIDR,192.73.240.121/32,no-resolve
IP-CIDR6,2607:f740:14::40c/128,no-resolve
# 10d
DOMAIN,derp10d.tailscale.com
IP-CIDR,192.73.240.132/32,no-resolve
IP-CIDR6,2607:f740:14::500/128,no-resolve
# --------------------
# Region 11: São Paulo
# 11b
DOMAIN,derp11b.tailscale.com
IP-CIDR,148.163.220.129/32,no-resolve
IP-CIDR6,2607:f740:1::211/128,no-resolve
# 11c
DOMAIN,derp11c.tailscale.com
IP-CIDR,148.163.220.134/32,no-resolve
IP-CIDR6,2607:f740:1::861/128,no-resolve
# 11d
DOMAIN,derp11d.tailscale.com
IP-CIDR,148.163.220.210/32,no-resolve
IP-CIDR6,2607:f740:1::2e6/128,no-resolve
# --------------------
# Region 12: Chicago
# 12d
DOMAIN,derp12d.tailscale.com
IP-CIDR,209.177.158.246/32,no-resolve
IP-CIDR6,2607:f740:e::811/128,no-resolve
# 12e
DOMAIN,derp12e.tailscale.com
IP-CIDR,209.177.158.15/32,no-resolve
IP-CIDR6,2607:f740:e::b17/128,no-resolve
# 12f
DOMAIN,derp12f.tailscale.com
IP-CIDR,199.38.182.118/32,no-resolve
IP-CIDR6,2607:f740:e::4c8/128,no-resolve
# --------------------
# Region 13: Denver
# 13b
DOMAIN,derp13b.tailscale.com
IP-CIDR,192.73.242.187/32,no-resolve
IP-CIDR6,2607:f740:16::640/128,no-resolve
# 13c
DOMAIN,derp13c.tailscale.com
IP-CIDR,192.73.242.28/32,no-resolve
IP-CIDR6,2607:f740:16::5c/128,no-resolve
# 13d
DOMAIN,derp13d.tailscale.com
IP-CIDR,192.73.242.204/32,no-resolve
IP-CIDR6,2607:f740:16::c23/128,no-resolve
# --------------------
# Region 14: Amsterdam
# 14b
DOMAIN,derp14b.tailscale.com
IP-CIDR,176.58.93.248/32,no-resolve
IP-CIDR6,2a00:dd80:3c::807/128,no-resolve
# 14c
DOMAIN,derp14c.tailscale.com
IP-CIDR,176.58.93.147/32,no-resolve
IP-CIDR6,2a00:dd80:3c::b09/128,no-resolve
# 14d
DOMAIN,derp14d.tailscale.com
IP-CIDR,176.58.93.154/32,no-resolve
IP-CIDR6,2a00:dd80:3c::3d5/128,no-resolve
# --------------------
# Region 15: Johannesburg
# 15b
DOMAIN,derp15b.tailscale.com
IP-CIDR,102.67.165.90/32,no-resolve
IP-CIDR6,2c0f:edb0:0:10::963/128,no-resolve
# 15c
DOMAIN,derp15c.tailscale.com
IP-CIDR,102.67.165.185/32,no-resolve
IP-CIDR6,2c0f:edb0:0:10::b59/128,no-resolve
# 15d
DOMAIN,derp15d.tailscale.com
IP-CIDR,102.67.165.36/32,no-resolve
IP-CIDR6,2c0f:edb0:0:10::599/128,no-resolve
# --------------------
# Region 16: Miami
# 16b
DOMAIN,derp16b.tailscale.com
IP-CIDR,192.73.243.135/32,no-resolve
IP-CIDR6,2607:f740:17::476/128,no-resolve
# 16c
DOMAIN,derp16c.tailscale.com
IP-CIDR,192.73.243.229/32,no-resolve
IP-CIDR6,2607:f740:17::4e4/128,no-resolve
# 16d
DOMAIN,derp16d.tailscale.com
IP-CIDR,192.73.243.141/32,no-resolve
IP-CIDR6,2607:f740:17::475/128,no-resolve
