search

MetaCubeX / mihomo

A simple Python Pydantic model for Honkai: Star Rail parsed data from the Mihomo API.
https://wiki.metacubex.one
MIT License
16.79k stars 2.66k forks source link

[Bug] android下内核tun模式如何与普通vpn共存 #1571

Closed yqs112358 closed 1 month ago

yqs112358 commented 1 month ago

Verify steps

操作系统

Android

系统版本

HyperOS1.0.13.0 - Android14

Mihomo 版本

Mihomo Meta alpha-9fd63fe android arm64 with go1.23.2 Sun Oct 6 02:35:23 UTC 2024 Use tags: with_gvisor

配置文件

mixed-port: 7890
allow-lan: false
bind-address: "*"
ipv6: false
mode: rule
log-level: debug
global-client-fingerprint: chrome
find-process-mode: always
keep-alive-interval: 360    # 减少移动设备唤醒

external-controller: 127.0.0.1:9090
external-ui: ui

profile:
  store-selected: true
  store-fake-ip: true

dns:
  enable: true
  use-hosts: true
  use-system-hosts: true
  listen: 0.0.0.0:1053
  ipv6: false

  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.0/16
  fake-ip-filter:       # fake ip 白名单列表
    # mDNS
    - "*.lan"
    - "*.local"

  default-nameserver:
    - "223.5.5.5"
  proxy-server-nameserver:
    - "https://223.5.5.5/dns-query"
    - "https://1.12.12.12/dns-query"
  nameserver:
    - "223.5.5.5"
    - "180.76.76.76"
    - "119.29.29.29"
  fallback:
    - "tls://1.1.1.1#Proxy"
    - "tls://8.8.8.8#Proxy"
  fallback-filter:
    geoip: true
    geoip-code: CN
    ipcidr:
      - 240.0.0.0/4

tun:
  enable: true
  stack: system       # or 'gvisor'
  device: tun9
  dns-hijack:
    - "0.0.0.0:53"
    - "tcp://0.0.0.0:53"
  auto-detect-interface: true
  strict-route: true
  gso: true
  auto-route: true
  route-exclude-address:
    - "100.64.0.0/10"
  exclude-interface:
    - tun0

# 机场订阅
proxy-providers:
  airport_air:
    type: http
    url: 机场订阅链接
    path: ./airport.yaml
    interval: 86400
    health-check:
      enable: false
      interval: 600
      url: https://www.gstatic.com/generate_204

proxy-groups:
  - name: Proxy
    type: select
    proxies:
      - "airport"
      - Direct

  - name: airport
    type: select
    use:
      - airport_air
    proxies:
      - Direct

  - name: "🛑 广告拦截"
    type: select
    proxies:
      - REJECT
      - Proxy
      - Direct

  - name: Direct
    type: select
    proxies:
      - DIRECT

  - name: "🐟 漏网之鱼"
    type: select
    proxies:
      - Proxy
      - Direct

rules:
  - PROCESS-NAME,mihomo.exe,REJECT
  - PROCESS-NAME,mihomo,REJECT

  # Private and LAN
  - GEOIP,private,DIRECT,no-resolve
  - GEOSITE,private,DIRECT,no-resolve
  - DOMAIN-SUFFIX,msftconnecttest.com,DIRECT,no-resolve

  # Tailscale
  - IP-CIDR,100.64.0.0/10,DIRECT,no-resolve

  # Anti AD
  - GEOSITE,category-ads-all,🛑 广告拦截

  # CN
  - GEOSITE,cn,Direct

  # PROXY
  - GEOSITE,google,Proxy
  - GEOIP,telegram,Proxy,no-resolve
  - GEOSITE,telegram,Proxy
  - GEOSITE,openai,Proxy
  - GEOSITE,onedrive,Proxy
  - GEOSITE,microsoft@cn,Direct
  - GEOSITE,microsoft,Proxy
  - GEOSITE,steam@cn,Direct
  - GEOSITE,steam,Proxy
  - GEOSITE,category-games@cn,Direct
  - GEOSITE,category-games,Proxy
  - GEOSITE,biliintl,Proxy
  - GEOSITE,f-droid,Proxy
  - GEOSITE,cloudflare,Proxy
  - GEOSITE,category-social-media-!cn,Proxy
  - GEOSITE,category-entertainment,Proxy
  - GEOSITE,category-communication,Proxy
  - GEOSITE,category-scholar-!cn,Proxy
  - GEOSITE,category-orgs,Proxy
  - GEOSITE,category-porn,Proxy
  - GEOSITE,category-android-app-download,Proxy
  - GEOSITE,category-forums,Proxy
  - GEOSITE,category-anticensorship,Proxy
  - GEOSITE,category-dev,Proxy
  - GEOSITE,gfw,Proxy

