vernesong
commented
1 year ago 你代理选的直连,去控制面板换
Closed vmjcv closed 1 year ago
vernesong
commented
1 year ago 你代理选的直连,去控制面板换
vmjcv
commented
1 year ago 十分感谢你的答复,但是还是无法代理流量
我已经将代理全部设置为proxies了
然后我尝试使用电脑访问youtube,无法访问,并且在连接界面没有新的连接出现。
下面是我全新的日志
OpenClash 调试日志
生成时间: 2023-03-18 13:57:37 插件版本: v0.45.103-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================#
主机型号: Netgear R6220
固件版本: OpenWrt 22.03.3 r20028-43d71ad93e
LuCI版本: git-20.074.84698-ead5e81
内核版本: 5.10.161
处理器架构: mipsel_24kc
#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP:
DNS劫持: Dnsmasq 转发
#DNS劫持为Dnsmasq时,此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 未安装
unzip: 已安装
kmod-nft-tproxy: 未安装
#===================== 内核检查 =====================#
运行状态: 运行中
内核:
进程pid: 5500
运行权限: 5500: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构:
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本:
Tun内核文件: 不存在
Tun内核运行权限: 否
Dev内核版本: v1.13.0-7-g4ffc999
Dev内核文件: 存在
Dev内核运行权限: 正常
Meta内核版本:
Meta内核文件: 不存在
Meta内核运行权限: 否
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/free.yaml
启动配置文件: /etc/openclash/free.yaml
运行模式: fake-ip
默认代理模式: rule
UDP流量转发(tproxy): 启用
自定义DNS: 停用
IPV6代理: 启用
IPV6-DNS解析: 启用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 启用
路由本机代理: 启用
#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用
#启动异常时建议关闭此项后重试
第三方规则: 停用
#===================== 配置文件 =====================#
port: 7890
socks-port: 7891
allow-lan: true
mode: rule
log-level: info
external-controller: 0.0.0.0:9090
dns:
enable: true
ipv6: true
listen: 0.0.0.0:7874
enhanced-mode: fake-ip
default-nameserver:
- 119.29.29.29
- 119.28.28.28
- 1.0.0.1
- 208.67.222.222
- 1.2.4.8
nameserver:
- https://dns.alidns.com/dns-query
- https://1.1.1.1/dns-query
- tls://dns.adguard.com:853
fake-ip-range: 198.18.0.1/16
proxy-groups:
- name: Proxies
type: select
proxies:
- HK
- SG
- JP
- US
- TW
- bulink自建免费11线 三网
- bulink自建免费16线 三网
- github.com/freefq - 丹麦 20
- github.com/freefq - 丹麦 20 2
- github.com/freefq - 日本 16
- github.com/freefq - 香港DMIT数据中心 13 2
- name: Apple
type: select
proxies:
- DIRECT
- Proxies
- name: MicroSoft
type: select
proxies:
- DIRECT
- Proxies
- name: Telegram
type: select
proxies:
- Proxies
- HK
- SG
- name: Netflix
type: select
proxies:
- Proxies
- HK
- SG
- JP
- US
- TW
- name: Netease
type: select
proxies:
- DIRECT
- Proxies
- name: HKMTMedia
type: select
proxies:
- DIRECT
- Proxies
- HK
- TW
- name: HK
type: select
proxies:
- github.com/freefq - 香港DMIT数据中心 13
- github.com/freefq - 香港DMIT数据中心 13 2
- name: SG
type: select
proxies:
- DIRECT
- name: TW
type: select
proxies:
- DIRECT
- name: JP
type: select
proxies:
- github.com/freefq - 日本 16
- github.com/freefq - 日本 16 2
- github.com/freefq - 日本 2
- github.com/freefq - 日本 2 2
- name: US
type: select
proxies:
- github.com/freefq - 美国 30
- github.com/freefq - 美国 30 2
- github.com/freefq - 美国 5
- github.com/freefq - 美国 5 2
- github.com/freefq - 美国阿里云 8 2
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- GEOIP,CN,DIRECT
- MATCH,Proxies
redir-port: 7892
tproxy-port: 7895
mixed-port: 7893
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: true
profile:
store-selected: true
authentication:
- Clash:uxHLhXNi
#===================== 自定义覆写设置 =====================#
#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh
# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts
LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path
#Simple Demo:
#General Demo
#1--config path
#2--key name
#3--value
#ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
#ruby_edit "$CONFIG_FILE" "['secret']" "123456"
#ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"
#Hash Demo
#1--config path
#2--key name
#3--hash type value
#ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
#ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"
#Array Demo:
#1--config path
#2--key name
#3--position(start from 0, end with -1)
#4--value
#ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"
#Array Add From Yaml File Demo:
#1--config path
#2--key name
#3--position(start from 0, end with -1)
#4--value file path
#5--value key name in #4 file
#ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"
#Ruby Script Demo:
#ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
# begin
# Value = YAML.load_file('$CONFIG_FILE');
# rescue Exception => e
# puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
# end;
#General
# begin
# Thread.new{
# Value['redir-port']=7892;
# Value['tproxy-port']=7895;
# Value['port']=7890;
# Value['socks-port']=7891;
# Value['mixed-port']=7893;
# }.join;
# rescue Exception => e
# puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
# ensure
# File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
# end" 2>/dev/null >> $LOG_FILE
exit 0
#===================== 自定义防火墙设置 =====================#
#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh
# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules
LOG_OUT "Tip: Start Add Custom Firewall Rules..."