# --------------------
# Region 17: Los Angeles
# 17b
DOMAIN,derp17b.tailscale.com
IP-CIDR,192.73.244.245/32,no-resolve
IP-CIDR6,2607:f740:c::646/128,no-resolve
# 17c
DOMAIN,derp17c.tailscale.com
IP-CIDR,208.111.40.12/32,no-resolve
IP-CIDR6,2607:f740:c::10/128,no-resolve
# 17d
DOMAIN,derp17d.tailscale.com
IP-CIDR,208.111.40.216/32,no-resolve
IP-CIDR6,2607:f740:c::e1b/128,no-resolve
# --------------------
# Region 18: Paris
# 18b
DOMAIN,derp18b.tailscale.com
IP-CIDR,176.58.90.147/32,no-resolve
IP-CIDR6,2a00:dd80:3e::363/128,no-resolve
# 18c
DOMAIN,derp18c.tailscale.com
IP-CIDR,176.58.90.207/32,no-resolve
IP-CIDR6,2a00:dd80:3e::c19/128,no-resolve
# 18d
DOMAIN,derp18d.tailscale.com
IP-CIDR,176.58.90.104/32,no-resolve
IP-CIDR6,2a00:dd80:3e::f2e/128,no-resolve
# --------------------
# Region 19: Madrid
# 19b
DOMAIN,derp19b.tailscale.com
IP-CIDR,45.159.97.144/32,no-resolve
IP-CIDR6,2a00:dd80:14:10::335/128,no-resolve
# 19c
DOMAIN,derp19c.tailscale.com
IP-CIDR,45.159.97.61/32,no-resolve
IP-CIDR6,2a00:dd80:14:10::20/128,no-resolve
# 19d
DOMAIN,derp19d.tailscale.com
IP-CIDR,45.159.97.233/32,no-resolve
IP-CIDR6,2a00:dd80:14:10::34a/128,no-resolve
# --------------------
# Region 2: San Francisco
# 2d
DOMAIN,derp2d.tailscale.com
IP-CIDR,192.73.252.65/32,no-resolve
IP-CIDR6,2607:f740:0:3f::287/128,no-resolve
# 2e
DOMAIN,derp2e.tailscale.com
IP-CIDR,192.73.252.134/32,no-resolve
IP-CIDR6,2607:f740:0:3f::44c/128,no-resolve
# 2f
DOMAIN,derp2f.tailscale.com
IP-CIDR,208.111.34.178/32,no-resolve
IP-CIDR6,2607:f740:0:3f::f4/128,no-resolve
# --------------------
# Region 20: Hong Kong
# 20b
DOMAIN,derp20b.tailscale.com
IP-CIDR,103.6.84.152/32,no-resolve
IP-CIDR6,2403:2500:8000:1::ef6/128,no-resolve
# 20c
DOMAIN,derp20c.tailscale.com
IP-CIDR,205.147.105.30/32,no-resolve
IP-CIDR6,2403:2500:8000:1::5fb/128,no-resolve
# 20d
DOMAIN,derp20d.tailscale.com
IP-CIDR,205.147.105.78/32,no-resolve
IP-CIDR6,2403:2500:8000:1::e9a/128,no-resolve
# --------------------
# Region 21: Toronto
# 21b
DOMAIN,derp21b.tailscale.com
IP-CIDR,162.248.221.199/32,no-resolve
IP-CIDR6,2607:f740:50::1d1/128,no-resolve
# 21c
DOMAIN,derp21c.tailscale.com
IP-CIDR,162.248.221.215/32,no-resolve
IP-CIDR6,2607:f740:50::f10/128,no-resolve
# 21d
DOMAIN,derp21d.tailscale.com
IP-CIDR,162.248.221.248/32,no-resolve
IP-CIDR6,2607:f740:50::ca4/128,no-resolve
# --------------------
# Region 22: Warsaw
# 22b
DOMAIN,derp22b.tailscale.com
IP-CIDR,45.159.98.196/32,no-resolve
IP-CIDR6,2a00:dd80:40:100::316/128,no-resolve
# 22c
DOMAIN,derp22c.tailscale.com
IP-CIDR,45.159.98.253/32,no-resolve