  - GEOIP,telegram,Proxy
  - GEOIP,CN,Direct

  - MATCH,🐟 漏网之鱼

描述

起因是,发现mihomo在安卓上直接用tun模式跑内核时与Tailscale App不兼容。Tailscale VPN Service 启动之后,所有网站都无法访问,表现为无限加载,最后报错net::ERR_CONNECTION_TIMED_OUT。只要关闭Tailscale则立刻恢复正常。

但是,地址是IP的网站仍然可以访问,似乎只有域名访问不到,感觉可能是DNS上的问题。

后来找了个简单的 android vpn example(https://github.com/mightofcode/android-vpnservice-example ),把其中的.addDnsServer删了之后跑下试试,遇到和前面完全一样的问题,IP正常,域名无法访问。

尝试过如下操作:

重现方式

  1. 用模块启动mihomo内核,使用tun模式,导入配置文件
  2. 启动任意安卓vpn应用(可以试试Tailscale或者前面的vpn示例应用)
  3. 出现如上所描述的问题

日志

time="2024-10-07T15:45:32.958883902+08:00" level=info msg="Start initial configuration in progress"
time="2024-10-07T15:45:32.959386142+08:00" level=info msg="Geodata Loader mode: memconservative"
time="2024-10-07T15:45:32.959400517+08:00" level=info msg="Geosite Matcher implementation: succinct"
time="2024-10-07T15:45:32.959688173+08:00" level=info msg="Load GeoSite rule: cn"
time="2024-10-07T15:45:33.310950308+08:00" level=info msg="Load GeoSite rule: private"
time="2024-10-07T15:45:33.316259996+08:00" level=info msg="Finished initial GeoSite rule private => DIRECT, records: 131"
time="2024-10-07T15:45:33.31639411+08:00" level=info msg="Load GeoSite rule: category-ads-all"
time="2024-10-07T15:45:33.323859006+08:00" level=info msg="Finished initial GeoSite rule category-ads-all => 🛑 广告拦截, records: 753"
time="2024-10-07T15:45:33.324036766+08:00" level=info msg="Finished initial GeoSite rule cn => Direct, records: 92276"
time="2024-10-07T15:45:33.324085152+08:00" level=info msg="Load GeoSite rule: google"
time="2024-10-07T15:45:33.339181454+08:00" level=info msg="Finished initial GeoSite rule google => Proxy, records: 1135"
time="2024-10-07T15:45:33.339564527+08:00" level=info msg="Load GeoSite rule: telegram"
time="2024-10-07T15:45:33.347929475+08:00" level=info msg="Finished initial GeoSite rule telegram => Proxy, records: 19"
time="2024-10-07T15:45:33.348115204+08:00" level=info msg="Load GeoSite rule: openai"
time="2024-10-07T15:45:33.356680725+08:00" level=info msg="Finished initial GeoSite rule openai => Proxy, records: 13"
time="2024-10-07T15:45:33.356948069+08:00" level=info msg="Load GeoSite rule: onedrive"
time="2024-10-07T15:45:33.367642027+08:00" level=info msg="Finished initial GeoSite rule onedrive => Proxy, records: 18"
time="2024-10-07T15:45:33.367914162+08:00" level=info msg="Load GeoSite rule: microsoft@cn"
time="2024-10-07T15:45:33.377496766+08:00" level=info msg="Finished initial GeoSite rule microsoft@cn => Direct, records: 144"
time="2024-10-07T15:45:33.377803798+08:00" level=info msg="Load GeoSite rule: microsoft"
time="2024-10-07T15:45:33.380011558+08:00" level=info msg="Finished initial GeoSite rule microsoft => Proxy, records: 632"
time="2024-10-07T15:45:33.380147548+08:00" level=info msg="Load GeoSite rule: steam@cn"
time="2024-10-07T15:45:33.39139286+08:00" level=info msg="Finished initial GeoSite rule steam@cn => Direct, records: 16"
time="2024-10-07T15:45:33.39171885+08:00" level=info msg="Load GeoSite rule: steam"
time="2024-10-07T15:45:33.392039839+08:00" level=info msg="Finished initial GeoSite rule steam => Proxy, records: 48"
time="2024-10-07T15:45:33.392192183+08:00" level=info msg="Load GeoSite rule: category-games@cn"
time="2024-10-07T15:45:33.404882756+08:00" level=info msg="Finished initial GeoSite rule category-games@cn => Direct, records: 154"
time="2024-10-07T15:45:33.405198589+08:00" level=info msg="Load GeoSite rule: category-games"
time="2024-10-07T15:45:33.407690204+08:00" level=info msg="Finished initial GeoSite rule category-games => Proxy, records: 696"
time="2024-10-07T15:45:33.407865464+08:00" level=info msg="Load GeoSite rule: biliintl"
time="2024-10-07T15:45:33.413556089+08:00" level=info msg="Finished initial GeoSite rule biliintl => Proxy, records: 11"
time="2024-10-07T15:45:33.413755308+08:00" level=info msg="Load GeoSite rule: f-droid"
time="2024-10-07T15:45:33.421509058+08:00" level=info msg="Finished initial GeoSite rule f-droid => Proxy, records: 4"
time="2024-10-07T15:45:33.421677964+08:00" level=info msg="Load GeoSite rule: cloudflare"
time="2024-10-07T15:45:33.428317808+08:00" level=info msg="Finished initial GeoSite rule cloudflare => Proxy, records: 55"
time="2024-10-07T15:45:33.428513277+08:00" level=info msg="Load GeoSite rule: category-social-media-!cn"
