升级至1.9.x版本后tun模式下会墙掉自身无法访问

[dalamudx]

Operating system

Linux

System version

debian 11

Installation type

Others

If you are using a graphical client, please provide the version of the client.

No response

Version

sing-box version 1.9.3

Environment: go1.22.4 linux/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_ac
me,with_clash_api
Revision: 085f60337799afc906069b540a38368968c123e4
CGO: disabled

Description

客户端配置如下

{
  "dns": {
    "independent_cache": true,
    "rules": [
      {
        "clash_mode": "global",
        "server": "remote"
      },
      {
        "clash_mode": "direct",
        "server": "local"
      },
      {
        "outbound": [
          "any"
        ],
        "server": "local"
      }
    ],
    "servers": [
      {
        "address": "https://1.1.1.1/dns-query",
        "detour": "proxy",
        "tag": "remote"
      },
      {
        "address": "https://223.5.5.5/dns-query",
        "detour": "direct",
        "tag": "local"
      }
    ]
  },
  "inbounds": [
    {
      "type": "tun",
      "inet4_address": "172.19.0.1/30",
      "inet6_address": "fd10::1/126",
      "auto_route": true,
      "strict_route": true,
      "endpoint_independent_nat": false,
      "mtu": 1500,
      "sniff": true,
      "sniff_override_destination": false,
      "stack": "system"
    }
  ],
  "outbounds": [
    {
      "tag": "direct",
      "type": "direct"
    },
    {
      "tag": "block",
      "type": "block"
    },
    {
      "tag": "dns-out",
      "type": "dns"
    },
    {
      "tag": "proxy",
      "type": "selector",
      "default": "auto",
      "outbounds": [
        "auto",
        "rl-jp1",
        "hy-jp1",
        "rl-jp2",
        "hy-jp2",
        "rl-jp3",
        "hy-jp3"
      ]
    },
    {
      "tag": "auto",
      "type": "urltest",
      "url": "http://www.gstatic.com/generate_204",
      "interval": "1m",
      "tolerance": 50,
      "outbounds": [
        "rl-jp1",
        "hy-jp1",
        "rl-jp2",
        "hy-jp2",
        "rl-jp3",
        "hy-jp3"
      ]
    },
    {
      "type": "vless",
      "tag": "rl-jp2",
      "uuid": "8bb67d49-c984-4f3c-af83-92e9671ad182",
      "flow": "xtls-rprx-vision",
      "packet_encoding": "xudp",
      "server": "x.x.x.x",
      "server_port": 443,
      "tls": {
        "enabled": true,
        "server_name": "www.lovelive-anime.jp",
        "utls": {
          "enabled": true,
          "fingerprint": "chrome"
        },
        "reality": {
          "enabled": true,
          "public_key": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
          "short_id": "xxxxxxxxxxxxxxxx"
        }
      }
    },
    {
      "type": "vless",
      "tag": "rl-jp1",
      "uuid": "e85ffb92-d5fa-4ee7-ab6f-51eafa2c5e71",
      "flow": "xtls-rprx-vision",
      "packet_encoding": "xudp",
      "server": "x.x.x.x",
      "server_port": 443,
      "tls": {
        "enabled": true,
        "server_name": "www.lovelive-anime.jp",
        "utls": {
          "enabled": true,
          "fingerprint": "chrome"
        },
        "reality": {
          "enabled": true,
          "public_key": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
          "short_id": "xxxxxxxxxx"
        }
      }
    },
    {
      "type": "vless",
      "tag": "rl-jp3",
      "uuid": "4a8a6c1a-5f3c-4cc7-9f56-a5e83549267e",
      "flow": "xtls-rprx-vision",
      "packet_encoding": "xudp",
      "server": "x.x.x.x",
      "server_port": 443,
      "tls": {
        "enabled": true,
        "server_name": "www.lovelive-anime.jp",
        "utls": {
          "enabled": true,
          "fingerprint": "chrome"
        },
        "reality": {
          "enabled": true,
          "public_key": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
          "short_id": "xxxxxxxxxxxxxxx"
        }
      }
    },
    {
      "type": "hysteria2",
      "server": "x.x.x.x",
      "server_port": 65505,
      "tag": "hy-jp2",
      "password": "xxxxxx",
      "tls": {
        "enabled": true,
        "server_name": "bing.com",
        "insecure": true,
        "alpn": [
          "h3"
        ]
      }
    },
    {
      "type": "hysteria2",
      "server": "x.x.x.x",
      "server_port": 65505,
      "tag": "hy-jp1",
      "password": "xxxxxx",
      "tls": {
        "enabled": true,
        "server_name": "bing.com",
        "insecure": true,
        "alpn": [
          "h3"
        ]
      }
    },
    {
      "type": "hysteria2",
      "server": "x.x.x.x",
      "server_port": 65505,
      "tag": "hy-jp3",
      "password": "xxxxxxxx",
      "tls": {
        "enabled": true,
        "server_name": "bing.com",
        "insecure": true,
        "alpn": [
          "h3"
        ]
      }
    }
  ],
  "route": {
    "auto_detect_interface": true,
    "final": "proxy",
    "rules": [
      {
        "outbound": "dns-out",
        "protocol": "dns"
      },
      {
        "clash_mode": "direct",
        "outbound": "direct"
      },
      {
        "clash_mode": "global",
        "outbound": "proxy"
      },
      {
        "rule_set": "geoip-cn",
        "outbound": "direct"
      },
      {
        "domain": [
          "pt.btschool.club"
        ],
        "domain_suffix": [
          "dalamud.com",
          "tencent-cloud.net",
          "qq.com",
          "xy-asia.com",
          "hhanclub.top",
          "hddolby.com",
          "hhan.club",
          "haidan.video",
          "hdarea.club",
          "hdtime.org",
          "iot-tencent.com",
          "gtimg.com",
          "map.qq.com",
          "qlogo.cn",
          "qpic.cn",
          "servicewechat.com",
          "tenpay.com",
          "wechat.com",
          "wechatlegal.net",
          "wechatos.net",
          "wechatpay.com",
          "weixin.com",
          "weixinbridge.com",
          "weixinsxy.com",
          "www.modelscope.cn"
        ],
        "ip_cidr": [
          "10.10.0.0/20",
          "172.25.0.0/20"
        ],
        "outbound": "direct"
      },
      {
        "domain": [
          "www.bing.com",
          "sydney.bing.com"
        ],
        "domain_suffix": [
          "v2ex.com",
          "discord.gg",
          "discord.com",
          "discordapp.com",
          "discordapp.net",
          "medium.com"
        ],
        "outbound": "proxy"
      },
      {
        "ip_cidr": [
          "224.0.0.0/3",
          "ff00::/8"
        ],
        "source_ip_cidr": [
          "224.0.0.0/3",
          "ff00::/8"
        ],
        "outbound": "block"
      }
    ],
    "rule_set": [
      {
        "tag": "geoip-cn",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs",
        "download_detour": "direct"
      }
    ]
  },
  "log": {
    "disabled": false,
    "level": "debug",
    "timestamp": true
  },
  "experimental": {
    "clash_api": {
      "external_controller": "0.0.0.0:9090",
      "external_ui": "/app/static",
      "external_ui_download_detour": "",
      "external_ui_download_url": "https://github.com/MetaCubeX/Yacd-meta/archive/gh-pages.zip"
    },
    "cache_file": {
      "enabled": true,
      "path": "cache.db",
      "cache_id": "hysteria_profile",
      "store_fakeip": true
    }
  }
}

