Closed m0e16 closed 2 months ago
v0.45.157-beta、v0.46.001-beta
Immortalwrt
ImmortalWrt 23.05.1 r27304-31bc47589e
Linux-amd64(x86-64)
OpenClash 启动后,有概率无法接管 TCP 流量,控制面板中仅有 UDP 连接(Tun(udp) 和 TProxy(udp)),无法访问任何网站,重新启动 OpenClash 数次后恢复正常。
重新启动 OpenWrt。
OpenClash 调试日志 生成时间: 2024-03-01 19:43:14 插件版本: v0.45.157-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息 #===================== 系统信息 =====================# 主机型号: VMware, Inc. VMware20,1 固件版本: ImmortalWrt 23.05.1 r27304-31bc47589e LuCI版本: git-23.323.25576-ef326c3 内核版本: 5.15.137 处理器架构: x86_64 #此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP IPV6-DHCP: hybrid DNS劫持: Dnsmasq 转发 #DNS劫持为Dnsmasq时,此项结果应仅有配置文件的DNS监听地址 Dnsmasq转发设置: 127.0.0.1#7874 #===================== 依赖检查 =====================# dnsmasq-full: 已安装 coreutils: 已安装 coreutils-nohup: 已安装 bash: 已安装 curl: 已安装 ca-certificates: 已安装 ipset: 已安装 ip-full: 已安装 libcap: 已安装 libcap-bin: 已安装 ruby: 已安装 ruby-yaml: 已安装 ruby-psych: 已安装 ruby-pstore: 已安装 kmod-tun(TUN模式): 已安装 luci-compat(Luci >= 19.07): 已安装 kmod-inet-diag(PROCESS-NAME): 已安装 unzip: 已安装 kmod-nft-tproxy: 已安装 #===================== 内核检查 =====================# 运行状态: 运行中 运行内核:Meta 进程pid: 8872 运行权限: 8872: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip 运行用户: nobody 已选择的架构: linux-amd64 #下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限 Tun内核版本: Tun内核文件: 不存在 Tun内核运行权限: 否 Dev内核版本: Dev内核文件: 不存在 Dev内核运行权限: 否 Meta内核版本: v1.18.1 Meta内核文件: 存在 Meta内核运行权限: 正常 #===================== 插件设置 =====================# 当前配置文件: /etc/openclash/config/SukkaRuleset.yaml 启动配置文件: /etc/openclash/SukkaRuleset.yaml 运行模式: fake-ip-mix 默认代理模式: rule UDP流量转发(tproxy): 停用 自定义DNS: 启用 IPV6代理: 启用 IPV6-DNS解析: 启用 禁用Dnsmasq缓存: 启用 自定义规则: 启用 仅允许内网: 启用 仅代理命中规则流量: 停用 仅允许常用端口流量: 停用 绕过中国大陆IP: 停用 路由本机代理: 启用 #启动异常时建议关闭此项后重试 混合节点: 停用 保留配置: 停用 #启动异常时建议关闭此项后重试 第三方规则: 停用 #===================== 自定义规则 一 =====================# script: ## shortcuts: ## Notice: The core timezone is UTC ## CST 20:00-24:00 = time.now().hour > 12 and time.now().hour < 16 ## 内核时区为UTC,故以下time.now()函数的取值需要根据本地时区进行转换 ## 北京时间(CST) 20:00-24:00 = time.now().hour > 12 and time.now().hour < 16 ## quic: network == 'udp' and dst_port == 443 and (geoip(resolve_ip(host)) != 'CN' or geoip(dst_ip) != 'CN') ## time-limit: in_cidr(src_ip,'192.168.1.2/32') and time.now().hour < 20 or time.now().hour > 21 ## time-limit: src_ip == '192.168.1.2' and time.now().hour < 20 or time.now().hour > 21 ## code: | ## def main(ctx, metadata): ## directkeywordlist = ["baidu"] ## for directkeyword in directkeywordlist: ## if directkeyword in metadata["host"]: ## ctx.log('[Script] matched keyword %s use direct' % directkeyword) ## return "DIRECT" rules: ##- SCRIPT,quic,REJECT #shortcuts rule ##- SCRIPT,time-limit,REJECT #shortcuts rule ##- PROCESS-NAME,curl,DIRECT #匹配路由自身进程(curl直连) ##- DOMAIN-SUFFIX,google.com,Proxy #匹配域名后缀(交由Proxy代理服务器组) ##- DOMAIN-KEYWORD,google,Proxy #匹配域名关键字(交由Proxy代理服务器组) ##- DOMAIN,google.com,Proxy #匹配域名(交由Proxy代理服务器组) ##- DOMAIN-SUFFIX,ad.com,REJECT #匹配域名后缀(拒绝) ##- IP-CIDR,127.0.0.0/8,DIRECT #匹配数据目标IP(直连) ##- SRC-IP-CIDR,192.168.1.201/32,DIRECT #匹配数据发起IP(直连) ##- DST-PORT,80,DIRECT #匹配数据目标端口(直连) ##- SRC-PORT,7777,DIRECT #匹配数据源端口(直连) ##排序在上的规则优先生效,如添加(去除规则前的#号): ##IP段:192.168.1.2-192.168.1.200 直连 ##- SRC-IP-CIDR,192.168.1.2/31,DIRECT ##- SRC-IP-CIDR,192.168.1.4/30,DIRECT ##- SRC-IP-CIDR,192.168.1.8/29,DIRECT ##- SRC-IP-CIDR,192.168.1.16/28,DIRECT ##- SRC-IP-CIDR,192.168.1.32/27,DIRECT ##- SRC-IP-CIDR,192.168.1.64/26,DIRECT ##- SRC-IP-CIDR,192.168.1.128/26,DIRECT ##- SRC-IP-CIDR,192.168.1.192/29,DIRECT ##- SRC-IP-CIDR,192.168.1.200/32,DIRECT ##IP段:192.168.1.202-192.168.1.255 直连 ##- SRC-IP-CIDR,192.168.1.202/31,DIRECT ##- SRC-IP-CIDR,192.168.1.204/30,DIRECT ##- SRC-IP-CIDR,192.168.1.208/28,DIRECT ##- SRC-IP-CIDR,192.168.1.224/27,DIRECT ##此时IP为192.168.1.1和192.168.1.201的客户端流量走代理(策略),其余客户端不走代理 ##因为Fake-IP模式下,IP地址为192.168.1.1的路由器自身流量可走代理(策略),所以需要排除 ##仅设置路由器自身直连: ##- SRC-IP-CIDR,192.168.1.1/32,DIRECT ##- SRC-IP-CIDR,198.18.0.1/32,DIRECT ##DDNS ##- DOMAIN-SUFFIX,checkip.dyndns.org,DIRECT ##- DOMAIN-SUFFIX,checkipv6.dyndns.org,DIRECT ##- DOMAIN-SUFFIX,checkip.synology.com,DIRECT ##- DOMAIN-SUFFIX,ifconfig.co,DIRECT ##- DOMAIN-SUFFIX,api.myip.com,DIRECT ##- DOMAIN-SUFFIX,ip-api.com,DIRECT ##- DOMAIN-SUFFIX,ipapi.co,DIRECT ##- DOMAIN-SUFFIX,ip6.seeip.org,DIRECT ##- DOMAIN-SUFFIX,members.3322.org,DIRECT ##在线IP段转CIDR地址:http://ip2cidr.com - AND,((PROCESS-NAME,smartdns),(NOT,((GEOIP,CN,no-resolve)))),✔ Optional Relay - AND,((DOMAIN-KEYWORD,stun),(NETWORK,udp)),🐼 DIRECT - DOMAIN-KEYWORD,zhina,🔒 Secret - DOMAIN-SUFFIX,yahoo.co.jp,🔒 Secret - DOMAIN-SUFFIX,yimg.jp,🔒 Secret - DOMAIN-SUFFIX,trqjrp.xyz,🐼 DIRECT - DOMAIN,amyconvert.com,🐼 DIRECT - DOMAIN-SUFFIX,imgur.com,🌎 Proxy - DOMAIN,cf.m16.run,🌎 Proxy - DOMAIN-SUFFIX,m16.run,🐼 DIRECT - DOMAIN-SUFFIX,moe16.org,🐼 DIRECT - DOMAIN-SUFFIX,pairdrop.net,🐼 DIRECT - DOMAIN-KEYWORD,qbittorrent,🔒 Secret - DOMAIN,bili.bili.rip,🐼 DIRECT #===================== 自定义规则 二 =====================# script: ## shortcuts: ## common_port: dst_port not in [21, 22, 23, 53, 80, 123, 143, 194, 443, 465, 587, 853, 993, 995, 998, 2052, 2053, 2082, 2083, 2086, 2095, 2096, 5222, 5228, 5229, 5230, 8080, 8443, 8880, 8888, 8889] ## code: | ## def main(ctx, metadata): ## directkeywordlist = ["baidu"] ## for directkeyword in directkeywordlist: ## if directkeyword in metadata["host"]: ## ctx.log('[Script] matched keyword %s use direct' % directkeyword) ## return "DIRECT" rules: ##- SCRIPT,common_port,DIRECT #shortcuts rule ##- DOMAIN-SUFFIX,google.com,Proxy #匹配域名后缀(交由Proxy代理服务器组) ##- DOMAIN-KEYWORD,google,Proxy #匹配域名关键字(交由Proxy代理服务器组) ##- DOMAIN,google.com,Proxy #匹配域名(交由Proxy代理服务器组) ##- DOMAIN-SUFFIX,ad.com,REJECT #匹配域名后缀(拒绝) ##- IP-CIDR,127.0.0.0/8,DIRECT #匹配数据目标IP(直连) ##- SRC-IP-CIDR,192.168.1.201/32,DIRECT #匹配数据发起IP(直连) ##- DST-PORT,80,DIRECT #匹配数据目标端口(直连) ##- SRC-PORT,7777,DIRECT #匹配数据源端口(直连) #===================== 配置文件 =====================# ntp: enable: true write-to-system: true server: ntp1.aliyun.com port: 123 interval: 30 geox-url: geoip: https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat geosite: https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat mmdb: https://raw.githubusercontent.com/alecthw/mmdb_china_ip_list/release/lite/Country.mmdb proxy-groups: - name: "\U0001F30E Proxy" type: select proxies: - "\U0001F1ED\U0001F1F0 Hong Kong" - "\U0001F3F3️\U0001F308 Taiwan" - "\U0001F1EF\U0001F1F5 Japan" - "\U0001F1FA\U0001F1F8 America" - "\U0001F1F8\U0001F1EC Singapore" - "\U0001F4A8 Hysteria 2 Load Balance" - name: "\U0001F512 Secret" type: select use: - Oracle Tokyo CloudFront proxies: - "⚡️ Relay" - "\U0001F4A8 Hysteria 2 Load Balance" - name: "\U0001F3AC Streaming" type: select proxies: - "\U0001F1ED\U0001F1F0 Hong Kong" - "\U0001F3F3️\U0001F308 Taiwan" - "\U0001F1EF\U0001F1F5 Japan" - "\U0001F1FA\U0001F1F8 America" - "\U0001F1F8\U0001F1EC Singapore" - name: "\U0001F37F Youtube" type: select use: - Oracle Tokyo CloudFront proxies: - "\U0001F30E Proxy" - "\U0001F3AC Streaming" - "\U0001F4A8 Hysteria 2 Load Balance" - name: "\U0001F3B5 TikTok" type: select proxies: - "\U0001F1EF\U0001F1F5 Japan" - "\U0001F3F3️\U0001F308 Taiwan" - "\U0001F1FA\U0001F1F8 America" - name: "\U0001F34E Apple" type: select proxies: - "\U0001F43C DIRECT" - "\U0001F30E Proxy" - name: "\U0001F6A7 AdGuard" type: select proxies: - REJECT - "\U0001F43C DIRECT" - name: "\U0001F4A8 Hysteria 2 Load Balance" type: load-balance use: - Oracle Tokyo Hysteria 2 url: http://cp.cloudflare.com/generate_204 interval: 300 lazy: true strategy: round-robin - name: "\U0001F1ED\U0001F1F0 Hong Kong" type: url-test use: - HK url: http://cp.cloudflare.com/generate_204 interval: 300 - name: "\U0001F3F3️\U0001F308 Taiwan" type: url-test use: - TW url: http://cp.cloudflare.com/generate_204 interval: 300 - name: "\U0001F1F8\U0001F1EC Singapore" type: url-test use: - SG url: http://cp.cloudflare.com/generate_204 interval: 300 - name: "\U0001F1EF\U0001F1F5 Japan" type: url-test use: - JP url: http://cp.cloudflare.com/generate_204 interval: 300 - name: "\U0001F1FA\U0001F1F8 America" type: url-test use: - US url: http://cp.cloudflare.com/generate_204 interval: 300 - name: "✔ Optional Relay" type: url-test exclude-filter: "(?i)港|hk|hongkong|hong kong" use: - AnyTelecom url: http://cp.cloudflare.com/generate_204 interval: 300 - name: "\U0001F6EC Landing Node" type: select use: - Oracle Tokyo - name: "⚡️ Relay" type: relay proxies: - "✔ Optional Relay" - "\U0001F6EC Landing Node" - name: "\U0001F43C DIRECT" type: select url: http://wifi.vivo.com.cn/generate_204 proxies: - DIRECT rule-providers: Spotify: type: http behavior: classical path: "./rule_provider/Spotify.yaml" url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@release/rule/Clash/Spotify/Spotify_No_Resolve.yaml interval: 86400 PayPal: type: http behavior: classical path: "./rule_provider/PayPal.yaml" url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@release/rule/Clash/PayPal/PayPal_No_Resolve.yaml interval: 86400 Google: type: http behavior: classical path: "./rule_provider/Google.yaml" url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@release/rule/Clash/Google/Google_No_Resolve.yaml interval: 86400 WeChat: type: http behavior: classical path: "./rule_provider/WeChat.yaml" url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@release/rule/Clash/WeChat/WeChat_No_Resolve.yaml interval: 86400 Youtube: type: http behavior: classical path: "./rule_provider/Youtube.yaml" url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@release/rule/Clash/YouTube/YouTube_No_Resolve.yaml interval: 86400 TikTok: type: http behavior: classical path: "./rule_provider/TikTok.yaml" url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@release/rule/Clash/TikTok/TikTok_No_Resolve.yaml interval: 86400 Epic: type: http behavior: classical path: "./rule_provider/Epic.yaml" url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@release/rule/Clash/Epic/Epic_No_Resolve.yaml interval: 86400 SteamCN: type: http behavior: classical path: "./rule_provider/SteamCN.yaml" url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@release/rule/Clash/SteamCN/SteamCN_No_Resolve.yaml interval: 86400 Ubisoft: type: http behavior: classical path: "./rule_provider/Ubisoft.yaml" url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@release/rule/Clash/UBI/UBI_No_Resolve.yaml interval: 86400 microsoft_cdn_non_ip: type: http behavior: classical format: text interval: 43200 url: https://ruleset.skk.moe/Clash/non_ip/microsoft_cdn.txt path: "./rule_provider/microsoft_cdn_non_ip.txt" microsoft_non_ip: type: http behavior: classical format: text interval: 43200 url: https://ruleset.skk.moe/Clash/non_ip/microsoft.txt path: "./rule_provider/microsoft_non_ip.txt" Steam: type: http behavior: classical path: "./rule_provider/Steam.yaml" url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@release/rule/Clash/Steam/Steam_No_Resolve.yaml interval: 86400 EA: type: http behavior: classical path: "./rule_provider/EA.yaml" url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@release/rule/Clash/EA/EA_No_Resolve.yaml interval: 86400 OpenAI: type: http behavior: classical path: "./rule_provider/OpenAI.yaml" url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/OpenAI/OpenAI_No_Resolve.yaml interval: 86400 GFW: type: http behavior: domain path: "./rule_provider/GFW.yaml" url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt interval: 86400 apple_cdn: type: http behavior: domain format: text interval: 43200 url: https://ruleset.skk.moe/Clash/domainset/apple_cdn.txt path: "./rule_provider/apple_cdn.txt" apple_services: type: http behavior: classical format: text interval: 43200 url: https://ruleset.skk.moe/Clash/non_ip/apple_services.txt path: "./rule_provider/apple_services.txt" telegram_non_ip: type: http behavior: classical format: text interval: 43200 url: https://ruleset.skk.moe/Clash/non_ip/telegram.txt path: "./rule_provider/telegram_non_ip.txt" telegram_ip: type: http behavior: classical format: text interval: 43200 url: https://ruleset.skk.moe/Clash/ip/telegram.txt path: "./rule_provider/telegram_ip.txt" reject_non_ip: type: http behavior: classical format: text interval: 43200 url: https://ruleset.skk.moe/Clash/non_ip/reject.txt path: "./rule_provider/reject_non_ip.txt" reject_domainset: type: http behavior: domain format: text interval: 43200 url: https://ruleset.skk.moe/Clash/domainset/reject.txt path: "./rule_provider/reject_domainset.txt" reject_phishing_domainset: type: http behavior: domain format: text interval: 43200 url: https://ruleset.skk.moe/Clash/domainset/reject_phishing.txt path: "./rule_provider/reject_phishing_domainset.txt" reject_ip: type: http behavior: classical format: text interval: 43200 url: https://ruleset.skk.moe/Clash/ip/reject.txt path: "./rule_provider/reject_ip.txt" stream_us_non_ip: type: http behavior: classical format: text interval: 43200 url: https://ruleset.skk.moe/Clash/non_ip/stream_us.txt path: "./rule_provider/stream_us_non_ip.txt" stream_us_ip: type: http behavior: classical format: text interval: 43200 url: https://ruleset.skk.moe/Clash/ip/stream_us.txt path: "./rule_provider/stream_ip.txt" stream_jp_non_ip: type: http behavior: classical format: text interval: 43200 url: https://ruleset.skk.moe/Clash/non_ip/stream_jp.txt path: "./rule_provider/stream_jp_non_ip.txt" stream_jp_ip: type: http behavior: classical format: text interval: 43200 url: https://ruleset.skk.moe/Clash/ip/stream_jp.txt path: "./rule_provider/stream_jp_ip.txt" stream_hk_non_ip: type: http behavior: classical format: text interval: 43200 url: https://ruleset.skk.moe/Clash/non_ip/stream_hk.txt path: "./rule_provider/stream_hk_non_ip.txt" stream_hk_ip: type: http behavior: classical format: text interval: 43200 url: https://ruleset.skk.moe/Clash/ip/stream_hk.txt path: "./rule_provider/stream_hk_ip.txt" stream_tw_non_ip: type: http behavior: classical format: text interval: 43200 url: https://ruleset.skk.moe/Clash/non_ip/stream_tw.txt path: "./rule_provider/stream_tw_non_ip.txt" stream_tw_ip: type: http behavior: classical format: text interval: 43200 url: https://ruleset.skk.moe/Clash/ip/stream_tw.txt path: "./rule_provider/stream_tw_ip.txt" stream_non_ip: type: http behavior: classical format: text interval: 43200 url: https://ruleset.skk.moe/Clash/non_ip/stream.txt path: "./rule_provider/stream_non_ip.txt" stream_ip: type: http behavior: classical format: text interval: 43200 url: https://ruleset.skk.moe/Clash/ip/stream.txt path: "./rule_provider/stream_ip.txt" rules: - DST-PORT,7895,REJECT - DST-PORT,7892,REJECT - IP-CIDR,198.18.0.1/16,REJECT,no-resolve - AND,((PROCESS-NAME,smartdns),(NOT,((GEOIP,CN,no-resolve)))),✔ Optional Relay - "AND,((DOMAIN-KEYWORD,stun),(NETWORK,udp)),\U0001F43C DIRECT" - "DOMAIN-KEYWORD,zhina,\U0001F512 Secret" - "DOMAIN-SUFFIX,yahoo.co.jp,\U0001F512 Secret" - "DOMAIN-SUFFIX,yimg.jp,\U0001F512 Secret" - "DOMAIN-SUFFIX,trqjrp.xyz,\U0001F43C DIRECT" - "DOMAIN,amyconvert.com,\U0001F43C DIRECT" - "DOMAIN-SUFFIX,imgur.com,\U0001F30E Proxy" - "DOMAIN,cf.m16.run,\U0001F30E Proxy" - "DOMAIN-SUFFIX,m16.run,\U0001F43C DIRECT" - "DOMAIN-SUFFIX,moe16.org,\U0001F43C DIRECT" - "DOMAIN-SUFFIX,pairdrop.net,\U0001F43C DIRECT" - "DOMAIN-KEYWORD,qbittorrent,\U0001F512 Secret" - "DOMAIN,bili.bili.rip,\U0001F43C DIRECT" - "RULE-SET,reject_non_ip,\U0001F6A7 AdGuard" - "RULE-SET,reject_domainset,\U0001F6A7 AdGuard" - "RULE-SET,reject_phishing_domainset,\U0001F6A7 AdGuard" - RULE-SET,reject_ip,REJECT-DROP - "RULE-SET,apple_cdn,\U0001F43C DIRECT" - "RULE-SET,apple_services,\U0001F34E Apple" - "RULE-SET,OpenAI,\U0001F1F8\U0001F1EC Singapore" - "RULE-SET,microsoft_cdn_non_ip,\U0001F43C DIRECT" - "RULE-SET,microsoft_non_ip,\U0001F30E Proxy" - "RULE-SET,telegram_non_ip,\U0001F1F8\U0001F1EC Singapore" - "RULE-SET,telegram_ip,\U0001F1F8\U0001F1EC Singapore" - "RULE-SET,PayPal,\U0001F512 Secret" - "RULE-SET,Epic,\U0001F43C DIRECT" - "RULE-SET,Ubisoft,\U0001F43C DIRECT" - "RULE-SET,SteamCN,\U0001F43C DIRECT" - "RULE-SET,Steam,\U0001F30E Proxy" - "RULE-SET,EA,\U0001F30E Proxy" - "RULE-SET,Youtube,\U0001F37F Youtube" - "RULE-SET,Google,\U0001F512 Secret" - "RULE-SET,Spotify,\U0001F1ED\U0001F1F0 Hong Kong" - "RULE-SET,TikTok,\U0001F3B5 TikTok" - "RULE-SET,WeChat,\U0001F43C DIRECT" - "RULE-SET,stream_us_non_ip,\U0001F1FA\U0001F1F8 America" - "RULE-SET,stream_jp_non_ip,\U0001F1EF\U0001F1F5 Japan" - "RULE-SET,stream_hk_non_ip,\U0001F1ED\U0001F1F0 Hong Kong" - "RULE-SET,stream_tw_non_ip,\U0001F3F3️\U0001F308 Taiwan" - "RULE-SET,stream_non_ip,\U0001F3AC Streaming" - "RULE-SET,stream_us_ip,\U0001F1FA\U0001F1F8 America" - "RULE-SET,stream_jp_ip,\U0001F1EF\U0001F1F5 Japan" - "RULE-SET,stream_hk_ip,\U0001F1ED\U0001F1F0 Hong Kong" - "RULE-SET,stream_tw_ip,\U0001F3F3️\U0001F308 Taiwan" - "RULE-SET,stream_ip,\U0001F3AC Streaming" - "RULE-SET,GFW,\U0001F512 Secret" - "GEOSITE,CN,\U0001F43C DIRECT" - "GEOIP,CN,\U0001F43C DIRECT" - "MATCH,\U0001F30E Proxy" redir-port: 7892 tproxy-port: 7895 port: 7890 socks-port: 7891 mixed-port: 7893 mode: rule log-level: info allow-lan: true external-controller: 0.0.0.0:9090 bind-address: "*" external-ui: "/usr/share/openclash/ui" ipv6: true interface-name: pppoe-wan geodata-mode: true geodata-loader: standard tcp-concurrent: true unified-delay: true find-process-mode: strict dns: enable: true ipv6: true enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 listen: 0.0.0.0:7874 nameserver: - 127.0.0.1:6053 fake-ip-filter: - "*.lan" - "*.localdomain" - "*.example" - "*.invalid" - "*.localhost" - "*.test" - "*.local" - "*.home.arpa" - time.