exit 0
#===================== IPTABLES 防火墙设置 =====================#
#IPv4 NAT chain
# Generated by iptables-save v1.8.7 on Sat Mar 18 13:57:43 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Sat Mar 18 13:57:43 2023
#IPv4 Mangle chain
# Generated by iptables-save v1.8.7 on Sat Mar 18 13:57:43 2023
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Sat Mar 18 13:57:43 2023
#IPv4 Filter chain
# Generated by iptables-save v1.8.7 on Sat Mar 18 13:57:43 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Sat Mar 18 13:57:43 2023
#IPv6 NAT chain
#IPv6 Mangle chain
#IPv6 Filter chain
#===================== NFTABLES 防火墙设置 =====================#
table inet fw4 {
chain input {
type filter hook input priority filter; policy accept;
udp dport 443 ip6 daddr != @china_ip6_route counter packets 0 bytes 0 reject with icmpv6 port-unreachable comment "OpenClash QUIC REJECT"
udp dport 443 ip daddr != @china_ip_route counter packets 0 bytes 0 reject with icmp port-unreachable comment "OpenClash QUIC REJECT"
iifname "lo" accept comment "!fw4: Accept traffic from loopback"
ct state established,related accept comment "!fw4: Allow inbound established and related flows"
ct state invalid drop comment "!fw4: Drop flows with invalid conntrack state"
tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets"
}
}
table inet fw4 {
chain forward {
type filter hook forward priority filter; policy accept;
ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
ct state invalid drop comment "!fw4: Drop flows with invalid conntrack state"
}
}
table inet fw4 {
chain dstnat {
type nat hook prerouting priority dstnat; policy accept;
ip6 daddr { 2001:4860:4860::8844, 2001:4860:4860::8888 } tcp dport 53 counter packets 0 bytes 0 accept comment "OpenClash Google DNS Hijack"
ip daddr { 8.8.4.4, 8.8.8.8 } tcp dport 53 counter packets 0 bytes 0 redirect to :7892 comment "OpenClash Google DNS Hijack"
ip protocol tcp counter packets 55 bytes 2860 jump openclash
}
}
table inet fw4 {
chain srcnat {
type nat hook postrouting priority srcnat; policy accept;
}
}
table inet fw4 {
chain nat_output {
type nat hook output priority filter - 1; policy accept;
ip protocol tcp counter packets 376 bytes 22560 jump openclash_output
}
}
table inet fw4 {
chain mangle_prerouting {
type filter hook prerouting priority mangle; policy accept;
ip protocol udp counter packets 2160 bytes 375722 jump openclash_mangle
meta nfproto ipv6 jump openclash_mangle_v6
}
}
table inet fw4 {
chain mangle_output {
type route hook output priority mangle; policy accept;
meta nfproto ipv6 counter packets 995 bytes 113979 jump openclash_mangle_output_v6
}
}
table inet fw4 {
chain openclash {
ip daddr @localnetwork counter packets 55 bytes 2860 return
ip protocol tcp ip daddr 198.18.0.0/16 counter packets 0 bytes 0 redirect to :7892
ip daddr @china_ip_route ip daddr != @china_ip_route_pass counter packets 0 bytes 0 return
ip protocol tcp counter packets 0 bytes 0 redirect to :7892
}
}
table inet fw4 {
chain openclash_mangle {
ip daddr @localnetwork counter packets 2171 bytes 376573 return
udp dport 53 counter packets 0 bytes 0 return
ip daddr @china_ip_route ip daddr != @china_ip_route_pass counter packets 0 bytes 0 return
ip protocol udp counter packets 0 bytes 0 jump openclash_upnp
}
}
table inet fw4 {
chain openclash_output {
ip daddr @localnetwork counter packets 200 bytes 12000 return
ip protocol tcp ip daddr 198.18.0.0/16 meta skuid != 65534 counter packets 4 bytes 240 redirect to :7892
meta skuid != 65534 ip daddr @china_ip_route ip daddr != @china_ip_route_pass counter packets 0 bytes 0 return
ip protocol tcp meta skuid != 65534 counter packets 0 bytes 0 redirect to :7892
}
}
table inet fw4 {
chain openclash_mangle_v6 {
ip6 daddr @localnetwork6 counter packets 1259 bytes 139453 return
meta nfproto ipv6 udp dport 53 counter packets 0 bytes 0 return
ip6 daddr @china_ip6_route ip6 daddr != @china_ip6_route_pass counter packets 0 bytes 0 return
}
}
table inet fw4 {
chain openclash_mangle_output_v6 {
ip6 daddr @localnetwork6 counter packets 996 bytes 114043 return
meta skuid != 65534 ip6 daddr @china_ip6_route ip6 daddr != @china_ip6_route_pass counter packets 0 bytes 0 return
meta nfproto ipv6 meta skuid != 65534 tcp dport 0-65535 meta mark set 0x00000162
}
}
#===================== IPSET状态 =====================#
#===================== 路由表状态 =====================#
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.15.1 0.0.0.0 UG 0 0 0 br-lan
192.168.15.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
#ip route list
default via 192.168.15.1 dev br-lan proto static
192.168.15.0/24 dev br-lan proto kernel scope link src 192.168.15.100
#ip rule show
0: from all lookup local
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
#===================== 端口占用状态 =====================#
tcp 0 0 :::9090 :::* LISTEN 5500/clash
tcp 0 0 :::7890 :::* LISTEN 5500/clash
tcp 0 0 :::7891 :::* LISTEN 5500/clash
tcp 0 0 :::7892 :::* LISTEN 5500/clash
tcp 0 0 :::7893 :::* LISTEN 5500/clash
tcp 0 0 :::7895 :::* LISTEN 5500/clash
udp 0 0 :::7874 :::* 5500/clash
udp 0 0 :::7891 :::* 5500/clash
udp 0 0 :::7892 :::* 5500/clash
udp 0 0 :::7893 :::* 5500/clash
udp 0 0 :::7895 :::* 5500/clash
#===================== 测试本机DNS查询(www.baidu.com) =====================#
Server: 127.0.0.1
Address: 127.0.0.1:53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address: 163.177.151.109
Name: www.a.shifen.com
Address: 163.177.151.110
#===================== 测试内核DNS查询(www.instagram.com) =====================#
Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false
Question:
Name: www.instagram.com.
