search

Acris / shadowsocks-asuswrt-merlin

Shadowsock for Asuswrt-Merlin New Gen
MIT License
256 stars 44 forks source link

Telegram 客户端无法连接 #33

Closed karpender closed 4 years ago

karpender commented 4 years ago

你好,Telegram 客户端出现无法连接情况,请问该如何设置? 其他网站,App,包括 Telegram Web 都是正常的。 感谢!

Acris commented 4 years ago

Telegram客户端是通过IP和服务器通信,如果启用的是gfwlist模式的话,是不会让Telegram服务器的IP走代理的。有两种方法可以解决该问题,可以自行抉择:

1、使用绕过大陆和局域网模式,即修改配置文件ss-merlin.conf中的mode值为1,然后使用ss-merlin restart命令重启客户端;

2、如果只想使用gfwlist模式,则可以先使用ss-merlin upgrade命令更新到最新版本,然后修改/opt/share/ss-merlin/rules/user_ip_gfwlist.txt,将以下Telegram服务器的IP加入列表,然后使用ss-merlin restart重启客户端即可:

149.154.160.0/22
149.154.164.0/22
91.108.4.0/22
91.108.56.0/22
91.108.8.0/22
95.161.64.0/20
91.108.20.0/22
149.154.172.0/22
91.108.12.0/22
karpender commented 4 years ago

感谢详尽解答。 我希望使用 gfwlist 模式,按上面配置后仍然无法访问 telegram 客户端。 另外我也尝试了绕过大陆和局域网模式,但无论mode值设置为1甚至是2,都无法正常连接。 请教可以如何排查?谢谢!

Acris commented 4 years ago

经测试,无论是Android客户端还是Windows客户端,使用方法二都能正常连接。 麻烦执行一下ipset list usergfwlistiptables -t nat -L两条命令,然后贴一下输出结果,以便排查。

karpender commented 4 years ago

ipset list usergfwlist 执行结果:

Name: usergfwlist
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 928
References: 2
Number of entries: 9
Members:
91.108.56.0/22
95.161.64.0/20
149.154.160.0/22
91.108.4.0/22
149.154.164.0/22
91.108.20.0/22
91.108.12.0/22
149.154.172.0/22
91.108.8.0/22

iptables -t nat -L 执行结果:

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
VSERVER    all  --  anywhere             114.221.25.97       
VSERVER    all  --  anywhere             192.168.1.2         
REDIRECT   tcp  --  anywhere             91.108.56.0/22       redir ports 3333
REDIRECT   tcp  --  anywhere             91.108.4.0/22        redir ports 3333
REDIRECT   tcp  --  anywhere             109.239.140.0/24     redir ports 3333
REDIRECT   tcp  --  anywhere             149.154.160.0/20     redir ports 3333
REDIRECT   tcp  --  anywhere             91.108.56.0/22       redir ports 3333
REDIRECT   tcp  --  anywhere             91.108.4.0/22        redir ports 3333
REDIRECT   tcp  --  anywhere             109.239.140.0/24     redir ports 3333
REDIRECT   tcp  --  anywhere             149.154.160.0/20     redir ports 3333
SS_PREROUTING  all  --  anywhere             anywhere            

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
SS_OUTPUT  all  --  anywhere             anywhere            

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
PUPNP      all  --  anywhere             anywhere            
MASQUERADE  all  -- !114.221.25.97        anywhere            
MASQUERADE  all  -- !192.168.1.2          anywhere            
MASQUERADE  all  --  192.168.50.0/24      192.168.50.0/24     

Chain DNSFILTER (0 references)
target     prot opt source               destination         

Chain LOCALSRV (0 references)
target     prot opt source               destination         

Chain PCREDIRECT (0 references)
target     prot opt source               destination         

Chain PUPNP (1 references)
target     prot opt source               destination         

Chain SHADOWSOCKS_TCP (2 references)
target     prot opt source               destination         
RETURN     tcp  --  anywhere             anywhere             match-set localips dst return-nomatch ! update-counters ! update-subcounters
RETURN     tcp  --  anywhere             anywhere             match-set whitelist dst return-nomatch ! update-counters ! update-subcounters
RETURN     tcp  --  anywhere             anywhere             match-set userwhitelist dst return-nomatch ! update-counters ! update-subcounters
REDIRECT   tcp  --  192.168.50.0/24      anywhere             match-set gfwlist dst redir ports 1090
REDIRECT   tcp  --  192.168.50.0/24      anywhere             match-set usergfwlist dst redir ports 1090