*.com - time.*.gov - time.*.edu.cn - time.*.apple.com - time-ios.apple.com - time1.*.com - time2.*.com - time3.*.com - time4.*.com - time5.*.com - time6.*.com - time7.*.com - ntp.*.com - ntp1.*.com - ntp2.*.com - ntp3.*.com - ntp4.*.com - ntp5.*.com - ntp6.*.com - ntp7.*.com - "*.time.edu.cn" - "*.ntp.org.cn" - "+.pool.ntp.org" - time1.cloud.tencent.com - ntp.ntsc.ac.cn - music.163.com - "*.music.163.com" - "*.126.net" - musicapi.taihe.com - music.taihe.com - songsearch.kugou.com - trackercdn.kugou.com - "*.kuwo.cn" - api-jooxtt.sanook.com - api.joox.com - joox.com - y.qq.com - "*.y.qq.com" - streamoc.music.tc.qq.com - mobileoc.music.tc.qq.com - isure.stream.qqmusic.qq.com - dl.stream.qqmusic.qq.com - aqqmusic.tc.qq.com - amobile.music.tc.qq.com - "*.xiami.com" - "*.music.migu.cn" - music.migu.cn - "+.msftconnecttest.com" - "+.msftncsi.com" - localhost.ptlogin2.qq.com - localhost.sec.qq.com - "+.qq.com" - "+.tencent.com" - "+.srv.nintendo.net" - "*.n.n.srv.nintendo.net" - "+.stun.playstation.net" - xbox.*.*.microsoft.com - "*.*.xboxlive.com" - xbox.*.microsoft.com - xnotify.xboxlive.com - "+.battlenet.com.cn" - "+.wotgame.cn" - "+.wggames.cn" - "+.wowsgame.cn" - "+.wargaming.net" - proxy.golang.org - stun.*.* - stun.*.*.* - "+.stun.*.*" - "+.stun.*.*.*" - "+.stun.*.*.*.*" - "+.stun.*.*.*.*.*" - heartbeat.belkin.com - "*.linksys.com" - "*.linksyssmartwifi.com" - "*.router.asus.com" - mesu.apple.com - swscan.apple.com - swquery.apple.com - swdownload.apple.com - swcdn.apple.com - swdist.apple.com - lens.l.google.com - stun.l.google.com - na.b.g-tun.com - "+.nflxvideo.net" - "*.square-enix.com" - "*.finalfantasyxiv.com" - "*.ffxiv.com" - "*.ff14.sdo.com" - ff.dorado.sdo.com - "*.mcdn.bilivideo.cn" - "+.media.dssott.com" - shark007.net - Mijia Cloud - "+.cmbchina.com" - "+.cmbimg.com" - local.adguard.org - "+.sandai.net" - "+.n0808.com" - "+.m16.run" - "+.moe16.org" tun: enable: true stack: system device: utun auto-route: false auto-detect-interface: false dns-hijack: - tcp://any:53 profile: store-selected: true store-fake-ip: true #===================== 自定义覆写设置 =====================# #!/bin/sh . /usr/share/openclash/ruby.sh . /usr/share/openclash/log.sh . /lib/functions.sh # This script is called by /etc/init.d/openclash # Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts LOG_OUT "Tip: Start Running Custom Overwrite Scripts..." LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S")) LOG_FILE="/tmp/openclash.log" CONFIG_FILE="$1" #config path #Simple Demo: #General Demo #1--config path #2--key name #3--value #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892" #ruby_edit "$CONFIG_FILE" "['secret']" "123456" #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true" #Hash Demo #1--config path #2--key name #3--hash type value #ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}" #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}" #Array Demo: #1--config path #2--key name #3--position(start from 0, end with -1) #4--value #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114" #Array Add From Yaml File Demo: #1--config path #2--key name #3--position(start from 0, end with -1) #4--value file path #5--value key name in #4 file #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']" #Ruby Script Demo: #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e " # begin # Value = YAML.load_file('$CONFIG_FILE'); # rescue Exception => e # puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】'; # end; #General # begin # Thread.new{ # Value['redir-port']=7892; # Value['tproxy-port']=7895; # Value['port']=7890; # Value['socks-port']=7891; # Value['mixed-port']=7893; # }.join; # rescue Exception => e # puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】'; # ensure # File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)}; # end" 2>/dev/null >> $LOG_FILE exit 0 #===================== 自定义防火墙设置 =====================# #!/bin/sh . /usr/share/openclash/log.sh . /lib/functions.sh # This script is called by /etc/init.d/openclash # Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules LOG_OUT "Tip: Start Add Custom Firewall Rules..." exit 0 #===================== IPTABLES 防火墙设置 =====================# #IPv4 NAT chain #IPv4 Mangle chain #IPv4 Filter chain #IPv6 NAT chain #IPv6 Mangle chain #IPv6 Filter chain #===================== NFTABLES 防火墙设置 =====================# table inet fw4 { chain input { type filter hook input priority filter; policy accept; iifname "pppoe-wan" ip6 saddr != @localnetwork6 counter packets 7 bytes 2286 jump openclash_wan6_input iifname "eth3" ip6 saddr != @localnetwork6 counter packets 0 bytes 0 jump openclash_wan6_input udp dport 443 ip6 daddr != @china_ip6_route counter packets 0 bytes 0 reject with icmpv6 port-unreachable comment "OpenClash QUIC REJECT" iifname "lo" accept comment "!fw4: Accept traffic from loopback" ct state established,related accept comment "!fw4: Allow inbound established and related flows" tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets" iifname { "utun", "br-lan" } jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic" iifname { "eth3", "pppoe-wan" } jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic" iifname "eth3.99" jump input_iptv comment "!fw4: Handle iptv IPv4/IPv6 input traffic" } } table inet fw4 { chain forward { type filter hook forward priority filter; policy drop; oifname "utun" udp dport 443 ip daddr != @china_ip_route counter packets 0 bytes 0 reject with icmp port-unreachable comment "OpenClash QUIC REJECT" meta l4proto { tcp, udp } oifname "utun" counter packets 28 bytes 3271 accept comment "OpenClash TUN Forward" meta l4proto { tcp, udp } flow add @ft ct state established,related accept comment "!fw4: Allow forwarded established and related flows" iifname { "utun", "br-lan" } jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic" iifname { "eth3", "pppoe-wan" } jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic" iifname "eth3.99" jump forward_iptv comment "!fw4: Handle iptv IPv4/IPv6 forward traffic" jump handle_reject } } table inet fw4 { chain dstnat { type nat hook prerouting priority dstnat; policy accept; ip6 daddr { 2001:4860:4860::8844, 2001:4860:4860::8888 } tcp dport 53 counter packets 0 bytes 0 accept comment "OpenClash Google DNS Hijack" meta nfproto ipv6 udp dport 53 counter packets 0 bytes 0 redirect to :53 comment "OpenClash DNS Hijack" meta nfproto ipv6 tcp dport 53 counter packets 0 bytes 0 redirect to :53 comment "OpenClash DNS Hijack" meta nfproto ipv4 tcp dport 53 counter packets 0 bytes 0 accept comment "OpenClash TCP DNS Hijack" iifname { "eth3", "pppoe-wan" } jump dstnat_wan comment "!fw4: Handle wan IPv4/IPv6 dstnat traffic" } } table inet fw4 { chain srcnat { type nat hook postrouting priority srcnat; policy accept; oifname { "eth3", "pppoe-wan" } jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic" } } table inet fw4 { chain nat_output { type nat hook output priority filter - 1; policy accept; } } table inet fw4 { chain mangle_prerouting { type filter hook prerouting priority mangle; policy accept; ip protocol udp counter packets 529 bytes 48864 jump openclash_mangle meta nfproto ipv4 tcp dport 53 counter packets 0 bytes 0 jump openclash_dns_hijack meta nfproto ipv6 counter packets 74 bytes 7649 jump openclash_mangle_v6 } } table inet fw4 { chain mangle_output { type route hook output priority mangle; policy accept; meta nfproto ipv4 meta l4proto { tcp, udp } counter packets 2816 bytes 3285377 jump openclash_mangle_output } } table inet fw4 { chain openclash { } } table inet fw4 { chain openclash_mangle { meta nfproto ipv4 udp sport 500 counter packets 0 bytes 0 return meta nfproto ipv4 udp sport 68 counter packets 0 bytes 0 return meta l4proto { tcp, udp } iifname "utun" counter packets 5 bytes 234 return ip daddr @localnetwork counter packets 496 bytes 45359 return ip protocol udp counter packets 28 bytes 3271 jump openclash_upnp meta l4proto { tcp, udp } th dport 0-65535 meta mark set 0x00000162 counter packets 28 bytes 3271 } } table inet fw4 { chain openclash_mangle_output { meta nfproto ipv4 udp sport 500 counter packets 0 bytes 0 return meta nfproto ipv4 udp sport 68 counter packets 0 bytes 0 return ip daddr @localnetwork counter packets 2677 bytes 3269105 return meta skuid != 65534 udp dport 0-65535 ip daddr 198.18.0.0/16 meta mark set 0x00000162 counter packets 0 bytes 0 } } table inet fw4 { chain openclash_output { } } table inet fw4 { chain openclash_wan_input { } } table inet fw4 { chain openclash_dns_hijack { } } table inet fw4 { chain openclash_mangle_v6 { meta nfproto ipv6 udp sport 500 counter packets 0 bytes 0 return meta nfproto ipv6 udp sport 546 counter packets 0 bytes 0 return ip6 daddr @localnetwork6 counter packets 62 bytes 6641 return meta nfproto ipv6 udp dport 53 counter packets 0 bytes 0 return meta nfproto ipv6 tcp dport 0-65535 meta mark set 0x00000162 tproxy ip6 to :7895 counter packets 10 bytes 744 accept comment "OpenClash TCP Tproxy" meta nfproto ipv6 udp dport 0-65535 meta mark set 0x00000162 tproxy ip6 to :7895 counter packets 2 bytes 264 accept comment "OpenClash UDP Tproxy" } } table inet fw4 { chain openclash_mangle_output_v6 { meta nfproto ipv6 udp sport 500 counter packets 0 bytes 0 return meta nfproto ipv6 udp sport 546 counter packets 0 bytes 0 return ip6 daddr @localnetwork6 counter packets 0 bytes 0 return meta nfproto ipv6 meta skuid != 65534 tcp dport 0-65535 meta mark set 0x00000162 tproxy ip6 to :7895 counter packets 0 bytes 0 accept comment "OpenClash TCP Tproxy" } } table inet fw4 { chain openclash_wan6_input { udp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject tcp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject } } #===================== IPSET状态 =====================# #===================== 路由表状态 =====================# #IPv4 #route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.164.0.1 0.0.0.0 UG 10 0 0 pppoe-wan 0.0.0.0 10.252.0.1 0.0.0.0 UG 20 0 0 eth3.99 10.164.