[Bug] wireguard代理无法使用

kckm commented 1 year ago

Verify steps

[X] 确保你使用的是本仓库最新的的 clash 或 clash Alpha 版本 Ensure you are using the latest version of Clash or Clash Premium from this repository.
[ ] 如果你可以自己 debug 并解决的话，提交 PR 吧 Is this something you can debug and fix? Send a pull request! Bug fixes and documentation fixes are welcome.
[X] 我已经在 Issue Tracker 中找过我要提出的问题 I have searched on the issue tracker for a related issue.
[X] 我已经使用 Alpha 分支版本测试过，问题依旧存在 I have tested using the dev branch, and the issue still exists.
[X] 我已经仔细看过 Documentation 并无法自行解决问题 I have read the documentation and was unable to solve the issue.
[X] 这是 Clash 核心的问题，并非我所使用的 Clash 衍生版本（如 OpenClash、KoolClash 等）的特定问题 This is an issue of the Clash core per se, not to the derivatives of Clash, like OpenClash or KoolClash.

Clash version

Clash Meta v1.14.4 windows amd64 with go1.20.3 Sat Apr 29 01:12:01 CST 2023 Use tags: with_gvisor

What OS are you seeing the problem on?

Windows

Clash config

mode: rule
ipv6: true
log-level: info
allow-lan: true
mixed-port: 7890
unified-delay: false
tcp-concurrent: true

#自定义 geodata url
geox-url:
  geoip: "https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat"
  geosite: "https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat"
  mmdb: "https://cdn.jsdelivr.net/gh/Loyalsoldier/geoip@release/Country.mmdb"

# 嗅探域名 可选配置
sniffer:
  enable: true
  override-destination: false
  sniff: # TLS 默认如果不配置 ports 默认嗅探 443
    TLS:
    HTTP: # 需要嗅探的端口    
      ports: [80, 8080-8880]
  sniffing:
    - tls
    - http

proxies: # socks5
  - name: "socks"
    type: socks5
    server: 127.0.0.1
    port: 1080
    udp: true

  - name: "ss1"
    type: ss
    server: 1.1.1.1
    port: 1234
    cipher: 2022-blake3-aes-128-gcm
    password: "123"
    udp: true
    udp-over-tcp: false
    ip-version: ipv4

  - name: "wg"
    type: wireguard
    server: 162.159.192.1
    port: 2480
    ip: 172.16.0.2
    ipv6: 2606:0:0:0:0:0:0:b0c2
    public-key: 
    private-key: 
    udp: true
    dialer-proxy: "socks"  # 一个出站代理的标识。当值不为空时，将使用指定的 proxy/proxy-group 发出连接
    # remote-dns-resolve: true # 强制dns远程解析，默认值为false
    # dns: [ 1.1.1.1, 8.8.8.8 ] # 仅在remote-dns-resolve为true时生效

proxy-groups:
  - name: PROXY
    type: select
    proxies:
      - socks
      - ss1

  - name: WG
    type: select
    proxies:
      - wg

rule-providers:
  reject:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt"
    path: ./ruleset/reject.yaml
    interval: 86400

  icloud:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt"
    path: ./ruleset/icloud.yaml
    interval: 86400

  apple:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt"
    path: ./ruleset/apple.yaml
    interval: 86400

  google:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt"
    path: ./ruleset/google.yaml
    interval: 86400

  proxy:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt"
    path: ./ruleset/proxy.yaml
    interval: 86400

  direct:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt"
    path: ./ruleset/direct.yaml
    interval: 86400

  private:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt"
    path: ./ruleset/private.yaml
    interval: 86400

  gfw:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt"
    path: ./ruleset/gfw.yaml
    interval: 86400

  tld-not-cn:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt"
    path: ./ruleset/tld-not-cn.yaml
    interval: 86400

  telegramcidr:
    type: http
    behavior: ipcidr
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt"
    path: ./ruleset/telegramcidr.yaml
    interval: 86400

  cncidr:
    type: http
    behavior: ipcidr
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt"
    path: ./ruleset/cncidr.yaml
    interval: 86400

