search

xiaorouji / openwrt-passwall

7.21k stars 2.65k forks source link

[Bug]:多WAN口下Passwall无法正常使用(Passwall 4.59-7之后版本) #2369

Closed lxhao61 closed 1 year ago

lxhao61 commented 1 year ago

描述您遇到的bug

工作在多WAN网口(PPPoE、IPTV、VOIP)情况下,Passwall节点除地址直接IP外,节点列表及连接测试全部超时;同时不能使用TCP传输方式的普通节点(非REALITY应用)正常翻墙。

复现此Bug的步骤

4.59-7之后版本情况: 工作在多WAN网口(PPPoE、IPTV、VOIP)情况下,Passwall节点除地址直接IP外,节点列表及连接测试全部超时;同时不能使用TCP传输方式的普通节点(非REALITY应用)正常翻墙。若删除IPTV、VOIP网口,一切恢复正常。 4.59-7之前版本情况情况(含自己): 一切正常。

您想要实现的目的

工作在多WAN网口(PPPoE、IPTV、VOIP)情况下,Passwall能正常翻墙,且状态正常。

日志信息

Xray 1.8.0 (Xray, Penetrates Everything.) OpenWrt (go1.19.6 linux/arm) A unified platform for anti-censorship. 2023/03/13 11:19:22 [Info] infra/conf/serial: Reading config: /tmp/etc/passwall/TCP_UDP_SOCKS_DNS.json 2023/03/13 11:19:24 192.168.6.162:56109 accepted tcp:91.108.56.161:443 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:19:24 192.168.6.162:56110 accepted tcp:91.108.56.161:80 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:19:33 192.168.6.162:56112 accepted tcp:142.251.220.46:443 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:19:34 127.0.0.1:57495 accepted udp:1.1.1.1:53 [dns-in -> dns-out] 2023/03/13 11:19:34 127.0.0.1:58232 accepted udp:1.1.1.1:53 [dns-in -> dns-out] 2023/03/13 11:19:34 DNS accepted https://1.1.1.1/dns-query [dns-in1 -> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:19:36 192.168.6.162:56113 accepted tcp:172.217.27.42:443 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:19:37 DNS accepted https://1.1.1.1/dns-query [dns-in1 -> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:19:37 DNS accepted https://1.1.1.1/dns-query [dns-in1 -> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:19:38 [Error] app/dns: failed to retrieve response for www.google.com. > Post "https://1.1.1.1/dns-query": context deadline exceeded 2023/03/13 11:19:39 192.168.6.162:56114 accepted tcp:74.125.164.169:443 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:19:39 192.168.6.162:56115 accepted tcp:74.125.164.169:443 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:19:41 [Error] app/dns: failed to retrieve response for www.google.com. > Post "https://1.1.1.1/dns-query": context deadline exceeded 2023/03/13 11:19:41 [Error] app/dns: failed to retrieve response for www.google.com. > Post "https://1.1.1.1/dns-query": context deadline exceeded 2023/03/13 11:19:45 192.168.6.162:56117 accepted tcp:74.125.164.169:443 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:20:06 192.168.6.162:56119 accepted tcp:74.125.164.169:443 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:20:10 192.168.6.162:56123 accepted tcp:142.250.204.36:443 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:20:10 192.168.6.162:56124 accepted tcp:142.251.220.46:443 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:20:14 192.168.6.162:56125 accepted tcp:142.251.220.46:443 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:20:30 127.0.0.1:60788 accepted udp:1.1.1.1:53 [dns-in -> dns-out] 2023/03/13 11:20:30 DNS accepted https://1.1.1.1/dns-query [dns-in1 -> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:20:30 192.168.6.162:56127 accepted tcp:74.125.164.169:443 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:20:32 127.0.0.1:36946 accepted udp:1.1.1.1:53 [dns-in -> dns-out] 2023/03/13 11:20:32 DNS accepted https://1.1.1.1/dns-query [dns-in1 -> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:20:33 DNS accepted https://1.1.1.1/dns-query [dns-in1 -> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:20:34 [Error] app/dns: failed to retrieve response for rr5---sn-oguelnzl.googlevideo.com. > Post "https://1.1.1.1/dns-query": context deadline exceeded 2023/03/13 11:20:34 DNS accepted https://1.1.1.1/dns-query [dns-in1 -> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:20:34 DNS accepted https://1.1.1.1/dns-query [dns-in1 -> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:20:35 DNS accepted https://1.1.1.1/dns-query [dns-in1 -> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:20:36 [Error] app/dns: failed to retrieve response for alt4-mtalk.google.com. > Post "https://1.1.1.1/dns-query": context deadline exceeded 2023/03/13 11:20:37 192.168.6.162:56128 accepted tcp:74.125.164.169:443 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:20:37 DNS accepted https://1.1.1.1/dns-query [dns-in1 -> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:20:37 [Error] app/dns: failed to retrieve response for rr5---sn-oguelnzl.googlevideo.com. > Post "https://1.1.1.1/dns-query": context deadline exceeded 2023/03/13 11:20:37 192.168.6.162:56129 accepted tcp:142.251.220.46:443 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:20:38 [Error] app/dns: failed to retrieve response for alt4-mtalk.google.com. > Post "https://1.1.1.1/dns-query": context deadline exceeded 2023/03/13 11:20:38 [Error] app/dns: failed to retrieve response for rr5---sn-oguelnzl.googlevideo.com. > Post "https://1.1.1.1/dns-query": context deadline exceeded 2023/03/13 11:20:39 [Error] app/dns: failed to retrieve response for rr5---sn-oguelnzl.googlevideo.com. > Post "https://1.1.1.1/dns-query": context deadline exceeded 2023/03/13 11:20:39 DNS accepted https://1.1.1.1/dns-query [dns-in1 -> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:20:40 DNS accepted https://1.1.1.1/dns-query [dns-in1 -> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:20:41 192.168.6.162:56130 accepted tcp:74.125.164.169:443 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:20:41 [Error] app/dns: failed to retrieve response for rr5---sn-oguelnzl.googlevideo.com. > Post "https://1.1.1.1/dns-query": context deadline exceeded 2023/03/13 11:20:41 DNS accepted https://1.1.1.1/dns-query [dns-in1 -> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:20:41 DNS accepted https://1.1.1.1/dns-query [dns-in1 -> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:20:43 DNS accepted https://1.1.1.1/dns-query [dns-in1 -> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:20:43 [Error] app/dns: failed to retrieve response for rr5---sn-oguelnzl.googlevideo.com. > Post "https://1.1.1.1/dns-query": context deadline exceeded 2023/03/13 11:20:44 [Error] app/dns: failed to retrieve response for rr5---sn-oguelnzl.googlevideo.com. > Post "https://1.1.1.1/dns-query": context deadline exceeded 2023/03/13 11:20:45 [Error] app/dns: failed to retrieve response for rr5---sn-oguelnzl.googlevideo.com. > Post "https://1.1.1.1/dns-query": context deadline exceeded 2023/03/13 11:20:45 [Error] app/dns: failed to retrieve response for rr5---sn-oguelnzl.googlevideo.com. > Post "https://1.1.1.1/dns-query": context deadline exceeded 2023/03/13 11:20:47 DNS accepted https://1.1.1.1/dns-query [dns-in1 -> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/13 11:20:47 [Error] app/dns: failed to retrieve response for rr5---sn-oguelnzl.googlevideo.com. > Post "https://1.1.1.1/dns-query": context deadline exceeded 2023/03/13 11:20:51 [Error] app/dns: failed to retrieve response for rr5---sn-oguelnzl.googlevideo.com. > Post "https://1.1.1.1/dns-query": context deadline exceeded

