search

xiaorouji / openwrt-passwall

7.02k stars 2.62k forks source link

TCP TProxy 模式下us.archive.ubuntu.com无法访问 #1831

Closed realJustinLee closed 2 years ago

realJustinLee commented 2 years ago

描述bug(必填)

TCP TProxy 模式下us.archive.ubuntu.com无法访问

复现步骤(必填)

passwall->高级设置->TCP 代理模式->TPROXY

你想要实现的目的(必填)

访问 http://us.archive.ubuntu.com

日志信息(必填!)

2022-03-15 20:05:47: 删除相关防火墙规则完成。
2022-03-15 20:05:53: 清空并关闭相关程序和缓存完成。
2022-03-15 20:05:53: TCP节点:========================,监听端口:1041
2022-03-15 20:05:53: 开启实验性IPv6透明代理(TProxy),请确认您的节点及类型支持IPv6!
2022-03-15 20:05:54: 过滤服务配置:准备接管域名解析...
2022-03-15 20:05:54:   + [0]Pdnsd (127.0.0.1:7913)...
2022-03-15 20:05:54:   | - [0]上游DNS:1.1.1.1:53
2022-03-15 20:05:54:   - 域名解析:pdnsd + 使用(TCP节点)解析域名...
2022-03-15 20:05:54:   * 请确认上游 DNS 支持 TCP 查询,如非直连地址,确保 TCP 代理打开,并且已经正确转发!
2022-03-15 20:05:55:   - [0]节点列表中的域名(vpsiplist):=======.1
2022-03-15 20:05:55:   - [0]域名白名单(whitelist):=======.1
2022-03-15 20:05:55:   - [0]代理域名表(blacklist):127.0.0.1#7913
2022-03-15 20:05:55:   - [0]防火墙域名表(gfwlist):127.0.0.1#7913
2022-03-15 20:05:55:   - PassWall必须依赖于Dnsmasq,如果你自行配置了错误的DNS流程,将会导致域名(直连/代理域名)分流失效!!!
2022-03-15 20:05:55: 开始加载防火墙规则...
2022-03-15 20:05:56: 加入负载均衡的节点到ipset[vpsiplist]直连完成
2022-03-15 20:05:56: 加入所有节点到ipset[vpsiplist]直连完成
2022-03-15 20:05:56: 加载路由器自身 TCP 代理...
2022-03-15 20:05:56:   - 启用 TPROXY 模式
2022-03-15 20:05:56:   - [0]将上游 DNS 服务器 1.1.1.1:53 加入到路由器自身代理的 TCP 转发链
2022-03-15 20:05:56: 加载路由器自身 UDP 代理...
2022-03-15 20:06:00: 防火墙规则加载完成!
2022-03-15 20:06:03: 重启 dnsmasq 服务
2022-03-15 20:06:03: 配置定时任务:自动更新规则。
2022-03-15 20:06:03: 配置定时任务:自动更新==========订阅。
2022-03-15 20:06:03: 运行完成!

截图

Null

系统相关信息(必填)

OpenWrt R22.3.13 / LuCI Master (git-22.068.45502-a50e601)
PKG_NAME:=luci-app-passwall
PKG_VERSION:=4.51
PKG_RELEASE:=4

其他相关信息

Null

realJustinLee commented 2 years ago 
GET http://us.archive.ubuntu.com/
Error: read ECONNRESET
Request Headers
User-Agent: PostmanRuntime/7.29.0
Accept: */*
Postman-Token: 0a3352cd-13c1-4cd2-af9b-80947192dfbc
Host: us.archive.ubuntu.com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
xiaorouji commented 2 years ago

测试正常,你节点问题吧?

realJustinLee commented 2 years ago

@xiaorouji 我的节点似乎没有问题,trojan的节点。切换回redirect就可以访问了 BTW, TPROXY 模式下大部分域名是可以访问的,但是gei请求会出现断联

realJustinLee commented 2 years ago

@xiaorouji Here's the tcp log, it seems to be a connection refuse

[INFO]  2022/03/15 14:41:00 trojan-go 0.10.6 initializing
[ERROR] 2022/03/15 14:41:06 github.com/p4gefau1t/trojan-go/proxy.(*Proxy).relayConnLoop.func1.1:proxy.go:66 proxy failed to dial connection | tls failed to dial conn | transport failed to connect to remote server | freedom failed to dial my.server.com:6674 | dial tcp: lookup my.server.com on [::1]:53: read udp [::1]:48785->[::1]:53: read: connection refused
[ERROR] 2022/03/15 14:41:06 github.com/p4gefau1t/trojan-go/proxy.(*Proxy).relayConnLoop.func1.1:proxy.go:66 proxy failed to dial connection | tls failed to dial conn | transport failed to connect to remote server | freedom failed to dial my.server.com:6674 | dial tcp: lookup my.server.com on [::1]:53: read udp [::1]:43791->[::1]:53: read: connection refused
[ERROR] 2022/03/15 14:41:07 github.com/p4gefau1t/trojan-go/proxy.(*Proxy).relayConnLoop.func1.1:proxy.go:66 proxy failed to dial connection | tls failed to dial conn | transport failed to connect to remote server | freedom failed to dial my.server.com:6674 | dial tcp: lookup my.server.com on [::1]:53: read udp [::1]:46588->[::1]:53: read: connection refused
[ERROR] 2022/03/15 14:41:07 github.com/p4gefau1t/trojan-go/proxy.(*Proxy).relayConnLoop.func1.1:proxy.go:66 proxy failed to dial connection | tls failed to dial conn | transport failed to connect to remote server | freedom failed to dial my.server.com:6674 | dial tcp: lookup my.server.com on [::1]:53: read udp [::1]:59821->[::1]:53: read: connection refused
zjy2200656 commented 2 years ago

同样,tproxy打开gta5显示无法下载在线政策,换redirect模式正常

realJustinLee commented 2 years ago

问题在重置固件后得以消除,应该是某个设置再一次次迭代中deprecate了