search

vernesong / OpenClash

A Clash Client For OpenWrt
MIT License
15.85k stars 2.95k forks source link

[Bug] openclash启动一段时间后路由器底下的终端就无法访问纯ipv6 vps的ssh和纯ipv6网站了 #3713

Closed chummumm closed 4 months ago

chummumm commented 6 months ago

Verify Steps

OpenClash Version

v0.45.164-beta

Bug on Environment

Official OpenWrt

OpenWrt Version

OpenWrt SNAPSHOT r24723-7ddd3abd27 / LuCI Master git-23.357.52396-5355b7b

Bug on Platform

Linux-amd64(x86-64)

Describe the Bug

openclash启动一段时间后路由器底下的终端就无法访问纯ipv6 vps的ssh和纯ipv6网站了,0.45.157正式版没有这问题,0.45.162也有这问题的

To Reproduce

openclash启动一段时间后再次访问

OpenClash Log

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

global-ua: chrome

rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- AND,((IN-TYPE,socks),(OR,((PROCESS-NAME,smartdns),(NETWORK,UDP)))),自动选择
- AND,((NETWORK,UDP),(DST-PORT,443),(GEOSITE,youtube)),REJECT
- RULE-SET,reject,REJECT
- DOMAIN,api.cognitive.microsofttranslator.com,Proxy
- RULE-SET,private,DIRECT
- RULE-SET,lancidr,DIRECT
- RULE-SET,apple,Apple
- RULE-SET,icloud,Apple
- RULE-SET,microsoft,Microsoft
- RULE-SET,telegramcidr,Telegram
- DOMAIN-SUFFIX,1drv.com,OneDrive
- DOMAIN-SUFFIX,1drv.ms,OneDrive
- DOMAIN-SUFFIX,livefilestore.com,OneDrive
- DOMAIN-SUFFIX,onedrive.co,OneDrive
- DOMAIN-SUFFIX,onedrive.co.uk,OneDrive
- DOMAIN-SUFFIX,onedrive.com,OneDrive
- DOMAIN-SUFFIX,onedrive.eu,OneDrive
- DOMAIN-SUFFIX,onedrive.live.com,OneDrive
- DOMAIN-SUFFIX,onedrive.net,OneDrive
- DOMAIN-SUFFIX,onedrive.org,OneDrive
- DOMAIN-SUFFIX,storage.live.com,OneDrive
- DOMAIN-SUFFIX,apple-dns.net,Apple
- SRC-IP-CIDR,192.168.3.13/32,Nintendo
- DOMAIN-SUFFIX,playstation.net,PSN
- DOMAIN-SUFFIX,playstation.com,PSN
- DOMAIN-SUFFIX,hptuners.com,DIRECT
- DOMAIN-SUFFIX,steamcontent.com,DIRECT
- DOMAIN-SUFFIX,steamstatic.com,DIRECT
- DOMAIN-SUFFIX,steamserver.net,DIRECT
- DOMAIN-SUFFIX,test.steampowered.com,DIRECT
- DOMAIN-SUFFIX,api.steampowered.com,DIRECT
- DOMAIN-SUFFIX,rmbgame.net,DIRECT
- DOMAIN-SUFFIX,akamaized.net,DIRECT
- DOMAIN-SUFFIX,akamai.net,DIRECT
- DOMAIN-SUFFIX,test-ipv6.com,DIRECT
- DOMAIN-SUFFIX,plex.tv,DIRECT
- DOMAIN-SUFFIX,plexapp.com,DIRECT
- DOMAIN-SUFFIX,plex.direct,DIRECT
- DOMAIN-SUFFIX,chaoyouxing.art,DIRECT
- DOMAIN-SUFFIX,ozon.ru,DIRECT
- DOMAIN-SUFFIX,ghproxy.com,DIRECT
- DOMAIN,tv.apple.com,Proxy
- DOMAIN-SUFFIX,openwrt.org,OpenWrt
- DOMAIN-SUFFIX,apple.com,Apple
- DOMAIN-SUFFIX,itunes.com,Apple
- DOMAIN,scholar.google.com,Scholar
- DOMAIN-KEYWORD,gamer2-cds.cdn.hinet.net,Bahamut
- DOMAIN-KEYWORD,gamer-cds.cdn.hinet.net,Bahamut
- DOMAIN-KEYWORD,gamer.com.tw,Bahamut
- DOMAIN-KEYWORD,i2.bahamut.com.tw,Bahamut
- DOMAIN-KEYWORD,cdninstagram.com,Facebook
- DOMAIN-KEYWORD,instagram.com,Facebook
- DOMAIN-KEYWORD,twitter.com,Facebook
- DOMAIN-KEYWORD,facebook.com,Facebook
- DOMAIN-KEYWORD,youtube,Youtube
- DOMAIN-KEYWORD,youtu.be,Youtube
- DOMAIN-KEYWORD,googlevideo.com,Youtube
- DOMAIN-KEYWORD,ytimg.com,Youtube
- DOMAIN-KEYWORD,gvt2.com,Youtube
- DOMAIN-SUFFIX,yt.be,Youtube
- GEOSITE,google,Google
- DOMAIN-KEYWORD,fast.com,Netflix
- DOMAIN-KEYWORD,netflix.com,Netflix
- DOMAIN-KEYWORD,netflix.net,Netflix
- DOMAIN-KEYWORD,nflxso.net,Netflix
- DOMAIN-KEYWORD,nflxext.com,Netflix
- DOMAIN-KEYWORD,nflximg.com,Netflix
- DOMAIN-KEYWORD,nflximg.net,Netflix
- DOMAIN-KEYWORD,nflxvideo.net,Netflix
- DOMAIN-KEYWORD,netflixdnstest0.com,Netflix
- DOMAIN-KEYWORD,netflixdnstest1.com,Netflix
- DOMAIN-KEYWORD,netflixdnstest2.com,Netflix
- DOMAIN-KEYWORD,netflixdnstest3.com,Netflix
- DOMAIN-KEYWORD,netflixdnstest4.com,Netflix
- DOMAIN-KEYWORD,netflixdnstest5.com,Netflix
- DOMAIN-KEYWORD,netflixdnstest6.com,Netflix
- DOMAIN-KEYWORD,netflixdnstest7.com,Netflix
- DOMAIN-KEYWORD,netflixdnstest8.com,Netflix
- DOMAIN-KEYWORD,netflixdnstest9.com,Netflix
- DOMAIN-KEYWORD,tiktok,Proxy
- DOMAIN-SUFFIX,github.com,Proxy
