Closed Vohrt closed 11 months ago
douglarek
commented
11 months ago Thank you for the feedback. I have fixed the issue in the latest code. Please try installing the IPK (built here: https://github.com/douglarek/luci-app-homeproxy/actions/runs/7041341627) using the following method: opkg install *.ipk --force-downgrade.
Vohrt
commented
11 months ago 这个问题本身修好了。不过好像还有其他的问题,选择应用之后用top监控,发现singbox的命令出现一瞬间就终止了,网页端也会显示homeproxy未运行。log没有任何内容 但是如果手动再SSH里面运行/usr/bin/sing-box run --config /var/run/homeproxy/sing-box-c.json,没有任何错误。代理也能够正常运行。(代价是一关SSH窗口代理自然就中断了)
目前发现的区别就是我是用root启动的,他是用sing-box用户启动的,我手动用sudo -u sing-box /usr/bin/sing-box run --config /var/run/homeproxy/sing-box-c.json以他的用户启动singbox,log中打出大量error +0000 2023-11-30 14:28:26 ERROR [3744644474 1ms] inbound/redirect[redirect-in]: process connection from 192.168.2.164:2383: exchange6: dial udp 223.6.6.6:53: operation not permitted | exchange4: dial udp 223.6.6.6:53: operation not permitted +0000 2023-11-30 14:28:26 ERROR [183177154 0ms] inbound/redirect[redirect-in]: process connection from 192.168.2.164:2384: exchange6: dial udp 223.6.6.6:53: operation not permitted | exchange4: dial udp 223.6.6.6:53: operation not permitted +0000 2023-11-30 14:28:26 ERROR [4010678004 0ms] inbound/redirect[redirect-in]: process connection from 192.168.2.164:2385: exchange6: dial udp 223.6.6.6:53: operation not permitted | exchange4: dial udp 223.6.6.6:53: operation not permitted +0000 2023-11-30 14:28:26 ERROR [2489251540 0ms] inbound/redirect[redirect-in]: process connection from 192.168.2.164:2386: exchange6: dial udp 223.6.6.6:53: operation not permitted | exchange4: dial udp 223.6.6.6:53: operation not permitted +0000 2023-11-30 14:28:26 ERROR [3239751545 0ms] inbound/redirect[redirect-in]: process connection from 192.168.2.164:2387: exchange6: dial udp 223.6.6.6:53: operation not permitted | exchange4: dial udp 223.6.6.6:53: operation not permitted +0000 2023-11-30 14:28:27 ERROR [1353044823 1ms] inbound/redirect[redirect-in]: process connection from 192.168.2.164:2389: exchange6: dial udp 223.6.6.6:53: operation not permitted | exchange4: dial udp 223.6.6.6:53: operation not permitted +0000 2023-11-30 14:28:27 ERROR [830897155 1ms] inbound/redirect[redirect-in]: process connection from 192.168.2.164:2390: exchange6: dial udp 223.6.6.6:53: operation not permitted | exchange4: dial udp 223.6.6.6:53: operation not permitted
查看init.d/homeproxy 里面的singbox 不论是做client 还是 server都是写死用singbox用户启动,修改/etc/config/singbox里面的user为root也没有什么意义。
查看/etc/init.d/sing-box,发现里面写明说should be root if use TUN mode,但我不清楚luci是不是工作在tun mode下
这是我本地sing-box用户权限的问题?还是另一个bug?
