search

CHIZI-0618 / box4magisk

Use sing-box, clash, v2ray, xray tunnel proxy on Android devices.
GNU General Public License v3.0
1.15k stars 118 forks source link

请教一下模块与VPN应用的兼容性 #84

Open yqs112358 opened 3 hours ago

yqs112358 commented 3 hours ago

如题,最近在尝试把模块和普通VPN应用(我这边的例子是Tailscale APP)一起使用,但是发现存在一些DNS方面的问题

具体而言,不管是使用redir-host还是fake-ip,当安卓VPN Service启动的时候,mihomo的DNS劫持都会失效,用wireshark抓包可以看到所有的DNS查询都直接走wlan0查询,不再经过mihomo dns。

请教一下,为什么会出现这样的问题?模块配置中不管使用tproxy模式还是core模式(直接用内核的tun)都会遇到相同的情况

模块配置

#!/system/bin/sh

bin_name="mihomo"

redir_port="7892"
tproxy_port="7894"
clash_dns_port="1053"
clash_dns_listen="0.0.0.0:${clash_dns_port}"
mihome_dns_forward="true"
fake_ip_range_v4="198.18.0.0/16"
fake_ip_range_v6="fc00::/18"
tun_device="tun9"

box_user_group="root:net_admin"
# If you want to change the user or group, you must make the Box core in the /system/bin directory, otherwise the changes will not take effect.
# If you are using Magisk, you can copy the Box core files (sing-box, clash, etc.) to /data/adb/modules/bin_files/system/bin/ and reboot the phone
bin_name_list=("sing-box" "clash" "mihomo" "xray" "v2ray" "hysteria")
box_path="/data/adb/box"
bin_path="${box_path}/bin/${bin_name}"
run_path="${box_path}/run"
pid_file="${run_path}/${bin_name}.pid"

intranet=(0.0.0.0/8 10.0.0.0/8 100.0.0.0/8 127.0.0.0/8 169.254.0.0/16 192.0.0.0/24 192.0.2.0/24 192.88.99.0/24 192.168.0.0/16 198.51.100.0/24 203.0.113.0/24 224.0.0.0/4 240.0.0.0/4 255.255.255.255/32)
# The use of 100.0.0.0/8 instead of 100.64.0.0/10 is purely due to a mistake by China Telecom's service provider, and you can change it back.
intranet6=(::/128 ::1/128 ::ffff:0:0/96 100::/64 64:ff9b::/96 2001::/32 2001:10::/28 2001:20::/28 2001:db8::/32 2002::/16 fe80::/10 ff00::/8)

ipv6="disable"

proxy_method="TPROXY"
# REDIRECT: TCP only / TPROXY: TCP + UDP / MIXED: REDIRECT TCP + TUN UDP

proxy_mode="core"
# blacklist / whitelist / core
user_packages_list=()
# Android User:Package Name, For example:
# user_packages_list=("0:com.android.captiveportallogin" "10:com.tencent.mm")

gid_list=()
# The gid in the list will be bypassed or proxied according to the proxy_mode configuration, and the gid can be arbitrarily specified by the busybox setuidgid command

ap_list=("wlan+" "ap+" "rndis+" "ncm+")
ignore_out_list=()

mihomo最简配置

mihomo使用的是最新Github Actions版本

mixed-port: 7890
allow-lan: false
bind-address: "*"
ipv6: false
mode: rule
log-level: debug
find-process-mode: always

external-controller: 127.0.0.1:9090
external-ui: ui

profile:
  store-selected: true
  store-fake-ip: true

dns:
  enable: true
  use-hosts: true
  use-system-hosts: true
  listen: 0.0.0.0:1053
  ipv6: false

  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.0/16
  fake-ip-filter:
    # mDNS
    - "*.lan"
    - "*.local"
  nameserver:
    - "223.5.5.5"
    - "180.76.76.76"
    - "119.29.29.29"
  fallback:
    - "tls://1.1.1.1#Proxy"
    - "tls://8.8.8.8#Proxy"
  fallback-filter:
    geoip: true
    geoip-code: CN
    ipcidr:
      - 240.0.0.0/4

tun:
  enable: true
  stack: system
  device: tun9
  dns-hijack:
    - "0.0.0.0:53"
    - "tcp://0.0.0.0:53"
  auto-detect-interface: true
  strict-route: true
  gso: true
  auto-route: true
  route-exclude-address:
    - "100.64.0.0/10"        # Tailscale

proxy-providers:
  airport_air:
    type: http
    url: 机场订阅链接
    path: ./airport.yaml
    interval: 86400
    health-check:
      enable: false
      interval: 600
      url: https://www.gstatic.com/generate_204

proxy-groups:
  - name: Proxy
    type: select
    proxies:
      - "airport"
      - Direct

  - name: airport
    type: select
    use:
      - airport_air
    proxies:
      - Direct