IP-CIDR6,2a00:dd80:40:100::3f/128,no-resolve
# 22d
DOMAIN,derp22d.tailscale.com
IP-CIDR,45.159.98.145/32,no-resolve
IP-CIDR6,2a00:dd80:40:100::211/128,no-resolve
# --------------------
# Region 23: Dubai
# 23b
DOMAIN,derp23b.tailscale.com
IP-CIDR,185.34.3.232/32,no-resolve
IP-CIDR6,2a00:dd80:3f:100::76f/128,no-resolve
# 23c
DOMAIN,derp23c.tailscale.com
IP-CIDR,185.34.3.207/32,no-resolve
IP-CIDR6,2a00:dd80:3f:100::a50/128,no-resolve
# 23d
DOMAIN,derp23d.tailscale.com
IP-CIDR,185.34.3.75/32,no-resolve
IP-CIDR6,2a00:dd80:3f:100::97e/128,no-resolve
# --------------------
# Region 24: Honolulu
# 24b
DOMAIN,derp24b.tailscale.com
IP-CIDR,208.83.234.151/32,no-resolve
IP-CIDR6,2001:19f0:c000:c586:5400:04ff:fe26:2ba6/128,no-resolve
# 24c
DOMAIN,derp24c.tailscale.com
IP-CIDR,208.83.233.233/32,no-resolve
IP-CIDR6,2001:19f0:c000:c591:5400:04ff:fe26:2c5f/128,no-resolve
# 24d
DOMAIN,derp24d.tailscale.com
IP-CIDR,208.72.155.133/32,no-resolve
IP-CIDR6,2001:19f0:c000:c564:5400:04ff:fe26:2ba8/128,no-resolve
# --------------------
# Region 25: Nairobi
# 25b
DOMAIN,derp25b.tailscale.com
IP-CIDR,102.67.167.245/32,no-resolve
IP-CIDR6,2c0f:edb0:2000:1::2e9/128,no-resolve
# 25c
DOMAIN,derp25c.tailscale.com
IP-CIDR,102.67.167.37/32,no-resolve
IP-CIDR6,2c0f:edb0:2000:1::2c7/128,no-resolve
# 25d
DOMAIN,derp25d.tailscale.com
IP-CIDR,102.67.167.188/32,no-resolve
IP-CIDR6,2c0f:edb0:2000:1::188/128,no-resolve
# --------------------
# Region 3: Singapore
# 3b
DOMAIN,derp3b.tailscale.com
IP-CIDR,43.245.49.105/32,no-resolve
IP-CIDR6,2403:2500:300::b0c/128,no-resolve
# 3c
DOMAIN,derp3c.tailscale.com
IP-CIDR,43.245.49.83/32,no-resolve
IP-CIDR6,2403:2500:300::57a/128,no-resolve
# 3d
DOMAIN,derp3d.tailscale.com
IP-CIDR,43.245.49.144/32,no-resolve
IP-CIDR6,2403:2500:300::df9/128,no-resolve
# --------------------
# Region 4: Frankfurt
# 4f
DOMAIN,derp4f.tailscale.com
IP-CIDR,185.40.234.219/32,no-resolve
IP-CIDR6,2a00:dd80:20::a25/128,no-resolve
# 4g
DOMAIN,derp4g.tailscale.com
IP-CIDR,185.40.234.113/32,no-resolve
IP-CIDR6,2a00:dd80:20::8f/128,no-resolve
# 4h
DOMAIN,derp4h.tailscale.com
IP-CIDR,185.40.234.77/32,no-resolve
IP-CIDR6,2a00:dd80:20::bcf/128,no-resolve
# --------------------
# Region 5: Sydney
# 5b
DOMAIN,derp5b.tailscale.com
IP-CIDR,43.245.48.220/32,no-resolve
IP-CIDR6,2403:2500:9000:1::ce7/128,no-resolve
# 5c
DOMAIN,derp5c.tailscale.com
IP-CIDR,43.245.48.50/32,no-resolve
IP-CIDR6,2403:2500:9000:1::f57/128,no-resolve
# 5d
DOMAIN,derp5d.tailscale.com
IP-CIDR,43.245.48.250/32,no-resolve
IP-CIDR6,2403:2500:9000:1::43/128,no-resolve