  lancidr:
    type: http
    behavior: ipcidr
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt"
    path: ./ruleset/lancidr.yaml
    interval: 86400

  applications:
    type: http
    behavior: classical
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt"
    path: ./ruleset/applications.yaml
    interval: 86400

rules:
  - DOMAIN-SUFFIX,spotify.com,WG
  - DOMAIN-SUFFIX,steamcontent.com,DIRECT
  - DOMAIN-SUFFIX,steamserver.net,DIRECT
  - DOMAIN-SUFFIX,test.steampowered.com,DIRECT
  - DOMAIN-SUFFIX,api.steampowered.com,DIRECT
  - DOMAIN-SUFFIX,rmbgame.net,DIRECT
  - PROCESS-NAME,EpicWebHelper.exe,DIRECT
  - PROCESS-NAME,YuanShen.exe,DIRECT
  - RULE-SET,applications,DIRECT
  - DOMAIN,clash.razord.top,DIRECT
  - DOMAIN,yacd.haishan.me,DIRECT
  - RULE-SET,private,DIRECT
  - RULE-SET,reject,REJECT
  - RULE-SET,icloud,DIRECT
  - RULE-SET,apple,DIRECT
  - RULE-SET,google,DIRECT
  - RULE-SET,proxy,PROXY
  - RULE-SET,direct,DIRECT
  - RULE-SET,lancidr,DIRECT
  - RULE-SET,cncidr,DIRECT
  - RULE-SET,telegramcidr,PROXY
  - GEOIP,LAN,DIRECT
  - GEOIP,CN,DIRECT
  - MATCH,PROXY

