search

vernesong / OpenClash

A Clash Client For OpenWrt
MIT License
17.45k stars 3.18k forks source link

[Bug] Fake IP+TUN模式下docker容器内无法连接外网 #2818

Closed Lilies-of-the-valley closed 1 year ago

Lilies-of-the-valley commented 1 year ago

Verify Steps

OpenClash Version

v0.45.70-beta

Bug on Environment

Official OpenWrt

Bug on Platform

Linux-arm64

To Reproduce

Select Mode: fake-ip(tun mode) Select Stack Type: System Router-Self Proxy: Checked

docker run --rm -it curlimages/curl:7.86.0 -m 3 google.com

curl: (28) Connection timed out after 3001 milliseconds

Describe the Bug

见Issue #1778 和 commit https://github.com/vernesong/OpenClash/commit/24d4681d6875561eeeb7052e3a1970d2c310e134 on Feb 14

grep -E "iptables .* -j RETURN" /etc/init.d/openclash | grep utun # 无结果
2022-11-16_022426

OpenClash Log

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: disabled

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

运行模式: fake-ip-tun
默认代理模式: rule
UDP流量转发(tproxy): 停用
DNS劫持: 启用
自定义DNS: 停用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 启用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
DNS远程解析: 启用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 自定义规则 一 =====================#
script:

rules:
- SRC-IP-CIDR,192.168.8.1/21,DIRECT,no-resolve

#===================== 自定义规则 二 =====================#

OpenClash Config

No response

Expected Behavior

Commit https://github.com/vernesong/OpenClash/commit/24d4681d6875561eeeb7052e3a1970d2c310e134 on Feb 14 在1964行 #其他流量 后添加了iptables -t mangle -A openclash -i utun -j RETURN >/dev/null 2>&1,解决了问题。

但最近几个版本Fake IP+TUN模式下docker容器内无法连接外网一直都有,得靠用户手动添加那一行或第三方脚本添加。

希望能再次整合Commit https://github.com/vernesong/OpenClash/commit/24d4681d6875561eeeb7052e3a1970d2c310e134 on Feb 14的更改到主分支。

简单的测试脚本(我没有实际运行过):

docker run --rm -it curlimages/curl:7.86.0 -m 3 google.com
/etc/init.d/openclash restart
docker run --rm -it curlimages/curl:7.86.0 -m 3 google.com
if [ "$?" != 0 ]; then
  grepresult="$(grep -E "iptables .* -j RETURN" /etc/init.d/openclash | grep utun)"
  if [ "$grepresult" == "" ]; then
    anchor="iptables -t mangle -A openclash -m set --match-set localnetwork dst -j RETURN >"
    anchorLineCount="$(grep -E "${anchor}" /etc/init.d/openclash | wc -l)"
    if [ "$anchorLineCount" == "1" ]; then
      sed -i "/$anchor/i       iptables -t mangle -A openclash -i utun -j RETURN >/dev/null 2>&1" \
    /etc/init.d/openclash
      grep -E "iptables .* -j RETURN" /etc/init.d/openclash | grep utun  | wc -l
      /etc/init.d/openclash restart
      docker run --rm -t curlimages/curl:7.86.0 -m 3 google.com
    fi
  fi
fi

Screenshots

2022-11-16_022426 2022-11-16_022336
Lilies-of-the-valley commented 1 year ago

Sonarr对此报Invalid response received from SkyHook错误(与OpenClash无关,只是为了方便检索。)

[v4.0.0.141] NzbDrone.Core.MetadataSource.SkyHook.SkyHookException: Search for 'black jesus' failed. Invalid response received from SkyHook.
 ---> System.Threading.Tasks.TaskCanceledException: A task was canceled.
   at System.Net.Http.HttpClient.HandleFailure(Exception e, Boolean telemetryStarted, HttpResponseMessage response, CancellationTokenSource cts, CancellationToken cancellationToken, CancellationTokenSource pendingRequestsCts)
   at System.Net.Http.HttpClient.Send(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.Send(HttpRequestMessage request, CancellationToken cancellationToken)
   at NzbDrone.Common.Http.Dispatchers.ManagedHttpDispatcher.GetResponse(HttpRequest request, CookieContainer cookies) in C:\BuildAgent\work\13f3e374fa512e16\src\NzbDrone.Common\Http\Dispatchers\ManagedHttpDispatcher.cs:line 109
   at NzbDrone.Common.Http.HttpClient.ExecuteRequest(HttpRequest request, CookieContainer cookieContainer) in C:\BuildAgent\work\13f3e374fa512e16\src\NzbDrone.Common\Http\HttpClient.cs:line 127
   at NzbDrone.Common.Http.HttpClient.Execute(HttpRequest request) in C:\BuildAgent\work\13f3e374fa512e16\src\NzbDrone.Common\Http\HttpClient.cs:line 62
   at NzbDrone.Common.Http.HttpClient.Get[T](HttpRequest request) in C:\BuildAgent\work\13f3e374fa512e16\src\NzbDrone.Common\Http\HttpClient.cs:line 292
   at NzbDrone.Core.MetadataSource.SkyHook.SkyHookProxy.SearchForNewSeries(String title) in C:\BuildAgent\work\13f3e374fa512e16\src\NzbDrone.Core\MetadataSource\SkyHook\SkyHookProxy.cs:line 108
   --- End of inner exception stack trace ---
   at NzbDrone.Core.MetadataSource.SkyHook.SkyHookProxy.SearchForNewSeries(String title) in C:\BuildAgent\work\13f3e374fa512e16\src\NzbDrone.Core\MetadataSource\SkyHook\SkyHookProxy.cs:line 125
   at lambda_method511(Closure , Object , Object[] )
   at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.SyncObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeActionMethodAsync()
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeNextActionFilterAsync()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
   at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
   at Sonarr.Http.Middleware.BufferingMiddleware.InvokeAsync(HttpContext context) in C:\BuildAgent\work\13f3e374fa512e16\src\Sonarr.Http\Middleware\BufferingMiddleware.cs:line 28
   at Sonarr.Http.Middleware.IfModifiedMiddleware.InvokeAsync(HttpContext context) in C:\BuildAgent\work\13f3e374fa512e16\src\Sonarr.Http\Middleware\IfModifiedMiddleware.cs:line 41
   at Sonarr.Http.Middleware.CacheHeaderMiddleware.InvokeAsync(HttpContext context) in C:\BuildAgent\work\13f3e374fa512e16\src\Sonarr.Http\Middleware\CacheHeaderMiddleware.cs:line 33
   at Sonarr.Http.Middleware.UrlBaseMiddleware.InvokeAsync(HttpContext context) in C:\BuildAgent\work\13f3e374fa512e16\src\Sonarr.Http\Middleware\UrlBaseMiddleware.cs:line 27
   at Sonarr.Http.Middleware.VersionMiddleware.InvokeAsync(HttpContext context) in C:\BuildAgent\work\13f3e374fa512e16\src\Sonarr.Http\Middleware\VersionMiddleware.cs:line 28
   at Microsoft.AspNetCore.ResponseCompression.ResponseCompressionMiddleware.InvokeCore(HttpContext context)
   at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)