# --------------------
# Region 6: Bangalore
# 6a
DOMAIN,derp6.tailscale.com
IP-CIDR,68.183.90.120/32,no-resolve
IP-CIDR6,2400:6180:100:d0::982:d001/128,no-resolve
# --------------------
# Region 7: Tokyo
# 7b
DOMAIN,derp7b.tailscale.com
IP-CIDR,103.84.155.178/32,no-resolve
IP-CIDR6,2403:2500:400:20::b79/128,no-resolve
# 7c
DOMAIN,derp7c.tailscale.com
IP-CIDR,103.84.155.188/32,no-resolve
IP-CIDR6,2403:2500:400:20::835/128,no-resolve
# 7d
DOMAIN,derp7d.tailscale.com
IP-CIDR,103.84.155.46/32,no-resolve
IP-CIDR6,2403:2500:400:20::cfe/128,no-resolve
# --------------------
# Region 8: London
# 8e
DOMAIN,derp8e.tailscale.com
IP-CIDR,176.58.92.144/32,no-resolve
IP-CIDR6,2a00:dd80:3a::b33/128,no-resolve
# 8f
DOMAIN,derp8f.tailscale.com
IP-CIDR,176.58.88.183/32,no-resolve
IP-CIDR6,2a00:dd80:3a::dfa/128,no-resolve
# 8g
DOMAIN,derp8g.tailscale.com
IP-CIDR,176.58.92.254/32,no-resolve
IP-CIDR6,2a00:dd80:3a::ed/128,no-resolve
# --------------------
# Region 9: Dallas
# 9d
DOMAIN,derp9d.tailscale.com
IP-CIDR,209.177.156.94/32,no-resolve
IP-CIDR6,2607:f740:100::c05/128,no-resolve
# 9e
DOMAIN,derp9e.tailscale.com
IP-CIDR,192.73.248.83/32,no-resolve
IP-CIDR6,2607:f740:100::359/128,no-resolve
# 9f
DOMAIN,derp9f.tailscale.com
IP-CIDR,209.177.156.197/32,no-resolve
IP-CIDR6,2607:f740:100::cad/128,no-resolve
我自己是在openwrt上直接安装tailscale,没有搞docker,openclash fakeip + tproxy模式,长期使用没有什么问题。
增加偏置优先习惯规则:
rules:
- PROCESS-NAME,tailscaled,DIRECT
- DOMAIN-KEYWORD,derp,DIRECT 另外写了个脚本,定期更新官方derp服务器的域名和ip列表:
import requests from requests.exceptions import RequestException
import json
url = "https://login.tailscale.com/derpmap/default" try: response = requests.get(url) except RequestException as e: print(f"RequestException: {e}") raise e
data = response.json() with open("./derp.json", "w", buffering=1, encoding="utf-8") as derp_json: json.dump(data, derp_json, indent=2)
with open("./derp.list", "w", buffering=1, encoding="utf-8") as derp_file: derp_file.write("# Rule list of tailscale derpers\n") # print(json.dumps(data, indent=2)) regions = data["Regions"].items() # print(regions) for rid, region in regions: name = region["RegionName"] # print(name) derp_file.write(f"\n# --------------------\n") derp_file.write(f"# Region {rid}: {name}\n") for node in region["Nodes"]: derp_file.write(f"# {node['Name']}\n") derp_file.write(f"DOMAIN,{node['HostName']}\n") derp_file.write(f"IP-CIDR,{node['IPv4']}/32,no-resolve\n") derp_file.write(f"IP-CIDR6,{node['IPv6']}/128,no-resolve\n") 弄出来的列表长这样,可以塞给子转换器的规则集然后分配直连规则。