Qtype: 1
Qclass: 1
Answer:
TTL: 1
data: 162.125.2.6
name: www.instagram.com.
type: 1
Additional:
TTL: 0
data: ON:; EDNS: version 0; flags: ; udp: 4096
name: .
type: 41
#===================== resolv.conf.d =====================#
# Interface lan
nameserver 192.168.15.1
nameserver fe80::5%br-lan
#===================== 测试本机网络连接(www.baidu.com) =====================#
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Sat, 18 Mar 2023 13:57:54 GMT
Etag: "575e1f72-115"
Last-Modified: Mon, 13 Jun 2016 02:50:26 GMT
Pragma: no-cache
Server: bfe/1.0.8.18
#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#
HTTP/2 200
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: "275ce7c4d332951875158904a2c8128e7ea40f4ae5057d32acf9f67754ef0e71"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: D56C:51C8:41B962:4BE488:64137461
accept-ranges: bytes
date: Sat, 18 Mar 2023 13:58:04 GMT
via: 1.1 varnish
x-served-by: cache-hkg17932-HKG
x-cache: HIT
x-cache-hits: 1
x-timer: S1679147885.725187,VS0,VE1
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
x-fastly-request-id: bbf20e56a330bdff2bf1b97309073d32c789ea91
expires: Sat, 18 Mar 2023 14:03:04 GMT
source-age: 139
content-length: 83
#===================== 最近运行日志(自动切换为Debug模式) =====================#
2023-03-18 06:24:04 OpenClash Restart...
2023-03-18 06:24:04 OpenClash Stoping...
2023-03-18 06:24:04 Step 1: Backup The Current Groups State...
2023-03-18 06:38:19 Step 2: Delete OpenClash Firewall Rules...
2023-03-18 06:38:22 Step 3: Close The OpenClash Daemons...
2023-03-18 06:38:22 Step 4: Close The Clash Core Process...
2023-03-18 06:38:24 Step 5: Restart Dnsmasq...
2023-03-18 06:38:27 Step 6: Delete OpenClash Residue File...
2023-03-18 06:38:27 OpenClash Already Stop!
2023-03-18 06:38:29 Warning: OpenClash Now Disabled, Need Start From Luci Page, Exit...
2023-03-18 13:38:05 OpenClash Restart...
2023-03-18 13:38:05 OpenClash Stoping...
2023-03-18 13:38:05 Step 1: Backup The Current Groups State...
2023-03-18 13:38:05 Step 2: Delete OpenClash Firewall Rules...
2023-03-18 13:38:07 Step 3: Close The OpenClash Daemons...
2023-03-18 13:38:07 Step 4: Close The Clash Core Process...
2023-03-18 13:38:07 Step 5: Restart Dnsmasq...
2023-03-18 13:38:08 Step 6: Delete OpenClash Residue File...
2023-03-18 13:38:09 OpenClash Start Running...
2023-03-18 13:38:09 Step 1: Get The Configuration...
2023-03-18 13:38:10 Step 2: Check The Components...
2023-03-18 13:38:14 Step 3: Modify The Config File...
2023-03-18 13:38:22 Tip: You have seted the authentication of SOCKS5/HTTP(S) proxy with【Clash:uxHLhXNi】
2023-03-18 13:38:31 Tip: Start Running Custom Overwrite Scripts...
2023-03-18 13:38:31 Step 4: Start Running The Clash Core...
2023-03-18 13:38:31 Tip: No Special Configuration Detected, Use Dev Core to Start...
2023-03-18 13:38:33 Step 5: Check The Core Status...
2023-03-18 13:38:36 Step 6: Wait For The File Downloading...
time="2023-03-18T13:38:36Z" level=info msg="Start initial compatible provider HK"
time="2023-03-18T13:38:36Z" level=info msg="Start initial compatible provider Proxies"
time="2023-03-18T13:38:36Z" level=info msg="Start initial compatible provider Netflix"
time="2023-03-18T13:38:36Z" level=info msg="Start initial compatible provider Telegram"
time="2023-03-18T13:38:36Z" level=info msg="Start initial compatible provider MicroSoft"
time="2023-03-18T13:38:36Z" level=info msg="Start initial compatible provider Netease"
time="2023-03-18T13:38:36Z" level=info msg="Start initial compatible provider US"
time="2023-03-18T13:38:36Z" level=info msg="Start initial compatible provider SG"
time="2023-03-18T13:38:36Z" level=info msg="Start initial compatible provider HKMTMedia"
time="2023-03-18T13:38:36Z" level=info msg="Start initial compatible provider Apple"
time="2023-03-18T13:38:36Z" level=info msg="Start initial compatible provider TW"
time="2023-03-18T13:38:36Z" level=info msg="Start initial compatible provider JP"
time="2023-03-18T13:38:36Z" level=info msg="RESTful API listening at: [::]:9090"
time="2023-03-18T13:38:36Z" level=info msg="Authentication of local server updated"
time="2023-03-18T13:38:36Z" level=info msg="HTTP proxy listening at: [::]:7890"
time="2023-03-18T13:38:36Z" level=info msg="SOCKS proxy listening at: [::]:7891"
time="2023-03-18T13:38:36Z" level=info msg="Redirect proxy listening at: [::]:7892"
time="2023-03-18T13:38:36Z" level=info msg="TProxy server listening at: [::]:7895"
time="2023-03-18T13:38:36Z" level=info msg="Mixed(http+socks) proxy listening at: [::]:7893"
time="2023-03-18T13:38:36Z" level=info msg="DNS server listening at: [::]:7874"
2023-03-18 13:38:42 Step 7: Set Firewall Rules...
