[Bug]: Xray WireGuard+前置代理无法使用

Someone-Practice commented 9 months ago

描述您遇到的bug

如题

复现此Bug的步骤

添加一个WG节点和一个任意协议节点
打开前置代理, 将一个规则设定为WG节点+前置节点
尝试建立一个命中规则的连接
连接失败, /tmp/etc/passwall2/global.json中未发现有dialerProxy项

您想要实现的目的

插件使用dialerProxy或其他方法实现链式代理

日志信息

Xray和插件日志未显示错误

截图

No response

系统相关信息

插件版本: 1.15-4
OpenWrt版本: 23.05.2
架构: arm64

其他信息

No response

xiaorouji commented 9 months ago

使用proxySettings的。你看看生成的配置文件，wireguard的outbound是否有proxySettings字段。但是，我大半年前使用xray+wireguard前置代理嘗試過成功的，今天試了一下的確連不通。用sing-box的wireguard倒是沒有問題。

Someone-Practice commented 9 months ago

有proxySettings，但即使更换成sing-box也仍然无法使用

sing-box的WG内部地址设置似乎要求提供CIDR，但LuCI页面没有此要求，可以考虑添加

配置

```json { "outbounds": [ { "_flag_tag": "5RHOVcW9", "_flag_proxy": 0, "_flag_proxy_tag": "nil", "settings": { "servers": [ { "password": "password", "port": 1234, "method": "method", "address": "1.2.3.4" } ] }, "streamSettings": { "network": "tcp", "tcpSettings": { "header": { "type": "none" } }, "sockopt": { "mark": 255 } }, "mux": { "enabled": false }, "protocol": "protocol", "tag": "main" }, { "_flag_tag": "fvktDTyp", "_flag_proxy": 0, "_flag_proxy_tag": "nil", "settings": { "servers": [ { "password": "password", "port": 1234, "method": "method", "address": "1.2.3.4" } ] }, "streamSettings": { "network": "tcp", "tcpSettings": { "header": { "type": "none" } }, "sockopt": { "mark": 255 } }, "mux": { "enabled": false }, "protocol": "protocol", "tag": "default" }, { "_flag_tag": "U7bxAzUi", "_flag_proxy": 0, "_flag_proxy_tag": "main", "settings": { "address": [ "1234::1234\/128", "1.2.3.4\/32" ], "secretKey": "Key", "mtu": 1280, "peers": [ { "publicKey": "Key", "keepAlive": 60, "endpoint": "1.2.3.4:1234" } ] }, "proxySettings": { "transportLayer": true, "tag": "main" }, "mux": { "enabled": false }, "protocol": "wireguard", "tag": "OpenAI" }, { "proxySettings": { "tag": "direct" }, "settings": { "nonIPQuery": "skip", "port": 15355, "network": "udp", "address": "127.0.0.1" }, "protocol": "dns", "tag": "dns-out" }, { "streamSettings": { "sockopt": { "mark": 255 } }, "settings": { "domainStrategy": "UseIP" }, "protocol": "freedom", "tag": "direct" }, { "protocol": "blackhole", "tag": "blackhole" } ], "log": { "loglevel": "warning" }, "dns": { "disableFallback": true, "queryStrategy": "UseIP", "disableFallbackIfMatch": true, "servers": [ { "queryStrategy": "UseIP", "port": 15355, "_flag": "default", "address": "127.0.0.1" }, { "port": 15354, "_flag": "direct", "address": "127.0.0.1", "queryStrategy": "UseIP", "domains": [ "full:1.2.3.4", "full:1234::2345" ] }, { "domains": [ "domain:dns.google", "domain:dns.cloudflare.com" ], "_flag": "DNS", "address": "fakedns" }, { "domains": [ "geosite:openai" ], "_flag": "OpenAI", "address": "fakedns" }, { "domains": [ "geosite:cn" ], "_flag": "China", "address": "fakedns" } ], "disableCache": false, "tag": "dns-in1" }, "routing": { "rules": [ { "type": "field", "inboundTag": [ "dns-in" ], "outboundTag": "dns-out" }, { "type": "field", "network": "udp", "outboundTag": "direct", "port": 15354, "ip": [ "127.0.0.1" ] }, { "type": "field", "network": "udp", "outboundTag": "direct", "port": 15355, "ip": [ "127.0.0.1" ] }, { "type": "field", "network": "tcp,udp", "outboundTag": "default", "_flag": "DNS_domains", "domains": [ "domain:dns.google", "domain:dns.cloudflare.com" ], "port": "53,443,853" }, { "type": "field", "network": "tcp,udp", "outboundTag": "default", "port": "53,443,853", "_flag": "DNS_ip", "ip": [ "8.8.8.8", "8.8.4.4", "1.1.1.1", "1.0.0.1" ] }, { "type": "field", "network": "tcp,udp", "outboundTag": "OpenAI", "domains": [ "geosite:openai" ], "_flag": "OpenAI_domains" }, { "type": "field", "network": "tcp,udp", "outboundTag": "blackhole", "domains": [ "geosite:cn" ], "_flag": "China_domains" }, { "type": "field", "network": "tcp,udp", "outboundTag": "blackhole", "_flag": "China_ip", "ip": [ "geoip:cn" ] }, { "type": "field", "_flag": "default", "outboundTag": "default", "network": "tcp,udp" } ], "domainStrategy": "IPIfNonMatch", "domainMatcher": "hybrid" }, "policy": { "levels": { "0": { "statsUserUplink": false, "statsUserDownlink": false } } }, "fakedns": [ { "ipPool": "198.18.0.0\/16", "poolSize": 65535 }, { "ipPool": "fc00::\/18", "poolSize": 65535 } ], "inbounds": [ { "port": 30216, "protocol": "socks", "sniffing": { "enabled": true, "destOverride": [ "http", "tls", "quic" ] }, "settings": { "udp": true, "auth": "noauth" }, "listen": "0.0.0.0", "tag": "socks-in" }, { "port": 1041, "protocol": "dokodemo-door", "streamSettings": { "sockopt": { "tproxy": "tproxy" } }, "sniffing": { "enabled": true, "routeOnly": true, "destOverride": [ "http", "tls", "quic", "fakedns" ], "metadataOnly": false }, "settings": { "network": "tcp", "followRedirect": true }, "tag": "tcp_redir" }, { "port": 1041, "protocol": "dokodemo-door", "streamSettings": { "sockopt": { "tproxy": "tproxy" } }, "sniffing": { "enabled": true, "routeOnly": true, "destOverride": [ "http", "tls", "quic", "fakedns" ], "metadataOnly": false }, "settings": { "network": "udp", "followRedirect": true }, "tag": "udp_redir" }, { "port": 15353, "protocol": "dokodemo-door", "settings": { "port": 53, "network": "tcp,udp", "address": "1.1.1.1" }, "tag": "dns-in", "listen": "127.0.0.1" } ] } ```

nft list ruleset