time="2024-10-07T15:45:33.436605933+08:00" level=info msg="Finished initial GeoSite rule category-social-media-!cn => Proxy, records: 528"
time="2024-10-07T15:45:33.436797235+08:00" level=info msg="Load GeoSite rule: category-entertainment"
time="2024-10-07T15:45:33.446529214+08:00" level=info msg="Finished initial GeoSite rule category-entertainment => Proxy, records: 1515"
time="2024-10-07T15:45:33.446803016+08:00" level=info msg="Load GeoSite rule: category-communication"
time="2024-10-07T15:45:33.455217287+08:00" level=info msg="Finished initial GeoSite rule category-communication => Proxy, records: 115"
time="2024-10-07T15:45:33.455389319+08:00" level=info msg="Load GeoSite rule: category-scholar-!cn"
time="2024-10-07T15:45:33.468476193+08:00" level=info msg="Finished initial GeoSite rule category-scholar-!cn => Proxy, records: 424"
time="2024-10-07T15:45:33.468788693+08:00" level=info msg="Load GeoSite rule: category-orgs"
time="2024-10-07T15:45:33.482102443+08:00" level=info msg="Finished initial GeoSite rule category-orgs => Proxy, records: 112"
time="2024-10-07T15:45:33.482394423+08:00" level=info msg="Load GeoSite rule: category-porn"
time="2024-10-07T15:45:33.510180048+08:00" level=info msg="Finished initial GeoSite rule category-porn => Proxy, records: 6445"
time="2024-10-07T15:45:33.510476193+08:00" level=info msg="Load GeoSite rule: category-android-app-download"
time="2024-10-07T15:45:33.523302912+08:00" level=info msg="Finished initial GeoSite rule category-android-app-download => Proxy, records: 7"
time="2024-10-07T15:45:33.523547391+08:00" level=info msg="Load GeoSite rule: category-forums"
time="2024-10-07T15:45:33.531488954+08:00" level=info msg="Finished initial GeoSite rule category-forums => Proxy, records: 71"
time="2024-10-07T15:45:33.531627079+08:00" level=info msg="Load GeoSite rule: category-anticensorship"
time="2024-10-07T15:45:33.536430829+08:00" level=info msg="Finished initial GeoSite rule category-anticensorship => Proxy, records: 87"
time="2024-10-07T15:45:33.536739683+08:00" level=info msg="Load GeoSite rule: category-dev"
time="2024-10-07T15:45:33.546573537+08:00" level=info msg="Finished initial GeoSite rule category-dev => Proxy, records: 498"
time="2024-10-07T15:45:33.546932235+08:00" level=info msg="Load GeoSite rule: gfw"
time="2024-10-07T15:45:33.574221662+08:00" level=info msg="Finished initial GeoSite rule gfw => Proxy, records: 6116"
time="2024-10-07T15:45:33.574755464+08:00" level=info msg="Initial configuration complete, total time: 615ms"
time="2024-10-07T15:45:33.578248537+08:00" level=info msg="RESTful API listening at: 127.0.0.1:9090"
time="2024-10-07T15:45:33.582472183+08:00" level=info msg="Sniffer is closed"
time="2024-10-07T15:45:33.582856089+08:00" level=info msg="DNS server listening at: [::]:1053"
time="2024-10-07T15:45:33.583055204+08:00" level=info msg="Mixed(http+socks) proxy listening at: 127.0.0.1:7890"
time="2024-10-07T15:45:33.583870568+08:00" level=warning msg="[TUN] default interface changed by monitor,  => tun0"
time="2024-10-07T15:45:33.621159266+08:00" level=info msg="[TUN] Tun adapter listening at: tun9([198.18.0.0/30],[]), mtu: 9000, auto route: true, auto redir: false, ip stack: System"
time="2024-10-07T15:45:33.621362339+08:00" level=debug msg="batch write packet: invalid offset"
time="2024-10-07T15:45:33.621405829+08:00" level=info msg="Start initial provider airport_air"
time="2024-10-07T15:45:33.668974579+08:00" level=info msg="Start initial Compatible provider 🐟 漏网之鱼"
time="2024-10-07T15:45:33.66902161+08:00" level=info msg="Start initial Compatible provider 🛑 广告拦截"
time="2024-10-07T15:45:33.669028589+08:00" level=info msg="Start initial Compatible provider default"
time="2024-10-07T15:45:33.669038537+08:00" level=info msg="Start initial Compatible provider Direct"
time="2024-10-07T15:45:33.669043798+08:00" level=info msg="Start initial Compatible provider airport"
time="2024-10-07T15:45:33.669049058+08:00" level=info msg="Start initial Compatible provider Proxy"
time="2024-10-07T15:45:33.669151037+08:00" level=info msg="UI already exists, skip downloading"
time="2024-10-07T15:46:19.029534509+08:00" level=debug msg="[DNS] hijack udp:112.4.1.36:53 from 198.18.0.0:37042"
xishang0128 commented 1 month ago