截图

No response

系统相关信息

Passwall版本:4.59-7之后版本

其他信息

No response

lxhao61 commented 1 year ago

无大佬来关注及处理吗?

lxhao61 commented 1 year ago

通过回退源码,反复测试确定luci: optimization acl logic更新后出现了BUG,望大佬处理一下。

xiaorouji commented 1 year ago

请执行 /etc/init.d/passwall restart 后看看有无报错输出? 并提供Passwall日志

xiaorouji commented 1 year ago

我说的是passwall日志不是xray日志

lxhao61 commented 1 year ago

我说的是passwall日志不是xray日志

执行 /etc/init.d/passwall restart 后Passwall日志: 2023-03-21 14:37:19: 执行启动延时 20 秒后再启动! 2023-03-21 14:37:43: 清空并关闭相关程序和缓存完成。 2023-03-21 14:37:44: TCP节点:[Trojan-TCP-TLS]av.itydiy.ml:443,监听端口:1041 2023-03-21 14:37:44: - 域名解析 DNS Over HTTPS... 2023-03-21 14:37:44: 过滤服务配置:准备接管域名解析... 2023-03-21 14:37:44: - 节点列表中的域名(vpsiplist):118.123.63.74,182.145.129.83, 2023-03-21 14:37:44: - 域名白名单(whitelist):118.123.63.74,182.145.129.83, 2023-03-21 14:37:44: - 代理域名表(blacklist):127.0.0.1#15353 2023-03-21 14:37:45: - 防火墙域名表(gfwlist):127.0.0.1#15353 2023-03-21 14:37:45: - PassWall必须依赖于Dnsmasq,如果你自行配置了错误的DNS流程,将会导致域名(直连/代理域名)分流失效!!! 2023-03-21 14:37:45: 开始加载防火墙规则... 2023-03-21 14:37:46: 加入负载均衡的节点到ipset[vpsiplist]直连完成 2023-03-21 14:37:46: 加入所有节点到ipset[vpsiplist]直连完成 2023-03-21 14:37:47: 加载路由器自身 TCP 代理... 2023-03-21 14:37:47: - 启用 TPROXY 模式 2023-03-21 14:37:47: - [0],屏蔽代理UDP 端口:80,443 2023-03-21 14:37:47: 加载路由器自身 UDP 代理... 2023-03-21 14:37:47: TCP默认代理:使用TCP节点[Trojan-TCP-TLS] 防火墙列表代理所有端口 2023-03-21 14:37:48: UDP默认代理:使用UDP节点[Trojan-TCP-TLS] 防火墙列表代理所有端口 2023-03-21 14:37:48: 防火墙规则加载完成! 2023-03-21 14:37:51: 重启 dnsmasq 服务 2023-03-21 14:37:51: 运行完成!

