Closed dnvcupid closed 9 months ago
与error: connect failed: dial tcp i/o timeout无关,这句话是结果,不是原因
根据你的日志
测试本机DNS查询(www.baidu.com) 有返回信息
测试内核DNS查询(www.instagram.com) 无返回信息
根据日志活动连接信息,你所有连接成功的也都是DIRECT dns 报错的地方也都是须代理域名
所以还是你节点问题,没通。
先试试把url-test换成select,手动换节点再试试。 meta的url-test好像有人提过反应迟钝,所以你也可以试着等interval设置300秒后再尝试联网
应该猜对了,就是你第一个节点不通加上这meta的url-test问题 https://github.com/MetaCubeX/mihomo/issues/813
不想改配置文件等300秒吧
或者用 metacubexd 配合 meta 内核,可以在url-test下手动指定要优先连接的节点,这种url-test等于是fallback+select+url-test的混合体 缺点是目前手动指定后,如果不删除目录下的db文件就没法恢复成原始的那种纯url-test
与error: connect failed: dial tcp i/o timeout无关,这句话是结果,不是原因
根据你的日志
测试本机DNS查询( www.baidu.com ) 有返回信息
内核测试DNS查询( www.instagram.com ) 无返回信息
根据日志活动连接信息,你所有连接成功的也都是DIRECT dns报错的位置也都是须代理域名
所以还是你要点问题,没通。
先尝试把url-test换成select,手动换节点再尝试。meta 的url-test希望有人提过反应迟钝,所以你也可以尝试等间隔设置300秒后再尝试联网
`OpenClash 调试日志
生成时间: 2023-12-03 22:20:38 插件版本: v0.45.157-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================#
主机型号: ASUS RT-AC88U
固件版本: OpenWrt 23.05.2 r23630-842932a63d
LuCI版本: git-23.051.66410-a505bb1
内核版本: 5.15.137
处理器架构: arm_cortex-a9
#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP:
DNS劫持: Dnsmasq 转发
#DNS劫持为Dnsmasq时,此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装
kmod-nft-tproxy: 已安装
#===================== 内核检查 =====================#
运行状态: 运行中
运行内核:Meta
进程pid: 18096
运行权限: 18096: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-armv5
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本:
Tun内核文件: 不存在
Tun内核运行权限: 否
Dev内核版本:
Dev内核文件: 不存在
Dev内核运行权限: 否
Meta内核版本: alpha-gcc64297
Meta内核文件: 存在
Meta内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/config.yaml
启动配置文件: /etc/openclash/config.yaml
运行模式: fake-ip
默认代理模式: rule
UDP流量转发(tproxy): 启用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 启用
路由本机代理: 启用
#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用
#启动异常时建议关闭此项后重试
第三方规则: 停用
#===================== 配置文件 =====================#
port: 7890
socks-port: 7891
redir-port: 7892
tproxy-port: 7895
mixed-port: 7893
allow-lan: true
bind-address: "*"
mode: rule
log-level: warning
external-controller: 0.0.0.0:9090
external-ui: "/usr/share/openclash/ui"
hosts:
ipv6: false
dns:
enable: true
listen: 0.0.0.0:7874
ipv6: false
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
fake-ip-filter:
- "*.lan"
- "*.localdomain"
- "*.example"
- "*.invalid"
- "*.localhost"
- "*.test"
- "*.local"
- "*.home.arpa"
- time.*.com
- time.*.gov
- time.*.edu.cn
- time.*.apple.com
- time1.*.com
- time2.*.com
- time3.*.com
- time4.*.com
- time5.*.com
- time6.*.com
- time7.*.com
- ntp.*.com
- ntp1.*.com
- ntp2.*.com
- ntp3.*.com
- ntp4.*.com
- ntp5.*.com
- ntp6.*.com
- ntp7.*.com
- "*.time.edu.cn"
- "*.ntp.org.cn"
- "+.pool.ntp.org"
- time1.cloud.tencent.com
- music.163.com
- "*.music.163.com"
- "*.126.net"
- musicapi.taihe.com
- music.taihe.com
- songsearch.kugou.com
- trackercdn.kugou.com
- "*.kuwo.cn"
- api-jooxtt.sanook.com
- api.joox.com
- joox.com
- y.qq.com
- "*.y.qq.com"
- streamoc.music.tc.qq.com
- mobileoc.music.tc.qq.com
- isure.stream.qqmusic.qq.com
- dl.stream.qqmusic.qq.com
- aqqmusic.tc.qq.com
- amobile.music.tc.qq.com
- "*.xiami.com"
- "*.music.migu.cn"
- music.migu.cn
- "*.msftconnecttest.com"
- "*.msftncsi.com"
- msftconnecttest.com
- msftncsi.com
- localhost.ptlogin2.qq.com
- localhost.sec.qq.com
- "+.srv.nintendo.net"
- "+.stun.playstation.net"
- xbox.*.microsoft.com
- xnotify.xboxlive.com
- "+.battlenet.com.cn"
- "+.wotgame.cn"
- "+.wggames.cn"
- "+.wowsgame.cn"
- "+.wargaming.net"
- proxy.golang.org
- stun.*.*
- stun.*.*.*
- "+.stun.*.*"
- "+.stun.*.*.*"
- "+.stun.*.*.*.*"
- heartbeat.belkin.com
- "*.linksys.com"
- "*.linksyssmartwifi.com"
- "*.router.asus.com"
- mesu.apple.com
- swscan.apple.com
- swquery.apple.com
- swdownload.apple.com
- swcdn.apple.com
- swdist.apple.com
- lens.l.google.com
- stun.l.google.com
- "+.nflxvideo.net"
- "*.square-enix.com"
- "*.finalfantasyxiv.com"
- "*.ffxiv.com"
- "*.mcdn.bilivideo.cn"
nameserver:
- 223.5.5.5
- 119.29.29.29
fallback:
- tls://1.1.1.1:853
- https://dns.cloudflare.com/dns-query
- https://1.1.1.1/dns-query
- tls://dns.google:853
- tls://8.8.8.8:853
fallback-filter:
geoip: false
ipcidr:
- 0.0.0.0/8
- 10.0.0.0/8
- 100.64.0.0/10
- 127.0.0.0/8
- 169.254.0.0/16
- 172.16.0.0/12
- 192.0.0.0/24