``` table inet fw4 { set passwall2_global_whitelist { type ipv4_addr flags interval,timeout auto-merge } set passwall2_global_whitelist6 { type ipv6_addr flags interval,timeout auto-merge } set passwall2_lanlist { type ipv4_addr flags interval,timeout auto-merge elements = { 0.0.0.0/8 timeout 3650d expires 3649d23h54m40s340ms, 10.0.0.0/8 timeout 3650d expires 3649d23h54m40s340ms, 100.64.0.0/10 timeout 3650d expires 3649d23h54m40s340ms, 127.0.0.0/8 timeout 3650d expires 3649d23h54m40s340ms, 169.254.0.0/16 timeout 3650d expires 3649d23h54m40s340ms, 172.16.0.0/12 timeout 3650d expires 3649d23h54m40s340ms, 192.168.0.0/16 timeout 3650d expires 3649d23h54m40s340ms, 224.0.0.0/3 timeout 3650d expires 3649d23h54m40s340ms } } set passwall2_vpslist { type ipv4_addr flags interval,timeout auto-merge elements = { 1.2.3.4 timeout 3650d expires 3649d23h54m40s630ms, 2.3.4.5, 5.6.7.8 } } set passwall2_lanlist6 { type ipv6_addr flags interval,timeout auto-merge elements = { ::/127 timeout 3650d expires 3649d23h54m40s390ms, ::ffff:0.0.0.0/96 timeout 3650d expires 3649d23h54m40s390ms, ::ffff:0:0:0/96 timeout 3650d expires 3649d23h54m40s390ms, 64:ff9b::/96 timeout 3650d expires 3649d23h54m40s390ms, 100::/64 timeout 3650d expires 3649d23h54m40s390ms, fc00::/7 timeout 3650d expires 3649d23h54m40s390ms, fe80::/10 timeout 3650d expires 3649d23h54m40s510ms, ff00::/8 timeout 3650d expires 3649d23h54m40s390ms } } set passwall2_vpslist6 { type ipv6_addr flags interval,timeout auto-merge elements = { 1234::, 2345:: timeout 3650d expires 3649d23h54m40s720ms } } chain input { type filter hook input priority filter; policy accept; iifname "lo" accept comment "!fw4: Accept traffic from loopback" ct state established,related accept comment "!fw4: Allow inbound established and related flows" iifname { "utun", "br-lan" } jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic" iifname "wan" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic" } chain forward { type filter hook forward priority filter; policy accept; ct state established,related accept comment "!fw4: Allow forwarded established and related flows" iifname { "utun", "br-lan" } jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic" iifname "wan" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic" } chain output { type filter hook output priority filter; policy accept; oifname "lo" accept comment "!fw4: Accept traffic towards loopback" ct state established,related accept comment "!fw4: Allow outbound established and related flows" oifname { "utun", "br-lan" } jump output_lan comment "!fw4: Handle lan IPv4/IPv6 output traffic" oifname "wan" jump output_wan comment "!fw4: Handle wan IPv4/IPv6 output traffic" } chain prerouting { type filter hook prerouting priority filter; policy accept; iifname { "utun", "br-lan" } jump helper_lan comment "!fw4: Handle lan IPv4/IPv6 helper assignment" iifname "wan" jump helper_wan comment "!fw4: Handle wan IPv4/IPv6 helper assignment" } chain handle_reject { meta l4proto tcp reject with tcp reset comment "!fw4: Reject TCP traffic" reject comment "!fw4: Reject any other traffic" } chain input_lan { jump accept_from_lan } chain output_lan { jump accept_to_lan } chain forward_lan { jump accept_to_wan comment "!fw4: Accept lan to wan forwarding" jump accept_to_lan } chain helper_lan { } chain accept_from_lan { iifname { "utun", "br-lan" } counter packets 18093 bytes 11914546 accept comment "!fw4: accept lan IPv4/IPv6 traffic" } chain accept_to_lan { oifname { "utun", "br-lan" } counter packets 7723 bytes 