search

SagerNet / sing-box

The universal proxy platform
https://sing-box.sagernet.org/
Other
19.91k stars 2.36k forks source link

Linux 下开启 tun 后所有连接超时 #1067

Closed relay303 closed 1 year ago

relay303 commented 1 year ago

Operating system

Linux

System version

Linux 6.5.9-arch2-1 #1 SMP PREEMPT_DYNAMIC Thu, 26 Oct 2023 00:52:20 +0000 x86_64 GNU/Linux

Installation type

Original sing-box Command Line

If you are using a graphical client, please provide the version of the client.

No response

Version

```console sing-box version v1.7.0-alpha.8 Environment: go1.21.3 linux/amd64 Tags: with_gvisor,with_quic,with_wireguard,with_utls,with_reality_server,with_clash_api,with_ech Revision: 1cefcaa30e0527c1d3dad37f1ff59c9de4d4ccc6 CGO: enabled ```

Description

  1. 所有连接均超时,浏览器错误码NS_ERROR_NET_TIMEOUT
  2. DNS解析正常,日志中有正常exchange记录
  3. 貌似inbound也能正常收到连接,详见下面的配置和日志
  4. 相同配置,其它平台可以正常连接

Reproduction

用以下配置启动sing-box (完整配置:https://pastebin.mozilla.org/3fdARrMh

~ ❯ whoami
root
~ ❯ /usr/bin/sing-box -D /var/lib/sing-box -C /etc/sing-box run

route部分

  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      },
      {
        "protocol": [
          "quic"
        ],
        "outbound": "block"
      },
      {
        "geosite": [
          "category-ads-all"
        ],
        "outbound": "block"
      },
      {
        "type": "logical",
        "mode": "and",
        "rules": [
          {
            "geosite": [
              "geolocation-!cn"
            ]
          },
          {
            "geoip": [
              "cn"
            ],
            "invert": true
          }
        ],
        "outbound": "proxy"
      },
      {
        "type": "logical",
        "mode": "and",
        "rules": [
          {
            "geosite": [
              "cn"
            ]
          },
          {
            "geoip": [
              "cn"
            ]
          }
        ],
        "outbound": "direct"
      },
      {
        "geosite": [
          "private"
        ],
        "outbound": "direct"
      },
      {
        "geoip": [
          "cn",
          "private"
        ],
        "outbound": "direct"
      }
    ],
    "auto_detect_interface": true
  },

inbound部分

  "inbounds": [
    {
      "type": "tun",
      "tag": "tun-in",
      "inet4_address": "172.19.0.1/30",
      "auto_route": true,
      "strict_route": true,
      "stack": "mixed",
      "sniff": true,
      "sniff_override_destination": false
    }
  ],

Logs

启动后访问`https://baidu.com`的日志: ```console +0800 2023-11-06 21:24:18 INFO router: loaded geoip database: 259 codes +0800 2023-11-06 21:24:18 INFO router: loaded geosite database: 1428 codes +0800 2023-11-06 21:24:18 INFO router: updated default interface wlo1, index 3 +0800 2023-11-06 21:24:19 TRACE initializing inbound/tun[tun-in] +0800 2023-11-06 21:24:19 TRACE inbound/tun[tun-in]: opening interface +0800 2023-11-06 21:24:19 TRACE inbound/tun[tun-in]: creating stack +0800 2023-11-06 21:24:19 TRACE inbound/tun[tun-in]: starting stack +0800 2023-11-06 21:24:19 INFO inbound/tun[tun-in]: started at tun0 +0800 2023-11-06 21:24:19 INFO sing-box started (1.66s) +0800 2023-11-06 21:24:21 INFO [659538384 0ms] inbound/tun[tun-in]: inbound packet connection from 172.19.0.1:35111 +0800 