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 pppoe-wan 10.252.0.0 0.0.0.0 255.255.248.0 U 20 0 0 eth3.99 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3 192.168.0.1 192.168.0.2 255.255.255.255 UGH 0 0 0 eth3 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan 198.18.0.0 0.0.0.0 255.255.255.252 U 0 0 0 utun #ip route list default via 10.164.0.1 dev pppoe-wan proto static metric 10 default via 10.252.0.1 dev eth3.99 proto static src 10.252.4.133 metric 20 10.164.0.1 dev pppoe-wan proto kernel scope link src *WAN IP*.229 10.252.0.0/21 dev eth3.99 proto static scope link metric 20 192.168.0.0/24 dev eth3 proto kernel scope link src 192.168.0.2 192.168.0.1 via 192.168.0.2 dev eth3 proto static 192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1 198.18.0.0/30 dev utun proto kernel scope link src 198.18.0.1 #ip rule show 0: from all lookup local 32765: from all fwmark 0x162 lookup 354 32766: from all lookup main 32767: from all lookup default #IPv6 #route -A inet6 Kernel IPv6 routing table Destination Next Hop Flags Metric Ref Use Iface ::/0 :: U 1024 2 0 lo ::/0 :: U 1024 1 0 utun ::/0 fe80::1ade:d7ff:feaa:1deb UG 512 2 0 pppoe-wan ::/0 fe80::1ade:d7ff:feaa:1deb UG 512 2 0 pppoe-wan 2408:825c:280:63ac::/64 :: !n 2147483647 2 0 lo 2408:825c:2a3:4745::/64 :: U 1024 2 0 br-lan 2408:825c:2a3:4745::/64 :: !n 2147483647 1 0 lo fdfe:dcba:9876::/126 :: U 256 1 0 utun fe80::1161:31b5:6f2b:5b7/128 :: U 256 2 0 pppoe-wan fe80::1ade:d7ff:feaa:1deb/128 :: U 256 1 0 pppoe-wan fe80::/64 :: U 256 3 0 br-lan fe80::/64 :: U 256 1 0 eth3 fe80::/64 :: U 256 1 0 eth3.99 fe80::/64 :: U 256 1 0 eth3.666 fe80::/64 :: U 256 1 0 utun ::/0 :: !n -1 2 0 lo ::1/128 :: Un 0 4 0 lo 2408:825c:280:63ac::/128 :: Un 0 3 0 pppoe-wan *WAN IP*:5b7/128 :: Un 0 4 0 pppoe-wan 2408:825c:2a3:4745::/128 :: Un 0 3 0 br-lan 2408:825c:2a3:4745::1/128 :: Un 0 4 0 br-lan fdfe:dcba:9876::/128 :: Un 0 3 0 utun fdfe:dcba:9876::1/128 :: Un 0 3 0 utun fe80::/128 :: Un 0 3 0 br-lan fe80::/128 :: Un 0 3 0 eth3 fe80::/128 :: Un 0 3 0 eth3.99 fe80::/128 :: Un 0 3 0 eth3.666 fe80::/128 :: Un 0 3 0 utun fe80::20c:29ff:fe62:c30/128 :: Un 0 10 0 br-lan fe80::1161:31b5:6f2b:5b7/128 :: Un 0 3 0 pppoe-wan fe80::2289:8aff:fe7d:2ae7/128 :: Un 0 2 0 eth3.99 fe80::7e2b:e1ff:fe12:eca8/128 :: Un 0 2 0 eth3 fe80::7e2b:e1ff:fe12:eca8/128 :: Un 0 2 0 eth3.666 fe80::e16f:d780:2e2a:bede/128 :: Un 0 2 0 utun ff00::/8 :: U 256 2 0 br-lan ff00::/8 :: U 256 1 0 eth3 ff00::/8 :: U 256 1 0 eth3.99 ff00::/8 :: U 256 1 0 eth3.666 ff00::/8 :: U 256 2 0 pppoe-wan ff00::/8 :: U 256 2 0 utun ::/0 :: !n -1 2 0 lo #ip -6 route list default from 2408:825c:280:63ac::/64 via fe80::1ade:d7ff:feaa:1deb dev pppoe-wan proto static metric 512 pref medium default from 2408:825c:2a3:4745::/64 via fe80::1ade:d7ff:feaa:1deb dev pppoe-wan proto static metric 512 pref medium unreachable 2408:825c:280:63ac::/64 dev lo proto static metric 2147483647 pref medium 2408:825c:2a3:4745::/64 dev br-lan proto static metric 1024 pref medium unreachable 2408:825c:2a3:4745::/64 dev lo proto static metric 2147483647 pref medium fdfe:dcba:9876::/126 dev utun proto kernel metric 256 pref medium fe80::1161:31b5:6f2b:5b7 dev pppoe-wan proto kernel metric 256 pref medium fe80::1ade:d7ff:feaa:1deb dev pppoe-wan proto kernel metric 256 pref medium fe80::/64 dev br-lan proto kernel metric 256 pref medium fe80::/64 dev eth3 proto kernel metric 256 pref medium fe80::/64 dev eth3.99 proto kernel metric 256 pref medium fe80::/64 dev eth3.666 proto kernel metric 256 pref medium fe80::/64 dev utun proto kernel metric 256 pref medium #ip -6 rule show 0: from all lookup local 32763: from all fwmark 0x162 lookup 354 32764: from all oif utun lookup 2022 32765: from all oif utun lookup 2022 32766: from all lookup main 4200000000: from 2408:825c:2a3:4745::1/64 iif br-lan unreachable #===================== Tun设备状态 =====================# utun: tun #===================== 端口占用状态 =====================# tcp 0 0 198.18.0.1:37235 0.0.0.0:* LISTEN 8872/clash tcp 0 0 :::7891 :::* LISTEN 8872/clash tcp 0 0 :::7890 :::* LISTEN 8872/clash tcp 0 0 :::7893 :::* LISTEN 8872/clash tcp 0 0 :::7892 :::* LISTEN 8872/clash tcp 0 0 :::7895 :::* LISTEN 8872/clash tcp 0 0 :::9090 :::* LISTEN 8872/clash tcp 0 0 fdfe:dcba:9876::1:37873 :::* LISTEN 8872/clash udp 0 0 :::7891 :::* 8872/clash udp 0 0 :::7892 :::* 8872/clash udp 0 0 :::7893 :::* 8872/clash udp 0 0 :::7895 :::* 8872/clash udp 0 0 :::52561 :::* 8872/clash udp 0 0 :::38814 :::* 8872/clash udp 0 0 :::47667 :::* 8872/clash udp 0 0 :::33976 :::* 8872/clash udp 0 0 :::7874 :::* 8872/clash udp 0 0 :::51911 :::* 8872/clash #===================== 测试本机DNS查询(www.baidu.com) =====================# Server: 127.0.0.1 Address: 127.0.0.1:53 Name: www.baidu.com Address: 198.18.0.7 #===================== 测试内核DNS查询(www.instagram.com) =====================# Status: 0 TC: false RD: true RA: true AD: false CD: false Question: Name: www.instagram.com. Qtype: 1 Qclass: 1 Answer: TTL: 3600 data: z-p42-instagram.c10r.instagram.com. name: www.instagram.com. type: 5 TTL: 3600 data: 31.13.87.174 name: z-p42-instagram.c10r.instagram.com. type: 1 Dnsmasq 当前默认 resolv 文件:/tmp/resolv.conf.d/resolv.conf.auto #===================== /tmp/resolv.conf.auto =====================# # Interface wan_6 nameserver 2408:8001:4000:9000:221:7:128:68 nameserver 2408:8001:4010:9000:221:7:136:68 # Interface wan nameserver 221.7.128.68 nameserver 221.7.136.68 # Interface iptv nameserver 221.7.128.68 nameserver 221.7.136.68 #===================== /tmp/resolv.conf.d/resolv.conf.auto =====================# # Interface wan_6 nameserver 2408:8001:4000:9000:221:7:128:68 nameserver 2408:8001:4010:9000:221:7:136:68 # Interface wan nameserver 221.7.128.68 nameserver 221.7.136.68 # Interface iptv nameserver 221.7.128.68 nameserver 221.7.136.68 #===================== 测试本机网络连接(www.baidu.com) =====================# #===================== 测试本机网络下载(raw.githubusercontent.com) =====================# #===================== 最近运行日志(自动切换为Debug模式) =====================# time="2024-03-01T11:42:07.786733763Z" level=info msg="Start initial provider Oracle Tokyo" time="2024-03-01T11:42:07.787171874Z" level=info msg="Start initial provider US" time="2024-03-01T11:42:07.789393512Z" level=info msg="Start initial provider HK" time="2024-03-01T11:42:07.792292052Z" level=warning msg="[Provider] SG not updated for a long time, force refresh" time="2024-03-01T11:42:07.792509391Z" level=warning msg="[Provider] JP not updated for a long time, force