运行在自己编译的容器中，退回v1.8.14版本启动后能正常访问clash_api，但是升级到v1.9.x版本，虽然日志提示RESTful API listening at xxxxx，但是打不开UI页面。

Reproduction

升级v1.9.3或者v1.9.2版本无法访问UI页面 降级到v1.8.14及以前版本即可正常访问

Logs

+0000 2024-06-16 14:50:13 INFO router: updated default interface eth0, index 2
+0000 2024-06-16 14:50:13 INFO clash-api: restful api listening at [::]:9090
+0000 2024-06-16 14:50:13 INFO inbound/tun[0]: started at tun0
+0000 2024-06-16 14:50:13 INFO sing-box started (0.22s)

Supporter

• [ ] I am a sponsor

Integrity requirements

• [X] I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
• [X] I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
• [X] I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
• [X] I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.

[llity]

docker版正常

[dalamudx]

docker版正常

刚刚开debug，我发现新版本启动后把自己ip墙了，nat内不能ping，代理也不工作，我从容器拿出来本地跑下看看

[dalamudx]

试了下不管是容器还是官方release，用我这个配置直接运行就会墙掉自己后直接断开连接，大佬帮看看配置有没有问题😂

[llity]

outboards 里面应该增加clash的配置吧

[dalamudx]

应该不用吧毕竟direct的都走direct了，而且不只clash_api连socks5端口也会墙掉，不知道别人怎么用的😂

[dalamudx]

知道原因了，是tun模式下strict_route配置问题，strict_route=false之后就正常了