- 192.0.2.0/24
- 192.88.99.0/24
- 192.168.0.0/16
- 198.18.0.0/15
- 198.51.100.0/24
- 203.0.113.0/24
- 224.0.0.0/4
- 240.0.0.0/4
- 255.255.255.255/32
domain:
- "+.google.com"
- "+.facebook.com"
- "+.youtube.com"
- "+.githubusercontent.com"
- "+.googlevideo.com"
proxy-groups:
- name: PROXY
type: select
proxies:
- Hys-rn
- c55s1
- c55s2
- c55s3
- c55s4
- c55s5
- c55s801
rule-providers:
icloud:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt
path: "./rule_provider/icloud.yaml"
interval: 86400
apple:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt
path: "./rule_provider/apple.yaml"
interval: 86400
google:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt
path: "./rule_provider/google.yaml"
interval: 86400
proxy:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt
path: "./rule_provider/proxy.yaml"
interval: 86400
direct:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt
path: "./rule_provider/direct.yaml"
interval: 86400
private:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt
path: "./rule_provider/private.yaml"
interval: 86400
gfw:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt
path: "./rule_provider/gfw.yaml"
interval: 86400
tld-not-cn:
type: http
behavior: domain
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt
path: "./rule_provider/tld-not-cn.yaml"
interval: 86400
telegramcidr:
type: http
behavior: ipcidr
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt
path: "./rule_provider/telegramcidr.yaml"
interval: 86400
cncidr:
type: http
behavior: ipcidr
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt
path: "./rule_provider/cncidr.yaml"
interval: 86400
lancidr:
type: http
behavior: ipcidr
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt
path: "./rule_provider/lancidr.yaml"
interval: 86400
applications:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt
path: "./rule_provider/applications.yaml"
interval: 86400
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- RULE-SET,applications,DIRECT
- DOMAIN,clash.razord.top,DIRECT
- DOMAIN,yacd.haishan.me,DIRECT
- RULE-SET,private,DIRECT
- RULE-SET,icloud,DIRECT
- RULE-SET,apple,DIRECT
- RULE-SET,google,DIRECT
- RULE-SET,proxy,PROXY
- RULE-SET,direct,DIRECT
- RULE-SET,lancidr,DIRECT
- RULE-SET,cncidr,DIRECT
- RULE-SET,telegramcidr,PROXY
- GEOIP,LAN,DIRECT
- GEOIP,CN,DIRECT
- MATCH,PROXY
tcp-concurrent: true
sniffer:
enable: true
parse-pure-ip: true
profile:
store-selected: true
store-fake-ip: true
authentication:
- Clash:GkPL3tfp
#===================== 自定义覆写设置 =====================#
#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh
# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts
LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path
#Simple Demo:
#General Demo
#1--config path
#2--key name
#3--value
#ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
#ruby_edit "$CONFIG_FILE" "['secret']" "123456"
#ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"
#Hash Demo
#1--config path
#2--key name
#3--hash type value
#ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
#ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"
#Array Demo:
#1--config path
#2--key name
#3--position(start from 0, end with -1)
#4--value
#ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"
#Array Add From Yaml File Demo:
#1--config path
#2--key name
#3--position(start from 0, end with -1)
#4--value file path
#5--value key name in #4 file
#ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"
#Ruby Script Demo:
#ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
# begin
# Value = YAML.load_file('$CONFIG_FILE');
# rescue Exception => e
# puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
# end;
#General
# begin
# Thread.new{
# Value['redir-port']=7892;
# Value['tproxy-port']=7895;
# Value['port']=7890;
# Value['socks-port']=7891;
# Value['mixed-port']=7893;
# }.join;
# rescue Exception => e
# puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
# ensure
# File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
# end" 2>/dev/null >> $LOG_FILE
exit 0
#===================== 自定义防火墙设置 =====================#
#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh
# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules
LOG_OUT "Tip: Start Add Custom Firewall Rules..."
