wazzx
commented
2 years ago 看了这个discussions看来是dnsmasq-full 2.86-14的问题。
Closed AKTanara closed 2 years ago
wazzx
commented
2 years ago 看了这个discussions看来是dnsmasq-full 2.86-14的问题。
WYC-2020
commented
2 years ago dnsmasq表示不背这个锅
wazzx
commented
2 years ago dnsmasq表示不背这个锅
我想问一下是什么问题。怎么处理
wazzx
commented
2 years ago iptables 目前如果是22.03.2官方的默认安装里面是没有iptables和ipset,目前官方软件源只默认安装了kmod-nf-ipt
hcym
commented
2 years ago 还是编译吧,涉及kmod的麻烦事,我刚刚用master 编译的正常使用
AKTanara
commented
2 years ago Dear Chinese fellas, Thanks for all your comments. Since I don't know Chinese, I'm using imperfect Google Translator to be able to understand what you say. Please tell me what was the conclusion? Since I do not know how to compile, should I wait for the next version of Passwall or there is anything I can do to overcome this issue for now? Thanks again for this software and keeping it maintained.
1715173329
commented
2 years ago I guess you're still using an old version which didn't support fw4 (nftables) ;) You can try this build https://github.com/MoetaYuko/openwrt-passwall-build OR use v2rayA instead: https://v2raya.org/en/docs/prologue/installation/openwrt/
AKTanara
commented
2 years ago I guess you're still using an old version which didn't support fw4 (nftables) ;) You can try this build https://github.com/MoetaYuko/openwrt-passwall-build OR use v2rayA instead: https://v2raya.org/en/docs/prologue/installation/openwrt/
Thanks for reply, The first link you provided is exactly the version I'm using (I have provided the same link in the first line of my initial post) and the second one (v2rayA) is the one I've been trying to work with for the past 2 weeks. It also doesn't work. The strange point is that both of them fail the same. They just do not pass the traffic through VPN server.
1715173329
commented
2 years ago The first link you provided is exactly the version I'm using
Okay. So you just run opkg install luci-app-passwall right? Tproxy dependencies won't be installed with it.
https://github.com/xiaorouji/openwrt-passwall/blob/20a3c63ee9e8dd98a0ae45cf90bf66ff7cae14e2/luci-app-passwall/Makefile#L79-L83
You have to install them manually. Note dnsmasq-full is conflict with the default installed dnsmasq, uninstall it first.
The strange point is that both of them fail the same. They just do not pass the traffic through VPN server.
v2rayA uses iptables-translate, and it might not work correctly. v2rayA provides two transparent proxy methods, REDIRECT and TPROXY, try another one and see if it works.
I would suggest using old stable 21.02.x release if possible, fw4 is still too new to these softwares.
AKTanara
commented
2 years ago Let's compile it. It involves the trouble of kmod. I just compiled it with master and used it normally.
Sorry, I do not know How to compile! Should I wait for the next version of Passwall?! Isn't there any workarounds?
AKTanara
commented
2 years ago Thanks, For PASSWALL:
You have to install them manually. Note
dnsmasq-fullis conflict with the default installeddnsmasq, uninstall it first.
I did as you told. Some of them where already installed (nftables & kmod-nft-nat). After doing so there is a "TCP Proxy Way" option in the "Other Settings" tab that I can choose between REDIRECT & TPROXY but as before none of them make it work. I believe that main issue lies in firewall. When I choose Firewall tools = IPtables this comes up: 系统未安装iptables或ipset,无法透明代理! And Firewall tools = NFtables brings up: Dnsmasq软件包不满足nftables透明代理要求,如需使用请确保dnsmasq版本在2.87以上并开启nftset支持。
For v2rayA:
v2rayA uses iptables-translate, and it might not work correctly. v2rayA provides two transparent proxy methods, REDIRECT and TPROXY, try another one and see if it works.
Since 10 days ago I've tried every possible combination of settings in v2rayA to get it work and failed.
I would suggest using old stable 21.02.x release if possible, fw4 is still too new to these softwares.
Did this with almost every FW released since 2 years ago...
Thanks again for reply and sharing
1715173329
commented
2 years ago I believe that main issue lies in firewall.
Dependencies, actually.
When I choose Firewall tools = IPtables this comes up: 系统未安装iptables或ipset,无法透明代理!