refresh" time="2024-03-01T11:42:07.792698475Z" level=warning msg="[Provider] HK not updated for a long time, force refresh" time="2024-03-01T11:42:07.801662885Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.810492853Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.81103426Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.811557011Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.811988145Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.812370018Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.812396709Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.812424503Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.812443365Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.812462017Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.812482581Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.812500695Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.812516829Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.815223277Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.817389824Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.821870611Z" level=info msg="Start initial provider Ubisoft" time="2024-03-01T11:42:07.825382029Z" level=info msg="Start initial provider stream_us_ip" time="2024-03-01T11:42:07.825444075Z" level=info msg="Start initial provider stream_hk_ip" time="2024-03-01T11:42:07.825482215Z" level=info msg="Start initial provider reject_domainset" time="2024-03-01T11:42:07.836807353Z" level=info msg="Start initial provider stream_jp_non_ip" time="2024-03-01T11:42:07.83690259Z" level=info msg="Start initial provider stream_tw_ip" time="2024-03-01T11:42:07.836940573Z" level=info msg="Start initial provider stream_hk_non_ip" time="2024-03-01T11:42:07.837005127Z" level=info msg="Start initial provider stream_ip" time="2024-03-01T11:42:07.837042426Z" level=info msg="Start initial provider Spotify" time="2024-03-01T11:42:07.837527604Z" level=info msg="Start initial provider TikTok" time="2024-03-01T11:42:07.837926447Z" level=info msg="Start initial provider reject_non_ip" time="2024-03-01T11:42:07.838023482Z" level=info msg="Start initial provider Steam" time="2024-03-01T11:42:07.838617154Z" level=info msg="Start initial provider WeChat" time="2024-03-01T11:42:07.839050373Z" level=info msg="Start initial provider EA" time="2024-03-01T11:42:07.841264208Z" level=info msg="Start initial provider Google" time="2024-03-01T11:42:07.852794587Z" level=info msg="Start initial provider OpenAI" time="2024-03-01T11:42:07.853256145Z" level=info msg="Start initial provider reject_ip" time="2024-03-01T11:42:07.853391319Z" level=info msg="Start initial provider GFW" time="2024-03-01T11:42:07.867050529Z" level=info msg="Start initial provider stream_tw_non_ip" time="2024-03-01T11:42:07.867172051Z" level=info msg="Start initial provider apple_services" time="2024-03-01T11:42:07.867222136Z" level=info msg="Start initial provider reject_phishing_domainset" time="2024-03-01T11:42:07.867282973Z" level=info msg="Start initial provider telegram_ip" time="2024-03-01T11:42:07.867333442Z" level=info msg="Start initial provider stream_jp_ip" time="2024-03-01T11:42:07.867367304Z" level=info msg="Start initial provider stream_us_non_ip" time="2024-03-01T11:42:07.867416314Z" level=info msg="Start initial provider Epic" time="2024-03-01T11:42:07.867682618Z" level=info msg="Start initial provider microsoft_cdn_non_ip" time="2024-03-01T11:42:07.867751304Z" level=info msg="Start initial provider telegram_non_ip" time="2024-03-01T11:42:07.867804231Z" level=info msg="Start initial provider PayPal" time="2024-03-01T11:42:07.871054262Z" level=info msg="Start initial provider apple_cdn" time="2024-03-01T11:42:07.87173024Z" level=info msg="Start initial provider microsoft_non_ip" time="2024-03-01T11:42:07.871799837Z" level=info msg="Start initial provider stream_non_ip" time="2024-03-01T11:42:07.871979287Z" level=info msg="Start initial provider SteamCN" time="2024-03-01T11:42:07.872257331Z" level=info msg="Start initial provider Youtube" time="2024-03-01T11:42:07.925141779Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: 2c3ca66.aqmixt.xyz:18355 connect error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.925434016Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: 2c3ca66.aqmixt.xyz:18355 connect error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.925472449Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: 2c3ca66.aqmixt.xyz:18355 connect error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.937929989Z" level=error msg="[Provider] SG pull error: Get \"https://gist.githubusercontent.com/m0e16/b79719bce200cd0913bb85a063e847dd/raw/AmyTelecom\": EOF" time="2024-03-01T11:42:07.939034205Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: 2c3ca66.aqmixt.xyz:18355 connect error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.939190613Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: 2c3ca66.aqmixt.xyz:18355 connect error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.939221055Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: 2c3ca66.aqmixt.xyz:18355 connect error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.939244614Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: 2c3ca66.aqmixt.xyz:18355 connect error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.939269391Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: 2c3ca66.aqmixt.xyz:18355 connect error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.939301493Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: 2c3ca66.aqmixt.xyz:18355 connect error: dns resolve failed: couldn't find ip" time="2024-03-01T11:42:07.93976353Z" level=error msg="[Provider] JP pull error: Get \"https://gist.githubusercontent.com/m0e16/b79719bce200cd0913bb85a063e847dd/raw/AmyTelecom\": EOF" time="2024-03-01T11:42:07.939778104Z" level=error msg="[Provider] HK pull error: Get \"https://gist.githubusercontent.com/m0e16/b79719bce200cd0913bb85a063e847dd/raw/AmyTelecom\": EOF" time="2024-03-01T11:42:07.963502788Z" level=warning msg="because 🏳️\u200d🌈 Taiwan failed multiple times, active health check" 2024-03-01 19:41:40【/tmp/openclash_last_version】Download Failed:【curl: (28) Failed to connect to cdn.jsdelivr.net port 443 after 30000 ms: Error】 2024-03-01 19:42:12 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules... 2024-03-01 19:42:12 Tip: Start Add Custom Firewall Rules... 