exit 0
#===================== IPTABLES 防火墙设置 =====================#
#IPv4 NAT chain
#IPv4 Mangle chain
#IPv4 Filter chain
#IPv6 NAT chain
#IPv6 Mangle chain
#IPv6 Filter chain
#===================== NFTABLES 防火墙设置 =====================#
table inet fw4 {
chain input {
type filter hook input priority filter; policy drop;
udp dport 443 ip daddr != @china_ip_route counter packets 13 bytes 13384 reject with icmp port-unreachable comment "OpenClash QUIC REJECT"
iifname "pppoe-wan" ip saddr != @localnetwork counter packets 1677 bytes 220274 jump openclash_wan_input
iifname "wan" ip saddr != @localnetwork counter packets 0 bytes 0 jump openclash_wan_input
iifname "lo" accept comment "!fw4: Accept traffic from loopback"
ct state established,related accept comment "!fw4: Allow inbound established and related flows"
tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets"
iifname { "utun", "br-lan" } jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic"
iifname { "wan", "pppoe-wan" } jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic"
jump handle_reject
}
}
table inet fw4 {
chain forward {
type filter hook forward priority filter; policy drop;
ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
iifname { "utun", "br-lan" } jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic"
iifname { "wan", "pppoe-wan" } jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic"
jump handle_reject
}
}
table inet fw4 {
chain dstnat {
type nat hook prerouting priority dstnat; policy accept;
ip daddr { 8.8.4.4, 8.8.8.8 } tcp dport 53 counter packets 0 bytes 0 redirect to :7892 comment "OpenClash Google DNS Hijack"
udp dport 53 redirect to :53 comment "OpenClash DNS Hijack"
tcp dport 53 redirect to :53 comment "OpenClash DNS Hijack"
ip protocol tcp counter packets 112 bytes 7164 jump openclash
}
}
table inet fw4 {
chain srcnat {
type nat hook postrouting priority srcnat; policy accept;
oifname { "wan", "pppoe-wan" } jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic"
}
}
table inet fw4 {
chain nat_output {
type nat hook output priority filter - 1; policy accept;
ip protocol tcp counter packets 117 bytes 7020 jump openclash_output
}
}
table inet fw4 {
chain mangle_prerouting {
type filter hook prerouting priority mangle; policy accept;
ip protocol udp counter packets 1793 bytes 400355 jump openclash_mangle
}
}
table inet fw4 {
chain mangle_output {
type route hook output priority mangle; policy accept;
}
}
table inet fw4 {
chain openclash {
ip daddr @localnetwork counter packets 36 bytes 2304 return
ip protocol tcp ip daddr 198.18.0.0/16 counter packets 8 bytes 512 redirect to :7892
ip daddr @china_ip_route ip daddr != @china_ip_route_pass counter packets 32 bytes 2044 return
ip protocol tcp counter packets 37 bytes 2368 redirect to :7892
}
}
table inet fw4 {
chain openclash_mangle {
meta nfproto ipv4 udp sport 500 counter packets 0 bytes 0 return
meta nfproto ipv4 udp sport 68 counter packets 0 bytes 0 return
meta l4proto udp iifname "lo" counter packets 245 bytes 20967 return
ip daddr @localnetwork counter packets 1324 bytes 333404 return
udp dport 53 counter packets 6 bytes 390 return
meta l4proto udp ip daddr 198.18.0.0/16 meta mark set 0x00000162 tproxy ip to 127.0.0.1:7895 counter packets 0 bytes 0 accept
ip daddr @china_ip_route ip daddr != @china_ip_route_pass counter packets 195 bytes 31450 return
ip protocol udp counter packets 23 bytes 14144 jump openclash_upnp
meta l4proto udp meta mark set 0x00000162 tproxy ip to 127.0.0.1:7895 counter packets 23 bytes 14144 accept
}
}
table inet fw4 {
chain openclash_output {
ip daddr @localnetwork counter packets 32 bytes 1920 return
ip protocol tcp ip daddr 198.18.0.0/16 meta skuid != 65534 counter packets 2 bytes 120 redirect to :7892
meta skuid != 65534 ip daddr @china_ip_route ip daddr != @china_ip_route_pass counter packets 0 bytes 0 return
ip protocol tcp meta skuid != 65534 counter packets 1 bytes 60 redirect to :7892
}
}
table inet fw4 {
chain openclash_wan_input {
udp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
tcp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
}
}
#===================== IPSET状态 =====================#
#===================== 路由表状态 =====================#
#IPv4