Sure. These packages are needed: https://github.com/xiaorouji/openwrt-passwall/blob/20a3c63ee9e8dd98a0ae45cf90bf66ff7cae14e2/luci-app-passwall/Makefile#L65-L74
And Firewall tools = NFtables brings up: Dnsmasq软件包不满足nftables透明代理要求,如需使用请确保dnsmasq版本在2.87以上并开启nftset支持。
Mainline dnsmasq still remains 2.86, nftset support is lacked in that version. You can download 2.87 here: https://downloads.immortalwrt.org/snapshots/packages/aarch64_cortex-a53/base/dnsmasq-full_2.87-3_aarch64_cortex-a53.ipk
And remember to replace aarch64_cortex-a53 with your actual architecture.
For v2rayA:
v2rayA uses iptables-translate, and it might not work correctly. v2rayA provides two transparent proxy methods, REDIRECT and TPROXY, try another one and see if it works.
Since 10 days ago I've tried every possible combination of settings in v2rayA to get it work and failed.
All right. I ever tested it and somehow worked for me, not sure if something is missing.
I would suggest using old stable 21.02.x release if possible, fw4 is still too new to these softwares.
Did this with almost every FW released since 2 years ago...
I don't know what do you mean. 21.02.5 was just released a day before.
AKTanara
commented
2 years ago Thanks @1715173329
Your instructions are awesome.
I have installed all the packages you mentioned and upgraded dnsmasq-full to 2.87-3 but I'm still using 22.03.2.
There has been improvements but still no traffic passes VPN.
With the following settings:
LOGS: 2022-10-18 10:51:42: 删除相关防火墙规则完成。 2022-10-18 10:51:43: 清空并关闭相关程序和缓存完成。 2022-10-18 10:51:43: TCP节点:[Ronia-vless-tls]164.92.185.201:4443,监听端口:1041 2022-10-18 10:51:43: UDP节点:[Ronia-vless-tls]164.92.185.201:4443,监听端口:1051 2022-10-18 10:51:43: 过滤服务配置:准备接管域名解析... 2022-10-18 10:51:43: - 域名解析:dns2tcp + 使用(TCP节点)解析域名... 2022-10-18 10:51:43: * 请确认上游 DNS 支持 TCP 查询,如非直连地址,确保 TCP 代理打开,并且已经正确转发! 2022-10-18 10:51:43: - 以上所列以外及默认:127.0.0.1#15353 2022-10-18 10:51:43: - PassWall必须依赖于Dnsmasq,如果你自行配置了错误的DNS流程,将会导致域名(直连/代理域名)分流失效!!! 2022-10-18 10:51:43: 开始加载防火墙规则... 2022-10-18 10:51:44: 加入负载均衡的节点到ipset[vpsiplist]直连完成 2022-10-18 10:51:44: 加入所有节点到ipset[vpsiplist]直连完成 2022-10-18 10:51:44: 加载路由器自身 TCP 代理... 2022-10-18 10:51:44: - 启用 TPROXY 模式 2022-10-18 10:51:44: - [0]将上游 DNS 服务器 8.8.8.8:53 加入到路由器自身代理的 TCP 转发链 2022-10-18 10:51:44: - [0],屏蔽代理UDP 端口:80,443 2022-10-18 10:51:44: 加载路由器自身 UDP 代理... 2022-10-18 10:51:44: TCP默认代理:使用TCP节点[Ronia-vless-tls] 全局代理代理所有端口 2022-10-18 10:51:45: UDP默认代理:使用UDP节点[Ronia-vless-tls] 全局代理代理所有端口 2022-10-18 10:51:45: 防火墙规则加载完成! 2022-10-18 10:51:45: 重启 dnsmasq 服务 2022-10-18 10:51:45: 运行完成!
Again your comments are the only source of improvement in past two weeks... Thanks
AKTanara
commented
2 years ago After installing dnsmasq-full 2.87-3, as soon as I change Firewall Tools to NFtables, in a few seconds Total memory available of the device shrinks and device gets unresponsive...