2023-03-18 13:38:42 Warning: Dnsmasq not Support nftset, Use ipset...
2023-03-18 13:38:42 Tip: DNS Hijacking Mode is Dnsmasq Redirect...
2023-03-18 13:38:42 Tip: Firewall4 was Detected, Use NFTABLE Rules...
2023-03-18 13:38:58 Tip: Bypass the China IP May Cause the Dnsmasq Load For a Long Time After Restart in FAKE-IP Mode, Hijack the DNS to Core Untill the Dnsmasq Works Well...
2023-03-18 13:39:32 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules...
2023-03-18 13:39:32 Tip: Start Add Custom Firewall Rules...
2023-03-18 13:39:32 Step 8: Restart Dnsmasq...
2023-03-18 13:39:33 Step 9: Add Cron Rules, Start Daemons...
2023-03-18 13:39:34 OpenClash Start Successful!
time="2023-03-18T13:40:48Z" level=warning msg="[TCP] dial Proxies (match Match/) 192.168.15.100:58818 --> raw.fastgit.org:443 error: dial tcp4 195.201.88.86:443: i/o timeout"
time="2023-03-18T13:40:49Z" level=info msg="[TCP] 192.168.15.100:43362 --> raw.fastgit.org:443 match Match() using Proxies[DIRECT]"
2023-03-18 13:48:07 Tip: Dnsmasq Work is Normal, Restore The Firewall DNS Hijacking Rules...
time="2023-03-18T13:57:27Z" level=info msg="[TCP] 192.168.15.100:52896 --> raw.githubusercontent.com:443 match DomainKeyword(github) using Proxies[github.com/freefq - 美国 5]"
time="2023-03-18T13:57:42Z" level=info msg="[TCP] 192.168.15.100:37192 --> raw.githubusercontent.com:443 match DomainKeyword(github) using Proxies[github.com/freefq - 美国 5]"
time="2023-03-18T13:57:54Z" level=info msg="[TCP] 192.168.15.100:37694 --> raw.githubusercontent.com:443 match DomainKeyword(github) using Proxies[github.com/freefq - 美国 5]"
time="2023-03-18T13:57:58Z" level=info msg="[TCP] 192.168.15.100:37696 --> raw.githubusercontent.com:443 match DomainKeyword(github) using Proxies[github.com/freefq - 美国 5]"
time="2023-03-18T13:58:03Z" level=info msg="[TCP] 192.168.15.100:59450 --> raw.githubusercontent.com:443 match DomainKeyword(github) using Proxies[github.com/freefq - 美国 5]"
2023-03-18 13:57:42【/tmp/openclash_last_version】Download Failed:【curl: (28) SSL connection timeout】
time="2023-03-18T13:58:13Z" level=info msg="[TCP] 192.168.15.100:59456 --> raw.githubusercontent.com:443 match DomainKeyword(github) using Proxies[github.com/freefq - 美国 5]"
#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#
#===================== 活动连接信息 =====================#
没啥问题,你电脑网关和DNS改了没有,或者先关下IPV6
vernesong
commented
1 year ago 还有你的kmod-nft-tproxy没装
vmjcv
commented
1 year ago 没啥问题,你电脑网关和DNS改了没有,或者先关下IPV6
电脑网关和dns是自动获取的,将主路由的dns改成旁路有的地址了,在电脑的cmd:nslookup 显示的是旁路有的ip地址 我先关下ipv6试下(开ipv6的原因是没有ipv4的公网,只能用ipv6来暴露nas的服务和代理nas的流量)
kmod-nft-tproxy:这个我装一下试试
vmjcv
commented
1 year ago @vernesong 已经关掉ipv6,并且安装kmod-nft-tproxy了。还是不行,表现和前面都一样。 我想知道下,现在这情况是:
我该怎么判断,需要我提供其他信息吗?比如主路由的一些ip配置信息等?
