The newly updated tun configuration failed

[Ley-VN]

Here is my configuration, help me { "log": { "level": "trace", "timestamp": true }, "dns": { "servers": [ { "tag": "dns_Ley", "address": "https://1.1.1.1/dns-query", "address_resolver": "dns_resolver", "strategy": "ipv4_only", "detour": "Ley" }, { "tag": "dns_direct", "address": "https://dns.alidns.com/dns-query", "address_resolver": "dns_resolver", "strategy": "ipv4_only", "detour": "direct" }, { "tag": "dns_block", "address": "rcode://success" }, { "tag": "dns_resolver", "address": "223.5.5.5", "detour": "direct" } ], "rules": [ { "domain": "time.apple.com", "server": "dns_resolver" }, { "geosite": "category-ads-all", "server": "dns_block", "disable_cache": true }, { "geosite": "geolocation-!cn", "server": "dns_Ley" }, { "geosite": [ "cn", "private" ], "server": "dns_direct" }, { "outbound": "any", "server": "dns_resolver" } ] }, "ntp": { "enabled": true, "interval": "30m0s", "server": "time.apple.com", "server_port": 123, "detour": "direct" }, "inbounds": [ { "type": "tun", "tag": "tun-in", "mtu": 1400, "inet4_address": "172.19.0.1/30", "inet6_address": "fdfe:dcba:9876::1/126", "auto_route": true, "strict_route": true, "include_package": [ "com.google.android.gms", "com.google.android.gsf", "com.android.vending", "com.android.chrome", "org.telegram.messenger" ], "stack": "gvisor", "sniff": true, "sniff_override_destination": true } ], "outbounds": [ { "type": "selector", "tag": "Ley", "outbounds": [ "LeyVN:80", "LeySG:80", "LeyVN:443", "LeySG:443" ], "default": "LeySG:443" }, { "type": "vless", "tag": "LeyVN:80", "server": "cloud.ley.vn", "server_port": 80, "uuid": "....", "transport": { "type": "http", "path": "/Ley.VN", "method": "GET", "headers": { "Host": "dl.kgvn.garenanow.com" } } }, { "type": "vless", "tag": "LeySG:80", "server": "cloud1.ley.vn", "server_port": 80, "uuid": "....", "transport": { "type": "http", "path": "/Ley.VN", "method": "GET", "headers": { "Host": "dl.kgvn.garenanow.com" } } }, { "type": "trojan", "tag": "LeyVN:443", "server": "cloud.ley.vn", "server_port": 443, "password": "....4", "tls": { "enabled": true, "server_name": "dl.kgvn.garenanow.com", "insecure": true } }, { "type": "trojan", "tag": "LeySG:443", "server": "cloud1.ley.vn", "server_port": 443, "password": "....." "tls": { "enabled": true, "server_name": "dl.kgvn.garenanow.com", "insecure": true } }, { "type": "direct", "tag": "direct" }, { "type": "block", "tag": "block" }, { "type": "dns", "tag": "dns-out" } ], "route": { "geoip": { "download_url": "https://github.com/soffchen/sing-geoip/releases/latest/download/geoip.db" }, "geosite": { "download_url": "https://github.com/soffchen/sing-geosite/releases/latest/download/geosite.db" }, "rules": [ { "protocol": "dns", "outbound": "dns-out" }, { "protocol": "quic", "outbound": "block" }, { "geosite": "category-ads-all", "outbound": "block" }, { "type": "logical", "mode": "and", "rules": [ { "geosite": "geolocation-!cn" }, { "geoip": "cn", "invert": true } ], "outbound": "Ley" }, { "type": "logical", "mode": "and", "rules": [ { "geosite": "cn" }, { "geoip": "cn" } ], "outbound": "direct" }, { "geosite": "private", "outbound": "direct" }, { "geoip": [ "cn", "private" ], "outbound": "direct" } ], "auto_detect_interface": true } }

[chika0801]

{
"tag": "dns_direct",
"address": "https://dns.alidns.com/dns-query",
"address_resolver": "dns_resolver",
"strategy": "ipv4_only",
"detour": "direct"
},

{
"tag": "dns_resolver",
"address": "223.5.5.5",
"detour": "direct"
}

"address": "https://dns.alidns.com/dns-query",

This DNS resolves the domain name of your cloud.ley.vn server.

This DNS's own domain, dns.alidns.com, will resolve using 223.5.5.5.

If you are not in mainland China, please change it to 1.1.1.1.

[chika0801]

{
"tag": "dns_direct",
"address": "https://1.1.1.1/dns-query",
"address_resolver": "dns_resolver",
"strategy": "ipv4_only",
"detour": "direct"
},
{
"tag": "dns_resolver",
"address": "1.1.1.1",
"detour": "direct"
}

The configuration is made for use in mainland China, and as I read your logs, the problem may be in the places mentioned above. You try to see if you can fix it.

[Ley-VN]

No fix.I send vps information. Can you help me arrange time?