# Rule list of tailscale derpers # -------------------- # Region 1: New York City # 1f DOMAIN,derp1f.tailscale.com IP-CIDR,199.38.181.104/32,no-resolve IP-CIDR6,2607:f740:f::bc/128,no-resolve # 1g DOMAIN,derp1g.tailscale.com IP-CIDR,209.177.145.120/32,no-resolve IP-CIDR6,2607:f740:f::3eb/128,no-resolve # 1h DOMAIN,derp1h.tailscale.com IP-CIDR,199.38.181.93/32,no-resolve IP-CIDR6,2607:f740:f::afd/128,no-resolve # 1i DOMAIN,derp1i.tailscale.com IP-CIDR,199.38.181.103/32,no-resolve IP-CIDR6,2607:f740:f::e19/128,no-resolve # -------------------- # Region 10: Seattle # 10b DOMAIN,derp10b.tailscale.com IP-CIDR,192.73.240.161/32,no-resolve IP-CIDR6,2607:f740:14::61c/128,no-resolve # 10c DOMAIN,derp10c.tailscale.com IP-CIDR,192.73.240.121/32,no-resolve IP-CIDR6,2607:f740:14::40c/128,no-resolve # 10d DOMAIN,derp10d.tailscale.com IP-CIDR,192.73.240.132/32,no-resolve IP-CIDR6,2607:f740:14::500/128,no-resolve # -------------------- # Region 11: São Paulo # 11b DOMAIN,derp11b.tailscale.com IP-CIDR,148.163.220.129/32,no-resolve IP-CIDR6,2607:f740:1::211/128,no-resolve # 11c DOMAIN,derp11c.tailscale.com IP-CIDR,148.163.220.134/32,no-resolve IP-CIDR6,2607:f740:1::861/128,no-resolve # 11d DOMAIN,derp11d.tailscale.com IP-CIDR,148.163.220.210/32,no-resolve IP-CIDR6,2607:f740:1::2e6/128,no-resolve # -------------------- # Region 12: Chicago # 12d DOMAIN,derp12d.tailscale.com IP-CIDR,209.177.158.246/32,no-resolve IP-CIDR6,2607:f740:e::811/128,no-resolve # 12e DOMAIN,derp12e.tailscale.com IP-CIDR,209.177.158.15/32,no-resolve IP-CIDR6,2607:f740:e::b17/128,no-resolve # 12f DOMAIN,derp12f.tailscale.com IP-CIDR,199.38.182.118/32,no-resolve IP-CIDR6,2607:f740:e::4c8/128,no-resolve # -------------------- # Region 13: Denver # 13b DOMAIN,derp13b.tailscale.com IP-CIDR,192.73.242.187/32,no-resolve IP-CIDR6,2607:f740:16::640/128,no-resolve # 13c DOMAIN,derp13c.tailscale.com IP-CIDR,192.73.242.28/32,no-resolve IP-CIDR6,2607:f740:16::5c/128,no-resolve # 13d DOMAIN,derp13d.tailscale.com IP-CIDR,192.73.242.204/32,no-resolve IP-CIDR6,2607:f740:16::c23/128,no-resolve # -------------------- # Region 14: Amsterdam # 14b DOMAIN,derp14b.tailscale.com IP-CIDR,176.58.93.248/32,no-resolve IP-CIDR6,2a00:dd80:3c::807/128,no-resolve # 14c DOMAIN,derp14c.tailscale.com IP-CIDR,176.58.93.147/32,no-resolve IP-CIDR6,2a00:dd80:3c::b09/128,no-resolve # 14d DOMAIN,derp14d.tailscale.com IP-CIDR,176.58.93.154/32,no-resolve IP-CIDR6,2a00:dd80:3c::3d5/128,no-resolve # -------------------- # Region 15: Johannesburg # 15b DOMAIN,derp15b.tailscale.com IP-CIDR,102.67.165.90/32,no-resolve