7281138 accept comment "!fw4: accept lan IPv4/IPv6 traffic" } chain input_wan { meta nfproto ipv4 udp dport 68 counter packets 0 bytes 0 accept comment "!fw4: Allow-DHCP-Renew" icmp type echo-request counter packets 0 bytes 0 accept comment "!fw4: Allow-Ping" meta nfproto ipv4 meta l4proto igmp counter packets 0 bytes 0 accept comment "!fw4: Allow-IGMP" meta nfproto ipv6 udp dport 546 counter packets 0 bytes 0 accept comment "!fw4: Allow-DHCPv6" ip6 saddr fe80::/10 icmpv6 type . icmpv6 code { mld-listener-query . no-route, mld-listener-report . no-route, mld-listener-done . no-route, mld2-listener-report . no-route } counter packets 0 bytes 0 accept comment "!fw4: Allow-MLD" icmpv6 type { destination-unreachable, time-exceeded, echo-request, echo-reply, nd-router-solicit, nd-router-advert } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Input" icmpv6 type . icmpv6 code { packet-too-big . no-route, parameter-problem . no-route, nd-neighbor-solicit . no-route, nd-neighbor-advert . no-route, parameter-problem . admin-prohibited } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Input" jump drop_from_wan } chain output_wan { jump drop_to_wan } chain forward_wan { icmpv6 type { destination-unreachable, time-exceeded, echo-request, echo-reply } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Forward" icmpv6 type . icmpv6 code { packet-too-big . no-route, parameter-problem . no-route, parameter-problem . admin-prohibited } limit rate 1000/second counter packets 0 bytes 0 accept comment "!fw4: Allow-ICMPv6-Forward" meta l4proto esp counter packets 0 bytes 0 jump accept_to_lan comment "!fw4: Allow-IPSec-ESP" udp dport 500 counter packets 0 bytes 0 jump accept_to_lan comment "!fw4: Allow-ISAKMP" jump drop_to_wan } chain helper_wan { } chain accept_to_wan { oifname "wan" counter packets 0 bytes 0 accept comment "!fw4: accept wan IPv4/IPv6 traffic" } chain drop_from_wan { iifname "wan" counter packets 0 bytes 0 drop comment "!fw4: drop wan IPv4/IPv6 traffic" } chain drop_to_wan { oifname "wan" counter packets 0 bytes 0 drop comment "!fw4: drop wan IPv4/IPv6 traffic" } chain dstnat { type nat hook prerouting priority dstnat; policy accept; jump PSW2_REDIRECT } chain srcnat { type nat hook postrouting priority srcnat; policy accept; } chain raw_prerouting { type filter hook prerouting priority raw; policy accept; } chain raw_output { type filter hook output priority raw; policy accept; } chain mangle_prerouting { type filter hook prerouting priority mangle; policy accept; counter packets 5227 bytes 3356616 jump PSW2_DIVERT meta nfproto ipv4 counter packets 3761 bytes 3010028 jump PSW2_MANGLE meta nfproto ipv6 counter packets 245 bytes 22583 jump PSW2_MANGLE_V6 } chain mangle_postrouting { type filter hook postrouting priority mangle; policy accept; } chain mangle_input { type filter hook input priority mangle; policy accept; } chain mangle_output { type route hook output priority mangle; policy accept; meta nfproto ipv6 counter packets 419 bytes 125766 jump PSW2_OUTPUT_MANGLE_V6 comment "PSW2_OUTPUT_MANGLE" meta nfproto ipv4 meta l4proto tcp counter packets 3511 bytes 2261217 jump PSW2_OUTPUT_MANGLE comment "PSW2_OUTPUT_MANGLE" meta nfproto ipv4 meta l4proto udp counter packets 527 bytes 667358 jump PSW2_OUTPUT_MANGLE comment "PSW2_OUTPUT_MANGLE" oif "lo" counter packets 234 bytes 19715 return comment "PSW2_OUTPUT_MANGLE" meta mark 0x00000001 counter packets 40 bytes 2994 return comment "PSW2_OUTPUT_MANGLE" } chain mangle_forward { type filter hook forward priority