这是这次的调试日志: OpenClash 调试日志
生成时间: 2023-03-20 01:58:13 插件版本: v0.45.103-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================#
主机型号: Netgear R6220
固件版本: OpenWrt 22.03.3 r20028-43d71ad93e
LuCI版本: git-20.074.84698-ead5e81
内核版本: 5.10.161
处理器架构: mipsel_24kc
#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP:
DNS劫持: Dnsmasq 转发
#DNS劫持为Dnsmasq时,此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 未安装
unzip: 已安装
kmod-nft-tproxy: 已安装
#===================== 内核检查 =====================#
运行状态: 运行中
内核:
进程pid: 18767
运行权限: 18767: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构:
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本:
Tun内核文件: 不存在
Tun内核运行权限: 否
Dev内核版本: v1.13.0-7-g4ffc999
Dev内核文件: 存在
Dev内核运行权限: 正常
Meta内核版本:
Meta内核文件: 不存在
Meta内核运行权限: 否
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/free.yaml
启动配置文件: /etc/openclash/free.yaml
运行模式: redir-host
默认代理模式: rule
UDP流量转发(tproxy): 启用
自定义DNS: 停用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 启用
路由本机代理: 启用
#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用
#启动异常时建议关闭此项后重试
第三方规则: 停用
#===================== 配置文件 =====================#
port: 7890
socks-port: 7891
allow-lan: true
mode: rule
log-level: info
external-controller: 0.0.0.0:9090
dns:
enable: true
ipv6: false
listen: 0.0.0.0:7874
enhanced-mode: fake-ip
default-nameserver:
- 119.29.29.29
- 119.28.28.28
- 1.0.0.1
- 208.67.222.222
- 1.2.4.8
nameserver:
- https://dns.alidns.com/dns-query
- https://1.1.1.1/dns-query
- tls://dns.adguard.com:853
fake-ip-range: 198.18.0.1/16
fake-ip-filter:
- "+.*"
proxy-groups:
- name: Proxies
type: select
proxies:
- HK
- SG
- JP
- US
- TW
- bulink自建免费11线 三网
- bulink自建免费16线 三网
- github.com/freefq - 香港DMIT数据中心 13
- github.com/freefq - 香港DMIT数据中心 13 2
- name: Apple
type: select
proxies:
- DIRECT
- Proxies
- name: MicroSoft
type: select
proxies:
- DIRECT
- Proxies
- name: Telegram
type: select
proxies:
- Proxies
- HK
- SG
- name: Netflix
type: select
proxies:
- Proxies
- HK
- SG
- JP
- US
- TW
- name: Netease
type: select
proxies:
- DIRECT
- Proxies
- name: HKMTMedia
type: select
proxies:
- DIRECT
- Proxies
- HK
- TW
- name: HK
type: select
proxies:
- github.com/freefq - 香港DMIT数据中心 13
- github.com/freefq - 香港DMIT数据中心 13 2
- name: SG
type: select
proxies:
- DIRECT
- name: TW
type: select
proxies:
- DIRECT
- name: JP
type: select
proxies:
- github.com/freefq - 日本 16
- github.com/freefq - 日本 16 2
- github.com/freefq - 日本 2
- github.com/freefq - 日本 2 2
- name: US
type: select
proxies:
- github.com/freefq - 美国 30
- github.com/freefq - 美国阿里云 8
- github.com/freefq - 美国阿里云 8 2
rules:
- DST-PORT,7895,REJECT
- GEOIP,CN,DIRECT
- MATCH,Proxies
redir-port: 7892
tproxy-port: 7895
mixed-port: 7893
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: false
profile:
store-selected: true
authentication:
- Clash:uxHLhXNi
#===================== 自定义覆写设置 =====================#
#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh
# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts
LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path
#Simple Demo:
#General Demo
#1--config path
#2--key name
#3--value
#ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
#ruby_edit "$CONFIG_FILE" "['secret']" "123456"
#ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"
#Hash Demo
#1--config path
#2--key name
#3--hash type value
#ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
#ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"
#Array Demo:
#1--config path
#2--key name
#3--position(start from 0, end with -1)
#4--value
#ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"
#Array Add From Yaml File Demo:
#1--config path
#2--key name
#3--position(start from 0, end with -1)
#4--value file path
#5--value key name in #4 file
#ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"
#Ruby Script Demo:
#ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
# begin
# Value = YAML.load_file('$CONFIG_FILE');
# rescue Exception => e
# puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
# end;
#General
# begin
# Thread.new{
# Value['redir-port']=7892;
# Value['tproxy-port']=7895;
# Value['port']=7890;
# Value['socks-port']=7891;
# Value['mixed-port']=7893;
# }.join;
# rescue Exception => e
# puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
# ensure
# File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
# end" 2>/dev/null >> $LOG_FILE
exit 0
#===================== 自定义防火墙设置 =====================#
#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh
# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules
LOG_OUT "Tip: Start Add Custom Firewall Rules..."
exit 0
#===================== IPTABLES 防火墙设置 =====================#
#IPv4 NAT chain
# Generated by iptables-save v1.8.7 on Mon Mar 20 01:58:18 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Mon Mar 20 01:58:18 2023
#IPv4 Mangle chain
# Generated by iptables-save v1.8.7 on Mon Mar 20 01:58:18 2023
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Mon Mar 20 01:58:18 2023
#IPv4 Filter chain
# Generated by iptables-save v1.8.7 on Mon Mar 20 01:58:18 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Mon Mar 20 01:58:18 2023
#IPv6 NAT chain
#IPv6 Mangle chain
#IPv6 Filter chain
#===================== NFTABLES 防火墙设置 =====================#
table inet fw4 {
chain input {
type filter hook input priority filter; policy accept;
udp dport 443 ip daddr != @china_ip_route counter packets 0 bytes 0 reject with icmp port-unreachable comment "OpenClash QUIC REJECT"
iifname "lo" accept comment "!fw4: Accept traffic from loopback"
ct state established,related accept comment "!fw4: Allow inbound established and related flows"
ct state invalid drop comment "!fw4: Drop flows with invalid conntrack state"
tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets"
}
}
table inet fw4 {
chain forward {
type filter hook forward priority filter; policy accept;
ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
ct state invalid drop comment "!fw4: Drop flows with invalid conntrack state"
}
}
table inet fw4 {
chain dstnat {
type nat hook prerouting priority dstnat; policy accept;
ip daddr { 8.8.4.4, 8.8.8.8 } tcp dport 53 counter packets 0 bytes 0 redirect to :7892 comment "OpenClash Google DNS Hijack"
udp dport 53 counter packets 160 bytes 10353 redirect to :53 comment "OpenClash DNS Hijack"
tcp dport 53 counter packets 0 bytes 0 redirect to :53 comment "OpenClash DNS Hijack"
ip protocol tcp counter packets 8 bytes 416 jump openclash
}
}
table inet fw4 {
chain srcnat {
type nat hook postrouting priority srcnat; policy accept;
}
}
table inet fw4 {
chain nat_output {
type nat hook output priority filter - 1; policy accept;
ip protocol tcp counter packets 106 bytes 6360 jump openclash_output
}
}
table inet fw4 {
chain mangle_prerouting {
type filter hook prerouting priority mangle; policy accept;
ip protocol udp counter packets 775 bytes 98913 jump openclash_mangle
}
}
table inet fw4 {
chain mangle_output {
type route hook output priority mangle; policy accept;