douglarek
commented
11 months ago 查看init.d/homeproxy 里面的singbox 不论是做client 还是 server都是写死用singbox用户启动
也不算写死,是有条件的。如果你是 tun 代理模式那一定是需要 root 的,毕竟需要建立一个虚拟网卡。我的建议是使用 tproxy 模式。
Vohrt
commented
11 months ago 查看init.d/homeproxy 里面的singbox 不论是做client 还是 server都是写死用singbox用户启动
也不算写死,是有条件的。如果你是 tun 代理模式那一定是需要 root 的,毕竟需要建立一个虚拟网卡。我的建议是使用 tproxy 模式。
我选择的就是Redirect TCP+ TProxy UDP。我似乎没看到都走Tproxy的选项。我用的是release里面的113002ipk
douglarek
commented
11 months ago 查看init.d/homeproxy 里面的singbox 不论是做client 还是 server都是写死用singbox用户启动
也不算写死,是有条件的。如果你是 tun 代理模式那一定是需要 root 的,毕竟需要建立一个虚拟网卡。我的建议是使用 tproxy 模式。
我选择的就是Redirect TCP+ TProxy UDP。我似乎没看到都走Tproxy的选项。我用的是release里面的113002ipk
把 luci 界面上的路由设置以及 homeproxy 的日志的截图一下看看,以及你的 sing-box-c.json 去除敏感信息后贴一下。
另外具体说一下你的openwrt版本,以及用的 firewall 版本
Vohrt
commented
11 months ago root@ImmortalWrt:/var/run/homeproxy# cat homeproxy.log 2023-11-30 23:23:25 [DAEMON] sing-box 1.6.6 started. root@ImmortalWrt:/var/run/homeproxy# cat sing-box-c.log
root@ImmortalWrt:/var/run/homeproxy# cat sing-box-c.json { "log": { "disabled": false, "level": "warn", "output": "/var/run/homeproxy/sing-box-c.log", "timestamp": true }, "experimental": { "clash_api": { "external_controller": "[::]:9090", "external_ui": "/etc/homeproxy/resources/ui", "external_ui_download_url": "https://github.com/MetaCubeX/metacubexd/archive/gh-pages.zip", "store_selected": true } }, "dns": { "servers": [ { "tag": "default-dns", "address": "223.6.6.6", "detour": "direct-out" }, { "tag": "system-dns", "address": "local", "detour": "direct-out" }, { "tag": "block-dns", "address": "rcode://name_error" }, { "tag": "main-dns", "address": "tcp://8.8.8.8", "detour": "main-out" } ], "rules": [ { "domain": "aaa.live", "server": "default-dns" } ], "disable_cache": false, "disable_expire": false, "final": "main-dns" }, "inbounds": [ { "type": "direct", "tag": "dns-in", "listen": "::", "listen_port": 5333 }, { "type": "mixed", "tag": "mixed-in", "listen": "::", "listen_port": 5330, "sniff": true, "sniff_override_destination": true, "set_system_proxy": false }, { "type": "redirect", "tag": "redirect-in", "listen": "::", "listen_port": 5331, "sniff": true, "sniff_override_destination": true }, { "type": "tproxy", "tag": "tproxy-in", "listen": "::", "listen_port": 5332, "network": "udp", "sniff": true, "sniff_override_destination": true } ], "outbounds": [ { "type": "direct", "tag": "direct-out", "routing_mark": 100 }, { "type": "block", "tag": "block-out" }, { "type": "dns", "tag": "dns-out" }, { "type": "hysteria", "tag": "main-out", "routing_mark": 100, "server": "aaa.live", "server_port": 8588, "up_mbps": 5, "down_mbps": 25, "obfs": "password", "tls": { "enabled": true, "insecure": false } } ], "route": { "rules": [ { "inbound": "dns-in", "outbound": "dns-out" }, { "protocol": "dns", "outbound": "dns-out" } ], "auto_detect_interface": true, "final": "main-out" } }
SYSTEMINFO 主机名 | ImmortalWrt 型号 | QEMU Standard PC (Q35 + ICH9, 2009) 架构 | Intel(R) Celeron(R) G4900T CPU @ 2.90GHz x 1C 2T (2904.000MHz) 目标平台 | x86/64 固件版本 | ImmortalWrt 23.05.1 r27304-31bc47589e / LuCI openwrt-23.05 branch git-23.323.25576-ef326c3 内核版本 | 5.15.137 本地时间 | 2023-11-30 23:27:06 运行时间 | 0h 4m 14s 平均负载 | 0.06, 0.02, 0.00 CPU 使用率(%) | 0%
FIREWALL 软件包名称 | 版本 firewall4 | 2023-09-01-598d9fbb-1 luci-app-firewall | git-23.323.25576-ef326c3 luci-i18n-firewall-zh-cn | git-23.323.25576-ef326c3
Vohrt
commented
11 months ago
douglarek
commented
11 months ago root@ImmortalWrt:/var/run/homeproxy# cat homeproxy.log 2023-11-30 23:23:25 [DAEMON] sing-box 1.6.6 started. root@ImmortalWrt:/var/run/homeproxy# cat sing-box-c.log