IP-CIDR6,2c0f:edb0:0:10::963/128,no-resolve # 15c DOMAIN,derp15c.tailscale.com IP-CIDR,102.67.165.185/32,no-resolve IP-CIDR6,2c0f:edb0:0:10::b59/128,no-resolve # 15d DOMAIN,derp15d.tailscale.com IP-CIDR,102.67.165.36/32,no-resolve IP-CIDR6,2c0f:edb0:0:10::599/128,no-resolve # -------------------- # Region 16: Miami # 16b DOMAIN,derp16b.tailscale.com IP-CIDR,192.73.243.135/32,no-resolve IP-CIDR6,2607:f740:17::476/128,no-resolve # 16c DOMAIN,derp16c.tailscale.com IP-CIDR,192.73.243.229/32,no-resolve IP-CIDR6,2607:f740:17::4e4/128,no-resolve # 16d DOMAIN,derp16d.tailscale.com IP-CIDR,192.73.243.141/32,no-resolve IP-CIDR6,2607:f740:17::475/128,no-resolve # -------------------- # Region 17: Los Angeles # 17b DOMAIN,derp17b.tailscale.com IP-CIDR,192.73.244.245/32,no-resolve IP-CIDR6,2607:f740:c::646/128,no-resolve # 17c DOMAIN,derp17c.tailscale.com IP-CIDR,208.111.40.12/32,no-resolve IP-CIDR6,2607:f740:c::10/128,no-resolve # 17d DOMAIN,derp17d.tailscale.com IP-CIDR,208.111.40.216/32,no-resolve IP-CIDR6,2607:f740:c::e1b/128,no-resolve # -------------------- # Region 18: Paris # 18b DOMAIN,derp18b.tailscale.com IP-CIDR,176.58.90.147/32,no-resolve IP-CIDR6,2a00:dd80:3e::363/128,no-resolve # 18c DOMAIN,derp18c.tailscale.com IP-CIDR,176.58.90.207/32,no-resolve IP-CIDR6,2a00:dd80:3e::c19/128,no-resolve # 18d DOMAIN,derp18d.tailscale.com IP-CIDR,176.58.90.104/32,no-resolve IP-CIDR6,2a00:dd80:3e::f2e/128,no-resolve # -------------------- # Region 19: Madrid # 19b DOMAIN,derp19b.tailscale.com IP-CIDR,45.159.97.144/32,no-resolve IP-CIDR6,2a00:dd80:14:10::335/128,no-resolve # 19c DOMAIN,derp19c.tailscale.com IP-CIDR,45.159.97.61/32,no-resolve IP-CIDR6,2a00:dd80:14:10::20/128,no-resolve # 19d DOMAIN,derp19d.tailscale.com IP-CIDR,45.159.97.233/32,no-resolve IP-CIDR6,2a00:dd80:14:10::34a/128,no-resolve # -------------------- # Region 2: San Francisco # 2d DOMAIN,derp2d.tailscale.com IP-CIDR,192.73.252.65/32,no-resolve IP-CIDR6,2607:f740:0:3f::287/128,no-resolve # 2e DOMAIN,derp2e.tailscale.com IP-CIDR,192.73.252.134/32,no-resolve IP-CIDR6,2607:f740:0:3f::44c/128,no-resolve # 2f DOMAIN,derp2f.tailscale.com IP-CIDR,208.111.34.178/32,no-resolve IP-CIDR6,2607:f740:0:3f::f4/128,no-resolve # -------------------- # Region 20: Hong Kong # 20b DOMAIN,derp20b.tailscale.com IP-CIDR,103.6.84.152/32,no-resolve IP-CIDR6,2403:2500:8000:1::ef6/128,no-resolve # 20c DOMAIN,derp20c.tailscale.com IP-CIDR,205.147.105.30/32,no-resolve IP-CIDR6,2403:2500:8000:1::5fb/128,no-resolve # 20d DOMAIN,derp20d.tailscale.com IP-CIDR,205.147.105.78/32,no-resolve