- DOMAIN-SUFFIX,githubusercontent.com,Proxy
- RULE-SET,direct,DIRECT
- GEOSITE,category-games@cn,DIRECT
- GEOSITE,CN,DIRECT
- GEOIP,CN,DIRECT
- MATCH,Final
rule-providers:
  reject:
    type: http
    behavior: domain
    path: "./rule_provider/reject.yaml"
    url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/reject.txt
    interval: 21600
  direct:
    type: http
    behavior: domain
    path: "./rule_provider/direct.yaml"
    url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/direct.txt
    interval: 21600
  private:
    type: http
    behavior: domain
    path: "./rule_provider/private.yaml"
    url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/private.txt
    interval: 21600
  lancidr:
    type: http
    behavior: ipcidr
    path: "./rule_provider/lancidr.yaml"
    url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/lancidr.txt
    interval: 21600
  apple:
    type: http
    behavior: domain
    path: "./rule_provider/apple.yaml"
    url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/apple.txt
    interval: 21600
  icloud:
    type: http
    behavior: domain
    path: "./rule_provider/icloud.yaml"
    url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/icloud.txt
    interval: 21600
  microsoft:
    type: http
    behavior: classical
    path: "./rule_provider/microsoft.yaml"
    url: https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/release/rule/Clash/Microsoft/Microsoft.yaml
    interval: 21600
  telegramcidr:
    type: http
    behavior: ipcidr
    path: "./rule_provider/telegramcidr.yaml"
    url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/telegramcidr.txt
    interval: 21600
redir-port: 7892
tproxy-port: 7895
port: 7890
socks-port: 7891
mixed-port: 7893
mode: rule
log-level: silent
allow-lan: true
external-controller: 0.0.0.0:8896
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: true
interface-name: pppoe-WAN
geodata-mode: true
geodata-loader: standard
tcp-concurrent: true
unified-delay: true
keep-alive-interval: 15
global-client-fingerprint: random
dns:
  enable: true
  ipv6: true
  enhanced-mode: redir-host
  listen: 0.0.0.0:7874
  nameserver:
  - 127.0.0.1:5335
sniffer:
  enable: true
  force-dns-mapping: true
  parse-pure-ip: true
tun:
  enable: true
  stack: system
  device: utun
  auto-route: false
  auto-detect-interface: false
  dns-hijack:
  - tcp://any:53
profile:
  store-selected: true
  store-fake-ip: true
authentication:
- Clash:z3umncn4

#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts

LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path

#Simple Demo:
    #General Demo
    #1--config path
    #2--key name
    #3--value
    #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
    #ruby_edit "$CONFIG_FILE" "['secret']" "123456"
    #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"

    #Hash Demo
    #1--config path
    #2--key name
    #3--hash type value
    #ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
    #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"

    #Array Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value
    #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"

    #Array Add From Yaml File Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value file path
    #5--value key name in #4 file
    #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"

#Ruby Script Demo:
    #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
    #   begin
    #      Value = YAML.load_file('$CONFIG_FILE');
    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
    #   end;

        #General
    #   begin
    #   Thread.new{
    #      Value['redir-port']=7892;
    #      Value['tproxy-port']=7895;
    #      Value['port']=7890;
    #      Value['socks-port']=7891;
    #      Value['mixed-port']=7893;
    #   }.join;

