laomao333
commented
4 years ago 
Closed laomao333 closed 4 years ago
laomao333
commented
4 years ago
jakeslee
commented
4 years ago 启动后在路由器无法访问网络,Fake-IP 模式
# wget https://baidu.com
--2020-10-15 23:05:21-- https://baidu.com/
Resolving baidu.com... 198.18.0.136
Connecting to baidu.com|198.18.0.136|:443... ^Afailed: Operation timed out.
Retrying.
--2020-10-15 23:07:31-- (try: 2) https://baidu.com/
Connecting to baidu.com|198.18.0.136|:443...
yanyingjie007
commented
4 years ago same here
tian-jeff
commented
4 years ago 同样的问题,现在导致我的微信推送和DDNS都无法正常运行,我的报错是connection refused
vernesong
commented
4 years ago 提供连接日志和防火墙配置
tian-jeff
commented
4 years ago #===================== 防火墙设置 =====================#
#NAT chain
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 8.8.4.4
2 ACCEPT tcp -- 0.0.0.0/0 8.8.8.8
3 prerouting_rule all -- 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom prerouting rule chain */
4 zone_lan_prerouting all -- 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
5 openclash tcp -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 openclash_output all -- 0.0.0.0/0 0.0.0.0/0
#Mangle chain
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 openclash udp -- 0.0.0.0/0 0.0.0.0/0
2 openclash_dns_hijack tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 openclash_output all -- 0.0.0.0/0 0.0.0.0/0
2 RRDIPT_OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
#===================== 路由表状态 =====================#
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.10.10.253 0.0.0.0 UG 0 0 0 br-lan
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
198.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 utun
#ip route list
default via 10.10.10.253 dev br-lan proto static
10.10.10.0/24 dev br-lan proto kernel scope link src 10.10.10.252
198.18.0.0/16 dev utun proto kernel scope link src 198.18.0.1
#ip rule show
0: from all lookup local
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
laomao333
commented
4 years ago 提供连接日志和防火墙配置
OpenClash 调试日志
生成时间: 2020-10-16 22:15:07 插件版本: v0.40.10-beta
#===================== 系统信息 =====================#
主机型号: Intel(R) Celeron(R) CPU 3865U @ 1.80GHz : 1 Core 2 Thread
固件版本: OpenWrt SNAPSHOT r2077-c6b967d8
LuCI版本: git-20.051.42827-3e80fef-1
内核版本: 4.19.106
处理器架构: x86_64
#此项在使用Tun模式时应为ACCEPT
防火墙转发: ACCEPT
#此项有值时建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP:
#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置:
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
jsonfilter: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
iptables-mod-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 未安装
#===================== 内核检查 =====================#
运行状态: 运行中
已选择的架构: linux-amd64
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2020.10.13.gd3de533
Tun内核文件: 存在
Tun内核运行权限: 正常
Game内核版本: v0.17.0-206-gf8a1f1d
Game内核文件: 存在
Game内核运行权限: 正常
Dev内核版本: v1.2.0-1-gbc52f8e
Dev内核文件: 存在
Dev内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/v2ray-666.yaml
运行模式: redir-host-mix
默认代理模式: rule
UDP流量转发: 停用
DNS劫持: 停用
自定义DNS: 启用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
绕过中国大陆IP: 停用
#启动异常时建议关闭此项后重试
保留配置: 启用
#启动异常时建议关闭此项后重试
第三方规则: lhie1
第三方规则策略组设置:
GlobalTV: GlobalTV
AsianTV: AsianTV
Proxy: Proxy
Apple: Apple
Netflix: Netflix
Spotify: Spotify
Steam: Steam
AdBlock: AdBlock
Netease Music: Netease Music
Speedtest: Speedtest
Telegram: Telegram
Microsoft: Microsoft
PayPal: PayPal
Domestic: Domestic
Others: Others
读取的配置文件策略组:
Auto - UrlTest
Proxy
Domestic
Others
Apple
Microsoft
Netflix
Youtube
Spotify
Steam
AdBlock
AsianTV
GlobalTV
Speedtest
Telegram
PayPal
DIRECT
REJECT
#===================== 配置文件 =====================#