IP-CIDR6,2403:2500:8000:1::e9a/128,no-resolve # -------------------- # Region 21: Toronto # 21b DOMAIN,derp21b.tailscale.com IP-CIDR,162.248.221.199/32,no-resolve IP-CIDR6,2607:f740:50::1d1/128,no-resolve # 21c DOMAIN,derp21c.tailscale.com IP-CIDR,162.248.221.215/32,no-resolve IP-CIDR6,2607:f740:50::f10/128,no-resolve # 21d DOMAIN,derp21d.tailscale.com IP-CIDR,162.248.221.248/32,no-resolve IP-CIDR6,2607:f740:50::ca4/128,no-resolve # -------------------- # Region 22: Warsaw # 22b DOMAIN,derp22b.tailscale.com IP-CIDR,45.159.98.196/32,no-resolve IP-CIDR6,2a00:dd80:40:100::316/128,no-resolve # 22c DOMAIN,derp22c.tailscale.com IP-CIDR,45.159.98.253/32,no-resolve IP-CIDR6,2a00:dd80:40:100::3f/128,no-resolve # 22d DOMAIN,derp22d.tailscale.com IP-CIDR,45.159.98.145/32,no-resolve IP-CIDR6,2a00:dd80:40:100::211/128,no-resolve # -------------------- # Region 23: Dubai # 23b DOMAIN,derp23b.tailscale.com IP-CIDR,185.34.3.232/32,no-resolve IP-CIDR6,2a00:dd80:3f:100::76f/128,no-resolve # 23c DOMAIN,derp23c.tailscale.com IP-CIDR,185.34.3.207/32,no-resolve IP-CIDR6,2a00:dd80:3f:100::a50/128,no-resolve # 23d DOMAIN,derp23d.tailscale.com IP-CIDR,185.34.3.75/32,no-resolve IP-CIDR6,2a00:dd80:3f:100::97e/128,no-resolve # -------------------- # Region 24: Honolulu # 24b DOMAIN,derp24b.tailscale.com IP-CIDR,208.83.234.151/32,no-resolve IP-CIDR6,2001:19f0:c000:c586:5400:04ff:fe26:2ba6/128,no-resolve # 24c DOMAIN,derp24c.tailscale.com IP-CIDR,208.83.233.233/32,no-resolve IP-CIDR6,2001:19f0:c000:c591:5400:04ff:fe26:2c5f/128,no-resolve # 24d DOMAIN,derp24d.tailscale.com IP-CIDR,208.72.155.133/32,no-resolve IP-CIDR6,2001:19f0:c000:c564:5400:04ff:fe26:2ba8/128,no-resolve # -------------------- # Region 25: Nairobi # 25b DOMAIN,derp25b.tailscale.com IP-CIDR,102.67.167.245/32,no-resolve IP-CIDR6,2c0f:edb0:2000:1::2e9/128,no-resolve # 25c DOMAIN,derp25c.tailscale.com IP-CIDR,102.67.167.37/32,no-resolve IP-CIDR6,2c0f:edb0:2000:1::2c7/128,no-resolve # 25d DOMAIN,derp25d.tailscale.com IP-CIDR,102.67.167.188/32,no-resolve IP-CIDR6,2c0f:edb0:2000:1::188/128,no-resolve # -------------------- # Region 3: Singapore # 3b DOMAIN,derp3b.tailscale.com IP-CIDR,43.245.49.105/32,no-resolve IP-CIDR6,2403:2500:300::b0c/128,no-resolve # 3c DOMAIN,derp3c.tailscale.com IP-CIDR,43.245.49.83/32,no-resolve IP-CIDR6,2403:2500:300::57a/128,no-resolve # 3d DOMAIN,derp3d.tailscale.com IP-CIDR,43.245.49.144/32,no-resolve IP-CIDR6,2403:2500:300::df9/128,no-resolve # -------------------- # Region 4: Frankfurt # 4f DOMAIN,derp4f.tailscale.com