    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
    #   ensure
    #      File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
    #   end" 2>/dev/null >> $LOG_FILE

exit 0
#===================== 自定义防火墙设置 =====================#

#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules

LOG_OUT "Tip: Start Add Custom Firewall Rules..."

exit 0
#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.8 (nf_tables) on Thu Jan  4 20:54:47 2024
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Thu Jan  4 20:54:47 2024

#IPv4 Mangle chain

# Generated by iptables-save v1.8.8 (nf_tables) on Thu Jan  4 20:54:47 2024
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Thu Jan  4 20:54:47 2024

#IPv4 Filter chain

# Generated by iptables-save v1.8.8 (nf_tables) on Thu Jan  4 20:54:47 2024
*filter
:INPUT ACCEPT [37543217:24257419373]
:FORWARD ACCEPT [125333935:28448076433]
:OUTPUT ACCEPT [25635082:23394912837]
:udp2rawDwrW_54388dc6_C0 - [0:0]
:udp2rawDwrW_54388dc6_C1 - [0:0]
-A INPUT -s 43.129.66.63/32 -p tcp -m tcp --sport 9090 -j udp2rawDwrW_54388dc6_C1
-A INPUT -s 43.129.66.63/32 -p tcp -m tcp --sport 9090 -j udp2rawDwrW_54388dc6_C0
-A udp2rawDwrW_54388dc6_C0 -j DROP
-A udp2rawDwrW_54388dc6_C1 -j DROP
COMMIT
# Completed on Thu Jan  4 20:54:47 2024

#IPv6 NAT chain

# Generated by ip6tables-save v1.8.8 (nf_tables) on Thu Jan  4 20:54:47 2024
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Thu Jan  4 20:54:47 2024

#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.8 (nf_tables) on Thu Jan  4 20:54:47 2024
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Thu Jan  4 20:54:47 2024

#IPv6 Filter chain

# Generated by ip6tables-save v1.8.8 (nf_tables) on Thu Jan  4 20:54:47 2024
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Thu Jan  4 20:54:47 2024