本软件并未说明可以与VPN共存,如想寻找方法应该去discussion讨论,issues只接受功能请求/bug反馈

yqs112358 commented 1 month ago

不是啊,我这里举的例子本来就不是普通vpn,是指的android vpn service,像AdGuard去广告、基于VPN Service的防火墙、防病毒软件等都有类似问题

刚翻了下代码,mihomo用的sing-tun在初始化的时候是把override-android-vpn打开的,在面板上也可以看到mihono会自动把vpn service的tun0识别为出口网卡,那正常来说此功能不应该出问题的

我试过把dns改成redir,乃至关闭但是问题仍然存在,所以才怀疑可能是mihomo这边有哪里配置不当

Lovefish commented 1 month ago

找到方法了吗?

yqs112358 commented 1 month ago

找到方法了吗?

目前找不到错误原因😬看过路由表似乎也没问题

Lovefish commented 1 month ago

找到方法了吗?

目前找不到错误原因😬看过路由表似乎也没问题

你域名设置的 "system:// 是获取设备从ISP自动获取的dns?还是mihomo自定义设置的dns?

yqs112358 commented 1 month ago

找到方法了吗?

目前找不到错误原因😬看过路由表似乎也没问题

你域名设置的 "system:// 是获取设备从ISP自动获取的dns?还是mihomo自定义设置的dns?

这个是mihomo支持的设置项呀,自动获取网卡默认dns服务器的

emm而且就算这个无效应该也没事儿,还有其他几个公共dns🤔

Lovefish commented 1 month ago

找到方法了吗?

目前找不到错误原因😬看过路由表似乎也没问题

你域名设置的 "system:// 是获取设备从ISP自动获取的dns?还是mihomo自定义设置的dns?

这个是mihomo支持的设置项呀,自动获取网卡默认dns服务器的

emm而且就算这个无效应该也没事儿,还有其他几个公共dns🤔

我看日志无效吧,完全获取不到啊

yqs112358 commented 1 month ago

我看日志无效吧,完全获取不到啊

emm应该不是system://的问题,我试着把它移除,但是仍然有同样的问题 不知为何mihomo似乎把VPN APP设置的DNS服务器拿来进行解析了

Lovefish commented 1 month ago

我看日志无效吧,完全获取不到啊

emm应该不是system://的问题,我试着把它移除,但是仍然有同样的问题 目前在怀疑sing-tun的override-android-vpn,不知为何mihomo似乎把VPN APP设置的DNS服务器拿来进行解析了

我搜了一遍issues,我觉得安卓就无法获取到系统默认的dns,这些system或者是dhcp好像都是WINDOWS或者是linux用的。

yqs112358 commented 1 month ago

我搜了一遍issues,我觉得安卓就无法获取到系统默认的dns,这些system或者是dhcp好像都是WINDOWS或者是linux用的。

嗯。。。现在问题应该不在system😂我去翻翻tun那边的源码

哥们也是碰到issue里的VPN冲突问题了嘛?

Lovefish commented 1 month ago

我搜了一遍issues,我觉得安卓就无法获取到系统默认的dns,这些system或者是dhcp好像都是WINDOWS或者是linux用的。

嗯。。。现在问题应该不在system😂我去翻翻tun那边的源码

哥们也是碰到issue里的VPN冲突问题了嘛?

