failed to start without network in tun mode

[qjebbs]

Sorry I'm not following the issue template, but I did some digging, it's better to get straight to the point.

I'm trying to run sing-box as a service with launchctl in Mac, but it will fail to start each time I restart the Mac.

The problem is that sing-box is not able to start without network in tun mode.

My situation is:

1. No way to tell the launchctl, to start sing-box after network initialization
2. If I restart the Mac in an environment without a network, it will also fail even if I found solution for launchctl start sequance problem. so it won't work when I come back online.

sing-box can run without network after it has started:

connected => start `sing-box` => disconnected => connected again

though it keeps logging when disconnected:

[ERROR] router: no route to internet
[ERROR] router: no route to internet
[ERROR] router: no route to internet

So I wonder I we can do some lazy initialization for InterfaceMonitor instead of throwing error to avoid this.

Best Regards!

Steps to reproduce:

1. disconnect the network
2. start sing-box with the tun configurated:

{
  "inbounds": [
    {
      "tag": "tun",
      "type": "tun",
      "inet4_address": "172.19.0.1/30",
      "auto_route": true,
      "sniff": true
    }
  ],
  "route": {
    "auto_detect_interface": true
  }
}

The error stack:

• (s *Box) Start(), (s *Box) start()
• (r *Router) Start()
• (m *defaultInterfaceMonitor) Start()
• (m *defaultInterfaceMonitor) checkUpdate() => ErrNoRoute

[nekohasekai]

Try cc7f45150bc895ed6e6de76b5173b8cbf90c78da

[qjebbs]

With cc7f451, sing-box can start without network, but when connected, I found all dns queries failed and no request can be made.

Start when connected is fine.

ERROR [778525565] dns: exchange failed for 10-courier.push.apple.com. IN A: write udp xxxxx:63988->114.114.114.114:53: use of closed network connection
ERROR [778525565] dns: exchange failed for www.apple.com. IN A: write udp xxxxx:63988->114.114.114.114:53: use of closed network connection
ERROR [778525565] dns: exchange failed for lb._dns-sd._udp.0.0.0.10.in-addr.arpa. IN PTR: write udp xxxxx:63988->114.114.114.114:53: use of closed network connection
ERROR [778525565] dns: exchange failed for 170.0.0.10.in-addr.arpa. IN PTR: write udp xxxxx:63988->114.114.114.114:53: use of closed network connection
ERROR [778525565] dns: exchange failed for 1-courier.push.apple.com. IN A: write udp xxxxx:63988->114.114.114.114:53: use of closed network connection
ERROR [778525565] dns: exchange failed for 1-courier.sandbox.push.apple.com. IN A: write udp xxxxx:63988->114.114.114.114:53: use of closed network connection
ERROR [778525565] dns: exchange failed for api.apple-cloudkit.com. IN A: write udp xxxxx:63988->114.114.114.114:53: use of closed network connection
ERROR [778525565] dns: exchange failed for 170.0.0.10.in-addr.arpa. IN PTR: write udp xxxxx:63988->114.114.114.114:53: use of closed network connection
ERROR [778525565] dns: exchange failed for 1-courier.push.apple.com. IN AAAA: write udp xxxxx:63988->114.114.114.114:53: use of closed network connection
ERROR [778525565] dns: exchange failed for 170.0.0.10.in-addr.arpa. IN PTR: write udp xxxxx:63988->114.114.114.114:53: use of closed network connection

seems like a udp route loop?

$ nslookup google.com
;; connection timed out; no servers could be reached

my dns config:

{
  "route": {
    "rules": [
      {
        "_priority": -999999,
        "protocol": "dns",
        "outbound": "dns-out"
      }
    ]
  },
  "dns": {
    "final": "local",
    "servers": [
      {
        "tag": "local",
        "address": "114.114.114.114",
        "detour": "direct"
      },
      {
        "tag": "proxified",
        "address": "udp://1.0.0.1",
        "detour": "selected",
        "address_resolver": "local",
        "address_strategy": "prefer_ipv4",
        "strategy": "prefer_ipv4"
      }
    ],
    "rules": [
      {
        "geosite": [
          "gfw"
        ],
        "server": "proxified"
      }
    ]
  }
}

[qjebbs]

今天再次经过大量试验（断网 => 启动 sing-box => 联网），发现重新连网后，sing-box 会拦截到一些系统连网后的集中dns解析请求，量应该不算大的。但这些解析在初期都会失败，加上系统疯狂重试，导致瞬间有大量的失败日志。

经过10秒钟左右的持续失败后，dns解析会陆续成功，在此之前，网络是不可用的。在此之后，绝大部分代理的网站也能正常访问，但...

我会观察到有些域名永久查询失败（失败的状态被缓存了吗？），相应的网站就访问不了，除非重启sing-box。这种永久失败：

• 是随机发生的，对于同一个域名www.google.com来说，这一次失败，下一次实验可能又正常的。

• 失败的域名，我观察到都经过这个 server 路线，即需要走代理解析的：

  {
      "tag": "proxified",
      "address": "udp://1.0.0.1",
      "detour": "selected",
      "address_resolver": "local",
      "address_strategy": "prefer_ipv4",
      "strategy": "prefer_ipv4"
  }

失败时提示如下，都是一致的：

$ nslookup www.google.com             
;; Truncated, retrying in TCP mode.
Server:         114.114.114.114
Address:        114.114.114.114#53

Non-authoritative answer:
*** Cant find www.google.com: No answer

$ nslookup github.com
;; Truncated, retrying in TCP mode.
Server:         114.114.114.114
Address:        114.114.114.114#53

Non-authoritative answer:
*** Cant find github.com: No answer

如果是联网 => 启动 sing-box => 断网 => 联网，在再次联网时，上述大量失败的情况不会发生，永久解析失败的情况也没有（至少没有找到）。

(有意识去察看后，永久解析失败也是有的，提示同样是;; Truncated, retrying in TCP mode.。这可能是另外一个问题吧。)

[qjebbs]

Closing since tun mode can now start without network.

[Alex-Joe-Lee]

without

Hi，may I ask how to solve this problem? I have the same problem.