}
}
table inet fw4 {
chain openclash {
ip daddr @localnetwork counter packets 8 bytes 416 return
ip daddr @china_ip_route ip daddr != @china_ip_route_pass counter packets 0 bytes 0 return
ip protocol tcp counter packets 0 bytes 0 redirect to :7892
}
}
table inet fw4 {
chain openclash_mangle {
ip daddr @localnetwork counter packets 775 bytes 98913 return
udp dport 53 counter packets 0 bytes 0 return
ip daddr @china_ip_route ip daddr != @china_ip_route_pass counter packets 0 bytes 0 return
ip protocol udp counter packets 0 bytes 0 jump openclash_upnp
meta l4proto udp meta mark set 0x00000162 tproxy ip to 127.0.0.1:7895 counter packets 0 bytes 0 accept
}
}
table inet fw4 {
chain openclash_output {
ip daddr @localnetwork counter packets 32 bytes 1920 return
meta skuid != 65534 ip daddr @china_ip_route ip daddr != @china_ip_route_pass counter packets 0 bytes 0 return
ip protocol tcp meta skuid != 65534 counter packets 6 bytes 360 redirect to :7892
}
}
#===================== IPSET状态 =====================#
#===================== 路由表状态 =====================#
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.15.1 0.0.0.0 UG 0 0 0 br-lan
192.168.15.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
#ip route list
default via 192.168.15.1 dev br-lan proto static
192.168.15.0/24 dev br-lan proto kernel scope link src 192.168.15.100
#ip rule show
0: from all lookup local
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
#===================== 端口占用状态 =====================#
tcp 0 0 :::9090 :::* LISTEN 18767/clash
tcp 0 0 :::7890 :::* LISTEN 18767/clash
tcp 0 0 :::7891 :::* LISTEN 18767/clash
tcp 0 0 :::7892 :::* LISTEN 18767/clash
tcp 0 0 :::7893 :::* LISTEN 18767/clash
tcp 0 0 :::7895 :::* LISTEN 18767/clash
udp 0 0 :::7874 :::* 18767/clash
udp 0 0 :::7891 :::* 18767/clash
udp 0 0 :::7892 :::* 18767/clash
udp 0 0 :::7893 :::* 18767/clash
udp 0 0 :::7895 :::* 18767/clash
#===================== 测试本机DNS查询(www.baidu.com) =====================#
Server: 127.0.0.1
Address: 127.0.0.1:53
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address: 163.177.151.109
Name: www.a.shifen.com
Address: 163.177.151.110
#===================== 测试内核DNS查询(www.instagram.com) =====================#
Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false
Question:
Name: www.instagram.com.
Qtype: 1
Qclass: 1
Answer:
TTL: 14
data: 157.240.20.8
name: www.instagram.com.
type: 1
Additional:
TTL: 0
data: ON:; EDNS: version 0; flags: ; udp: 4096
name: .
type: 41
#===================== resolv.conf.d =====================#
# Interface lan
nameserver 192.168.15.1
nameserver fe80::5%br-lan
#===================== 测试本机网络连接(www.baidu.com) =====================#
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Mon, 20 Mar 2023 01:58:25 GMT
Etag: "575e1f72-115"
Last-Modified: Mon, 13 Jun 2016 02:50:26 GMT
Pragma: no-cache
Server: bfe/1.0.8.18
#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#
#===================== 最近运行日志(自动切换为Debug模式) =====================#
2023-03-20 01:53:02【/tmp/openclash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
time="2023-03-20T01:53:14Z" level=warning msg="[TCP] dial Proxies (match DomainKeyword/github) 192.168.15.100:54860 --> raw.githubusercontent.com:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
2023-03-20 01:53:09【/tmp/clash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
time="2023-03-20T01:53:19Z" level=warning msg="[TCP] dial Proxies (match Match/) 192.168.15.100:34162 --> ftp.jaist.ac.jp:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
2023-03-20 01:53:14【/tmp/clash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
time="2023-03-20T01:53:25Z" level=warning msg="[TCP] dial Proxies (match DomainKeyword/github) 192.168.15.100:42386 --> raw.githubusercontent.com:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
2023-03-20 01:53:20【/tmp/openclash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
time="2023-03-20T01:53:30Z" level=warning msg="[TCP] dial Proxies (match Match/) 192.168.15.100:48260 --> ftp.jaist.ac.jp:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
2023-03-20 01:53:25【/tmp/openclash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
time="2023-03-20T01:53:38Z" level=warning msg="[TCP] dial Proxies (match DomainKeyword/github) 192.168.15.100:48350 --> raw.githubusercontent.com:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
2023-03-20 01:53:33【/tmp/clash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
time="2023-03-20T01:53:43Z" level=warning msg="[TCP] dial Proxies (match Match/) 192.168.15.100:44762 --> ftp.jaist.ac.jp:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
2023-03-20 01:53:38【/tmp/clash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
time="2023-03-20T01:53:49Z" level=warning msg="[TCP] dial Proxies (match DomainKeyword/github) 192.168.15.100:46424 --> raw.githubusercontent.com:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
2023-03-20 01:53:44【/tmp/openclash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
time="2023-03-20T01:53:54Z" level=warning msg="[TCP] dial Proxies (match Match/) 192.168.15.100:33210 --> ftp.jaist.ac.jp:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
2023-03-20 01:53:49【/tmp/openclash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
time="2023-03-20T01:54:02Z" level=warning msg="[TCP] dial Proxies (match DomainKeyword/github) 192.168.15.100:49784 --> raw.githubusercontent.com:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
2023-03-20 01:53:57【/tmp/clash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
time="2023-03-20T01:54:07Z" level=warning msg="[TCP] dial Proxies (match Match/) 192.168.15.100:53308 --> ftp.jaist.ac.jp:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
2023-03-20 01:54:02【/tmp/clash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
time="2023-03-20T01:54:13Z" level=warning msg="[TCP] dial Proxies (match DomainKeyword/github) 192.168.15.100:60450 --> raw.githubusercontent.com:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
2023-03-20 01:54:08【/tmp/openclash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
time="2023-03-20T01:54:18Z" level=warning msg="[TCP] dial Proxies (match Match/) 192.168.15.100:44326 --> ftp.jaist.ac.jp:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
2023-03-20 01:54:13【/tmp/openclash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
time="2023-03-20T01:54:32Z" level=warning msg="[TCP] dial Proxies (match DomainKeyword/github) 192.168.15.100:40490 --> raw.githubusercontent.com:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
2023-03-20 01:54:27【/tmp/clash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
time="2023-03-20T01:54:37Z" level=warning msg="[TCP] dial Proxies (match Match/) 192.168.15.100:36744 --> ftp.jaist.ac.jp:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
2023-03-20 01:54:32【/tmp/clash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
2023-03-20 01:54:38 OpenClash Restart...