redir-port: 7892
port: 7890
socks-port: 7891
ipv6: false
mode: rule
log-level: silent
external-controller: 192.168.1.254:9090
allow-lan: true
bind-address: "192.168.1.254"
external-ui: "/usr/share/openclash/dashboard"
tun:
enable: true
stack: gvisor
dns-hijack:
- tcp://8.8.8.8:53
- tcp://8.8.4.4:53
hosts:
##Custom HOSTS##
# experimental hosts, support wildcard (e.g. *.clash.dev Even *.foo.*.example.com)
# static domain has a higher priority than wildcard domain (foo.example.com > *.example.com)
# NOTE: hosts don't work with `fake-ip`
# '*.clash.dev': 127.0.0.1
# 'alpha.clash.dev': '::1'
##Custom HOSTS END##
dns:
use-hosts: true
enable: true
ipv6: false
enhanced-mode: redir-host
listen: 127.0.0.1:7874
fake-ip-filter:
nameserver:
##Custom DNS##
- 192.168.1.2
fallback:
- tls://8.8.8.8:853
fallback-filter:
geoip: true
ipcidr:
- 0.0.0.0/8
- 10.0.0.0/8
- 100.64.0.0/10
- 127.0.0.0/8
- 169.254.0.0/16
- 172.16.0.0/12
- 192.0.0.0/24
- 192.0.2.0/24
- 192.88.99.0/24
- 192.168.0.0/16
- 198.18.0.0/15
- 198.51.100.0/24
- 203.0.113.0/24
- 224.0.0.0/4
- 240.0.0.0/4
- 255.255.255.255/32
#===================== 防火墙设置 =====================#
#NAT chain
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 8.8.4.4
2 ACCEPT tcp -- 0.0.0.0/0 8.8.8.8
3 REDIRECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 redir ports 53
4 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 redir ports 53
5 DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
6 prerouting_rule all -- 0.0.0.0/0 0.0.0.0/0 /* !fw3: Custom prerouting rule chain */
7 zone_lan_prerouting all -- 0.0.0.0/0 0.0.0.0/0 /* !fw3 */
8 openclash tcp -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 openclash_output all -- 0.0.0.0/0 0.0.0.0/0
2 DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
#Mangle chain
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 openclash udp -- 0.0.0.0/0 0.0.0.0/0
2 openclash_dns_hijack tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 openclash_output all -- 0.0.0.0/0 0.0.0.0/0
#===================== 路由表状态 =====================#
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.2 0.0.0.0 UG 0 0 0 br-lan
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
198.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 utun
#ip route list
default via 192.168.1.2 dev br-lan proto static
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.254
198.18.0.0/16 dev utun proto kernel scope link src 198.18.0.1
#ip rule show
0: from all lookup local
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
#===================== Tun设备状态 =====================#
utun: tun pi filter
#===================== 端口占用状态 =====================#
tcp 0 0 192.168.1.254:9090 0.0.0.0:* LISTEN 18861/clash
tcp 0 0 192.168.1.254:7890 0.0.0.0:* LISTEN 18861/clash
tcp 0 0 192.168.1.254:7891 0.0.0.0:* LISTEN 18861/clash
tcp 0 0 192.168.1.254:7892 0.0.0.0:* LISTEN 18861/clash
udp 0 0 127.0.0.1:7874 0.0.0.0:* 18861/clash
udp 0 0 192.168.1.254:7891 0.0.0.0:* 18861/clash
udp 0 0 192.168.1.254:7892 0.0.0.0:* 18861/clash
udp 0 0 :::60102 :::* 18861/clash
#===================== 测试本机DNS查询 =====================#
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: www.baidu.com
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address 1: 14.215.177.39
Address 2: 14.215.177.38
*** Can't find www.baidu.com: No answer
#===================== resolv.conf.auto =====================#
# Interface lan
nameserver 192.168.1.2
#===================== 测试本机网络连接 =====================#
#===================== 测试本机网络下载 =====================#
HTTP/1.1 200 Connection established
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 80