#===================== NFTABLES 防火墙设置 =====================#

table inet fw4 {
    chain input {
        type filter hook input priority filter; policy accept;
        iifname "pppoe-WAN" ip6 saddr != @localnetwork6 counter packets 10144 bytes 6439694 jump openclash_wan6_input
        iifname "pppoe-WAN" ip saddr != @localnetwork counter packets 35507 bytes 19446883 jump openclash_wan_input
        iif "lo" accept comment "!fw4: Accept traffic from loopback"
        ct state vmap { established : accept, related : accept } comment "!fw4: Handle inbound flows"
        tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets"
        iifname { "utun", "br-lan" } jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic"
        iifname "pppoe-WAN" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic"
        iifname "eth0" jump input_MODEM comment "!fw4: Handle MODEM IPv4/IPv6 input traffic"
        iifname "pppoe-IPTV" jump input_IPTV comment "!fw4: Handle IPTV IPv4/IPv6 input traffic"
        iifname "WireGuard" jump input_WireGuard comment "!fw4: Handle WireGuard IPv4/IPv6 input traffic"
    }
}
table inet fw4 {
    chain forward {
        type filter hook forward priority filter; policy accept;
        meta l4proto { tcp, udp } oifname "utun" counter packets 5499 bytes 1924513 accept comment "OpenClash TUN Forward"
        meta l4proto { tcp, udp } flow add @ft
        ct state vmap { established : accept, related : accept } comment "!fw4: Handle forwarded flows"
        iifname { "utun", "br-lan" } jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic"
        iifname "pppoe-WAN" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic"
        iifname "eth0" jump forward_MODEM comment "!fw4: Handle MODEM IPv4/IPv6 forward traffic"
        iifname "pppoe-IPTV" jump forward_IPTV comment "!fw4: Handle IPTV IPv4/IPv6 forward traffic"
        iifname "WireGuard" jump forward_WireGuard comment "!fw4: Handle WireGuard IPv4/IPv6 forward traffic"
        jump upnp_forward comment "Hook into miniupnpd forwarding chain"
    }
}
table inet fw4 {
    chain dstnat {
        type nat hook prerouting priority dstnat; policy accept;
        ip6 daddr { 2001:4860:4860::8844, 2001:4860:4860::8888 } tcp dport 53 counter packets 0 bytes 0 accept comment "OpenClash Google DNS Hijack"
        meta nfproto ipv4 tcp dport 53 counter packets 1 bytes 52 accept comment "OpenClash TCP DNS Hijack"
        udp dport 53 ether saddr != @lan_ac_black_macs counter packets 1405 bytes 91482 redirect to :53 comment "OpenClash DNS Hijack"
        tcp dport 53 ether saddr != @lan_ac_black_macs counter packets 0 bytes 0 redirect to :53 comment "OpenClash DNS Hijack"
        iifname { "utun", "br-lan" } jump dstnat_lan comment "!fw4: Handle lan IPv4/IPv6 dstnat traffic"
        iifname "pppoe-WAN" jump dstnat_wan comment "!fw4: Handle wan IPv4/IPv6 dstnat traffic"
        jump upnp_prerouting comment "Hook into miniupnpd prerouting chain"
        ip protocol tcp counter packets 2272 bytes 665096 jump openclash
    }
}
table inet fw4 {
    chain srcnat {
        type nat hook postrouting priority srcnat; policy accept;
        oifname { "utun", "br-lan" } jump srcnat_lan comment "!fw4: Handle lan IPv4/IPv6 srcnat traffic"
        oifname "pppoe-WAN" jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic"
        oifname "eth0" jump srcnat_MODEM comment "!fw4: Handle MODEM IPv4/IPv6 srcnat traffic"
        oifname "WireGuard" jump srcnat_WireGuard comment "!fw4: Handle WireGuard IPv4/IPv6 srcnat traffic"
        jump upnp_postrouting comment "Hook into miniupnpd postrouting chain"
    }
}
table inet fw4 {
    chain nat_output {
        type nat hook output priority filter - 1; policy accept;
        ip protocol tcp counter packets 6472 bytes 388392 jump openclash_output
    }
}
table inet fw4 {
    chain mangle_prerouting {
        type filter hook prerouting priority mangle; policy accept;
        ip protocol udp counter packets 437308 bytes 35376388 jump openclash_mangle
        meta nfproto ipv4 tcp dport 53 counter packets 3 bytes 156 jump openclash_dns_hijack
        meta nfproto ipv6 counter packets 42635 bytes 25624126 jump openclash_mangle_v6
    }
}
table inet fw4 {
    chain mangle_output {
        type route hook output priority mangle; policy accept;
        meta nfproto ipv4 meta l4proto { tcp, udp } counter packets 78016 bytes 31821596 jump openclash_mangle_output
        meta nfproto ipv6 counter packets 22823 bytes 16609950 jump openclash_mangle_output_v6
    }
}
table inet fw4 {
    chain openclash {
        ip daddr @localnetwork counter packets 1301 bytes 610495 return
        ether saddr @lan_ac_black_macs counter packets 144 bytes 8644 return
        ip protocol tcp counter packets 827 bytes 45957 redirect to :7892
    }
}
table inet fw4 {
    chain openclash_mangle {
        meta nfproto ipv4 udp sport 19981 counter packets 37 bytes 4296 return
        meta nfproto ipv4 udp sport 500 counter packets 0 bytes 0 return
        meta nfproto ipv4 udp sport 68 counter packets 3 bytes 1022 return
        ip saddr 192.168.3.2 udp sport 32400 counter packets 0 bytes 0 return
        meta l4proto { tcp, udp } iifname "utun" counter packets 45 bytes 3524 return
        ip daddr @localnetwork counter packets 428783 bytes 31314743 return
        ether saddr @lan_ac_black_macs counter packets 8331 bytes 3997280 return
        ip protocol udp counter packets 114 bytes 55864 jump openclash_upnp
        meta l4proto { tcp, udp } th dport 0-65535 meta mark set 0x00000162 counter packets 114 bytes 55864
    }
}
table inet fw4 {
    chain openclash_mangle_output {
        meta nfproto ipv4 udp sport 19981 counter packets 37 bytes 4296 return
        meta nfproto ipv4 udp sport 500 counter packets 0 bytes 0 return
        meta nfproto ipv4 udp sport 68 counter packets 0 bytes 0 return
        ip saddr 192.168.3.2 udp sport 32400 counter packets 0 bytes 0 return
        ip daddr @localnetwork counter packets 46374 bytes 27835402 return
    }
}
table inet fw4 {
    chain openclash_output {
        ip saddr 192.168.3.2 tcp sport 32400 counter packets 0 bytes 0 return
        ip daddr @localnetwork counter packets 910 bytes 54672 return
        ip protocol tcp meta skuid != 65534 counter packets 615 bytes 36900 redirect to :7892
    }
}
table inet fw4 {
    chain openclash_wan_input {
        udp dport { 7874, 7890, 7891, 7892, 7893, 7895, 8896 } counter packets 0 bytes 0 reject
        tcp dport { 7874, 7890, 7891, 7892, 7893, 7895, 8896 } counter packets 0 bytes 0 reject
    }
}
table inet fw4 {
    chain openclash_dns_hijack {
        ether saddr @lan_ac_black_macs counter packets 0 bytes 0 return
    }
}
table inet fw4 {
    chain openclash_mangle_v6 {
        meta nfproto ipv6 udp sport 19981 counter packets 0 bytes 0 return
        meta nfproto ipv6 udp sport 500 counter packets 0 bytes 0 return
        meta nfproto ipv6 udp sport 546 counter packets 4 bytes 540 return
        ip6 daddr @localnetwork6 counter packets 36754 bytes 23654053 return
        meta nfproto ipv6 udp dport 53 counter packets 0 bytes 0 return
        ether saddr @lan_ac_black_macs counter packets 469 bytes 94702 return
        meta nfproto ipv6 tcp dport 0-65535 meta mark set 0x00000162 counter packets 5334 bytes 1802891
        meta nfproto ipv6 udp dport 0-65535 meta mark set 0x00000162 counter packets 59 bytes 66250
    }
}
table inet fw4 {
    chain openclash_mangle_output_v6 {
        meta nfproto ipv6 udp sport 19981 counter packets 0 bytes 0 return
        meta nfproto ipv6 udp sport 500 counter packets 0 bytes 0 return
        meta nfproto ipv6 udp sport 546 counter packets 2 bytes 300 return
        ip6 daddr @localnetwork6 counter packets 11769 bytes 14487073 return
        meta nfproto ipv6 meta skuid != 65534 tcp dport 0-65535 meta mark set 0x00000162 counter packets 787 bytes 58928
    }
}
table inet fw4 {
    chain openclash_wan6_input {
        udp dport { 7874, 7890, 7891, 7892, 7893, 7895, 8896 } counter packets 0 bytes 0 reject
        tcp dport { 7874, 7890, 7891, 7892, 7893, 7895, 8896 } counter packets 0 bytes 0 reject
    }
}