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.16.64.1 0.0.0.0 UG 0 0 0 pppoe-wan
172.16.64.1 0.0.0.0 255.255.255.255 UH 0 0 0 pppoe-wan
192.168.50.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
#ip route list
default via 172.16.64.1 dev pppoe-wan proto static
172.16.64.1 dev pppoe-wan proto kernel scope link src *WAN IP*.43
192.168.50.0/24 dev br-lan proto kernel scope link src 192.168.50.1
#ip rule show
0: from all lookup local
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
#IPv6
#route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
::/0 fe80::ca1f:beff:fe6c:dbf4 UG 512 2 0 pppoe-wan
::/0 fe80::ca1f:beff:fe6c:dbf4 UG 512 4 0 pppoe-wan
2409:8a55:402:e7f::/64 :: !n 2147483647 2 0 lo
2409:8a55:425:8b90::/64 :: U 1024 3 0 br-lan
2409:8a55:425:8b90::/60 :: !n 2147483647 1 0 lo
fd07:ac98:1bc4::/64 :: U 1024 3 0 br-lan
fd07:ac98:1bc4::/48 :: !n 2147483647 2 0 lo
fe80::4d64:5ce1:21a7:b36f/128 :: U 256 1 0 pppoe-wan
fe80::ca1f:beff:fe6c:dbf4/128 :: U 256 1 0 pppoe-wan
fe80::/64 :: U 256 1 0 eth1
fe80::/64 :: U 256 3 0 br-lan
fe80::/64 :: U 256 1 0 phy0-ap0
fe80::/64 :: U 256 1 0 wan
fe80::/64 :: U 256 1 0 phy1-ap0
::/0 :: !n -1 2 0 lo
::1/128 :: Un 0 5 0 lo
2409:8a55:402:e7f::/128 :: Un 0 3 0 pppoe-wan
*WAN IP*:b36f/128 :: Un 0 5 0 pppoe-wan
2409:8a55:425:8b90::/128 :: Un 0 3 0 br-lan
2409:8a55:425:8b90::1/128 :: Un 0 5 0 br-lan
fd07:ac98:1bc4::/128 :: Un 0 3 0 br-lan
fd07:ac98:1bc4::1/128 :: Un 0 5 0 br-lan
fe80::/128 :: Un 0 3 0 br-lan
fe80::/128 :: Un 0 3 0 eth1
fe80::/128 :: Un 0 3 0 phy0-ap0
fe80::/128 :: Un 0 3 0 wan
fe80::/128 :: Un 0 3 0 phy1-ap0
fe80::2c4d:54ff:fe22:89/128 :: Un 0 3 0 phy0-ap0
fe80::2c4d:54ff:fe22:8d/128 :: Un 0 2 0 phy1-ap0
fe80::2e4d:54ff:fe22:88/128 :: Un 0 6 0 br-lan
fe80::2e4d:54ff:fe22:88/128 :: Un 0 2 0 eth1
fe80::2e4d:54ff:fe22:88/128 :: Un 0 3 0 wan
fe80::4d64:5ce1:21a7:b36f/128 :: Un 0 3 0 pppoe-wan
ff00::/8 :: U 256 3 0 eth1
ff00::/8 :: U 256 3 0 br-lan
ff00::/8 :: U 256 1 0 phy0-ap0
ff00::/8 :: U 256 3 0 wan
ff00::/8 :: U 256 1 0 phy1-ap0
ff00::/8 :: U 256 2 0 pppoe-wan
::/0 :: !n -1 2 0 lo
#ip -6 route list
default from 2409:8a55:402:e7f::/64 via fe80::ca1f:beff:fe6c:dbf4 dev pppoe-wan proto static metric 512 pref medium
default from 2409:8a55:425:8b90::/60 via fe80::ca1f:beff:fe6c:dbf4 dev pppoe-wan proto static metric 512 pref medium
unreachable 2409:8a55:402:e7f::/64 dev lo proto static metric 2147483647 pref medium
2409:8a55:425:8b90::/64 dev br-lan proto static metric 1024 pref medium
unreachable 2409:8a55:425:8b90::/60 dev lo proto static metric 2147483647 pref medium
fd07:ac98:1bc4::/64 dev br-lan proto static metric 1024 pref medium
unreachable fd07:ac98:1bc4::/48 dev lo proto static metric 2147483647 pref medium
fe80::4d64:5ce1:21a7:b36f dev pppoe-wan proto kernel metric 256 pref medium
fe80::ca1f:beff:fe6c:dbf4 dev pppoe-wan proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev phy0-ap0 proto kernel metric 256 pref medium
fe80::/64 dev wan proto kernel metric 256 pref medium
fe80::/64 dev phy1-ap0 proto kernel metric 256 pref medium
#ip -6 rule show
0: from all lookup local
32766: from all lookup main
4200000000: from 2409:8a55:425:8b90::1/64 iif br-lan unreachable
#===================== 端口占用状态 =====================#
tcp 0 0 :::7895 :::* LISTEN 18096/clash
tcp 0 0 :::7893 :::* LISTEN 18096/clash
tcp 0 0 :::7892 :::* LISTEN 18096/clash
tcp 0 0 :::7891 :::* LISTEN 18096/clash
tcp 0 0 :::7890 :::* LISTEN 18096/clash
tcp 0 0 :::9090 :::* LISTEN 18096/clash
udp 0 0 :::7874 :::* 18096/clash
udp 0 0 :::7891 :::* 18096/clash
udp 0 0 :::7892 :::* 18096/clash
udp 0 0 :::7893 :::* 18096/clash
udp 0 0 :::7895 :::* 18096/clash
udp 0 0 :::52185 :::* 18096/clash
#===================== 测试本机DNS查询(www.baidu.com) =====================#
Server: 127.0.0.1
Address: 127.0.0.1:53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address: 120.232.145.144
Name: www.a.shifen.com
Address: 120.232.145.185
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address: 2409:8c54:870:67:0:ff:b0c2:ad75
Name: www.a.shifen.com
Address: 2409:8c54:870:34e:0:ff:b024:1916
#===================== 测试内核DNS查询(www.instagram.com) =====================#
Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false
Question:
Name: www.instagram.com.