2023-03-21 14:41:16: 删除相关防火墙规则完成。 2023-03-21 14:41:20: 清空并关闭相关程序和缓存完成。 2023-03-21 14:41:20: TCP节点:[Trojan-TCP-TLS]av.itydiy.ml:443,监听端口:1041 2023-03-21 14:41:20: - 域名解析 DNS Over HTTPS... 2023-03-21 14:41:20: 过滤服务配置:准备接管域名解析... 2023-03-21 14:41:21: - PassWall必须依赖于Dnsmasq,如果你自行配置了错误的DNS流程,将会导致域名(直连/代理域名)分流失效!!! 2023-03-21 14:41:21: 开始加载防火墙规则... 2023-03-21 14:41:21: 加入负载均衡的节点到ipset[vpsiplist]直连完成 2023-03-21 14:41:22: 加入所有节点到ipset[vpsiplist]直连完成 2023-03-21 14:41:22: 加载路由器自身 TCP 代理... 2023-03-21 14:41:22: - 启用 TPROXY 模式 2023-03-21 14:41:22: - [0],屏蔽代理UDP 端口:80,443 2023-03-21 14:41:22: 加载路由器自身 UDP 代理... 2023-03-21 14:41:22: TCP默认代理:使用TCP节点[Trojan-TCP-TLS] 防火墙列表代理所有端口 2023-03-21 14:41:23: UDP默认代理:使用UDP节点[Trojan-TCP-TLS] 防火墙列表代理所有端口 2023-03-21 14:41:23: 防火墙规则加载完成! 2023-03-21 14:41:26: 重启 dnsmasq 服务 2023-03-21 14:41:26: 运行完成!

xiaorouji commented 1 year ago

如果你是IP能用而域名不能用的情况下,先检测一下DNS。

lxhao61 commented 1 year ago

如果你是IP能用而域名不能用的情况下,先检测一下DNS。

DNS解析出错,见如下: Xray 1.8.0 (Xray, Penetrates Everything.) OpenWrt (go1.19.6 linux/arm) A unified platform for anti-censorship. 2023/03/24 08:44:21 [Info] infra/conf/serial: Reading config: /tmp/etc/passwall/TCP_UDP_SOCKS_DNS.json 2023/03/24 08:44:23 192.168.6.162:62704 accepted tcp:91.108.56.161:80 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/24 08:44:24 192.168.6.162:62705 accepted tcp:91.108.56.161:80 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/24 08:44:37 127.0.0.1:52651 accepted udp:176.103.130.130:53 [dns-in -> dns-out] 2023/03/24 08:44:37 127.0.0.1:47139 accepted udp:176.103.130.130:53 [dns-in -> dns-out] 2023/03/24 08:44:37 DNS accepted https://dns.adguard.com/dns-query [dns-in1 -> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/24 08:44:40 DNS accepted https://dns.adguard.com/dns-query [dns-in1 -> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/24 08:44:40 DNS accepted https://dns.adguard.com/dns-query [dns-in1 -> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/24 08:44:41 [Error] app/dns: failed to retrieve response for www.google.com. > Post "https://dns.adguard.com/dns-query": context deadline exceeded 2023/03/24 08:44:42 192.168.6.162:62706 accepted tcp:91.108.56.161:80 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/24 08:44:44 [Error] app/dns: failed to retrieve response for www.google.com. > Post "https://dns.adguard.com/dns-query": context deadline exceeded 2023/03/24 08:44:44 [Error] app/dns: failed to retrieve response for www.google.com. > Post "https://dns.adguard.com/dns-query": context deadline exceeded 2023/03/24 08:44:46 192.168.6.162:62707 accepted tcp:91.108.56.161:443 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/24 08:44:46 192.168.6.162:62708 accepted tcp:91.108.56.161:80 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/24 08:44:47 192.168.6.162:62710 accepted tcp:91.108.56.161:443 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/24 08:44:47 192.168.6.162:62711 accepted tcp:91.108.56.161:80 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/24 08:44:49 192.168.6.162:62712 accepted tcp:91.108.56.161:443 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/24 08:44:49 192.168.6.162:62713 accepted tcp:91.108.56.161:80 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/24 08:44:53 192.168.6.162:62714 accepted tcp:91.108.56.161:443 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1] 2023/03/24 08:44:53 192.168.6.162:62715 accepted tcp:91.108.56.161:80 [tcp_redir >> 7cd39ffc3d1548f69e94c7d6b2e64eb1]

