vernesong
commented
2 years ago 禁止ipv6了?
Closed Benny-F closed 2 years ago
vernesong
commented
2 years ago 禁止ipv6了?
Benny-F
commented
2 years ago 禁止ipv6了?
对的,是这个原因?
vernesong
commented
2 years ago 到不通设备看看网络的信息
Benny-F
commented
2 years ago 到不通设备看看网络的信息
IP地址指定,网关、dns服务器指定为旁路由地址,这个反复确认过没有问题。
vernesong
commented
2 years ago 说明设备之间还有解析DNS的设备,尝试重启,另提供的信息太少,要自己排查
Benny-F
commented
2 years ago 说明设备之间还有解析DNS的设备,尝试重启,另提供的信息太少,要自己排查
如果还有DNS解析的设备,怎么解释iOS设备和windows电脑的解析都是由openclash完成的呢?
vernesong
commented
2 years ago 你现在要思考的是DNS被哪一步截胡了,是不是自身启用了加密DNS还是其他设备插件干扰了,还是设备自己的缓存导致的
Benny-F
commented
2 years ago 你现在要思考的是DNS被哪一步截胡了,是不是自身启用了加密DNS还是其他设备插件干扰了,还是设备自己的缓存导致的
谢谢,我再去排查一下。
Benny-F
commented
2 years ago 你现在要思考的是DNS被哪一步截胡了,是不是自身启用了加密DNS还是其他设备插件干扰了,还是设备自己的缓存导致的
还没有用软路由的时候,在安卓系统的电视机上安装了clash来分流,当时网络很简单,dhcp获取,然后也出现问题,clash日志也只显示IP地址,后来在clash设置,覆写,DNS里面修改了两项,一个是策略里面强制启用,一个是增强模式里面Fake-IP至域名映射,这样clash日志里面显示网址了,问题解决。这个经验对您帮助我解决目前的问题有帮助吗?我刚刚在openwrt和open clash里面仔仔细细地检查了一遍,没有发现哪里可以截胡DNS解析。
vernesong
commented
2 years ago 调试日志
Benny-F
commented
2 years ago 调试日志
OpenClash 调试日志
生成时间: 2021-10-07 22:01:14 插件版本: v0.42.10-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================#
主机型号: FriendlyElec NanoPi R2S
固件版本: OpenWrt SNAPSHOT r3587-b72f6d6fa
LuCI版本: git-21.206.25982-60d43ca-1
内核版本: 5.4.132
处理器架构: aarch64_generic
#此项在使用Tun模式时应为ACCEPT
防火墙转发: ACCEPT
#此项有值时建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP:
#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
ruby-dbm: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 已安装
#===================== 内核检查 =====================#
运行状态: 运行中
进程pid: 12256
运行权限: 12256: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-armv8
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2021.07.03
Tun内核文件: 存在
Tun内核运行权限: 正常
Game内核版本: 20210310-72-g7a7bd92
Game内核文件: 存在
Game内核运行权限: 正常
Dev内核版本: v1.6.5-10-g53e17a9
Dev内核文件: 存在
Dev内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/ADS.yaml
启动配置文件: /etc/openclash/ADS.yaml
运行模式: redir-host
默认代理模式: rule
UDP流量转发(tproxy): 启用
DNS劫持: 启用
自定义DNS: 启用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 停用
仅代理命中规则流量: 启用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用
#启动异常时建议关闭此项后重试
第三方规则: 停用
#===================== 配置文件 =====================#
mixed-port: 7890
allow-lan: true
mode: rule
log-level: debug
external-controller: 0.0.0.0:9090
proxy-groups:
- name: Proxy
type: select
proxies:
.......