2023-11-06 21:24:21 INFO [659538384 0ms] inbound/tun[tun-in]: inbound packet connection to 192.168.31.1:53 +0800 2023-11-06 21:24:21 DEBUG [659538384 0ms] router: sniffed packet protocol: dns +0800 2023-11-06 21:24:21 DEBUG [659538384 0ms] router: match[0] protocol=dns => dns-out +0800 2023-11-06 21:24:21 DEBUG dns: exchange wpad. IN AAAA +0800 2023-11-06 21:24:21 DEBUG dns: exchange wpad. IN A +0800 2023-11-06 21:24:21 DEBUG dns: match[4] geosite=[cn private] => dns_direct +0800 2023-11-06 21:24:21 DEBUG dns: match[4] geosite=[cn private] => dns_direct +0800 2023-11-06 21:24:21 INFO outbound/direct[direct]: outbound packet connection to 223.5.5.5:53 +0800 2023-11-06 21:24:21 DEBUG dns: exchanged dns.alidns.com NOERROR 862 +0800 2023-11-06 21:24:21 INFO dns: exchanged dns.alidns.com AAAA dns.alidns.com. 862 IN AAAA 2400:3200::1 +0800 2023-11-06 21:24:21 DEBUG dns: exchanged dns.alidns.com NOERROR 862 +0800 2023-11-06 21:24:21 DEBUG dns: exchanged dns.alidns.com NOERROR 3220 +0800 2023-11-06 21:24:21 DEBUG dns: exchanged dns.alidns.com NOERROR 3220 +0800 2023-11-06 21:24:21 INFO dns: exchanged dns.alidns.com AAAA dns.alidns.com. 862 IN AAAA 2400:3200::1 +0800 2023-11-06 21:24:21 INFO dns: exchanged dns.alidns.com A dns.alidns.com. 3220 IN A 223.5.5.5 +0800 2023-11-06 21:24:21 INFO dns: exchanged dns.alidns.com A dns.alidns.com. 3220 IN A 223.5.5.5 +0800 2023-11-06 21:24:21 INFO dns: exchanged dns.alidns.com A dns.alidns.com. 3220 IN A 223.6.6.6 +0800 2023-11-06 21:24:21 INFO dns: exchanged dns.alidns.com A dns.alidns.com. 3220 IN A 223.6.6.6 +0800 2023-11-06 21:24:21 INFO dns: exchanged dns.alidns.com AAAA dns.alidns.com. 862 IN AAAA 2400:3200:baba::1 +0800 2023-11-06 21:24:21 INFO dns: exchanged dns.alidns.com AAAA dns.alidns.com. 862 IN AAAA 2400:3200:baba::1 +0800 2023-11-06 21:24:21 INFO outbound/direct[direct]: outbound connection to 223.5.5.5:443 +0800 2023-11-06 21:24:21 INFO outbound/direct[direct]: outbound connection to 223.5.5.5:443 +0800 2023-11-06 21:24:21 DEBUG dns: exchanged wpad NXDOMAIN 492 +0800 2023-11-06 21:24:21 INFO dns: exchanged wpad SOA . 492 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2023110600 1800 900 604800 86400 +0800 2023-11-06 21:24:21 INFO dns: exchanged wpad OPT OPT PSEUDOSECTION: EDNS: version 0 flags: MBZ: 0x01ec, udp: 4096 +0800 2023-11-06 21:24:21 DEBUG dns: exchanged wpad NXDOMAIN 473 +0800 2023-11-06 21:24:21 INFO dns: exchanged wpad SOA . 473 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2023110600 1800 900 604800 86400 +0800 2023-11-06 21:24:21 INFO dns: exchanged wpad OPT OPT PSEUDOSECTION: EDNS: version 0 flags: MBZ: 0x01d9, udp: 4096 +0800 2023-11-06 21:24:24 INFO [1001766658 0ms] inbound/tun[tun-in]: inbound packet connection from 172.19.0.1:43744 +0800 2023-11-06 21:24:24 INFO [1001766658 0ms] inbound/tun[tun-in]: inbound packet connection to 23.157.160.168:123 +0800 2023-11-06 21:24:24 INFO [1001766658 0ms] outbound/vless[proxy]: outbound packet connection to 23.157.160.168:123 +0800 2023-11-06 21:24:24 INFO [1001766658 0ms] outbound/vless[proxy]: outbound packet connection to 23.157.160.168:123 +0800 2023-11-06 21:24:25 TRACE outbound/vless[proxy]: XtlsPadding 64 129 0 +0800 2023-11-06 21:24:25 TRACE outbound/vless[proxy]: Xtls Unpadding