Qtype: 1
Qclass: 1
Answer:
TTL: 14
data: 154.92.16.97
name: www.instagram.com.
type: 1
Dnsmasq 当前默认 resolv 文件:/tmp/resolv.conf.d/resolv.conf.auto
#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#
# Interface wan
nameserver 211.136.192.6
nameserver 120.196.165.24
# Interface wan_6
nameserver 2409:8057:2000:2::8
nameserver 2409:8057:2000:6::8
#===================== 测试本机网络连接(www.baidu.com) =====================#
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 440397
Content-Security-Policy: frame-ancestors 'self' https://chat.baidu.com http://mirror-chat.baidu.com https://fj-chat.baidu.com https://hba-chat.baidu.com https://hbe-chat.baidu.com https://njjs-chat.baidu.com https://nj-chat.baidu.com https://hna-chat.baidu.com https://hnb-chat.baidu.com http://debug.baidu-int.com;
Content-Type: text/html; charset=utf-8
Date: Sun, 03 Dec 2023 14:20:44 GMT
Server: BWS/1.1
Set-Cookie: BIDUPSID=2FF5413E5EC467B5CC2F64F02665809A; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: PSTM=1701613244; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: BAIDUID=2FF5413E5EC467B5CC2F64F02665809A:FG=1; Path=/; Domain=baidu.com; Max-Age=31536000
Set-Cookie: BAIDUID_BFESS=2FF5413E5EC467B5CC2F64F02665809A:FG=1; Path=/; Domain=baidu.com; Max-Age=31536000; Secure; SameSite=None
Traceid: 1701613244078330061815603843196868067554
Vary: Accept-Encoding
X-Ua-Compatible: IE=Edge,chrome=1
#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#
HTTP/2 404
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
content-type: text/plain; charset=utf-8
x-github-request-id: CE96:27ECAA:1ADD4C:1DD84C:656C8EBB
accept-ranges: bytes
date: Sun, 03 Dec 2023 14:20:44 GMT
via: 1.1 varnish
x-served-by: cache-itm18830-ITM
x-cache: MISS
x-cache-hits: 0
x-timer: S1701613245.704405,VS0,VE164
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 30622e1a5e0e7be5b63b2b197e18fc2b8604da5b
expires: Sun, 03 Dec 2023 14:25:44 GMT
source-age: 0
content-length: 14
#===================== 最近运行日志(自动切换为Debug模式) =====================#
[36mINFO[0m[2023-12-03T14:09:10.581152457Z] Start initial provider cncidr
[36mINFO[0m[2023-12-03T14:09:11.147868966Z] Start initial provider lancidr
2023-12-03 22:09:11 Step 6: Wait For The File Downloading...
2023-12-03 22:09:11 Step 7: Set Firewall Rules...
2023-12-03 22:09:11 Tip: DNS Hijacking Mode is Dnsmasq Redirect...
2023-12-03 22:09:11 Tip: Firewall4 was Detected, Use NFTABLE Rules...
2023-12-03 22:09:23 Tip: Bypass the China IP May Cause the Dnsmasq Load For a Long Time After Restart in FAKE-IP Mode, Hijack the DNS to Core Untill the Dnsmasq Works Well...
2023-12-03 22:09:23 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules...
2023-12-03 22:09:24 Tip: Start Add Custom Firewall Rules...
2023-12-03 22:09:24 Step 8: Restart Dnsmasq...
2023-12-03 22:09:27 Step 9: Add Cron Rules, Start Daemons...
2023-12-03 22:09:28 OpenClash Start Successful!
2023-12-03 22:10:29 Tip: Dnsmasq Work is Normal, Restore The Firewall DNS Hijacking Rules...
[37mDEBU[0m[2023-12-03T14:10:37.001605861Z] [Rule] use default rules
[37mDEBU[0m[2023-12-03T14:10:37.002994475Z] [Process] find process 20.205.243.168 error: process not found
[36mINFO[0m[2023-12-03T14:10:37.109829157Z] [TCP] 192.168.50.197:53519 --> 20.205.243.168:443 match Match using PROXY[c55s4]
[37mDEBU[0m[2023-12-03T14:10:37.288763009Z] [Rule] use default rules
[37mDEBU[0m[2023-12-03T14:10:37.289998246Z] [Process] find process 185.199.110.133 error: process not found
[36mINFO[0m[2023-12-03T14:10:37.396898737Z] [TCP] 192.168.50.197:53522 --> 185.199.110.133:443 match Match using PROXY[c55s4]
[37mDEBU[0m[2023-12-03T14:10:37.649218872Z] [Rule] use default rules
[37mDEBU[0m[2023-12-03T14:10:37.650425181Z] [Process] find process 140.82.113.21 error: process not found
[36mINFO[0m[2023-12-03T14:10:37.758117319Z] [TCP] 192.168.50.197:53524 --> 140.82.113.21:443 match Match using PROXY[c55s4]
2023-12-03 22:11:50 OpenClash Stoping...
2023-12-03 22:11:50 Step 1: Backup The Current Groups State...
2023-12-03 22:11:50 Step 2: Delete OpenClash Firewall Rules...
2023-12-03 22:11:52 Step 3: Close The OpenClash Daemons...