dns:
nameserver:
- 114.114.114.114
- 119.29.29.29
- 119.28.28.28
- 223.5.5.5
enable: true
ipv6: false
enhanced-mode: redir-host
listen: 127.0.0.1:7874
redir-port: 7892
port: 789
socks-port: 7891
bind-address: "*"
external-ui: "/usr/share/openclash/dashboard"
ipv6: false
profile:
store-selected: true
#===================== 防火墙设置 =====================#
#NAT chain
# Generated by iptables-save v1.8.7 on Thu Oct 7 22:01:20 2021
*nat
:PREROUTING ACCEPT [141:28450]
:INPUT ACCEPT [128:16846]
:OUTPUT ACCEPT [82:5725]
:POSTROUTING ACCEPT [9:649]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_vpn_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_vpn_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_vpn_postrouting - [0:0]
:zone_vpn_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i eth1 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_vpn_prerouting
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment dns_hijack -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment dns_hijack -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o eth1 -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_vpn_postrouting
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m tcp --sport 1723 -j RETURN
-A openclash_output -p tcp -m tcp --sport 1688 -j RETURN
-A openclash_output -p tcp -m tcp --sport 1194 -j RETURN
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_lan_prerouting -j MINIUPNPD
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_vpn_postrouting -m comment --comment "!fw3: Custom vpn postrouting rule chain" -j postrouting_vpn_rule
-A zone_vpn_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_vpn_prerouting -m comment --comment "!fw3: Custom vpn prerouting rule chain" -j prerouting_vpn_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Thu Oct 7 22:01:20 2021
#Mangle chain
# Generated by iptables-save v1.8.7 on Thu Oct 7 22:01:20 2021
*mangle
:PREROUTING ACCEPT [2780:979710]
:INPUT ACCEPT [2668:962239]
:FORWARD ACCEPT [86:31445]
:OUTPUT ACCEPT [2521:1655400]
:POSTROUTING ACCEPT [2597:1688657]
:RRDIPT_FORWARD - [0:0]
:RRDIPT_INPUT - [0:0]
:RRDIPT_OUTPUT - [0:0]
:openclash - [0:0]
-A PREROUTING -p udp -j openclash
-A INPUT -j RRDIPT_INPUT
-A FORWARD -j RRDIPT_FORWARD
-A FORWARD -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -j RRDIPT_OUTPUT
-A RRDIPT_FORWARD -s 192.168.68.1/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.68.1/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.68.112/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.68.112/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.68.230/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.68.230/32 -j RETURN
-A RRDIPT_INPUT -i eth0 -j RETURN
-A RRDIPT_INPUT -i eth1 -j RETURN
-A RRDIPT_OUTPUT -o eth0 -j RETURN
-A RRDIPT_OUTPUT -o eth1 -j RETURN
-A openclash -p udp -m udp --dport 1194 -j RETURN
-A openclash -p udp -m udp --dport 500 -j RETURN
-A openclash -p udp -m udp --dport 546 -j RETURN
-A openclash -p udp -m udp --dport 68 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -p udp -j TPROXY --on-port 7892 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
COMMIT
# Completed on Thu Oct 7 22:01:20 2021
#===================== IPSET状态 =====================#
Name: cn
Name: ct
Name: cnc
Name: cmcc
Name: crtc
Name: cernet
Name: gwbn
Name: othernet
Name: music
Name: mwan3_connected_v4
Name: mwan3_connected_v6
Name: mwan3_source_v6
Name: mwan3_dynamic_v4
Name: mwan3_dynamic_v6
Name: mwan3_custom_v4
Name: mwan3_custom_v6
Name: localnetwork
Name: china
Name: mwan3_connected
#===================== 路由表状态 =====================#