Clash log

time="2023-05-28T19:54:19.4683111+08:00" level=info msg="Start initial configuration in progress"
time="2023-05-28T19:54:19.4693316+08:00" level=info msg="Geodata Loader mode: memconservative"
time="2023-05-28T19:54:19.4749783+08:00" level=info msg="Initial configuration complete, total time: 6ms"
time="2023-05-28T19:54:19.4749783+08:00" level=info msg="Sniffer is loaded and working"
time="2023-05-28T19:54:19.4749783+08:00" level=info msg="Use tcp concurrent"
time="2023-05-28T19:54:19.4760014+08:00" level=info msg="Mixed(http+socks) proxy listening at: [::]:7890"
time="2023-05-28T19:54:19.4760014+08:00" level=info msg="Start initial compatible provider default"
time="2023-05-28T19:54:19.4760014+08:00" level=info msg="Start initial compatible provider PROXY"
time="2023-05-28T19:54:19.4760014+08:00" level=info msg="Start initial compatible provider WG"
time="2023-05-28T19:54:19.4765174+08:00" level=info msg="Start initial provider cncidr"
time="2023-05-28T19:54:19.4765174+08:00" level=info msg="Start initial provider icloud"
time="2023-05-28T19:54:19.4765174+08:00" level=info msg="Start initial provider reject"
time="2023-05-28T19:54:19.4765174+08:00" level=info msg="Start initial provider google"
time="2023-05-28T19:54:19.4765174+08:00" level=info msg="Start initial provider private"
time="2023-05-28T19:54:19.4765174+08:00" level=info msg="Start initial provider tld-not-cn"
time="2023-05-28T19:54:19.4765174+08:00" level=info msg="Start initial provider direct"
time="2023-05-28T19:54:19.4765174+08:00" level=info msg="Start initial provider applications"
time="2023-05-28T19:54:19.4765174+08:00" level=info msg="Start initial provider lancidr"
time="2023-05-28T19:54:19.4765174+08:00" level=info msg="Start initial provider apple"
time="2023-05-28T19:54:19.4765174+08:00" level=info msg="Start initial provider gfw"
time="2023-05-28T19:54:19.4765174+08:00" level=info msg="Start initial provider telegramcidr"
time="2023-05-28T19:54:19.4765174+08:00" level=info msg="Start initial provider proxy"
time="2023-05-28T19:54:21.9425591+08:00" level=debug msg="[Rule] use default rules"
time="2023-05-28T19:54:21.9425591+08:00" level=debug msg="[WG](wg) Interface up requested"
time="2023-05-28T19:54:21.9425591+08:00" level=debug msg="[Rule] use default rules"
time="2023-05-28T19:54:21.9425591+08:00" level=debug msg="[WG](wg) UDP bind has been updated"
time="2023-05-28T19:54:21.9430715+08:00" level=debug msg="[WG](wg) peer(bmXO…fgyo) - Starting"
time="2023-05-28T19:54:21.9430715+08:00" level=debug msg="[Rule] use default rules"
time="2023-05-28T19:54:21.9425591+08:00" level=debug msg="[WG](wg) Routine: receive incoming receive - started"
time="2023-05-28T19:54:21.9430715+08:00" level=debug msg="[WG](wg) peer(bmXO…fgyo) - Routine: sequential sender - started"
time="2023-05-28T19:54:21.9430715+08:00" level=debug msg="[WG](wg) peer(bmXO…fgyo) - Routine: sequential receiver - started"
time="2023-05-28T19:54:21.9430715+08:00" level=debug msg="[WG](wg) Interface state was Down, requested Up, now Up"
time="2023-05-28T19:54:21.943583+08:00" level=info msg="[TCP] 127.0.0.1:60459(msedge.exe) --> encore.scdn.co:443 match RuleSet(proxy) using PROXY[socks]"
time="2023-05-28T19:54:21.943583+08:00" level=info msg="[TCP] 127.0.0.1:60460(msedge.exe) --> open.spotifycdn.com:443 match RuleSet(proxy) using PROXY[socks]"
time="2023-05-28T19:54:21.9822551+08:00" level=debug msg="[WG](wg) peer(bmXO…fgyo) - Sending handshake initiation"
time="2023-05-28T19:54:23.406126+08:00" level=debug msg="[Rule] use default rules"
time="2023-05-28T19:54:23.406126+08:00" level=info msg="[TCP] 127.0.0.1:60463(msedge.exe) --> functional.events.data.microsoft.com:443 match RuleSet(proxy) using PROXY[socks]"
time="2023-05-28T19:54:26.9428179+08:00" level=warning msg="[TCP] dial WG (match DomainSuffix/spotify.com) 127.0.0.1:60458 --> open.spotify.com:443 error: context deadline exceeded"
time="2023-05-28T19:54:26.9434151+08:00" level=debug msg="[Rule] use default rules"
time="2023-05-28T19:54:27.1611443+08:00" level=debug msg="[WG](wg) peer(bmXO…fgyo) - Handshake did not complete after 5 seconds, retrying (try 2)"
time="2023-05-28T19:54:27.1611443+08:00" level=debug msg="[WG](wg) peer(bmXO…fgyo) - Sending handshake initiation"
time="2023-05-28T19:54:31.9512495+08:00" level=warning msg="[TCP] dial WG (match DomainSuffix/spotify.com) 127.0.0.1:60465 --> open.spotify.com:443 error: context deadline exceeded"
time="2023-05-28T19:54:32.2263977+08:00" level=debug msg="[WG](wg) peer(bmXO…fgyo) - Handshake did not complete after 5 seconds, retrying (try 2)"
time="2023-05-28T19:54:32.2263977+08:00" level=debug msg="[WG](wg) peer(bmXO…fgyo) - Sending handshake initiation"
time="2023-05-28T19:54:32.984094+08:00" level=debug msg="[Rule] use default rules"
time="2023-05-28T19:54:33.3101+08:00" level=debug msg="[Rule] use default rules"
time="2023-05-28T19:54:37.5033322+08:00" level=debug msg="[WG](wg) peer(bmXO…fgyo) - Handshake did not complete after 5 seconds, retrying (try 2)"
time="2023-05-28T19:54:37.5033322+08:00" level=debug msg="[WG](wg) peer(bmXO…fgyo) - Sending handshake initiation"
time="2023-05-28T19:54:37.9906809+08:00" level=warning msg="[TCP] dial WG (match DomainSuffix/spotify.com) 127.0.0.1:60466 --> open.spotify.com:443 error: context deadline exceeded"
time="2023-05-28T19:54:37.991707+08:00" level=debug msg="[Rule] use default rules"
time="2023-05-28T19:54:38.3148727+08:00" level=warning msg="[TCP] dial WG (match DomainSuffix/spotify.com) 127.0.0.1:60467 --> open.spotify.com:443 error: context deadline exceeded"
time="2023-05-28T19:54:38.3160704+08:00" level=debug msg="[Rule] use default rules"
time="2023-05-28T19:54:39.7626402+08:00" level=debug msg="[Rule] use default rules"
time="2023-05-28T19:54:39.7631429+08:00" level=info msg="[TCP] 127.0.0.1:60470(msedge.exe) --> api.twitter.com:443 match RuleSet(proxy) using PROXY[socks]"
time="2023-05-28T19:54:39.7649988+08:00" level=warning msg="Clash shutting down"

