宽带连接情况下tun模式无法上网

[ravy-alt]

Operating system

Windows

System version

Windows 11

Installation type

Original sing-box Command Line

If you are using a graphical client, please provide the version of the client.

No response

Version

sing-box version 1.8.6

Environment: go1.22.0 windows/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: d32c30c4b7eebaef62dc2b7351dd85e9140def62
CGO: disabled

Description

当禁用有线网卡时，tun模式工作正常，可正常劫持dns请求和后续请求，截取的日志、路由表信息、wireshark抓包信息如下：

当启用有线网卡设置宽带连接后，tun模式工作异常，dns仍被正常劫持，但是后续流量直接请求到了宽带连接网卡，截取的日志、路由表信息、wireshark抓包信息如下：

Reproduction

{
  "log": {
    "level": "debug",
    "timestamp": true
  },
  "inbounds": [
    {
      "type": "mixed",
      "listen": "::",
      "listen_port": 7890,
      "sniff": true,
      "sniff_override_destination": true,
      "tcp_fast_open": false,
      "tcp_multi_path": false,
      "udp_fragment": false
    },
    {
      "type": "tun",
      "interface_name": "singbox",
      "inet4_address": "172.19.0.1/30",
      "inet6_address": "fdfe:dcba:9876::1/126",
      "mtu": 9000,
      "auto_route": true,
      "strict_route": true,
      "endpoint_independent_nat": false,
      "stack": "gvisor",
      "platform": {
        "http_proxy": {
          "enabled": true,
          "server": "127.0.0.1",
          "server_port": 7890
        }
      },
      "sniff": true,
      "sniff_override_destination": true
    }
  ],
  "outbounds": [
    {
      "tag": "proxy",
      "type": "vmess",
      "server": "xxxxx",
      "server_port": 30000,
      "uuid": "xxxx",
      "security": "auto"
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "port": 53,
        "outbound": "dns-out"
      },
      {
        "ip_is_private": true,
        "outbound": "direct"
      }
    ],
    "final": "proxy",
    "auto_detect_interface": true
  },
  "dns": {
    "servers": [
      {
        "tag": "local-dns",
        "address": "223.5.5.5",
        "detour": "direct"
      },
      {
        "tag": "fakeip-dns",
        "address": "fakeip"
      }
    ],
    "rules": [
      {
        "outbound": "any",
        "server": "local-dns"
      },
      {
        "type": "logical",
        "mode": "and",
        "rules": [
          {
            "domain_suffix": [
              ".lan",
              ".localdomain",
              ".example",
              ".invalid",
              ".localhost",
              ".test",
              ".local",
              ".home.arpa",
              ".msftconnecttest.com",
              ".msftncsi.com"
            ],
            "invert": true
          },
          {
            "query_type": [
              "A",
              "AAAA"
            ]
          }
        ],
        "server": "fakeip-dns"
      }
    ],
    "fakeip": {
      "enabled": true,
      "inet4_range": "198.18.0.1/16",
      "inet6_range": "fc00::/18"
    },
    "independent_cache": true,
    "final": "local-dns"
  }
}

Logs

No response

Integrity requirements

• [X] I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
• [X] I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
• [X] I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
• [X] I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.

[dyhkwong]

如果你的宽带连接是指拨号/PPPOE 的话，需要指定 inet4_route_address 为["0.0.0.0/1","128.0.0.0/1"]，inet6_route_address 同理。相关讨论见https://github.com/MetaCubeX/mihomo/issues/187 。

[ravy-alt]

如果你的宽带连接是指拨号/PPPOE 的话，需要指定 inet4_route_address 为["0.0.0.0/1","128.0.0.0/1"]，inet6_route_address 同理。相关讨论见MetaCubeX/mihomo#187 。

@dyhkwong 加上这两个配置后可以正常上网。但出现了另外一个小问题，假如连接了wifi，有线网卡分配了IP，但是没有进行 PPPoE 拨号，此时会选择以太网作为出口，而不是wifi，请问有配置自动选择接口的配置项吗？

[dyhkwong]

如果到网关的连接正常但只是到互联网的连接被网关阻止，建议手动指定出口网卡。由于这样的网络环境并不常见，这样的问题通常只能由当事人自行研究解决。

[ccdd4ever]

https://github.com/MetaCubeX/mihomo/issues/721 参考一下评论，我这边通过修改tun的metrics可以解决这个问题