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.68.1 0.0.0.0 UG 0 0 0 eth0
192.168.68.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
#ip route list
default via 192.168.68.1 dev eth0 proto static
192.168.68.0/24 dev eth0 proto kernel scope link src 192.168.68.2
#ip rule show
0: from all lookup local
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
#===================== 端口占用状态 =====================#
tcp 0 0 :::7890 :::* LISTEN 12256/clash
tcp 0 0 :::7891 :::* LISTEN 12256/clash
tcp 0 0 :::7892 :::* LISTEN 12256/clash
tcp 0 0 :::789 :::* LISTEN 12256/clash
tcp 0 0 :::9090 :::* LISTEN 12256/clash
udp 0 0 127.0.0.1:7874 0.0.0.0:* 12256/clash
udp 0 0 :::7890 :::* 12256/clash
udp 0 0 :::7891 :::* 12256/clash
udp 0 0 :::7892 :::* 12256/clash
#===================== 测试本机DNS查询 =====================#
Server: 127.0.0.1
Address: 127.0.0.1:53
*** Can't find www.baidu.com: No answer
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address: 112.80.248.75
Name: www.a.shifen.com
Address: 112.80.248.76
#===================== 测试本机网络连接 =====================#
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Thu, 07 Oct 2021 14:01:20 GMT
Etag: "575e1f7c-115"
Last-Modified: Mon, 13 Jun 2016 02:50:36 GMT
Pragma: no-cache
Server: bfe/1.0.8.18
#===================== 测试本机网络下载 =====================#
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 80
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: text/plain; charset=utf-8
ETag: "032d050543d4501eedf5c529a681ed77dfa0ec0aa81669e8323dce3948c31a02"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 8FD0:0CBF:3F82A5:46F5F6:615D66DF
Accept-Ranges: bytes
Date: Thu, 07 Oct 2021 14:01:21 GMT
Via: 1.1 varnish
X-Served-By: cache-nrt18349-NRT
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1633615281.209695,VS0,VE1
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
X-Fastly-Request-ID: cf890e886acded5872a6772817f1999d7faba0c1
Expires: Thu, 07 Oct 2021 14:06:21 GMT
Source-Age: 80
#===================== 最近运行日志 =====================#
time="2021-10-07T21:59:20+08:00" level=debug msg="[Rule] find process name Process error: no such process"
time="2021-10-07T21:59:20+08:00" level=info msg="[TCP] 192.168.68.230:34029 --> 4.78.139.50:443 match DstPort(443) using Others[美国BWH]"
time="2021-10-07T21:59:29+08:00" level=debug msg="[Rule] find process name Process error: no such process"
time="2021-10-07T21:59:29+08:00" level=info msg="[TCP] 192.168.68.234:55006 --> 8.8.4.4:853 match Match() using DIRECT"
time="2021-10-07T21:59:31+08:00" level=debug msg="[Rule] find process name Process error: no such process"
time="2021-10-07T21:59:31+08:00" level=info msg="[TCP] 192.168.68.234:48918 --> 116.198.14.180:443 match GeoIP(CN) using Domestic[DIRECT]"
time="2021-10-07T21:59:33+08:00" level=debug msg="[Rule] find process name Process error: no such process"
time="2021-10-07T21:59:33+08:00" level=info msg="[TCP] 192.168.68.230:55915 --> 162.125.82.7:443 match DstPort(443) using Others[美国BWH]"
time="2021-10-07T21:59:36+08:00" level=debug msg="[Rule] find process name Process error: no such process"
time="2021-10-07T21:59:36+08:00" level=info msg="[TCP] 192.168.68.112:64277 --> 91.108.56.114:443 match IPCIDR(91.108.0.0/16) using Proxy[美国BWH]"
time="2021-10-07T21:59:37+08:00" level=debug msg="[Rule] find process name Process error: no such process"
time="2021-10-07T21:59:37+08:00" level=info msg="[TCP] 192.168.68.112:64278 --> 91.108.56.114:443 match IPCIDR(91.108.0.0/16) using Proxy[美国BWH]"
2021-10-07 21:59:40 Watchdog: Log Size Limit, Clean Up All Log Records...