root@ImmortalWrt:/var/run/homeproxy# cat sing-box-c.json { "log": { "disabled": false, "level": "warn", "output": "/var/run/homeproxy/sing-box-c.log", "timestamp": true }, "experimental": { "clash_api": { "external_controller": "[::]:9090", "external_ui": "/etc/homeproxy/resources/ui", "external_ui_download_url": "https://github.com/MetaCubeX/metacubexd/archive/gh-pages.zip", "store_selected": true } }, "dns": { "servers": [ { "tag": "default-dns", "address": "223.6.6.6", "detour": "direct-out" }, { "tag": "system-dns", "address": "local", "detour": "direct-out" }, { "tag": "block-dns", "address": "rcode://name_error" }, { "tag": "main-dns", "address": "tcp://8.8.8.8", "detour": "main-out" } ], "rules": [ { "domain": "aaa.live", "server": "default-dns" } ], "disable_cache": false, "disable_expire": false, "final": "main-dns" }, "inbounds": [ { "type": "direct", "tag": "dns-in", "listen": "::", "listen_port": 5333 }, { "type": "mixed", "tag": "mixed-in", "listen": "::", "listen_port": 5330, "sniff": true, "sniff_override_destination": true, "set_system_proxy": false }, { "type": "redirect", "tag": "redirect-in", "listen": "::", "listen_port": 5331, "sniff": true, "sniff_override_destination": true }, { "type": "tproxy", "tag": "tproxy-in", "listen": "::", "listen_port": 5332, "network": "udp", "sniff": true, "sniff_override_destination": true } ], "outbounds": [ { "type": "direct", "tag": "direct-out", "routing_mark": 100 }, { "type": "block", "tag": "block-out" }, { "type": "dns", "tag": "dns-out" }, { "type": "hysteria", "tag": "main-out", "routing_mark": 100, "server": "aaa.live", "server_port": 8588, "up_mbps": 5, "down_mbps": 25, "obfs": "password", "tls": { "enabled": true, "insecure": false } } ], "route": { "rules": [ { "inbound": "dns-in", "outbound": "dns-out" }, { "protocol": "dns", "outbound": "dns-out" } ], "auto_detect_interface": true, "final": "main-out" } }
SYSTEMINFO 主机名 | ImmortalWrt 型号 | QEMU Standard PC (Q35 + ICH9, 2009) 架构 | Intel(R) Celeron(R) G4900T CPU @ 2.90GHz x 1C 2T (2904.000MHz) 目标平台 | x86/64 固件版本 | ImmortalWrt 23.05.1 r27304-31bc47589e / LuCI openwrt-23.05 branch git-23.323.25576-ef326c3 内核版本 | 5.15.137 本地时间 | 2023-11-30 23:27:06 运行时间 | 0h 4m 14s 平均负载 | 0.06, 0.02, 0.00 CPU 使用率(%) | 0%
FIREWALL 软件包名称 | 版本 firewall4 | 2023-09-01-598d9fbb-1 luci-app-firewall | git-23.323.25576-ef326c3 luci-i18n-firewall-zh-cn | git-23.323.25576-ef326c3
分别按下面 1, 2 再试试:
网页端目前初代hysteria协议设置项和生成的config不匹配,导致任何服务器都连接不上
生成出来的配置 cat /var/run/homeproxy/sing-box-c.json { "log": { "disabled": false, "level": "warn", "output": "/var/run/homeproxy/sing-box-c.log", "timestamp": true }, "dns": { "servers": [ { "tag": "default-dns", "address": "223.6.6.6", "detour": "direct-out" }, { "tag": "block-dns", "address": "rcode://name_error" }, { "tag": "main-dns", "address": "tcp://1.1.1.1", "strategy": "ipv4_only", "detour": "main-out" } ], "rules": [ { "domain": ".", "server": "default-dns" } ], "disable_cache": false, "disable_expire": false, "final": "main-dns" }, "inbounds": [ { "type": "direct", "tag": "dns-in", "listen": "::", "listen_port": 5333 }, { "type": "redirect", "tag": "redirect-in", "listen": "::", "listen_port": 5331, "sniff": true, "sniff_override_destination": true } ], "outbounds": [ { "type": "direct", "tag": "direct-out", "routing_mark": 100 }, { "type": "block", "tag": "block-out" }, { "type": "dns", "tag": "dns-out" }, { "type": "hysteria", "tag": "main-out", "routing_mark": 100, "server": ".", "server_port": 8588, "up_mbps": 250, "down_mbps": 250, "tls": { "enabled": true, "insecure": true } } ], "route": { "rules": [ { "inbound": "dns-in", "outbound": "dns-out" }, { "protocol": "dns", "outbound": "dns-out" } ], "auto_detect_interface": true, "final": "main-out" } }
可以看到上下行的速度不正确,且混淆密码消失。