2023-12-03 22:11:52 Step 4: Close The Clash Core Process...
2023-12-03 22:11:53 Step 5: Restart Dnsmasq...
2023-12-03 22:11:59 Step 6: Delete OpenClash Residue File...
2023-12-03 22:11:59 OpenClash Already Stop!
2023-12-03 22:12:11 OpenClash Restart...
2023-12-03 22:12:11 OpenClash Stoping...
2023-12-03 22:12:11 Step 1: Backup The Current Groups State...
2023-12-03 22:12:11 Step 2: Delete OpenClash Firewall Rules...
2023-12-03 22:12:12 Step 3: Close The OpenClash Daemons...
2023-12-03 22:12:12 Step 4: Close The Clash Core Process...
2023-12-03 22:12:12 Step 5: Restart Dnsmasq...
2023-12-03 22:12:15 Step 6: Delete OpenClash Residue File...
2023-12-03 22:12:15 OpenClash Start Running...
2023-12-03 22:12:15 Step 1: Get The Configuration...
2023-12-03 22:12:16 Step 2: Check The Components...
2023-12-03 22:12:16 Step 3: Modify The Config File...
2023-12-03 22:12:18 Tip: You have seted the authentication of SOCKS5/HTTP(S) proxy with【Clash:GkPL3tfp】
2023-12-03 22:12:19 Tip: Start Running Custom Overwrite Scripts...
2023-12-03 22:12:19 Step 4: Start Running The Clash Core...
2023-12-03 22:12:19 Tip: Detected The Exclusive Function of The Meta Core, Use Meta Core to Start...
2023-12-03 22:12:19 Test The Config File First...
[36mINFO[0m[2023-12-03T14:12:20.894372992Z] Start initial configuration in progress
[36mINFO[0m[2023-12-03T14:12:20.89793459Z] Geodata Loader mode: memconservative
[33mWARN[0m[2023-12-03T14:12:20.914524306Z] Deprecated: Use Sniff instead
[36mINFO[0m[2023-12-03T14:12:20.914725932Z] Initial configuration complete, total time: 19ms
2023-12-03 22:12:20 configuration file【/etc/openclash/config.yaml】test is successful
2023-12-03 22:12:22 Step 5: Check The Core Status...
[36mINFO[0m[2023-12-03T14:12:23.53196299Z] Start initial configuration in progress
[36mINFO[0m[2023-12-03T14:12:23.534492317Z] Geodata Loader mode: memconservative
[33mWARN[0m[2023-12-03T14:12:23.537502247Z] Deprecated: Use Sniff instead
[36mINFO[0m[2023-12-03T14:12:23.537697119Z] Initial configuration complete, total time: 5ms
[36mINFO[0m[2023-12-03T14:12:23.540995322Z] RESTful API listening at: [::]:9090
[36mINFO[0m[2023-12-03T14:12:23.682276755Z] Authentication of local server updated
[36mINFO[0m[2023-12-03T14:12:23.682451228Z] Sniffer is loaded and working
[36mINFO[0m[2023-12-03T14:12:23.682535715Z] Use tcp concurrent
[36mINFO[0m[2023-12-03T14:12:23.683279455Z] DNS server listening at: [::]:7874
[36mINFO[0m[2023-12-03T14:12:23.683742929Z] HTTP proxy listening at: [::]:7890
[36mINFO[0m[2023-12-03T14:12:23.684200462Z] SOCKS proxy listening at: [::]:7891
[36mINFO[0m[2023-12-03T14:12:23.684737142Z] Redirect proxy listening at: [::]:7892
[36mINFO[0m[2023-12-03T14:12:23.685480848Z] TProxy server listening at: [::]:7895
[36mINFO[0m[2023-12-03T14:12:23.686216738Z] Mixed(http+socks) proxy listening at: [::]:7893
[36mINFO[0m[2023-12-03T14:12:23.686767929Z] Start initial compatible provider default
[36mINFO[0m[2023-12-03T14:12:23.696546417Z] Start initial compatible provider PROXY
[36mINFO[0m[2023-12-03T14:12:23.697374105Z] Start initial provider direct
[36mINFO[0m[2023-12-03T14:12:23.706424631Z] Start initial provider google
[36mINFO[0m[2023-12-03T14:12:23.726732922Z] Start initial provider telegramcidr
[36mINFO[0m[2023-12-03T14:12:23.728669297Z] Start initial provider proxy
[36mINFO[0m[2023-12-03T14:12:23.746003791Z] Start initial provider applications
[36mINFO[0m[2023-12-03T14:12:23.754985156Z] Start initial provider tld-not-cn
[36mINFO[0m[2023-12-03T14:12:23.772537162Z] Start initial provider cncidr
[36mINFO[0m[2023-12-03T14:12:23.790161945Z] Start initial provider gfw
[36mINFO[0m[2023-12-03T14:12:24.181628536Z] Start initial provider icloud
[36mINFO[0m[2023-12-03T14:12:24.193834595Z] Start initial provider private
[36mINFO[0m[2023-12-03T14:12:24.30038617Z] Start initial provider lancidr
[36mINFO[0m[2023-12-03T14:12:24.315250753Z] Start initial provider apple
2023-12-03 22:12:25 Step 6: Wait For The File Downloading...