Description

用的是warp节点，使用了dialer-proxy，但是在另一个代理软件上没看见有来自clash的udp流量

zhinianyuxin0o0 commented 1 year ago

我也是使用 warp 节点,使用dialer-proxy 一直显示失败,连接不上

dycwuxing commented 1 year ago

我能连上,但是日志都是错误,使用的Version alpha-8e16738

wwqgtxx commented 1 year ago

@zhinianyuxin0o0 更新最新release试试

wwqgtxx commented 1 year ago

不通的可以尝试dialer-proxy设置为ss或vmess节点，其他类型节点我没有尝试过是否能通

dycwuxing commented 1 year ago

不通的可以尝试dialer-proxy设置为ss或vmess节点，其他类型节点我没有尝试过是否能通

大佬,通是能通,我的dialer-proxy是通过负载轮询分别使用vmess+ws+tls和vless+ws+tls

"[ERROR] WG read packet: websocket: close 1006 (abnormal closure): unexpected EOF" 就是不清楚这个报错是什么意思啊?是因为我使用的协议导致的吗?

zhinianyuxin0o0 commented 1 year ago

@dycwuxing 你的前置节点是什么类型的

wwqgtxx commented 1 year ago

@dycwuxing 能正常使用就忽略这个错误，其实只是你的底层代理关闭这个udp链接而报的错，clash.meta会自动重连的

zhinianyuxin0o0 commented 1 year ago

@wwqgtxx 我测试了一下.ssr 节点的前置dialer-proxy可以是 ssr ,可以连接上,但是 wireguard 的dialer-proxy前置是 ssr 就失败.

dycwuxing commented 1 year ago

@dycwuxing 能正常使用就忽略这个错误，其实只是你的底层代理关闭这个udp链接而报的错，clash.meta会自动重连的

大佬我的warp的前置是这么写的"dialer-proxy": "国外网站" 然后"国外网站"调用另一个策略组,前置是机场节点+"dialer-proxy": "我的节点" "我的节点"使用了"vmess+ws+tls和vless+ws+tls"两个节点如果不影响使用的话,能调低他的警告级别吗?比如warn?谢谢~

wwqgtxx commented 1 year ago

@dycwuxing 怎么说呢，它确实是个error，只是因为有重连机制保证了上层链接没有断开，目前暂时没有修改日志级别的打算

dycwuxing commented 1 year ago

@dycwuxing 怎么说呢，它确实是个error，只是因为有重连机制保证了上层链接没有断开，目前暂时没有修改日志级别的打算

收到，感谢大佬解答

zhinianyuxin0o0 commented 1 year ago

今天又测试了一下,先dialer-proxy使用 ssr -> Trojan gRPC 两层作为网关,然后在虚拟机中,使用 warp+ 的wireguard链接,是可以使用的,而且出口是Trojan gRPC 区域的 ip.

zhinianyuxin0o0 commented 1 year ago

终于可以了,换了vmess前置,终于 relay 成功了,但是是真慢啊

jiz4oh commented 1 year ago

Hi @wwqgtxx 大佬，dialer-proxy 使用 ss/vmess 的时候可以成功，但是使用 ss + shadowtls plugin 和 DIRECT 的时候会失败，可以帮忙看看吗

xz-dev commented 9 months ago

全局启用 override-destination: true 试试，我的 Firefox 使用强制 DoH 时，如果不全局 override-destination: true 也会导致安全连接失败

MetaCubeX / mihomo