time="2021-10-07T21:59:41+08:00" level=debug msg="[Rule] find process name Process error: no such process"
time="2021-10-07T21:59:41+08:00" level=info msg="[TCP] 192.168.68.112:64279 --> 91.108.56.114:443 match IPCIDR(91.108.0.0/16) using Proxy[美国BWH]"
time="2021-10-07T21:59:41+08:00" level=debug msg="[Rule] find process name Process error: no such process"
time="2021-10-07T21:59:41+08:00" level=info msg="[TCP] 192.168.68.112:64280 --> 149.154.175.55:443 match IPCIDR(149.154.160.0/20) using Proxy[美国BWH]"
time="2021-10-07T21:59:55+08:00" level=debug msg="[Rule] find process name Process error: no such process"
time="2021-10-07T21:59:55+08:00" level=info msg="[TCP] 192.168.68.234:37584 --> msg.qy.net:80 match DomainSuffix(msg.qy.net) using REJECT"
time="2021-10-07T22:00:04+08:00" level=debug msg="[Rule] find process name Process error: no such process"
time="2021-10-07T22:00:04+08:00" level=debug msg="[Rule] find process name Process error: no such process"
time="2021-10-07T22:00:04+08:00" level=info msg="[TCP] 192.168.68.230:55249 --> 172.217.160.106:443 match IPCIDR(172.217.0.0/16) using Proxy[美国BWH]"
time="2021-10-07T22:00:04+08:00" level=info msg="[TCP] 192.168.68.230:55919 --> 162.125.82.7:443 match DstPort(443) using Others[美国BWH]"
time="2021-10-07T22:00:05+08:00" level=debug msg="[Rule] find process name Process error: no such process"
time="2021-10-07T22:00:06+08:00" level=debug msg="[Rule] find process name Process error: no such process"
time="2021-10-07T22:00:06+08:00" level=info msg="[TCP] 192.168.68.234:40052 --> 221.6.92.151:80 match GeoIP(CN) using Domestic[DIRECT]"
time="2021-10-07T22:00:06+08:00" level=debug msg="[Rule] find process name Process error: no such process"
time="2021-10-07T22:00:06+08:00" level=info msg="[TCP] 192.168.68.234:58450 --> 103.44.59.36:80 match GeoIP(CN) using Domestic[DIRECT]"
time="2021-10-07T22:00:07+08:00" level=info msg="[TCP] 192.168.68.234:55012 --> 8.8.4.4:853 match Match() using DIRECT"
time="2021-10-07T22:00:07+08:00" level=debug msg="[Rule] find process name Process error: no such process"
time="2021-10-07T22:00:07+08:00" level=info msg="[TCP] 192.168.68.234:40056 --> 221.6.92.151:80 match GeoIP(CN) using Domestic[DIRECT]"
time="2021-10-07T22:00:08+08:00" level=debug msg="[Rule] find process name Process error: no such process"
time="2021-10-07T22:00:08+08:00" level=info msg="[TCP] 192.168.68.234:40584 --> 111.202.75.128:80 match GeoIP(CN) using Domestic[DIRECT]"
time="2021-10-07T22:00:32+08:00" level=debug msg="[Rule] find process name Process error: no such process"
time="2021-10-07T22:00:32+08:00" level=info msg="[TCP] 192.168.68.234:48932 --> 116.198.14.180:443 match GeoIP(CN) using Domestic[DIRECT]"
2021-10-07 22:00:40 Watchdog: Log Size Limit, Clean Up All Log Records...
time="2021-10-07T22:00:54+08:00" level=info msg="[TCP] 192.168.68.2:48232 --> raw.githubusercontent.com:443 match SrcIPCIDR(192.168.68.2/32) using DIRECT"
