search

heiher / hev-socks5-tunnel

A high-performance tun2socks for Linux/Android/FreeBSD/macOS/iOS/WSL2 (IPv4/IPv6/TCP/UDP)
MIT License
911 stars 164 forks source link

OpenWRT下运行socks5透明代理失败 #90

Closed weber110 closed 10 months ago

weber110 commented 10 months ago

启动方式: ./hev-socks5-tunnel-linux-arm64 socks5.yml

配置如下:

tunnel:
  # Interface name
  name: tun0
  # Interface MTU
  mtu: 8500
  # Multi-queue
  multi-queue: false
  # IPv4 address
  ipv4: 10.168.0.1
  # IPv6 address
  ipv6: 'fc00::1'

socks5:
  # Socks5 server port
  port: 30001
  # Socks5 server address (ipv4/ipv6)
  address: node.example.com
  # Socks5 UDP relay mode (tcp|udp)
  udp: 'udp'
  # Socks5 server username
  #username: 'myuid'
  # Socks5 server password
  #password: 'mypwd'
  # Socket mark
  mark: 438

问题现象: 运行后控制台打印日志:[2023-12-28 03:07:32] [E] socks5 tunnel open,然后就中断了 ip addr也未见tun0接口被自动创建

heiher commented 10 months ago
  1. 检查程序是否有root权限或CAP_NET_ADMIN。
  2. 检查 /dev/net/tun 是否存在,即系统是否支持Tun功能。
SaeedDev94 commented 10 months ago

I have the same issue with my Asus GT-AX6000 router with asuswrt-merlin (similar to OpenWRT) and I can't figure it how can i fix
[E] socks5 tunnel open => can be fix by running modprobe tun
But after that I get error about ipv6 can't set, I can fix it also by commenting the tunnel#ipv6 in conf/main.yml
tun0 interface will create successfully but it seems tun0 doesn't work at all because when I run this command: 

curl --interface tun0 ipinfo.io

to test (without any custom routing), curl can't get response and it fails :(

heiher commented 10 months ago

I have the same issue with my Asus GT-AX6000 router with asuswrt-merlin (similar to OpenWRT) and I can't figure it how can i fix [E] socks5 tunnel open => can be fix by running modprobe tun But after that I get error about ipv6 can't set, I can fix it also by commenting the tunnel#ipv6 in conf/main.yml tun0 interface will create successfully but it seems tun0 doesn't work at all because when I run this command:

curl --interface tun0 ipinfo.io

to test (without any custom routing), curl can't get response and it fails :(

Check the socks5 server. or try https://github.com/heiher/hev-socks5-server

SaeedDev94 commented 10 months ago

Check the socks5 server. or try https://github.com/heiher/hev-socks5-server

The socks proxy itself is working fine, I compiled proxychains on my router and this command is working fine:

proxychains4 curl ipinfo.io

:(

SaeedDev94 commented 10 months ago

I have to mention that it's not a specific issue with heiher/hev-socks5-tunnel
The same issue occurs with other variants of tun2socks like xjasonlyu/tun2socks
I have no idea if we need other dependencies (a missed lib) to install or need some missed kernel modules maybe ?

heiher commented 10 months ago

Check the socks5 server. or try https://github.com/heiher/hev-socks5-server

The socks proxy itself is working fine, I compiled proxychains on my router and this command is working fine:

proxychains4 curl ipinfo.io

:(

Test TCP only:

curl --interface tun0 -H "Host: ipinfo.io" 34.117.186.192
SaeedDev94 commented 10 months ago

Test TCP only:

curl --interface tun0 -H "Host: ipinfo.io" 34.117.186.192

Still same issue:

curl --interface tun0 -H "Host: ipinfo.io" 34.117.186.192
curl: (28) Failed to connect to 34.117.186.192 port 80 after 3073 ms: Error

:(

SaeedDev94 commented 10 months ago

Here is the debug level logs

[2023-12-30 09:30:04] [D] socks5 tunnel init
[2023-12-30 09:30:04] [D] socks5 tunnel run
[2023-12-30 09:30:04] [D] socks5 tunnel lwip task run
[2023-12-30 09:30:04] [D] socks5 tunnel timer task run
[2023-12-30 09:30:04] [D] socks5 tunnel event task run

And that's it unfortunately
It seems no packets handled by tun0

weber110 commented 10 months ago
  1. 检查程序是否有root权限或CAP_NET_ADMIN。
  2. 检查 /dev/net/tun 是否存在,即系统是否支持Tun功能。

感谢,当天提问后我使用了hev-socks5-tproxy/hev-socks5-server都跑通了。 看到您的回复后,确实是内核缺少kmod-tun模块,安装后不会报错了,也想尝试使用hev-socks5-tunnel与tproxy对比下; 目前还存在的问题如下,您有空可以指点下:

  1. hev-socks5-tproxy连接自己部署的danted socks server或者hev-socks5-server都没问题,但连接外面的S5 IP就出现校验问题,同样的配置在v2rayn可以连接使用;