#===================== IPSET状态 =====================#

#===================== 路由表状态 =====================#

#IPv4

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         58.**.**.1      0.0.0.0         UG    0      0        0 pppoe-WAN
10.126.32.1     0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-IPTV
58.**.**.1      0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-WAN
192.168.1.0     192.168.1.1     255.255.255.0   UG    0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 eth0
192.168.2.1     0.0.0.0         255.255.255.255 UH    0      0        0 WireGuard
192.168.2.3     0.0.0.0         255.255.255.255 UH    0      0        0 WireGuard
192.168.2.4     0.0.0.0         255.255.255.255 UH    0      0        0 WireGuard
192.168.2.5     0.0.0.0         255.255.255.255 UH    0      0        0 WireGuard
192.168.2.6     0.0.0.0         255.255.255.255 UH    0      0        0 WireGuard
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
192.168.188.0   0.0.0.0         255.255.255.0   U     0      0        0 WireGuard
198.18.0.0      0.0.0.0         255.255.255.252 U     0      0        0 utun

#ip route list
default via 58.**.**.1 dev pppoe-WAN proto static 
10.126.32.1 dev pppoe-IPTV proto kernel scope link src 10.126.42.111 
58.**.**.1 dev pppoe-WAN proto kernel scope link src *WAN IP*.71 
192.168.1.0/24 via 192.168.1.1 dev eth0 proto static 
192.168.1.0/24 dev eth0 proto static scope link metric 100 
192.168.2.1 dev WireGuard proto static scope link 
192.168.2.3 dev WireGuard proto static scope link 
192.168.2.4 dev WireGuard proto static scope link 
192.168.2.5 dev WireGuard proto static scope link 
192.168.2.6 dev WireGuard proto static scope link 
192.168.3.0/24 dev br-lan proto kernel scope link src 192.168.3.1 
192.168.188.0/24 dev WireGuard proto static scope link 
198.18.0.0/30 dev utun proto kernel scope link src 198.18.0.1 

#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#IPv6

#route -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
::/0                                        ::                                      U     1024   5        0 utun    
::/0                                        ::                                      !n    -1     2        0 lo      
::/0                                        fe80::e635:82ff:fe13:50                 UG    512    5        0 pppoe-WAN
240e:***:****:****::/64                     ::                                      !n    2147483647 1        0 lo      
dd2a:2d32:39d4::/64                         ::                                      U     1024   5        0 br-lan  
dd2a:2d32:39d4::/48                         ::                                      !n    2147483647 2        0 lo      
fdfe:dcba:9876::/126                        ::                                      U     256    5        0 utun    
fe80::2075:f0d:d22f:6d26/128                ::                                      U     256    1        0 pppoe-WAN
fe80::e635:82ff:fe13:50/128                 ::                                      U     256    1        0 pppoe-WAN
fe80::/64                                   ::                                      U     256    2        0 eth0    
fe80::/64                                   ::                                      U     256    1        0 eth1    
fe80::/64                                   ::                                      U     256    1        0 eth2    
fe80::/64                                   ::                                      U     256    4        0 br-lan  
fe80::/64                                   ::                                      U     256    1        0 utun    
::/0                                        ::                                      !n    -1     2        0 lo      
::1/128                                     ::                                      Un    0      7        0 lo      
240e:***:****:****::/128                    ::                                      Un    0      3        0 pppoe-WAN
*WAN IP*:6d26/128   ::                                      Un    0      7        0 pppoe-WAN
dd2a:2d32:39d4::/128                        ::                                      Un    0      3        0 br-lan  
dd2a:2d32:39d4::1/128                       ::                                      Un    0      7        0 br-lan  
fdfe:dcba:9876::/128                        ::                                      Un    0      3        0 utun    
fdfe:dcba:9876::1/128                       ::                                      Un    0      7        0 utun    
fe80::/128                                  ::                                      Un    0      6        0 eth0    
fe80::/128                                  ::                                      Un    0      3        0 eth1    
fe80::/128                                  ::                                      Un    0      3        0 eth2    
fe80::/128                                  ::                                      Un    0      3        0 br-lan  
fe80::/128                                  ::                                      Un    0      3        0 utun    
fe80::1e83:41ff:fe32:7b20/128               ::                                      Un    0      4        0 eth1    
fe80::1e83:41ff:fe32:7b21/128               ::                                      Un    0      2        0 eth2    
fe80::1e83:41ff:fe32:7b22/128               ::                                      Un    0      6        0 br-lan  
fe80::2075:f0d:d22f:6d26/128                ::                                      Un    0      2        0 pppoe-WAN
fe80::c717:c8ab:890b:1a17/128               ::                                      Un    0      2        0 utun    
fe80::f46e:cfff:fe6b:732b/128               ::                                      Un    0      3        0 eth0    
ff00::/8                                    ::                                      U     256    7        0 br-lan  
ff00::/8                                    ::                                      U     256    2        0 eth0    
ff00::/8                                    ::                                      U     256    1        0 WireGuard
ff00::/8                                    ::                                      U     256    1        0 eth1    
ff00::/8                                    ::                                      U     256    1        0 eth2    
ff00::/8                                    ::                                      U     256    4        0 pppoe-WAN
ff00::/8                                    ::                                      U     256    3        0 utun    
::/0                                        ::                                      !n    -1     2        0 lo      