new block 21 64 padding 137 0 +0800 2023-11-06 21:24:28 INFO [1609047287 0ms] inbound/tun[tun-in]: inbound packet connection from 172.19.0.1:48155 +0800 2023-11-06 21:24:28 INFO [1609047287 0ms] inbound/tun[tun-in]: inbound packet connection to 192.168.31.1:53 +0800 2023-11-06 21:24:28 DEBUG [1609047287 0ms] router: sniffed packet protocol: dns +0800 2023-11-06 21:24:28 DEBUG [1609047287 0ms] router: match[0] protocol=dns => dns-out +0800 2023-11-06 21:24:28 DEBUG dns: exchange baidu.com. IN AAAA +0800 2023-11-06 21:24:28 DEBUG dns: exchange baidu.com. IN A +0800 2023-11-06 21:24:28 DEBUG dns: match[4] geosite=[cn private] => dns_direct +0800 2023-11-06 21:24:28 DEBUG dns: match[4] geosite=[cn private] => dns_direct +0800 2023-11-06 21:24:28 DEBUG dns: exchanged baidu.com NOERROR 177 +0800 2023-11-06 21:24:28 INFO dns: exchanged baidu.com A baidu.com. 177 IN A 110.242.68.66 +0800 2023-11-06 21:24:28 INFO dns: exchanged baidu.com A baidu.com. 177 IN A 39.156.66.10 +0800 2023-11-06 21:24:28 INFO dns: exchanged baidu.com OPT OPT PSEUDOSECTION: EDNS: version 0 flags: MBZ: 0x00b1, udp: 4096 +0800 2023-11-06 21:24:28 INFO dns: exchanged baidu.com. A baidu.com. 177 IN A 110.242.68.66 +0800 2023-11-06 21:24:28 INFO dns: exchanged baidu.com. A baidu.com. 177 IN A 39.156.66.10 +0800 2023-11-06 21:24:28 DEBUG dns: exchanged baidu.com NOERROR 599 +0800 2023-11-06 21:24:28 INFO dns: exchanged baidu.com SOA baidu.com. 599 IN SOA dns.baidu.com. sa.baidu.com. 2012147425 300 300 2592000 7200 +0800 2023-11-06 21:24:28 INFO dns: exchanged baidu.com OPT OPT PSEUDOSECTION: EDNS: version 0 flags: MBZ: 0x0257, udp: 4096 +0800 2023-11-06 21:24:29 INFO [3706118467 0ms] inbound/tun[tun-in]: inbound packet connection from 172.19.0.1:40571 +0800 2023-11-06 21:24:29 INFO [3706118467 0ms] inbound/tun[tun-in]: inbound packet connection to 192.168.31.1:53 +0800 2023-11-06 21:24:29 DEBUG [3706118467 0ms] router: sniffed packet protocol: dns +0800 2023-11-06 21:24:29 DEBUG [3706118467 0ms] router: match[0] protocol=dns => dns-out +0800 2023-11-06 21:24:29 DEBUG dns: exchange wpad. IN AAAA +0800 2023-11-06 21:24:29 DEBUG dns: cached wpad NXDOMAIN 464 +0800 2023-11-06 21:24:29 DEBUG dns: exchange wpad. IN A +0800 2023-11-06 21:24:29 INFO dns: cached wpad SOA . 464 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2023110600 1800 900 604800 86400 +0800 2023-11-06 21:24:29 INFO dns: cached wpad OPT OPT PSEUDOSECTION: EDNS: version 0 flags: MBZ: 0x01d0, udp: 4096 +0800 2023-11-06 21:24:29 DEBUG dns: cached wpad NXDOMAIN 483 +0800 2023-11-06 21:24:29 INFO dns: cached wpad SOA . 483 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2023110600 1800 900 604800 86400 +0800 2023-11-06 21:24:29 INFO dns: cached wpad OPT OPT PSEUDOSECTION: EDNS: version 0 flags: MBZ: 0x01e3, udp: 4096 +0800 2023-11-06 21:24:31 DEBUG [659538384 10.9s] inbound/tun[tun-in]: connection closed: EOF | upstream: context canceled +0800 2023-11-06 21:24:38 DEBUG [1609047287 10.1s] inbound/tun[tun-in]: connection closed: EOF | upstream: context canceled +0800 2023-11-06 21:24:39 DEBUG [3706118467 10.0s] inbound/tun[tun-in]: connection closed: EOF | upstream: context canceled ```
relay303 commented 1 year ago

更新到 v1.7.0-alpha.10 后,使用 gVisor 栈可以正常上网(而v1.7.0-alpha.8不行)。