BUG: Tun Mode seriously broken

[midncircus]

Tun Mode is broken both in 4.1.4 and 4.1.5. Sites either don't connect at all or takes 20+ seconds to open.

I also noticed If specific site would open then it seems to navigate fine (looks like some initial connect problem, don't know much about that).

The last working version 4.1.3

Windows 10

[Mahdi-zarei]

I believe this is a problem from sing-box's end, as Tun interface is entirely managed by it and the configuration passed is not faulty. I suggest you try to set your remote dns to tls://8.8.8.8 and see if this solves the problem, and please report if this helps. Sing-box has solved some problems related to sniff which will most likely most of these problems, and I'm waiting for a release to update the core.

[midncircus]

Nope, setting tls://8.8.8.8 or any other DNS won't change a thing.

sing-box means nekobox_core.exe, right? I tried running 4.1.5 with nekobox_core.exe from 4.1.3 and it didn't work. Then I tried 4.1.3 with nekobox_core.exe from 4.1.5 and it did work. Does it mean the problem is not with sing-box?

[Mahdi-zarei]

By it worked do you mean that the problem with Tun got resolved, or it simply started working?

[midncircus]

It works only with 4.1.3 (or lower). It does even with nekobox_core.exe copied from newer versions.

Actually I just noticed something interesting. When I first clicked Tun Mode in 4.1.5, Windows asked me to add a firewall rule for nekobox_core (not just nekoray which it did long time ago). I believe it also silently added sing-tun firewall rule. 4.1.3 never did this. So it looked like this:

So I enabled it only for Private profile which always worked for every other program. Now I tried to enable it also for Public profile. Nothing changed. Then I set DNS to tls://8.8.8.8 and it worked! Hope it makes sence.

Being short: 4.1.5 asks for new Firewall rule nekobox_core. You have to enable it for both Private and Public. Then set tls://8.8.8.8. And only then it works.

Update: even then, the connection is inconsistent. Also you have to wait like 10 seconds after clicking Tun Mode for sites to start to open.

[Mahdi-zarei]

could you please give me the following information? 1: enable tun mode on 4.1.3 then export sing-box config and send the inbound, dns and route sections. 2: do the same for 4.1.5 and send it here so I can see if there is any changes that might have caused it. Also try something else, set direct dns to underlying://0.0.0.0 and see if this fixes the problem.

[midncircus]

If I set underlying://0.0.0.0 and set default DNS server as direct, then yes, works perfectly!

"export sing-box config and send the inbound, dns and route sections"

Not sure where would I find this?

[Mahdi-zarei]

I really don't suggest to set the default dns server as direct, it will try to resolve domains using your own dns and without passing it through the tunnel.

Not sure where would I find this?

right click on a config and choose share -> export sing-box config it will give you a JSON that is used to bootstrap the sing-box.

[midncircus]

OK I did it and there is one discrepancy.

4.1.3 reads "stack":"gvisor" 4.1.5 reads "stack":""

Just in case, I never changed the stack manually. Out of curiosity I opened Tun Settings and noticed the order and casing are different between 4.1.3 and 4.1.5. Aesthetically I don't care but may be this info will help.

By the way, not only underlying://0.0.0.0 works but also 223.5.5.5 and 119.29.29.29. localhost sucks.

[Mahdi-zarei]

I see I also presume local may work too. I will fix the direct dns issue. Also the problem of stack being empty will be fixed too.

[Restia-Ashbell]

When the TUN stack is not configured, it defaults to empty, and running it will use sing-box's default settings. Previously, although the UI displayed the default setting as "mixed", in reality, gvisor was always passed to the kernel for execution. Since the mixed stack uses the system stack for TCP, the firewall must allow it.

[Mahdi-zarei]

Try changing the Tun stack to gVisor and see if it helps.

[midncircus]

No change.

[Mahdi-zarei]

try 4.2.0-beta.1 with a clean install