2023-12-03 22:12:25 Step 7: Set Firewall Rules...
2023-12-03 22:12:25 Tip: DNS Hijacking Mode is Dnsmasq Redirect...
2023-12-03 22:12:25 Tip: Firewall4 was Detected, Use NFTABLE Rules...
2023-12-03 22:12:35 Tip: Bypass the China IP May Cause the Dnsmasq Load For a Long Time After Restart in FAKE-IP Mode, Hijack the DNS to Core Untill the Dnsmasq Works Well...
2023-12-03 22:12:35 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules...
2023-12-03 22:12:36 Tip: Start Add Custom Firewall Rules...
2023-12-03 22:12:36 Step 8: Restart Dnsmasq...
2023-12-03 22:12:40 Step 9: Add Cron Rules, Start Daemons...
2023-12-03 22:12:40 OpenClash Start Successful!
2023-12-03 22:12:12【/tmp/openclash_last_version】Download Failed:【curl: (28) Failed to connect to cdn.jsdelivr.net port 443 after 30002 ms: Error】
2023-12-03 22:12:12【/tmp/openclash_last_version】Download Failed:【curl: (35) ssl_handshake returned - mbedTLS: (-0x7280) SSL - The connection indicated an EOF】
2023-12-03 22:13:41 Tip: Dnsmasq Work is Normal, Restore The Firewall DNS Hijacking Rules...
[37mDEBU[0m[2023-12-03T14:20:45.407261165Z] [Rule] use default rules
[37mDEBU[0m[2023-12-03T14:20:45.408182755Z] [Process] find process 140.82.114.21 error: process not found
[36mINFO[0m[2023-12-03T14:20:45.51435332Z] [TCP] 192.168.50.197:54923 --> 140.82.114.21:443 match Match using PROXY[c55s4]
[37mDEBU[0m[2023-12-03T14:20:49.945453049Z] [Rule] use default rules
[37mDEBU[0m[2023-12-03T14:20:49.946490788Z] [Process] find process 142.251.42.234 error: process not found
[36mINFO[0m[2023-12-03T14:20:50.053832448Z] [TCP] 192.168.50.197:54935 --> 142.251.42.234:443 match Match using PROXY[c55s4]
#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#
#===================== 活动连接信息 =====================#
1. SourceIP:【192.168.50.197】 - Host:【Empty】 - DestinationIP:【185.199.109.133】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【c55s4】
2. SourceIP:【192.168.50.197】 - Host:【Empty】 - DestinationIP:【142.251.42.237】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【c55s4】
3. SourceIP:【192.168.50.197】 - Host:【Empty】 - DestinationIP:【142.251.42.234】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【c55s4】
4. SourceIP:【192.168.50.197】 - Host:【Empty】 - DestinationIP:【142.251.220.74】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【c55s4】
5. SourceIP:【192.168.50.197】 - Host:【Empty】 - DestinationIP:【20.205.243.168】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【c55s4】
6. SourceIP:【192.168.50.197】 - Host:【Empty】 - DestinationIP:【64.233.189.188】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【c55s4】
7. SourceIP:【192.168.50.197】 - Host:【Empty】 - DestinationIP:【185.199.109.133】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【c55s4】
8. SourceIP:【192.168.50.197】 - Host:【Empty】 - DestinationIP:【172.217.163.46】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【c55s4】
9. SourceIP:【192.168.50.197】 - Host:【Empty】 - DestinationIP:【172.217.160.78】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【c55s4】
10. SourceIP:【192.168.50.197】 - Host:【Empty】 - DestinationIP:【20.205.243.166】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【c55s4】
11. SourceIP:【192.168.50.197】 - Host:【e31084.a.akamaiedge.net】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【c55s4】
12. SourceIP:【192.168.50.197】 - Host:【Empty】 - DestinationIP:【104.26.13.31】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【c55s4】