[chika0801]

Try the config file that worked before you modified it, does that config work now?

[chika0801]

There are 2 methods of debugging

1 You're still in SFA, post the logs (should be easier to take a screenshot)

2 You test it on your computer, change some parts of the configuration that are different from the Android side. the TUN inbound and outbound DNS routing parts are basically the same, then see if you can't connect to the server, and if you can't, post the log. If you will analyse the log, you can also try to look at the log to find the reason.

[Ley-VN]

The old configuration still works normally. I will find a solution. Thank you

[Ley-VN]

{ "type": "trojan", "tag": "LeyVN:443", "server": "domain.com", "server_port": 443, "password": "Ley", "tls": { "enabled": true, "server_name": "dl.kgvn.garenanow.com", "insecure": true } } This configuration works { "type": "tuic", "tag": "LeySG:Speed", "server": "domain.com", "server_port": 8443, "uuid": "....", "password": "Ley", "congestion_control": "bbr", "tls": { "enabled": true, "server_name": "dl.kgvn.garenanow.com", "alpn": "h3" } } Tuic configuration is not working =>> I use sni "dl.kgvn.garenanow.com" using 4g. Trojan works, tuic doesn't

[chika0801]

The domain name in your TUIC configuration dl.kgvn.garenanow.com

Do you really have this domain name and have configured the path to the SSL certificate in your server-side configuration in order to apply for it and upload it to your VPS?

[Ley-VN]

This domain name is a way for me to use unlimited 4g network traffic. This domain name is an intermediary of the network operator. I used vless configuration and trojan both were successful

[chika0801]

The form you're talking about is what we call free traffic with your carrier.

But the protocol TUIC doesn't support this method, it wants you to have your own SSL certificate, which is why you keep failing. You need to figure out the fundamental difference.

[Ley-VN]

Thank you. It's sad that this new protocol doesn't support that

[Ley-VN]

After a few exchanges, you clearly understood my needs and configuration. Another thing that I haven't been able to do yet is to share wifi with other devices via hotpot. For example, with v2ray I enable network sharing. The http proxy will be 26.26.26.1/10809 With the sing-box I have configured the inbound part as mixed-in. Listen is 0.0.0.0 or 127.0.0.1. any port. The network receiver cannot connect. Vps server sing-box > Android user 4g hotpot wifi > Android of ios

[chika0801]

For example, you are using SFA on your mobile phone, and you have turned on the WIFI hotspot function on your mobile phone. Other mobile phones connect to this hotspot WIFI, and they are in the WIFI setup page on the options, I remember there is the option, means to choose to use the proxy, the address should be the IP on your mobile phone (mobile phone at this time is the gateway, for example, the guest end to get the IP is 192.168.10.99, the gateway is 192.168.10.1, fill in the 10.1 one), the port is for example 20000, this port number is set in the SFA configuration. You then go into the SFA software in your mobile phone and modify the sing-box configuration to add mixed-in inbound. I remember the parameter: "listen": "::", here you can only write :::, so that other mobile phones can connect to the proxy site. I've tried 127.0.0.1, and other mobile phones don't work.) "listen_port": 20000, this 20000 port corresponds to the one mentioned earlier.

[Ley-VN]

Inflexible. 4g IP is dynamic IP. Not a static ip. V2ray is static ip 26.26.26.1 Shadowrocket static ip is 198.18.0.3 tun server or loopack 127.0.0.1 According to your method, each time you have to change your network's IP automatically

[chika0801]

The process I tried was. pc computer (WIN11) with sing-box.exe in TUN mode, and then listen to an additional socks port like 9090. the listen parameter in the configuration is filled in "::". Assuming PC's LAN IP is 192.168.10.12.

The mobile phone and computer are connected to the same LAN. Enter the WIFI settings interface in the mobile phone settings, there is a proxy option, select the option, fill in 192.168.10.12 for the host name and 9090 for the port, and it is normal to access the proxy website on the mobile phone at this time. You can see the log in the sing-box.exe window of your computer.

As for you take the computer I mentioned, and replace it with a mobile phone, which uses the SFA programme, how the configuration file for the SFA programme is going to be written I'm not sure what you're doing. Then after you enable the hotspot on this phone. The other mobile phone connects to this hotspot, and you have to try it yourself how to fill in the proxy option in the WIFI settings of the other mobile phone. I haven't tried it myself.

[Ley-VN]

No need for LAN IP I use ip tun 172.19.0.1 combined with port 20000 mixed-in. Connection successful. On any device, both computer and phone

[Ley-VN]

Friend { "tag": "dns_direct", "address": "https://1.1.1.1/dns-query", "address_resolver": "dns_resolver", "strategy": "ipv4_only", "detour": "direct" }, { "tag": "dns_resolver", "address": "1.1.1.1", Change to "local" "detour": "direct" } If your internet is offline, you can still launch the configuration normally. using 1.1.1.1 without an open internet connection fails