Content-Type: text/plain; charset=utf-8
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
ETag: "c99ab8112c4b03a91444540c620183128306cd059f8f42d6c9e3399a4d311342"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
Via: 1.1 varnish (Varnish/6.0)
X-GitHub-Request-Id: D3AE:0AED:555EC7:58FE07:5F899AD2
Accept-Ranges: bytes
Date: Fri, 16 Oct 2020 14:15:09 GMT
Via: 1.1 varnish
X-Served-By: cache-hkg17932-HKG
X-Cache: HIT, HIT
X-Cache-Hits: 1, 2
X-Timer: S1602857709.076601,VS0,VE0
Vary: Authorization,Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Fastly-Request-ID: 5d6f07ca9fa40375f78a4902f7619eb60d200793
Expires: Fri, 16 Oct 2020 14:20:09 GMT
Source-Age: 69
#===================== 最近运行日志 =====================#
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Youku"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Special"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider ViuTV"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Bilibili"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Reject"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider BBC iPlayer"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Pandora"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Netease Music"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Disney Plus"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Netflix"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Fox+"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Hulu Japan"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Apple"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Fox Now"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Telegram"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider ABC"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider PROXY"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Tencent Video"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Steam"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Spotify"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Japonx"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Abema TV"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider DAZN"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Pornhub"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Amazon"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Speedtest"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider myTV SUPER"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider KKBOX"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Domestic"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider PayPal"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Apple TV"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Hulu"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Letv"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Bahamut"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider PBS"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider JOOX"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider KKTV"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Microsoft"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider iQiyi"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider encoreTVB"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider HBO"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Apple News"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Soundcloud"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider YouTube"
time="2020-10-15T11:24:57Z" level=info msg="Start initial rule provider Domestic IPs"
time="2020-10-15T11:24:58Z" level=info msg="DNS server listening at: 127.0.0.1:7874"