#ip -6 route list
default from 240e:***:****:****::/64 via fe80::e635:82ff:fe13:50 dev pppoe-WAN proto static metric 512 pref medium
unreachable 240e:***:****:****::/64 dev lo proto static metric 2147483647 pref medium
dd2a:2d32:39d4::/64 dev br-lan proto static metric 1024 pref medium
unreachable dd2a:2d32:39d4::/48 dev lo proto static metric 2147483647 pref medium
fdfe:dcba:9876::/126 dev utun proto kernel metric 256 pref medium
fe80::2075:f0d:d22f:6d26 dev pppoe-WAN proto kernel metric 256 pref medium
fe80::e635:82ff:fe13:50 dev pppoe-WAN proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev eth2 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev utun proto kernel metric 256 pref medium

#ip -6 rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main

#===================== Tun设备状态 =====================#

utun: tun

#===================== 端口占用状态 =====================#

tcp        0      0 198.18.0.1:45849        0.0.0.0:*               LISTEN      17775/clash
tcp        0      0 :::8896                 :::*                    LISTEN      17775/clash
tcp        0      0 fdfe:dcba:9876::1:46809 :::*                    LISTEN      17775/clash
tcp        0      0 :::7891                 :::*                    LISTEN      17775/clash
tcp        0      0 :::7890                 :::*                    LISTEN      17775/clash
tcp        0      0 :::7893                 :::*                    LISTEN      17775/clash
tcp        0      0 :::7892                 :::*                    LISTEN      17775/clash
tcp        0      0 :::7895                 :::*                    LISTEN      17775/clash
udp        0      0 :::7874                 :::*                                17775/clash
udp        0      0 :::7891                 :::*                                17775/clash
udp        0      0 :::7892                 :::*                                17775/clash
udp        0      0 :::7893                 :::*                                17775/clash
udp        0      0 :::7895                 :::*                                17775/clash
udp        0      0 :::49170                :::*                                17775/clash
udp        0      0 :::39261                :::*                                17775/clash
udp        0      0 :::44091                :::*                                17775/clash

#===================== 测试本机DNS查询(www.baidu.com) =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

www.baidu.com   canonical name = www.a.shifen.com
Name:   www.a.shifen.com
Address: 183.2.172.185
Name:   www.a.shifen.com
Address: 183.2.172.42

www.baidu.com   canonical name = www.a.shifen.com
Name:   www.a.shifen.com
Address: 240e:ff:e020:9ae:0:ff:b014:8e8b
Name:   www.a.shifen.com
Address: 240e:ff:e020:966:0:ff:b042:f296

#===================== 测试内核DNS查询(www.instagram.com) =====================#

Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false

Question: 
  Name: www.instagram.com.
  Qtype: 1
  Qclass: 1

Answer: 
  TTL: 3
  data: z-p42-instagram.c10r.instagram.com.
  name: www.instagram.com.
  type: 5

  TTL: 3
  data: 157.240.15.174
  name: z-p42-instagram.c10r.instagram.com.
  type: 1

Dnsmasq 当前默认 resolv 文件:/tmp/resolv.conf.d/resolv.conf.auto

#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#

# Interface IPTV
nameserver 10.**.**.48
nameserver 222.**.**.80
# Interface WAN
nameserver 222.**.**.80
nameserver 59.**.**.210