AKTanara
commented
2 years ago And a new piece of information: When I use Firewall Tools = IPtables, I get this from node log but cannot connect thruogh VPN: 2022/10/18 12:07:37 192.168.1.158:52802 accepted tcp:142.250.184.195:443 [tcp_redir >> ddde284ba3184d3fa36c20bda15bd978] 2022/10/18 12:07:42 192.168.1.15:49179 accepted tcp:142.250.145.136:443 [tcp_redir >> ddde284ba3184d3fa36c20bda15bd978] 2022/10/18 12:07:42 192.168.1.15:49180 accepted tcp:142.250.145.136:443 [tcp_redir >> ddde284ba3184d3fa36c20bda15bd978] 2022/10/18 12:07:45 192.168.1.158:51122 accepted tcp:172.217.16.202:443 [tcp_redir >> ddde284ba3184d3fa36c20bda15bd978] 2022/10/18 12:07:46 192.168.1.158:52806 accepted tcp:142.250.184.195:443 [tcp_redir >> ddde284ba3184d3fa36c20bda15bd978] 2022/10/18 12:07:49 192.168.1.15:49187 accepted tcp:108.177.119.94:80 [tcp_redir >> ddde284ba3184d3fa36c20bda15bd978] 2022/10/18 12:07:50 192.168.1.15:49194 accepted tcp:142.250.145.136:443 [tcp_redir >> ddde284ba3184d3fa36c20bda15bd978] 2022/10/18 12:07:51 192.168.1.15:49195 accepted tcp:142.250.145.136:443 [tcp_redir >> ddde284ba3184d3fa36c20bda15bd978] 2022/10/18 12:07:52 192.168.1.15:49200 accepted tcp:142.250.145.136:443 [tcp_redir >> ddde284ba3184d3fa36c20bda15bd978] 2022/10/18 12:07:52 192.168.1.15:49201 accepted tcp:142.250.145.136:443 [tcp_redir >> ddde284ba3184d3fa36c20bda15bd978] 2022/10/18 12:07:54 192.168.1.15:49202 accepted tcp:184.87.16.37:443 [tcp_redir >> ddde284ba3184d3fa36c20bda15bd978] 2022/10/18 12:07:56 192.168.1.15:49203 accepted tcp:185.188.106.10:443 [tcp_redir >> ddde284ba3184d3fa36c20bda15bd978] 2022/10/18 12:07:58 192.168.1.15:49204 accepted tcp:13.89.178.27:443 [tcp_redir >> ddde284ba3184d3fa36c20bda15bd978] 2022/10/18 12:07:58 192.168.1.15:49205 accepted tcp:142.250.153.95:443 [tcp_redir >> ddde284ba3184d3fa36c20bda15bd978] 2022/10/18 12:07:59 192.168.0.20:54832 accepted tcp:8.8.8.8:53 [tcp_redir >> ddde284ba3184d3fa36c20bda15bd978] 2022/10/18 12:08:04 192.168.0.20:43064 accepted tcp:8.8.8.8:53 [tcp_redir >> ddde284ba3184d3fa36c20bda15bd978]
I am pretty sure that issue is not with the node itself cuz using same settings in PC with v2rayN I can use it:
1715173329
commented
2 years ago v2rayA should work with iptables then.
With your log I only know tproxy works, but core log is missing.
xiaorouji
commented
2 years ago @AKTanara Why don't use the "Availability test" on the node in the "Node List" to check it?
AKTanara
commented
2 years ago @xiaorouji I did but it always returns Timeout
besides, as you can see in the screenshot, if I use server domain name I even wont get ping from the server. On the same network with the PC & v2rayN client SW, none of these issues exist.
xiaorouji
commented
2 years ago @AKTanara If 'Availability test' is timeout, most likely it is a node configuration problem, or the generated configuration file is incorrect.
AKTanara
commented
2 years ago @xiaorouji The node settings are exactly the same as the one that is being used in Windows client (v2rayN) on the same network and is working perfectly... Again thanks for the hints
xiaorouji
commented
2 years ago @AKTanara You can compare the JSON configuration file generated by V2rayN and Passwall.
AKTanara
commented
2 years ago @xiaorouji Can you please tell me where can I find Passwall JSON config file?
xh0823
commented
2 years ago @xiaorouji我,它但总是返回客户端软件,就像你在屏幕中看到的那样 ,我使用服务器域名,我什至不会从服务器得到如果在与 PC 和 v2ray 相同的网络上执行,这些问题都不存在。
我刚刚重新编译了官方源码,现在不会自动选择这些了, ipset ipt2socks iptables iptables-mod-conntrack-extra iptables-mod-iprange iptables-mod-socket iptables-mod-tproxy kmod-ipt-nat 要自己手动安装
github-actions[bot]
commented
2 years ago Stale Issue
描述您遇到的bug
I have installed Passwall on OpenWrt 22.03.2 r19803-9a599fee93 using this manual. I have also installed: iptables-nft v2ray-core xray-core but in the end I get this error in logs: 系统未安装iptables或ipset,无法透明代理!
复现此Bug的步骤
Flash OpenWrt 22.03.2 on router. install Passwall using this manual install: iptables-nft v2ray-core xray-core
您想要实现的目的
get VLESS connection working on OpenWRT router using Passwall.
日志信息
2022-10-17 21:25:43: 清空并关闭相关程序和缓存完成。 2022-10-17 21:25:43: 系统未安装iptables或ipset,无法透明代理! 2022-10-17 21:25:43: 运行完成!
截图
No response
系统相关信息
Passwall Version: 4.55 OpenWRT Version: 22.03.2 r19803-9a599fee93
其他信息
No response