Chain SS_OUTPUT (1 references)
target     prot opt source               destination         
SHADOWSOCKS_TCP  tcp  --  anywhere             anywhere            

Chain SS_PREROUTING (1 references)
target     prot opt source               destination         
SHADOWSOCKS_TCP  tcp  --  192.168.50.0/24      anywhere            

Chain VSERVER (2 references)
target     prot opt source               destination         
DNAT       tcp  --  anywhere             anywhere             tcp dpt:8443 to:192.168.50.1:8443
VUPNP      all  --  anywhere             anywhere            

Chain VUPNP (1 references)
target     prot opt source               destination         
DNAT       tcp  --  anywhere             anywhere             tcp dpt:5000 to:192.168.50.218:5000
DNAT       tcp  --  anywhere             anywhere             tcp dpt:9091 to:192.168.50.218:9091
DNAT       tcp  --  anywhere             anywhere             tcp dpt:5001 to:192.168.50.218:5001
DNAT       udp  --  anywhere             anywhere             udp dpt:44468 to:192.168.50.79:44468
DNAT       tcp  --  anywhere             anywhere             tcp dpt:51413 to:192.168.50.218:51413
Acris commented 4 years ago

PREROUTING链似乎有点不对劲,3333端口是用来做什么的?从iptables来看你的转发端口应该是1090,但是PREROUTING链又转发到3333了。

karpender commented 4 years ago

谢谢分析,我设置的转发端口是1090,3333是之前搜到一篇文章设置进去的 https://0x01.io/2015/11/07/%E5%8D%8E%E7%A1%95AC66U%E5%85%A5%E6%89%8B%E6%8A%98%E8%85%BE%E8%AE%B0%E5%BD%95/

如何能把这部分 REDIRCT 取消?感谢指教。

REDIRECT   tcp  --  anywhere             91.108.56.0/22       redir ports 3333
REDIRECT   tcp  --  anywhere             91.108.4.0/22        redir ports 3333
REDIRECT   tcp  --  anywhere             109.239.140.0/24     redir ports 3333
REDIRECT   tcp  --  anywhere             149.154.160.0/20     redir ports 3333
REDIRECT   tcp  --  anywhere             91.108.56.0/22       redir ports 3333
REDIRECT   tcp  --  anywhere             91.108.4.0/22        redir ports 3333
REDIRECT   tcp  --  anywhere             109.239.140.0/24     redir ports 3333
REDIRECT   tcp  --  anywhere             149.154.160.0/20     redir ports 3333
vonsy commented 4 years ago

谢谢分析,我设置的转发端口是1090,3333是之前搜到一篇文章设置进去的 https://0x01.io/2015/11/07/%E5%8D%8E%E7%A1%95AC66U%E5%85%A5%E6%89%8B%E6%8A%98%E8%85%BE%E8%AE%B0%E5%BD%95/

如何能把这部分 REDIRCT 取消?感谢指教。

REDIRECT   tcp  --  anywhere             91.108.56.0/22       redir ports 3333
REDIRECT   tcp  --  anywhere             91.108.4.0/22        redir ports 3333
REDIRECT   tcp  --  anywhere             109.239.140.0/24     redir ports 3333
REDIRECT   tcp  --  anywhere             149.154.160.0/20     redir ports 3333
REDIRECT   tcp  --  anywhere             91.108.56.0/22       redir ports 3333
REDIRECT   tcp  --  anywhere             91.108.4.0/22        redir ports 3333
REDIRECT   tcp  --  anywhere             109.239.140.0/24     redir ports 3333
REDIRECT   tcp  --  anywhere             149.154.160.0/20     redir ports 3333

删除规则: // 显示你添加规则在第几行 iptables -t nat -L PREROUTING --line-numbers // 删除, 1替换为实际行, 删除一条总数会减1, 所以重复删8次就行了. iptables -t nat -D PREROUTING 1

查看nat-start, 看看是不是只有你添加的几行, 如果是直接删除文件,然后重启路由就行了 // 查看 cat /jffs/scripts/nat-start // 删除 rm /jffs/scripts/nat-start // 重启(如果删除了规则 ,就不需要重启了) reboot

Acris commented 4 years ago

如vonsy所说,如果你是按照教程来的,应该在/jffs/scripts/nat-start中添加了内容,删除该内容重启路由器再看下。

karpender commented 4 years ago

谢谢两位,终于解决了。