Anonym-tsk / nfqws-keenetic

MIT License
587 stars 47 forks source link

[BUG] Не работает обход на телефоне Android в приложении Youtube #110

Closed andyuss closed 3 hours ago

andyuss commented 3 hours ago

Опишите проблему На чистый Entware установил 2.5.9, в браузерах на ПК все замечательно работает. На телефоне Android, приложение Youtube не прогружается, пробовал менять различные стратегии из веток не помогло, подскажите, пожалуйста, в какую сторону копать?

Модель маршрутизатора Keenetic Ultra (KN-1810), прошивка 4.2.1

Провайдер eth3

Выполните команды и приложите их вывод opkg info nfqws-keenetic

Package: nfqws-keenetic
Version: 2.5.9
Depends: iptables, busybox
Conflicts: tpws-keenetic
Status: install user installed
Section: net
Architecture: all
Size: 761167
Filename: nfqws-keenetic_2.5.9_all_entware.ipk
Conffiles:
 /opt/etc/nfqws/nfqws.conf fbb16b924528e98ea13e1ccfab14c19c5a66b394aa2f861feee41ca143aeab27
 /opt/etc/nfqws/user.list 45dc2adaa172b86d73369c6ed12a8a0e648b851b66293b11514c3b1d4bd3fce6
 /opt/etc/nfqws/auto.list e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
 /opt/etc/nfqws/exclude.list 56674d7bd42a36480737a298a514620f0d3a8151e8e93a8b7defb3b2161b0513
Description: NFQWS service
Installed-Time: 1730212599

/opt/etc/init.d/S51nfqws restart

Stopping NFQWS service...
we have 3 user defined desync profile(s) and default low priority profile 0
Loading hostlist /opt/etc/nfqws/exclude.list
loading plain text list
Loaded 28 hosts from /opt/etc/nfqws/exclude.list
Loading hostlist /opt/etc/nfqws/exclude.list
loading plain text list
Loaded 28 hosts from /opt/etc/nfqws/exclude.list
Started NFQWS service

cat /opt/etc/nfqws/nfqws.conf

# Provider network interface, e.g. eth3
# You can specify multiple interfaces separated by space, e.g. ISP_INTERFACE="eth3 nwg1"
ISP_INTERFACE="eth3"

# All arguments here: https://github.com/bol-van/zapret (search for `nfqws` on the page)
# HTTP(S) strategy
NFQWS_ARGS="--dpi-desync=fake,split2 --dpi-desync-ttl=0 --dpi-desync-repeats=16 --dpi-desync-split-pos=1 --dpi-desync-fooling=md5sig,badseq --dpi-desync-fake-tls=/opt/etc/nfqws/tls_clienthello.bin"

# QUIC strategy
NFQWS_ARGS_QUIC="--filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=11 --dpi-desync-fake-quic=/opt/etc/nfqws/quic_initial.bin"

# UDP strategy (doesn't use lists from NFQWS_EXTRA_ARGS)
NFQWS_ARGS_UDP="--filter-udp=50000-50099 --dpi-desync=fake --dpi-desync-any-protocol --dpi-desync-repeats=6 --dpi-desync-cutoff=n2"

# auto - automatically detects blocked resources and adds them to the auto.list
#NFQWS_EXTRA_ARGS="--hostlist=/opt/etc/nfqws/user.list --hostlist-auto=/opt/etc/nfqws/auto.list --hostlist-auto-debug=/opt/var/log/nfqws.log --hostlist-exclude=/opt/etc/nfqws/exclude.list"

# list - applies rules only to domains in the user.list
#NFQWS_EXTRA_ARGS="--hostlist=/opt/etc/nfqws/user.list"

# all  - applies rules to all traffic except domains from exclude.list
NFQWS_EXTRA_ARGS="--hostlist-exclude=/opt/etc/nfqws/exclude.list"

# IPv6 support
IPV6_ENABLED=0

# TCP ports for iptables rules
TCP_PORTS=443

# UDP ports for iptables rules
UDP_PORTS=443,50000:50099

# Syslog logging level (0 - silent, 1 - debug)
LOG_LEVEL=0

NFQUEUE_NUM=200
USER=nobody
CONFIG_VERSION=4

ps | grep nfqws

19605 nobody     648 S    /opt/usr/bin/nfqws --daemon --pidfile=/opt/var/run/nfqws.pid --user=nobody --qnum=200 --filter-udp=50000-50099 --dpi-desync=fake --dpi-desync-any-protocol --dpi-
19702 root      5400 S    grep nfqws

iptables-save | grep 200

-A POSTROUTING -o eth3 -p udp -m multiport --dports 443,50000:50099 -m connbytes --connbytes 1:8 --connbytes-mode packets --connbytes-dir original -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
-A POSTROUTING -o eth3 -p tcp -m multiport --dports 443 -m connbytes --connbytes 1:8 --connbytes-mode packets --connbytes-dir original -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass

sysctl net.netfilter.nf_conntrack_checksum

net.netfilter.nf_conntrack_checksum = 0
andyuss commented 3 hours ago

Был заблокирован QUIC , после удаления правила все заработало.