IP-CIDR,185.40.234.219/32,no-resolve IP-CIDR6,2a00:dd80:20::a25/128,no-resolve # 4g DOMAIN,derp4g.tailscale.com IP-CIDR,185.40.234.113/32,no-resolve IP-CIDR6,2a00:dd80:20::8f/128,no-resolve # 4h DOMAIN,derp4h.tailscale.com IP-CIDR,185.40.234.77/32,no-resolve IP-CIDR6,2a00:dd80:20::bcf/128,no-resolve # -------------------- # Region 5: Sydney # 5b DOMAIN,derp5b.tailscale.com IP-CIDR,43.245.48.220/32,no-resolve IP-CIDR6,2403:2500:9000:1::ce7/128,no-resolve # 5c DOMAIN,derp5c.tailscale.com IP-CIDR,43.245.48.50/32,no-resolve IP-CIDR6,2403:2500:9000:1::f57/128,no-resolve # 5d DOMAIN,derp5d.tailscale.com IP-CIDR,43.245.48.250/32,no-resolve IP-CIDR6,2403:2500:9000:1::43/128,no-resolve # -------------------- # Region 6: Bangalore # 6a DOMAIN,derp6.tailscale.com IP-CIDR,68.183.90.120/32,no-resolve IP-CIDR6,2400:6180:100:d0::982:d001/128,no-resolve # -------------------- # Region 7: Tokyo # 7b DOMAIN,derp7b.tailscale.com IP-CIDR,103.84.155.178/32,no-resolve IP-CIDR6,2403:2500:400:20::b79/128,no-resolve # 7c DOMAIN,derp7c.tailscale.com IP-CIDR,103.84.155.188/32,no-resolve IP-CIDR6,2403:2500:400:20::835/128,no-resolve # 7d DOMAIN,derp7d.tailscale.com IP-CIDR,103.84.155.46/32,no-resolve IP-CIDR6,2403:2500:400:20::cfe/128,no-resolve # -------------------- # Region 8: London # 8e DOMAIN,derp8e.tailscale.com IP-CIDR,176.58.92.144/32,no-resolve IP-CIDR6,2a00:dd80:3a::b33/128,no-resolve # 8f DOMAIN,derp8f.tailscale.com IP-CIDR,176.58.88.183/32,no-resolve IP-CIDR6,2a00:dd80:3a::dfa/128,no-resolve # 8g DOMAIN,derp8g.tailscale.com IP-CIDR,176.58.92.254/32,no-resolve IP-CIDR6,2a00:dd80:3a::ed/128,no-resolve # -------------------- # Region 9: Dallas # 9d DOMAIN,derp9d.tailscale.com IP-CIDR,209.177.156.94/32,no-resolve IP-CIDR6,2607:f740:100::c05/128,no-resolve # 9e DOMAIN,derp9e.tailscale.com IP-CIDR,192.73.248.83/32,no-resolve IP-CIDR6,2607:f740:100::359/128,no-resolve # 9f DOMAIN,derp9f.tailscale.com IP-CIDR,209.177.156.197/32,no-resolve IP-CIDR6,2607:f740:100::cad/128,no-resolve
谢谢,我试试,观察漏网之鱼的连结,应该是大量反复偿试连结官方derp造成混乱,直觉这个列表应该能解决问题。
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
TAILSCALE_IP_RANGE="100.64.0.0/10"
nft insert rule inet fw4 prerouting ip saddr ${TAILSCALE_IP_RANGE} accept nft insert rule inet fw4 prerouting ip daddr ${TAILSCALE_IP_RANGE} accept
nft insert rule inet fw4 output ip daddr ${TAILSCALE_IP_RANGE} accept nft insert rule inet fw4 output ip saddr ${TAILSCALE_IP_RANGE} accept
这个放防火墙自定义或etc/firewall.user里可解决tailscale与mihomo在ipv4打洞的情况下冲突问题,大幅提升打调效率。
终于解决
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days