13. SourceIP:【192.168.50.202】 - Host:【2-courier.push.apple.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【c55s4】
14. SourceIP:【192.168.50.207】 - Host:【45-courier.push.apple.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【proxy】 - Lastchain:【c55s4】
15. SourceIP:【192.168.50.197】 - Host:【Empty】 - DestinationIP:【185.199.110.133】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【c55s4】
16. SourceIP:【192.168.50.197】 - Host:【Empty】 - DestinationIP:【185.199.108.133】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【c55s4】
17. SourceIP:【192.168.50.197】 - Host:【Empty】 - DestinationIP:【140.82.114.21】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【c55s4】
大佬再看看这个呢,切换到fake-ip模式了,节点也是手动选择的,也是启动成功的:(OpenClash 启动成功,请等待服务器上线!),dashboard中看连接也走了节点,但是依然还是不行
不是大佬,比较能折腾罢了,基本能看懂的地方也就规则文件和运行日志了,而且我只有x86,所以也算闲的时候在力所能及范围内互相学习吧,给你回复的顺序也就是我的思路。
第二次这个启动时间有点短,OpenClash Start Successful!之后只有6行真正的运行日志,所以我是什么都看不出来
如果方便的话尝试两个操作,1用原版内核启动,meta有奇奇怪怪的bug,还看脸,原版相对好一些,目前还是保证原版能启动的情况下再搞meta的比较好。2先别用自己改的配置,这样操作下,插件设置最上方有几行小字,其中一项是还原初始配置,还原后,在不调整任何非必要设置的情况下,用你在PC上正常运行yaml试一下。
另外,多说一嘴,你有好多process not found,如果没特殊需求的话我建议把覆写设置 meta设置 进程规则调成off
不是大佬,比较能折腾吧,基本能看懂的地方也规则文件和运行日志了,而且我只有x86,所以也算闲的时候在力所能及及范围内大家学习吧,给你回复的顺序嘛我的想法。
第二次这个启动时间有点短,OpenClash启动成功!之后只有6行真正的运行日志,所以我是什么都看不出来
如果方便的话尝试两次操作,1用原版内核启动,meta有奇奇怪怪的bug,还看脸,原版相对好一些,目前还是保证原版能启动的情况下再搞meta的比较好。2先别使用自己修改的配置,这样操作下,插件设置最上面有几行小字,其中一个是还原初始配置,还原后,在不调整任何非必要设置的情况下,用你在PC上正常运行yaml试一下一下。
另外,多说一嘴,你还有好多进程没找到,如果没有特殊需求的话我建议把复写设置meta设置进程规则调成off
发现了奇怪的问题,Mac chrome无法上外网,firefox、safari都能上,windows edge能上,手机chrome能上,平板能上。。。就是在使用的调试的电脑上不了,搞了好久,原来是电脑的问题,还没研究出啥原因
不是大佬,比较能折腾吧,基本能看懂的地方也规则文件和运行日志了,而且我只有x86,所以也算闲的时候在力所能及及范围内大家学习吧,给你回复的顺序嘛我的想法。 第二次这个启动时间有点短,OpenClash启动成功!之后只有6行真正的运行日志,所以我是什么都看不出来 如果方便的话尝试两次操作,1用原版内核启动,meta有奇奇怪怪的bug,还看脸,原版相对好一些,目前还是保证原版能启动的情况下再搞meta的比较好。2先别使用自己修改的配置,这样操作下,插件设置最上面有几行小字,其中一个是还原初始配置,还原后,在不调整任何非必要设置的情况下,用你在PC上正常运行yaml试一下一下。 另外,多说一嘴,你还有好多进程没找到,如果没有特殊需求的话我建议把复写设置meta设置进程规则调成off
发现了奇怪的问题,Mac chrome无法上外网,firefox、safari都能上,windows edge能上,手机chrome能上,平板能上。。。就是在使用的调试的电脑上不了,搞了好久,原来是电脑的问题,还没研究出啥原因
有可能是浏览器dns缓存问题,因为你是fake-ip模式,这个模式最主要的特性就是假的dns响应,如果中途clash崩溃了或router重启,都会造成原来浏览器无法上网的问题,只要把浏览器关闭重启下,一般都能解决,或是把fake-ip持久化清理下也能解决问题,最主要还是假ip惹的祸
Verify Steps
OpenClash Version
0.45.157-beta
Bug on Environment
Official OpenWrt
Bug on Platform
Linux-armv5
To Reproduce
配置还是太高难度了,研究了好久没搞掂,各位前辈大佬帮忙看看什么情况
Describe the Bug
2023-12-02 18:27:01 OpenClash 启动成功,请等待服务器上线! 2023-12-02 18:27:01 第九步: 添加计划任务,启动进程守护程序... 2023-12-02 18:26:57 第八步: 重启 Dnsmasq 程序... 2023-12-02 18:26:57 提示:开始添加自定义防火墙规则... 2023-12-02 18:26:56 提示:正在根据防火墙端口转发和防火墙通信规则添加端口绕过规则... 2023-12-02 18:26:50 提示:检测到 Firewall4,使用 NFTABLE 规则... 2023-12-02 18:26:50 提示:DNS 劫持模式为 Dnsmasq 转发... 2023-12-02 18:26:50 第七步: 设置防火墙规则... 2023-12-02 18:26:50 第六步: 等待主程序下载外部文件... 2023-12-02 18:26:47 第五步: 检查内核启动状态... 2023-12-02 18:26:46 配置文件【/etc/openclash/OpenClash.yaml】测试成功... 2023-12-02 18:26:44 启动前调用内核测试配置文件... 2023-12-02 18:26:44 提示:检测到配置了 Meta 内核专属功能,调用 Meta 内核启动... 2023-12-02 18:26:44 第四步: 启动主程序... 2023-12-02 18:26:44 提示:开始运行自定义覆写脚本... 2023-12-02 18:26:43 提示:您为 SOCKS5/HTTP(S) 代理设置的账户密码为【Clash:YhwA7Gjx】 2023-12-02 18:26:41 第三步: 修改配置文件... 2023-12-02 18:26:41 第二步: 组件运行前检查... 2023-12-02 18:26:40 第一步: 获取配置... 2023-12-02 18:26:40 OpenClash 开始启动...
OpenClash Log
`OpenClash 调试日志
生成时间: 2023-12-02 18:28:55 插件版本: v0.45.157-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
OpenClash Config
No response
Expected Behavior
用一键生成也无法上外网,yaml文件在pc端上是正常可以用的
Screenshots
No response