2024-03-01 19:42:12 Step 8: Restart Dnsmasq... time="2024-03-01T11:42:12.654251215Z" level=info msg="Start initial Compatible provider 🔒 Secret" time="2024-03-01T11:42:12.654314576Z" level=info msg="Start initial Compatible provider ⚡️ Relay" time="2024-03-01T11:42:12.654323286Z" level=info msg="Start initial Compatible provider 🎬 Streaming" time="2024-03-01T11:42:12.654332448Z" level=info msg="Start initial Compatible provider 🌎 Proxy" time="2024-03-01T11:42:12.65433898Z" level=info msg="Start initial Compatible provider 🎵 TikTok" time="2024-03-01T11:42:12.654346678Z" level=info msg="Start initial Compatible provider 🍿 Youtube" time="2024-03-01T11:42:12.654353024Z" level=info msg="Start initial Compatible provider default" time="2024-03-01T11:42:12.654366577Z" level=info msg="Start initial Compatible provider 🐼 DIRECT" time="2024-03-01T11:42:12.654373238Z" level=info msg="Start initial Compatible provider 🚧 AdGuard" time="2024-03-01T11:42:12.654381313Z" level=info msg="Start initial Compatible provider 🍎 Apple" time="2024-03-01T11:42:13.775117773Z" level=info msg="[UDP] 192.168.1.195:54321 --> 58.254.154.6:8053 match GeoIP(CN) using 🐼 DIRECT[DIRECT]" time="2024-03-01T11:42:14.564688937Z" level=info msg="[UDP] 192.168.1.118:39029 --> 60.28.217.96:6666 match GeoIP(CN) using 🐼 DIRECT[DIRECT]" 2024-03-01 19:42:15 Step 9: Add Cron Rules, Start Daemons... 2024-03-01 19:42:15 OpenClash Start Successful! time="2024-03-01T11:42:15.69959971Z" level=info msg="[UDP] 192.168.1.118:43375 --> 60.28.217.96:6666 match GeoIP(CN) using 🐼 DIRECT[DIRECT]" time="2024-03-01T11:42:26.570305145Z" level=info msg="[UDP] [2408:825c:2a3:4745:68b9:d0d1:cf28:46d6]:52721 --> [2408:825c:2a2:faa5:1c8e:8500:c306:c1f3]:58627 match GeoIP(CN) using 🐼 DIRECT[DIRECT]" 2024-03-01 19:41:37【/tmp/openclash_last_version】Download Failed:【curl: (28) Failed to connect to cdn.jsdelivr.net port 443 after 30000 ms: Error】 2024-03-01 19:41:40【/tmp/openclash_last_version】Download Failed:【curl: (28) Failed to connect to cdn.jsdelivr.net port 443 after 30001 ms: Error】 2024-03-01 19:41:37【/tmp/openclash_last_version】Download Failed:【curl: (28) Failed to connect to cdn.jsdelivr.net port 443 after 30001 ms: Error】 time="2024-03-01T11:43:11.206307449Z" level=info msg="[UDP] 192.168.1.118:39326 --> 60.28.217.96:6666 match GeoIP(CN) using 🐼 DIRECT[DIRECT]" time="2024-03-01T11:43:12.660049064Z" level=info msg="[UDP] 192.168.1.118:58022 --> 60.28.217.96:6666 match GeoIP(CN) using 🐼 DIRECT[DIRECT]" 2024-03-01 19:41:40【/tmp/openclash_last_version】Download Failed:【curl: (28) Failed to connect to cdn.jsdelivr.net port 443 after 30001 ms: Error】 time="2024-03-01T11:43:16.838523663Z" level=info msg="[UDP] 192.168.1.138:54321 --> 45.124.124.122:8053 match GeoIP(CN) using 🐼 DIRECT[DIRECT]" time="2024-03-01T11:43:34.499673704Z" level=debug msg="[DNS] resolve mesu.apple.com from udp://127.0.0.1:6053" time="2024-03-01T11:43:34.500579268Z" level=debug msg="[DNS] resolve mesu.apple.com from udp://127.0.0.1:6053" time="2024-03-01T11:43:34.511012213Z" level=debug msg="[DNS] mesu.apple.com --> [182.91.255.213] A from udp://127.0.0.1:6053" time="2024-03-01T11:43:34.570194355Z" level=debug msg="[DNS] mesu.apple.com --> [] AAAA from udp://127.0.0.1:6053" time="2024-03-01T11:43:41.664110485Z" level=debug msg="[DNS] resolve lb._dns-sd._udp.0.1.168.192.in-addr.arpa from udp://127.0.0.1:6053" time="2024-03-01T11:43:41.729217031Z" level=debug msg="[DNS] lb._dns-sd._udp.0.1.168.192.in-addr.arpa --> [] PTR from udp://127.0.0.1:6053" #===================== 最近运行日志获取完成(自动切换为silent模式) =====================# #===================== 活动连接信息 =====================# 1. SourceIP:【2408:825c:2a3:4745:68b9:d0d1:cf28:46d6】 - Host:【Empty】 - DestinationIP:【2408:825c:2a2:faa5:1c8e:8500:c306:c1f3】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】 2. SourceIP:【192.168.1.118】 - Host:【Empty】 - DestinationIP:【60.28.217.96】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】 3. SourceIP:【192.168.1.118】 - Host:【Empty】 - DestinationIP:【60.28.217.96】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】 4. SourceIP:【192.168.1.195】 - Host:【Empty】 - DestinationIP:【58.254.154.6】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】 5. SourceIP:【192.168.1.138】 - Host:【Empty】 - DestinationIP:【45.124.124.122】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】 6. SourceIP:【192.168.1.118】 - Host:【Empty】 - DestinationIP:【60.28.217.96】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
### OpenClash Config _No response_ ### Expected Behavior ... ### Additional Context _No response_
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days
Verify Steps
OpenClash Version
v0.45.157-beta、v0.46.001-beta
Bug on Environment
Immortalwrt
OpenWrt Version
ImmortalWrt 23.05.1 r27304-31bc47589e
Bug on Platform
Linux-amd64(x86-64)
Describe the Bug
OpenClash 启动后,有概率无法接管 TCP 流量,控制面板中仅有 UDP 连接(Tun(udp) 和 TProxy(udp)),无法访问任何网站,重新启动 OpenClash 数次后恢复正常。
To Reproduce
重新启动 OpenWrt。
OpenClash Log