#===================== 测试本机网络连接(www.baidu.com) =====================#

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 452680
Content-Security-Policy: frame-ancestors 'self' https://chat.baidu.com http://mirror-chat.baidu.com https://fj-chat.baidu.com https://hba-chat.baidu.com https://hbe-chat.baidu.com https://njjs-chat.baidu.com https://nj-chat.baidu.com https://hna-chat.baidu.com https://hnb-chat.baidu.com http://debug.baidu-int.com;
Content-Type: text/html; charset=utf-8
Date: Thu, 04 Jan 2024 12:54:48 GMT
Server: BWS/1.1
Set-Cookie: BIDUPSID=19FBDA842288B6DDBB859B2B578AE263; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: PSTM=1704372888; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: BAIDUID=19FBDA842288B6DDBB859B2B578AE263:FG=1; Path=/; Domain=baidu.com; Max-Age=31536000
Set-Cookie: BAIDUID_BFESS=19FBDA842288B6DDBB859B2B578AE263:FG=1; Path=/; Domain=baidu.com; Max-Age=31536000; Secure; SameSite=None
Traceid: 1704372888351042458617199074538286792152
Vary: Accept-Encoding
X-Ua-Compatible: IE=Edge,chrome=1

#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#

HTTP/2 404 
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
content-type: text/plain; charset=utf-8
x-github-request-id: 75AA:157439:916C7F:A140AD:6596AA99
accept-ranges: bytes
date: Thu, 04 Jan 2024 12:54:49 GMT
via: 1.1 varnish
x-served-by: cache-tyo11972-TYO
x-cache: MISS
x-cache-hits: 0
x-timer: S1704372889.088779,VS0,VE155
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 251e10e6a3a25d004b7541c27f840756b805b3f7
expires: Thu, 04 Jan 2024 12:59:49 GMT
source-age: 0
content-length: 14

#===================== 最近运行日志(自动切换为Debug模式) =====================#

time="2024-01-04T12:54:52.974670217Z" level=debug msg="[Rule] use default rules"
time="2024-01-04T12:54:59.0955886Z" level=debug msg="[DNS] cache hit for ntp.aliyun.com., expire at 2024-01-04 12:55:13"
time="2024-01-04T12:54:59.096715991Z" level=debug msg="[DNS] cache hit for time-b.timefreq.bldrdoc.gov., expire at 2024-01-04 12:56:23"
time="2024-01-04T12:54:59.097872881Z" level=debug msg="[DNS] cache hit for time-c.timefreq.bldrdoc.gov., expire at 2024-01-04 13:16:05"
time="2024-01-04T12:54:59.358405717Z" level=debug msg="[DNS] resolve dist-appstore.huan.tv from udp://127.0.0.1:5335"
time="2024-01-04T12:54:59.358940549Z" level=debug msg="[DNS] dist-appstore.huan.tv --> [] AAAA from udp://127.0.0.1:5335"
time="2024-01-04T12:54:59.362032647Z" level=debug msg="[DNS] resolve dist-appstore.huan.tv from udp://127.0.0.1:5335"
time="2024-01-04T12:54:59.362393314Z" level=debug msg="[DNS] dist-appstore.huan.tv --> [81.71.10.195] A from udp://127.0.0.1:5335"
time="2024-01-04T12:54:59.371102804Z" level=debug msg="[Rule] use default rules"
time="2024-01-04T12:54:59.371388619Z" level=debug msg="[Process] find process dist-appstore.huan.tv error: process not found"
time="2024-01-04T12:54:59.371516368Z" level=debug msg="[DNS] cache hit for dist-appstore.huan.tv., expire at 2024-01-04 12:55:02"
time="2024-01-04T12:54:59.371542243Z" level=debug msg="[DNS] cache hit for dist-appstore.huan.tv., expire at 2024-01-04 12:55:02"
time="2024-01-04T12:54:59.393292246Z" level=info msg="[TCP] 192.168.3.151:37890 --> dist-appstore.huan.tv:443 match RuleSet(direct) using DIRECT"

#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#

#===================== 活动连接信息 =====================#
114. SourceIP:【192.168.3.11】 - Host:【api.termius.com】 - DestinationIP:【54.215.182.79】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【BWH】
115. SourceIP:【dd2a:2d32:39d4:0:45fa:5de0:b791:2ffe】 - Host:【avatars.githubusercontent.com】 - DestinationIP:【2606:50c0:8002::154】 - Network:【tcp】 - RulePayload:【githubusercontent.com】 - Lastchain:【AWS日本】
116. SourceIP:【192.168.3.3】 - Host:【plex.tv】 - DestinationIP:【18.203.119.245】 - Network:【tcp】 - RulePayload:【plex.tv】 - Lastchain:【DIRECT】
117. SourceIP:【192.168.3.11】 - Host:【www.youtube.com】 - DestinationIP:【74.125.24.136】 - Network:【tcp】 - RulePayload:【youtube】 - Lastchain:【BWH】
118. SourceIP:【192.168.3.149】 - Host:【t14.baidu.com】 - DestinationIP:【113.240.118.36】 - Network:【tcp】 - RulePayload:【direct】 - Lastchain:【DIRECT】
119. SourceIP:【192.168.3.11】 - Host:【github.githubassets.com】 - DestinationIP:【185.199.110.154】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【BWH】
120. SourceIP:【*WAN IP*.71】 - Host:【Empty】 - DestinationIP:【104.192.108.22】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
121. SourceIP:【dd2a:2d32:39d4:0:38ec:d86e:35cb:9b25】 - Host:【vd3.bdstatic.com】 - DestinationIP:【240e:c3:2800:900::1c】 - Network:【tcp】 - RulePayload:【direct】 - Lastchain:【DIRECT】
122. SourceIP:【192.168.3.3】 - Host:【plex.tv】 - DestinationIP:【18.203.119.245】 - Network:【tcp】 - RulePayload:【plex.tv】 - Lastchain:【DIRECT】
123. SourceIP:【192.168.3.2】 - Host:【scrobbles.plex.tv】 - DestinationIP:【172.64.146.103】 - Network:【tcp】 - RulePayload:【plex.tv】 - Lastchain:【DIRECT】