2020-10-15 19:24:52 OpenClash Start Successful
2020-10-15 19:26:02 GEOIP Database Update Error
2020-10-15 19:26:11 Chnroute Lists Update Error
2020-10-15 19:52:45 GEOIP Database Update Error
chown nobody:nogroup /etc/openclash/core/* 2>/dev/null
tian-jeff
commented
4 years ago 执行后,重启还是不行
laomao333
commented
4 years ago chown nobody:nogroup /etc/openclash/core/* 2>/dev/null
没效果
Doraemon2020
commented
4 years ago 执行后,重启还是不行
我重刷了固件回到0.36.7硬是获取不了最新客户端版本,可以更新内核
vernesong
commented
4 years ago chown nobody:nogroup /etc/openclash/core/* 2>/dev/null
没效果
你的DNS劫持没开
tian-jeff
commented
4 years ago chown nobody:nogroup /etc/openclash/core/* 2>/dev/null
没效果
你的DNS劫持没开
为啥我的开了劫持也不行
laomao333
commented
4 years ago chown nobody:nogroup /etc/openclash/core/* 2>/dev/null
没效果
你的DNS劫持没开
我开了劫持后试了一遍,没效果
vernesong
commented
4 years ago 关仅允许内网,开DNS劫持,仅允许内网在tun模式下有这个问题
shiyush-git
commented
4 years ago 貌似还是不行
time="2020-10-16T15:42:18Z" level=info msg="DNS server listening at: 127.0.0.1:7874" time="2020-10-16T15:42:18Z" level=error msg="Start Tun interface error: CreateTUN(\"utun\") failed; /dev/net/tun does not exist" 2020-10-16 23:42:10 OpenClash Start Successful 2020-10-16 23:45:24 Error: 【Tun】Core Version Check Error, Please Try Again After A few Seconds 2020-10-16 23:45:24 Error: OpenClash 【Game】 Core Update Error 2020-10-16 23:45:24 Error: OpenClash 【Dev】 Core Update Error 2020-10-16 23:45:35 OpenClash Version Check Error, Please Try Again After A few seconds 2020-10-17 00:00:00 GEOIP Database Update Error 2020-10-17 00:00:44 Warning: Multiple Start Scripts Running, Exit... 2020-10-17 00:00:45 Reload OpenClash Firewall Rules 2020-10-17 00:01:41 Error: 【Tun】Core Version Check Error, Please Try Again After A few Seconds 2020-10-17 00:01:41 Error: OpenClash 【Game】 Core Update Error 2020-10-17 00:01:41 Error: OpenClash 【Dev】 Core Update Error
tian-jeff
commented
4 years ago 关仅允许内网,开DNS劫持,仅允许内网在tun模式下有这个问题
可以了,感谢。
vernesong
commented
4 years ago 貌似还是不行
time="2020-10-16T15:42:18Z" level=info msg="DNS server listening at: 127.0.0.1:7874" time="2020-10-16T15:42:18Z" level=error msg="Start Tun interface error: CreateTUN("utun") failed; /dev/net/tun does not exist" 2020-10-16 23:42:10 OpenClash Start Successful 2020-10-16 23:45:24 Error: 【Tun】Core Version Check Error, Please Try Again After A few Seconds 2020-10-16 23:45:24 Error: OpenClash 【Game】 Core Update Error 2020-10-16 23:45:24 Error: OpenClash 【Dev】 Core Update Error 2020-10-16 23:45:35 OpenClash Version Check Error, Please Try Again After A few seconds 2020-10-17 00:00:00 GEOIP Database Update Error 2020-10-17 00:00:44 Warning: Multiple Start Scripts Running, Exit... 2020-10-17 00:00:45 Reload OpenClash Firewall Rules 2020-10-17 00:01:41 Error: 【Tun】Core Version Check Error, Please Try Again After A few Seconds 2020-10-17 00:01:41 Error: OpenClash 【Game】 Core Update Error 2020-10-17 00:01:41 Error: OpenClash 【Dev】 Core Update Error
kmod-tun依赖有问题,建议你刷固件或者换模式
Doraemon2020
commented
4 years ago 执行后,重启还是不行
我重刷了固件回到0.36.7硬是获取不了最新客户端版本,可以更新内核
已解决
kircs
commented
4 years ago 关仅允许内网,开DNS劫持,仅允许内网在tun模式下有这个问题
已解決,感謝
laomao333
commented
4 years ago 关仅允许内网,开DNS劫持,仅允许内网在tun模式下有这个问题 解决,谢谢
laomao333
commented
4 years ago 关仅允许内网,开DNS劫持,仅允许内网在tun模式下有这个问题
望大佬后续更新,我这边开了劫持对我群辉的快联有影响
vernesong
commented
4 years ago 关仅允许内网,开DNS劫持,仅允许内网在tun模式下有这个问题
望大佬后续更新,我这边开了劫持对我群辉的快联有影响
没有群辉怎么支持,你自己测试最好的方案提意见
laomao333
commented
4 years ago 关仅允许内网,开DNS劫持,仅允许内网在tun模式下有这个问题
望大佬后续更新,我这边开了劫持对我群辉的快联有影响
没有群辉怎么支持,你自己测试最好的方案提意见 我主要不知道这边dns劫持是用的什么机制,如果知道这个劫持功能实现的原理,我就好测试 然后以前的版本0.40.7以前,不开劫持跟新都很好没影响
tian-jeff
commented
4 years ago 关仅允许内网,开DNS劫持,仅允许内网在tun模式下有这个问题
望大佬后续更新,我这边开了劫持对我群辉的快联有影响
推荐直接DDNS