2023-03-20 01:54:38 OpenClash Stoping...
2023-03-20 01:54:38 Step 1: Backup The Current Groups State...
2023-03-20 01:54:38 Step 2: Delete OpenClash Firewall Rules...
time="2023-03-20T01:54:42Z" level=warning msg="[TCP] dial Proxies (match DomainKeyword/github) 192.168.15.100:49854 --> raw.githubusercontent.com:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
2023-03-20 01:54:37【/tmp/openclash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
time="2023-03-20T01:54:48Z" level=warning msg="[TCP] dial Proxies (match Match/) 192.168.15.100:52650 --> ftp.jaist.ac.jp:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
2023-03-20 01:54:43【/tmp/openclash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
2023-03-20 01:54:49 Step 3: Close The OpenClash Daemons...
2023-03-20 01:54:50 Step 4: Close The Clash Core Process...
2023-03-20 01:54:50 Step 5: Restart Dnsmasq...
2023-03-20 01:54:52 Step 6: Delete OpenClash Residue File...
2023-03-20 01:54:52 OpenClash Start Running...
2023-03-20 01:54:52 Step 1: Get The Configuration...
2023-03-20 01:54:53 Step 2: Check The Components...
2023-03-20 01:54:58 Tip: Because of the file【 /etc/config/openclash 】modificated, Pause quick start...
2023-03-20 01:54:58 Step 3: Modify The Config File...
2023-03-20 01:55:06 Tip: You have seted the authentication of SOCKS5/HTTP(S) proxy with【Clash:uxHLhXNi】
2023-03-20 01:55:17 Tip: Start Running Custom Overwrite Scripts...
2023-03-20 01:55:17 Step 4: Start Running The Clash Core...
2023-03-20 01:55:17 Tip: No Special Configuration Detected, Use Dev Core to Start...
2023-03-20 01:55:18 Step 5: Check The Core Status...
time="2023-03-20T01:55:19Z" level=info msg="Start initial compatible provider Netflix"
time="2023-03-20T01:55:19Z" level=info msg="Start initial compatible provider US"
time="2023-03-20T01:55:19Z" level=info msg="Start initial compatible provider JP"
time="2023-03-20T01:55:19Z" level=info msg="Start initial compatible provider HK"
time="2023-03-20T01:55:19Z" level=info msg="Start initial compatible provider Netease"
time="2023-03-20T01:55:19Z" level=info msg="Start initial compatible provider Telegram"
time="2023-03-20T01:55:19Z" level=info msg="Start initial compatible provider MicroSoft"
time="2023-03-20T01:55:19Z" level=info msg="Start initial compatible provider TW"
time="2023-03-20T01:55:19Z" level=info msg="Start initial compatible provider SG"
time="2023-03-20T01:55:19Z" level=info msg="Start initial compatible provider Proxies"
time="2023-03-20T01:55:19Z" level=info msg="Start initial compatible provider HKMTMedia"
time="2023-03-20T01:55:19Z" level=info msg="Start initial compatible provider Apple"
time="2023-03-20T01:55:19Z" level=info msg="Authentication of local server updated"
time="2023-03-20T01:55:19Z" level=info msg="HTTP proxy listening at: [::]:7890"
time="2023-03-20T01:55:19Z" level=info msg="SOCKS proxy listening at: [::]:7891"
time="2023-03-20T01:55:19Z" level=info msg="Redirect proxy listening at: [::]:7892"
time="2023-03-20T01:55:19Z" level=info msg="TProxy server listening at: [::]:7895"
time="2023-03-20T01:55:19Z" level=info msg="RESTful API listening at: [::]:9090"
time="2023-03-20T01:55:19Z" level=info msg="Mixed(http+socks) proxy listening at: [::]:7893"
time="2023-03-20T01:55:19Z" level=info msg="DNS server listening at: [::]:7874"
2023-03-20 01:55:21 Step 6: Wait For The File Downloading...
2023-03-20 01:55:26 Step 7: Set Firewall Rules...
2023-03-20 01:55:26 Warning: Dnsmasq not Support nftset, Use ipset...
2023-03-20 01:55:26 Tip: DNS Hijacking Mode is Dnsmasq Redirect...
2023-03-20 01:55:26 Tip: Firewall4 was Detected, Use NFTABLE Rules...
2023-03-20 01:55:38 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules...
2023-03-20 01:55:38 Tip: Start Add Custom Firewall Rules...
2023-03-20 01:55:38 Step 8: Restart Dnsmasq...