time="2021-10-07T22:00:59+08:00" level=info msg="[TCP] 192.168.68.2:48236 --> raw.githubusercontent.com:443 match SrcIPCIDR(192.168.68.2/32) using DIRECT"
time="2021-10-07T22:01:06+08:00" level=debug msg="[Rule] find process name Process error: no such process"
time="2021-10-07T22:01:06+08:00" level=debug msg="[DNS] cdn.optimizely.com --> 2.19.244.178"
time="2021-10-07T22:01:06+08:00" level=info msg="[TCP] 192.168.68.234:37598 --> cdn.optimizely.com:443 match DstPort(443) using Others[美国BWH]"
time="2021-10-07T22:01:18+08:00" level=debug msg="[Rule] find process name Process error: no such process"
time="2021-10-07T22:01:18+08:00" level=info msg="[TCP] 192.168.68.234:55026 --> 8.8.4.4:853 match Match() using DIRECT"
time="2021-10-07T22:01:19+08:00" level=debug msg="[Rule] find process name Process error: no such process"
time="2021-10-07T22:01:19+08:00" level=debug msg="[DNS] stats.jpush.cn --> 183.232.25.146"
time="2021-10-07T22:01:19+08:00" level=info msg="[TCP] 192.168.68.234:37602 --> stats.jpush.cn:443 match DomainSuffix(jpush.cn) using REJECT"
time="2021-10-07T22:01:19+08:00" level=debug msg="[Rule] find process name Process error: no such process"
time="2021-10-07T22:01:19+08:00" level=info msg="[TCP] 192.168.68.234:54270 --> 183.232.25.143:443 match GeoIP(CN) using Domestic[DIRECT]"
time="2021-10-07T22:01:20+08:00" level=info msg="[TCP] 192.168.68.2:59400 --> www.baidu.com:80 match SrcIPCIDR(192.168.68.2/32) using DIRECT"
time="2021-10-07T22:01:21+08:00" level=info msg="[TCP] 192.168.68.2:48250 --> raw.githubusercontent.com:443 match SrcIPCIDR(192.168.68.2/32) using DIRECT"
192.168.68.234:55026 --> 8.8.4.4:853 match Match() using DIRECT 为什么还有google的DNS请求
Benny-F
commented
2 years ago 192.168.68.234:55026 --> 8.8.4.4:853 match Match() using DIRECT 为什么还有google的DNS请求
这个不是重点,重点是安卓系统的机器都绕过旁路由去主路由那里去解析IP地址了,再把解析的IP发给旁路由,于是出现问题。我在主路由那里指定dns服务器为旁路由,问题解决了。但是百思不得骑姐的是为什么只有安卓机器这样而iOS机器就乖乖的去旁路由解析呢?设置都是一样的啊!难道这是openwrt的一个bug?还是安卓系统的bug?
vernesong
commented
2 years ago 让主路由DHCP下发旁路由地址,有些路由设备有防劫持
Benny-F
commented
2 years ago 让主路由DHCP下发旁路由地址,有些路由设备有防劫持
主路由DHCP下发旁路由地址还是不灵,和指定IP地址一样,没区别,安卓设备还是会绕到主路由去解析。主路由是京东云一代加速版,主路由指定dns服务器为旁路由后,虽然问题解决,但是赚不到京豆了,pcdn没贡献,虽然实际是有的,但是人家看不到。我彻底崩溃!
vernesong
commented
2 years ago 主路由DHCP关了,其他不用动,旁路由开DHCP,旁路由自身lan的DNS和网关填主路由
Benny-F
commented
2 years ago 主路由DHCP关了,其他不用动,旁路由开DHCP,旁路由自身lan的DNS和网关填主路由
我要说完全没用,大佬是不是要和我一样疯了?哈哈哈
kingsey
commented
2 years ago 主路由DHCP关了,其他不用动,旁路由开DHCP,旁路由自身lan的DNS和网关填主路由
我要说完全没用,大佬是不是要和我一样疯了?哈哈哈
哈哈 这两天旁路由刚整起来,一模一样的问题,手头上的IQOO和小米都是。甚至用##4636##去查看wifi config发现手动修改的两个DNS后系统自己还加了一个114.114.114.114,就离谱。
kingsey
commented
2 years ago 主路由DHCP关了,其他不用动,旁路由开DHCP,旁路由自身lan的DNS和网关填主路由
我要说完全没用,大佬是不是要和我一样疯了?哈哈哈
试试手机装个edge/chrome,和PC端一样完全正常,但是app和其他浏览器就完全都是ip记录 chrome手动在/flags里禁用async dns resolver就和其他app一样了,系统的dns还是加了料的啊
vernesong
commented
2 years ago 只要不是doh和dot这类的,目前防火墙劫持规则还是可以解决的
kingsey
commented
2 years ago 只要不是doh和dot这类的,目前防火墙劫持规则还是可以解决的
受大佬启发整了个不是办法的办法:放弃劫持安卓的dns了(丫的dns请求太抽象了,大部分劫不到,偶尔能劫持到个别域名)。wifi的dns填1.1.1.1或者8.8.8.8 然后安卓系统的私人DNS选自动防止dns污染,然后就扔ip给clash去分流完事。就是老Android没法用这个办法...