OpenClash Config

No response

Expected Behavior

希望和157版本一样正常使用

Additional Context

No response

vernesong commented 6 months ago

进去看v6连接的debug日志什么报错

chummumm commented 6 months ago

看过debug信息了,只有解析的记录,没有连接记录,ipv6 vps的ssh的话直接没有任何信息

chummumm commented 6 months ago

但是test-ipv6.com的ipv6测试又没有任何问题,就很奇怪

chummumm commented 6 months ago

内核版本没有动,只升级了oc,而且刚启动的时候没问题,等一会儿才会这样

TurnOffNOD commented 5 months ago

但是test-ipv6.com的ipv6测试又没有任何问题,就很奇怪

这个是怎么配置的?我这里现在openclash和ipv6没法共存,我的ipv6-test.com测试都无法通过。

chummumm commented 5 months ago

但是test-ipv6.com的ipv6测试又没有任何问题,就很奇怪

这个是怎么配置的?我这里现在openclash和ipv6没法共存,我的ipv6-test.com测试都无法通过。

我用的ipv6 nat,直接谷歌搜索就可以了

ghost commented 5 months ago

我这里现在openclash和ipv6没法共存,我的ipv6-test.com测试都无法通过。

可以去看一下本机ipv6的dns和路由器的网络-接口-lan下面的ipv6是否一致

chummumm commented 5 months ago

@vernesong 好像是新版本openclash改了防火墙规则,mtr通过tcp探测的时候显示在openwrt这一跳丢包有80%,可能是ipv6 nat规则做过改动,我用的是firewall4

vernesong commented 5 months ago

最近没有动防火墙

chummumm commented 5 months ago

最近没有动防火墙

不清楚了,157版本用着没啥问题

TurnOffNOD commented 5 months ago

但是test-ipv6.com的ipv6测试又没有任何问题,就很奇怪

这个是怎么配置的?我这里现在openclash和ipv6没法共存,我的ipv6-test.com测试都无法通过。

我用的ipv6 nat,直接谷歌搜索就可以了

都用ipv6了,而且有ipv6-pd,还用啥nat啊……

chummumm commented 5 months ago

但是test-ipv6.com的ipv6测试又没有任何问题,就很奇怪

这个是怎么配置的?我这里现在openclash和ipv6没法共存,我的ipv6-test.com测试都无法通过。

我用的ipv6 nat,直接谷歌搜索就可以了

都用ipv6了,而且有ipv6-pd,还用啥nat啊……

只是你在问,所以我告诉你了我的配置方法,你自己愿意用pd就用pd呗,我乐意用nat

TurnOffNOD commented 5 months ago

但是test-ipv6.com的ipv6测试又没有任何问题,就很奇怪

这个是怎么配置的?我这里现在openclash和ipv6没法共存,我的ipv6-test.com测试都无法通过。

我用的ipv6 nat,直接谷歌搜索就可以了

都用ipv6了,而且有ipv6-pd,还用啥nat啊……

只是你在问,所以我告诉你了我的配置方法,你自己愿意用pd就用pd呗,我乐意用nat

感慨一下,感觉浪费了。除非说没有ipv6-pd只能用nat。

chummumm commented 5 months ago

@vernesong 目前的问题就是纯ipv6的网站无法访问和解析,怀疑是ip嗅探的问题

chummumm commented 5 months ago

165和166版本同样的问题

chummumm commented 5 months ago

还有一个现象就是重启防火墙之后一小会儿是没问题的,等一会儿就不行了

chummumm commented 4 months ago

更新:如果是连接到openclash的socks端口之类的进行代理是没有问题的

chummumm commented 4 months ago

是路由问题,以前版本的openclash不需要改默认路由,新版本要自己修改,改好了就行了

xuexiao-weizi commented 2 months ago

是路由问题,以前版本的openclash不需要改默认路由,新版本要自己修改,改好了就行了

我也遇到这样的问题了,麻烦说一下怎么修改路由,谢谢了!