我会搜索VPN就是因为我想要把vpnAPP(类似快连,shark之类的APP)导入进mihomo里面当成一个节点来使用。类似于把mihomo当成VPN APP的一个前置。 你知道怎么才能做到吗?目前的思路,APP应该是虚拟出了一个VPN的网卡,要在mihomo里面设置这个网卡,变成一个节点

yqs112358 commented 1 month ago

我会搜索VPN就是因为我想要把vpnAPP(类似快连,shark之类的APP)导入进mihomo里面当成一个节点来使用。类似于把mihomo当成VPN APP的一个前置。 你知道怎么才能做到吗?目前的思路,APP应该是虚拟出了一个VPN的网卡,要在mihomo里面设置这个网卡,变成一个节点

这其实应该是设置mihomo的出口网卡(也就是配置里面的interface-name),而不是代理节点。

我记得sing-tun的override-android-vpn会自动识别安卓VPN APP的tun0网卡并把它设置为上游,这个在面板里面可以看到是成功识别的

只是不知为啥目前DNS会出问题

Lovefish commented 1 month ago

我会搜索VPN就是因为我想要把vpnAPP(类似快连,shark之类的APP)导入进mihomo里面当成一个节点来使用。类似于把mihomo当成VPN APP的一个前置。 你知道怎么才能做到吗?目前的思路,APP应该是虚拟出了一个VPN的网卡,要在mihomo里面设置这个网卡,变成一个节点

这其实应该是设置mihomo的出口网卡(也就是配置里面的interface-name),而不是代理节点。

我记得sing-tun的override-android-vpn会自动识别安卓VPN APP的tun0网卡并把它设置为上游,这个在面板里面可以看到是成功识别的

只是不知为啥目前DNS会出问题

如果这么设置的话,要怎么手动切换用自己ss ssr节点还是用外部VPN的interface?

yqs112358 commented 1 month ago

@Lovefish 哦你的意思是要把其他家的梯子VPN拿来当成节点? 是不是这种

- name: "VPN-NAME"
  type: direct
  udp: true
  interface-name: tun0

加一个以tun0为出口网卡的direct

Lovefish commented 1 month ago

@Lovefish 哦你的意思是要把其他家的梯子VPN拿来当成节点? 是不是这种

- name: "VPN-NAME"
  type: direct
  udp: true
  interface-name: tun0

加一个以tun0为出口网卡的direct

加在proxies:里吗? 那tun那里需要设置吗?

yqs112358 commented 1 month ago

加在proxies:里吗? 那tun那里需要设置吗?

对。tun那边理论上不用改吧,你试试

Lovefish commented 1 month ago

加在proxies:里吗? 那tun那里需要设置吗?

对。tun那边理论上不用改吧,你试试

好的谢谢

Lovefish commented 1 month ago

加在proxies:里吗? 那tun那里需要设置吗?

对。tun那边理论上不用改吧,你试试

这已经开启mihomo的情况下,打开VPN连不上

yqs112358 commented 1 month ago

这已经开启mihomo的情况下,打开VPN连不上

哥们要不开个单独的issue问问呗😂你和我这边场景不完全相同 现在我也暂时没搞清楚问题在哪

Lovefish commented 1 month ago

这已经开启mihomo的情况下,打开VPN连不上

哥们要不开个单独的issue问问呗😂你和我这边场景不完全相同 现在我也暂时没搞清楚问题在哪

好吧

yqs112358 commented 1 month ago

wireshark抓了下包,看起来应用的dns查询都被android vpn劫持走了?

Lovefish commented 1 month ago

wireshark抓了下包,看起来应用的dns查询都被android vpn劫持走了?

你说的是内置的system?

yqs112358 commented 1 month ago

system://我删掉了,但是看起来dns解析仍然没有走mihomo配置中设定的那几个dns服务器

yqs112358 commented 1 month ago

目前观察到在启动其他安卓vpn应用后,mihomo内核的fake-ip似乎会因为未知原因失效 安卓VPN的addRoute设置的是100.64.0.0/10网段,且未使用builder.addDnsServer添加自定义DNS服务器

启动前: image

启动后:fake-ip失效,curl拿到的是真实的google服务器IP地址,但是无法连接到服务器 image

yqs112358 commented 1 month ago

尝试切换到redir-host,并使用nameserver-policy指定geosite:google使用tls://1.1.1.1#Proxy解析,发现仍然无效,无法连接

yqs112358 commented 1 month ago

只要杀掉VPN应用则立刻恢复正常