lxhao61 commented 1 year ago

最新版本: 最大影响是TCP应用(如:VLESS-Vision-TLS、VLESS-TCP-TLS、Trojan-TCP-TLS等)节点地址使用域名无法正常翻墙,直接使用IP正常。 次要影响就是除节点地址直接IP外,节点地址使用域名全部超时(Hysteria与KCP节点除外)。 image

xiaorouji commented 1 year ago

IP可以,域名不可以明显是DNS烂了。检查一下国内使用的DNS能否正常使用先? 另外似乎从日志里看出一个问题。 节点列表中的域名(vpsiplist):118.123.63.74,182.145.129.83, 最后多了个逗号, 能否看看 /tmp/dnsmasq.d/passwall/001-server.conf 文件,每行的最后是否,结尾

xiaorouji commented 1 year ago

/tmp/resolv.conf.d/resolv.conf.auto 也看看这个文件

lxhao61 commented 1 year ago

IP可以,域名不可以明显是DNS烂了。检查一下国内使用的DNS能否正常使用先? 另外似乎从日志里看出一个问题。 节点列表中的域名(vpsiplist):118.123.63.74,182.145.129.83, 最后多了个逗号, 能否看看 /tmp/dnsmasq.d/passwall/001-server.conf 文件,每行的最后是否,结尾

好的,正在进行。

lxhao61 commented 1 year ago

/tmp/resolv.conf.d/resolv.conf.auto 也看看这个文件

没有这个路径。只找到/tmp/resolv.conf.auto 这个文件。

xiaorouji commented 1 year ago

没有 /tmp/resolv.conf.d/resolv.conf.auto 的话,就 /tmp/resolv.conf.auto

lxhao61 commented 1 year ago

IP可以,域名不可以明显是DNS烂了。检查一下国内使用的DNS能否正常使用先? 另外似乎从日志里看出一个问题。 节点列表中的域名(vpsiplist):118.123.63.74,182.145.129.83, 最后多了个逗号, 能否看看 /tmp/dnsmasq.d/passwall/001-server.conf 文件,每行的最后是否,结尾

国内使用的DNS一切正常。另外没有找到,结尾。 image

lxhao61 commented 1 year ago

没有 /tmp/resolv.conf.d/resolv.conf.auto 的话,就 /tmp/resolv.conf.auto

这个文件应该正常,见如下:

Interface wan

nameserver 61.139.2.69 nameserver 218.6.200.139

Interface iptv

nameserver 182.145.129.83 nameserver 118.123.63.74

Interface voip

nameserver 218.6.200.140 nameserver 61.139.2.70

xiaorouji commented 1 year ago

在修复此问题之前,你可以先把IPTV和VOIP的使用默认网关使用对端通告的 DNS 服务器 去掉后,再重启passwall试试。

lxhao61 commented 1 year ago

在修复此问题之前,你可以先把IPTV和VOIP的使用默认网关使用对端通告的 DNS 服务器 去掉后,再重启passwall试试。

passwall正常了。现IPTV正常,VOIP不正常了。

lxhao61 commented 1 year ago

问题找到,等待大佬修复了。

xiaorouji commented 1 year ago

这种多线路的环境,暂时想不到比较好的解决方案。 一般多线路的情况下,应当只设置一个有默认网关,而没有外网访问的(比如IPTV)不应该作为默认网关。 且Openwrt的多线路分流也不太好用吧?(纯属个人认为)

lxhao61 commented 1 year ago

这种多线路的环境,暂时想不到比较好的解决方案。 一般多线路的情况下,应当只设置一个有默认网关,而没有外网访问的(比如IPTV)不应该作为默认网关。 且Openwrt的多线路分流也不太好用吧?(纯属个人认为)

之前一直无问题,仅luci: optimization acl logic更新后才产生BUG,那么什么原因造成没有好的办法修复呢?

lxhao61 commented 1 year ago

这种多线路的环境,暂时想不到比较好的解决方案。 一般多线路的情况下,应当只设置一个有默认网关,而没有外网访问的(比如IPTV)不应该作为默认网关。 且Openwrt的多线路分流也不太好用吧?(纯属个人认为)

大佬,发现4.62-6版修复这个BUG了(修复99.99999999%,仅发现翻墙成功有点延迟。)。