  2. hev-socks5-tunnel的文档木有tproxy写得完善,我执行了bypass,ip rule添加成功,但tunnel控制台没任何日志(ip addr可以看到tun0接口),不知道还需要做什么配置可以达到tproxy文档示例的全局代理效果? 下面是我的tunnel配置: tunnel: name: tun0 mtu: 8500 multi-queue: false ipv4: 198.18.0.1 ipv6: 'fc00::1' socks5: port: 30001 address: 111.111.111.111 udp: 'udp' username: 'uid' password: 'pwd' mark: 438

heiher commented 10 months ago
  1. 检查程序是否有root权限或CAP_NET_ADMIN。
  2. 检查 /dev/net/tun 是否存在,即系统是否支持Tun功能。

感谢,当天提问后我使用了hev-socks5-tproxy/hev-socks5-server都跑通了。 看到您的回复后,确实是内核缺少kmod-tun模块,安装后不会报错了,也想尝试使用hev-socks5-tunnel与tproxy对比下; 目前还存在的问题如下,您有空可以指点下:

hev-socks5-tproxy可用的话优先用tproxy。

1. hev-socks5-tproxy连接自己部署的danted socks server或者hev-socks5-server都没问题,但连接外面的S5 IP就出现校验问题,同样的配置在v2rayn可以连接使用;

具体的问题现象是什么?

2. hev-socks5-tunnel的文档木有tproxy写得完善,我执行了bypass,ip rule添加成功,但tunnel控制台没任何日志(ip addr可以看到tun0接口),不知道还需要做什么配置可以达到tproxy文档示例的全局代理效果?
   下面是我的tunnel配置:
   tunnel:
   name: tun0
   mtu: 8500
   multi-queue: false
   ipv4: 198.18.0.1
   ipv6: 'fc00::1'
   socks5:
   port: 30001
   address: 111.111.111.111
   udp: 'udp'
   username: 'uid'
   password: 'pwd'
   mark: 438

上述配置再按照 https://github.com/heiher/hev-socks5-tunnel#run 步骤配置路由,应该就可以了吧。

weber110 commented 10 months ago

hev-socks5-tproxy连接三方S5 IP Server日志信息如下:

[2024-01-03 15:28:56] [E] 0x7f955b26a0 socks5 client res.rep 2
[2024-01-03 15:28:56] [E] 0x7f955b26a0 socks5 session handshake
[2024-01-03 15:28:56] [E] 0x7f955c4c70 socks5 client res.rep 2
[2024-01-03 15:28:56] [E] 0x7f955c4c70 socks5 session handshake
[2024-01-03 15:29:02] [E] 0x7f95685180 socks5 client res.rep 5
[2024-01-03 15:29:02] [E] 0x7f95685180 socks5 session handshake
[2024-01-03 15:29:03] [E] 0x7f955b2600 socks5 client res.rep 5
[2024-01-03 15:29:03] [E] 0x7f955b2600 socks5 session handshake
[2024-01-03 15:29:06] [E] 0x7f9559b610 socks5 client res.rep 5
[2024-01-03 15:29:06] [E] 0x7f9559b610 socks5 session handshake
[2024-01-03 15:29:07] [E] 0x7f95532210 socks5 client res.rep 5
[2024-01-03 15:29:07] [E] 0x7f95532210 socks5 session handshake
[2024-01-03 15:29:11] [E] 0x7f955b2600 socks5 client res.rep 5
[2024-01-03 15:29:11] [E] 0x7f955b2600 socks5 session handshake
[2024-01-03 15:29:15] [E] 0x7f9559b610 socks5 client res.rep 5
[2024-01-03 15:29:15] [E] 0x7f9559b610 socks5 session handshake
[2024-01-03 15:29:15] [E] 0x7f95532210 socks5 client res.rep 5
[2024-01-03 15:29:15] [E] 0x7f95532210 socks5 session handshake
[2024-01-03 15:29:23] [E] 0x7f9568ea40 socks5 client read response
[2024-01-03 15:29:23] [E] 0x7f9568ea40 socks5 session handshake
[2024-01-03 15:29:25] [E] 0x7f9568eb30 socks5 client read response
[2024-01-03 15:29:25] [E] 0x7f9568eb30 socks5 session handshake
[2024-01-03 15:29:25] [E] 0x7f955c47f0 socks5 client read response
[2024-01-03 15:29:25] [E] 0x7f955c47f0 socks5 session handshake
[2024-01-03 15:29:26] [E] 0x7f955c48f0 socks5 client read response
[2024-01-03 15:29:26] [E] 0x7f955c48f0 socks5 session handshake
[2024-01-03 15:29:26] [E] 0x7f9559f9f0 socks5 client read response
[2024-01-03 15:29:26] [E] 0x7f9559f9f0 socks5 session handshake
[2024-01-03 15:29:26] [E] 0x7f9558c410 socks5 client read response
[2024-01-03 15:29:26] [E] 0x7f9558c410 socks5 session handshake
[2024-01-03 15:29:26] [E] 0x7f9559fdc0 socks5 client read response
[2024-01-03 15:29:26] [E] 0x7f9559fdc0 socks5 session handshake
[2024-01-03 15:29:26] [E] 0x7f9558c500 socks5 client read response
heiher commented 10 months ago

可能是客户端的请求写合并不兼容吧,具体需要抓包数据才能确认。

heiher commented 10 months ago

如果之前遇到因写合并导致与Socks5服务端不兼容问题,请尝试 2.6.6 版本:

https://github.com/heiher/hev-socks5-tunnel/releases/tag/2.6.6

2.6.6版本开始支持流水化Socks5握手开关(请求写合并),且默认关闭。