2023-03-20 01:55:39 Step 9: Add Cron Rules, Start Daemons...
2023-03-20 01:55:40 OpenClash Start Successful!
time="2023-03-20T01:57:20Z" level=warning msg="[TCP] dial Proxies (match Match/) 192.168.15.100:43090 --> raw.fastgit.org:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
time="2023-03-20T01:57:55Z" level=warning msg="[TCP] dial Proxies (match Match/) 192.168.15.100:38824 --> raw.fastgit.org:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
time="2023-03-20T01:58:00Z" level=warning msg="[TCP] dial Proxies (match Match/) 192.168.15.100:36574 --> raw.fastgit.org:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
time="2023-03-20T01:58:14Z" level=warning msg="[TCP] dial Proxies (match DomainKeyword/github) 192.168.15.100:58980 --> raw.githubusercontent.com:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
2023-03-20 01:58:09【/tmp/clash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
time="2023-03-20T01:58:19Z" level=warning msg="[TCP] dial Proxies (match Match/) 192.168.15.100:48842 --> ftp.jaist.ac.jp:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
2023-03-20 01:58:14【/tmp/clash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
time="2023-03-20T01:58:25Z" level=warning msg="[TCP] dial Proxies (match DomainKeyword/github) 192.168.15.100:43716 --> raw.githubusercontent.com:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
2023-03-20 01:58:20【/tmp/openclash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
time="2023-03-20T01:58:30Z" level=warning msg="[TCP] dial Proxies (match Match/) 192.168.15.100:51748 --> ftp.jaist.ac.jp:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
2023-03-20 01:58:25【/tmp/openclash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
time="2023-03-20T01:58:30Z" level=warning msg="[TCP] dial Proxies (match DomainKeyword/github) 192.168.15.100:55342 --> raw.githubusercontent.com:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
time="2023-03-20T01:58:34Z" level=warning msg="[TCP] dial Proxies (match DomainKeyword/github) 192.168.15.100:55348 --> raw.githubusercontent.com:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
time="2023-03-20T01:58:38Z" level=warning msg="[TCP] dial Proxies (match DomainKeyword/github) 192.168.15.100:55354 --> raw.githubusercontent.com:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
2023-03-20 01:58:33【/tmp/clash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
time="2023-03-20T01:58:38Z" level=debug msg="[DNS] ftp.jaist.ac.jp --> 150.65.7.130"
time="2023-03-20T01:58:39Z" level=warning msg="[TCP] dial Proxies (match DomainKeyword/github) 192.168.15.100:41868 --> raw.githubusercontent.com:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
time="2023-03-20T01:58:43Z" level=warning msg="[TCP] dial Proxies (match Match/) 192.168.15.100:38252 --> ftp.jaist.ac.jp:443 error: 45.136.197.129:54321 connect error: dial tcp4 45.136.197.129:54321: i/o timeout"
2023-03-20 01:58:38【/tmp/clash_last_version】Download Failed:【curl: (35) Recv failure: Connection reset by peer】
#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#
#===================== 活动连接信息 =====================#
网关DNS改了没
vmjcv
commented
1 year ago 主路由没看到有地方设置网关,但是dns可以改.192.168.15.100j就是旁路由的ip地址
下面是主路由的配置:
下面是旁路由的配置:
vernesong
commented
1 year ago 主路由网关DNS用上游的不要改成旁路由,我说的是电脑设备要改成旁路由的地址
vmjcv
commented
1 year ago 什么意思,没懂 我用的是主路由的dns指向旁路由的地址,这样就可以实现局域网内所有连接的设备都可以翻墙的效果 你的意思是先改电脑设备为旁路由的地址试试能不能正确翻墙?
FanofZY
commented
1 year ago 什么意思,没懂 我用的是主路由的dns指向旁路由的地址,这样就可以实现局域网内所有连接的设备都可以翻墙的效果 你的意思是先改电脑设备为旁路由的地址试试能不能正确翻墙?
意思是你路由wan口设置的dns直接设置为自动,在路由dhcp设置中设置局域网设备网关与DNS地址指向旁路由。
vmjcv
commented
1 year ago 什么意思,没懂 我用的是主路由的dns指向旁路由的地址,这样就可以实现局域网内所有连接的设备都可以翻墙的效果 你的意思是先改电脑设备为旁路由的地址试试能不能正确翻墙?
意思是你路由wan口设置的dns直接设置为自动,在路由dhcp设置中设置局域网设备网关与DNS地址指向旁路由。
主路由好像设置不了局域网的网关,只能设置dns地址
vernesong
commented
1 year ago 主路由关DHCP,其他全部不要动,不要改DNS,然后旁路由开DHCP
vmjcv
commented
1 year ago 主路由关DHCP,其他全部不要动,不要改DNS,然后旁路由开DHCP
由旁路由来分配ip地址吗,我试试
github-actions[bot]
commented
1 year ago This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days
xuzequn
commented
1 year ago 我现在遇到一个问题,openwrt的opnclash 插件配置好了订阅,能刷出节点。电脑配置openclash的代理就上不了网。 现在电脑与openwrt在一个内网路由里面。 然后我用电脑自己的clash for windows 开启allow lan 地址改为0.0.0.0。代理改为电脑内网ip +7890。就可以。 openclash 作为代理 就有问题。 到底哪设置有问题呢?
Verify Steps
OpenClash Version
v0.45.103-beta
Bug on Environment
Official OpenWrt
Bug on Platform
Linux-mips64
To Reproduce
Describe the Bug
OpenClash Log
OpenClash 调试日志
生成时间: 2023-03-18 06:20:57 插件版本: v0.45.103-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
OpenClash Config
Expected Behavior
Screenshots
No response