  - name: Direct
    type: select
    proxies:
      - DIRECT

  - name: "🐟 漏网之鱼"
    type: select
    proxies:
      - Proxy
      - Direct

rules:
  # Private and LAN
  - GEOIP,private,DIRECT,no-resolve
  - GEOSITE,private,DIRECT,no-resolve
  - DOMAIN-SUFFIX,msftconnecttest.com,DIRECT,no-resolve

  # Tailscale
  - IP-CIDR,100.64.0.0/10,DIRECT,no-resolve

  # CN
  - GEOSITE,cn,Direct

  # PROXY
  - GEOSITE,category-social-media-!cn,Proxy
  - GEOSITE,category-entertainment,Proxy
  - GEOSITE,category-communication,Proxy
  - GEOSITE,category-scholar-!cn,Proxy
  - GEOSITE,category-orgs,Proxy
  - GEOSITE,category-porn,Proxy
  - GEOSITE,category-android-app-download,Proxy
  - GEOSITE,category-forums,Proxy
  - GEOSITE,category-anticensorship,Proxy
  - GEOSITE,category-dev,Proxy
  - GEOSITE,gfw,Proxy

  - GEOIP,telegram,Proxy
  - GEOIP,CN,Direct

  - MATCH,🐟 漏网之鱼
yqs112358 commented 2 hours ago

这是模块和VPN应用均启动后的路由表:

0:      from all lookup local 
7000:   from all lookup main 
8000:   from all iif tun9 lookup main suppress_prefixlength 0 
9000:   from all fwmark 0x0/0x20000 goto 9010
9001:   from all iif tun9 goto 9010
9002:   not from all iif lo lookup 2022 
9002:   from 0.0.0.0 iif lo lookup 2022 
9002:   from 198.18.0.0/30 iif lo lookup 2022 
9010:   from all nop
10000:  from all fwmark 0xc0000/0xd0000 lookup legacy_system 
11000:  from all iif lo oif dummy0 uidrange 0-0 lookup dummy0 
11000:  from all iif lo oif rmnet_data0 uidrange 0-0 lookup rmnet_data0 
11000:  from all iif lo oif rmnet_data2 uidrange 0-0 lookup rmnet_data2 
11000:  from all iif lo oif rmnet_data3 uidrange 0-0 lookup rmnet_data3 
11000:  from all iif lo oif wlan0 uidrange 0-0 lookup wlan0 
12000:  from all iif tun0 lookup local_network 
13000:  from all fwmark 0x0/0x20000 iif lo uidrange 0-99999 lookup tun0 
13000:  from all fwmark 0x0/0x20000 iif lo uidrange 99900000-99999999 lookup tun0 
13000:  from all fwmark 0xc0068/0xcffff lookup tun0 
16000:  from all fwmark 0x10063/0x1ffff iif lo lookup local_network 
16000:  from all fwmark 0xd0001/0xdffff iif lo lookup rmnet_data0 
16000:  from all fwmark 0x10068/0x1ffff iif lo uidrange 0-99999 lookup tun0 
16000:  from all fwmark 0x10068/0x1ffff iif lo uidrange 99900000-99999999 lookup tun0 
16000:  from all fwmark 0x10068/0x1ffff iif lo uidrange 0-0 lookup tun0 
16000:  from all fwmark 0xd0071/0xdffff iif lo lookup rmnet_data2 
16000:  from all fwmark 0x10072/0x1ffff iif lo lookup rmnet_data3 
16000:  from all fwmark 0x10074/0x1ffff iif lo lookup wlan0 
17000:  from all iif lo oif dummy0 lookup dummy0 
17000:  from all fwmark 0xc0000/0xc0000 iif lo oif rmnet_data0 lookup rmnet_data0 
17000:  from all iif lo oif tun0 uidrange 0-99999 lookup tun0 
17000:  from all iif lo oif tun0 uidrange 99900000-99999999 lookup tun0 
17000:  from all fwmark 0xc0000/0xc0000 iif lo oif rmnet_data2 lookup rmnet_data2 
17000:  from all iif lo oif rmnet_data3 lookup rmnet_data3 
17000:  from all iif lo oif wlan0 lookup wlan0 
18000:  from all fwmark 0x0/0x10000 lookup legacy_system 
19000:  from all fwmark 0x0/0x10000 lookup legacy_network 
20000:  from all fwmark 0x0/0x10000 lookup local_network 
23000:  from all fwmark 0x72/0x1ffff iif lo lookup rmnet_data3 
23000:  from all fwmark 0x74/0x1ffff iif lo lookup wlan0 
26000:  from all fwmark 0x0/0x10000 iif lo lookup wlan0_local 
28000:  from all fwmark 0x68/0xffff lookup wlan0 
30000:  from all fwmark 0x5e lookup 60 
30000:  from all fwmark 0x5f lookup 60 
31000:  from all fwmark 0x0/0xffff iif lo lookup wlan0 
32000:  from all unreachable

其中含有tun9的条目是mihomo&模块添加的,含有tun0的条目应该是vpn service添加的