matthuo333
commented
2 years ago 借此问下,有些连接是在VPS解析,有些是在本地解析,这个依据什么判断?是依据规则没有筛掉就在本地解析?如果这样,IP就会走other, 有出现错误了。Disney+就遇到这样问题,有些影片走正常路由,有些直接IP走了other。试图在自定义加,但每次重启OC后,就又会有新的IP。 还望大神反馈
kingsey
commented
2 years ago 在一通操作之后也不知道具体哪个操作成功实现安卓设备基于网址分流,期间经历了各种设备重启,甚至openwrt升级版本,本来一直好好的。但是...但是,几天前有一次意外断电,重启之后一切变回原样了,淦!完全想不通是哪里出的问题。
github-actions[bot]
commented
2 years ago This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days
magict4
commented
1 year ago 有些安卓设备会自动把 8.8.8.8 设置为 primary dns,你自己在wifi那里设置的 dns 只是 secondary dns。只要 8.8.8.8 没有挂,你自己设置的secondary dns 不会起作用,dns 还是会走 8.8.8.8。我的 FireTV 就有这个问题。
我自己的拓扑结构是 FireTV -> 旁路由 -> 主路由(DHCP)。FireTV的 secondary dns 设置成了旁路由的ip地址,旁路由安装了 OpenClash。然后我直接在旁路由把 8.8.8.8 给屏蔽了 ('IP-CIDR,8.8.8.8/32,REJECT,no-resolve')。这下子 FireTv 就会 fallback 到 secondary dns(旁路由),然后 OpenClash 就能成功劫持所有来自 FireTV的 DNS 请求了。
Benny-F
commented
1 year ago 非常感谢,我再去检查一下!
magict4 @.***>于2023年6月5日 周一06:42写道:
有些安卓设备会自动把 8.8.8.8 设置为 primary dns,你自己在wifi那里设置的 dns 只是 secondary dns。只要 8.8.8.8 没有挂,你自己设置的secondary dns 不会起作用,dns 还是会走 8.8.8.8。我的 FireTV 就有这个问题。
我自己的拓扑结构是 FireTV -> 旁路由 -> 主路由(DHCP)。FireTV的 secondary dns 设置成了旁路由的ip地址,旁路由安装了 OpenClash。然后我直接在旁路由把 8.8.8.8 给屏蔽了 ('IP-CIDR, 8.8.8.8/32,REJECT,no-resolve')。这下子 FireTv 就会 fallback 到 secondary dns(旁路由),然后 OpenClash 就能成功劫持所有来自 FireTV的 DNS 请求了。
— Reply to this email directly, view it on GitHub https://github.com/vernesong/OpenClash/issues/1682#issuecomment-1575760044, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIS6CKX32TJVBPDQDADKKNTXJUFOJANCNFSM5FNNCZSA . You are receiving this because you authored the thread.Message ID: @.***>
Benny-F
commented
1 year ago 有些安卓设备会自动把 8.8.8.8 设置为 primary dns,你自己在wifi那里设置的 dns 只是 secondary dns。只要 8.8.8.8 没有挂,你自己设置的secondary dns 不会起作用,dns 还是会走 8.8.8.8。我的 FireTV 就有这个问题。
我自己的拓扑结构是 FireTV -> 旁路由 -> 主路由(DHCP)。FireTV的 secondary dns 设置成了旁路由的ip地址,旁路由安装了 OpenClash。然后我直接在旁路由把 8.8.8.8 给屏蔽了 ('IP-CIDR,8.8.8.8/32,REJECT,no-resolve')。这下子 FireTv 就会 fallback 到 secondary dns(旁路由),然后 OpenClash 就能成功劫持所有来自 FireTV的 DNS 请求了。
我把主副DNS都指向软路由,成功解决,非常感谢!
openclash在旁路由上,fake-ip模式,已经设置dns劫持。客户端指定IP地址,网关和dns服务器都指向旁路由,奇怪问题发生了,yacd监控里面可以看到iOS设备和Windows10电脑基于网址的分流,但是所有的安卓设备,手机、平板和电视机看到的都是IP地址。我已经崩溃了!