mangle; policy accept; iifname "wan" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 ingress MTU fixing" oifname "wan" tcp flags syn tcp option maxseg size set rt mtu comment "!fw4: Zone wan IPv4/IPv6 egress MTU fixing" } chain nat_output { type nat hook output priority filter - 1; policy accept; } chain PSW2_DIVERT { meta l4proto tcp socket transparent 1 meta mark set 0x00000001 counter packets 1221 bytes 324005 accept } chain PSW2_REDIRECT { } chain PSW2_RULE { meta mark set ct mark counter packets 178 bytes 13076 meta mark 0x00000001 counter packets 77 bytes 5664 return tcp flags syn / fin,syn,rst,ack meta mark set meta mark & 0x00000001 | 0x00000001 counter packets 99 bytes 7260 meta l4proto udp ct state new meta mark set meta mark & 0x00000001 | 0x00000001 counter packets 2 bytes 152 ct mark set meta mark counter packets 101 bytes 7412 } chain PSW2_MANGLE { ip daddr @passwall2_lanlist counter packets 3722 bytes 3007736 return ip daddr @passwall2_vpslist counter packets 0 bytes 0 return ip daddr 192.168.1.193 counter packets 0 bytes 0 return comment "WAN_IP_RETURN" meta l4proto tcp iif "lo" counter packets 9 bytes 540 meta mark 0x00000001 tproxy to :1041 comment "本机" ip protocol tcp iif "lo" counter packets 9 bytes 540 return comment "本机" meta l4proto udp iif "lo" counter packets 2 bytes 152 meta mark 0x00000001 tproxy to :1041 comment "本机" ip protocol udp iif "lo" counter packets 2 bytes 152 return comment "本机" ip protocol udp udp dport 53 counter packets 0 bytes 0 return ip protocol tcp ip daddr @passwall2_global_whitelist counter packets 0 bytes 0 return comment "" ip protocol tcp ip daddr 198.18.0.0/16 counter packets 6 bytes 360 jump PSW2_RULE comment "默认" ip protocol tcp jump PSW2_RULE comment "默认" meta l4proto tcp counter packets 28 bytes 1600 meta mark 0x00000001 tproxy to :1041 comment "默认" ip protocol udp ip daddr @passwall2_global_whitelist counter packets 0 bytes 0 return comment "" ip protocol udp ip daddr 198.18.0.0/16 counter packets 0 bytes 0 jump PSW2_RULE comment "默认" ip protocol udp jump PSW2_RULE comment "默认" meta l4proto udp counter packets 0 bytes 0 meta mark 0x00000001 tproxy to :1041 comment "默认" } chain PSW2_OUTPUT_MANGLE { ip daddr @passwall2_lanlist counter packets 2186 bytes 2587127 return ip daddr @passwall2_vpslist counter packets 1807 bytes 338093 return ip daddr @passwall2_global_whitelist counter packets 0 bytes 0 return meta mark 0x000000ff counter packets 5 bytes 361 return ip protocol tcp ip daddr 198.18.0.0/16 counter packets 38 bytes 2842 jump PSW2_RULE ip protocol tcp jump PSW2_RULE ip protocol udp ip daddr 198.18.0.0/16 counter packets 0 bytes 0 jump PSW2_RULE ip protocol udp jump PSW2_RULE } chain PSW2_MANGLE_V6 { ip6 daddr @passwall2_lanlist6 counter packets 179 bytes 17303 return ip6 daddr @passwall2_vpslist6 counter packets 0 bytes 0 return ip6 daddr @passwall2_global_whitelist6 counter packets 0 bytes 0 return ip6 daddr 2408:823c:215:c28::193 counter packets 0 bytes 0 return comment "WAN6_IP_RETURN" meta l4proto tcp iif "lo" counter packets 0 bytes 0 meta mark 0x00000001 tproxy to :1041 comment "本机" meta l4proto tcp iif "lo" counter packets 0 bytes 0 return comment "本机" meta l4proto udp iif "lo" counter packets 0 bytes 0 meta mark 0x00000001 tproxy to :1041 comment "本机" meta l4proto udp iif "lo" counter packets 0 bytes 0 return comment "本机" udp dport 53 counter packets 0 bytes 0 return meta l4proto tcp ip6 daddr @passwall2_global_whitelist6 counter packets 0 bytes 0 return comment "" meta l4proto tcp ip6 daddr fc00::/18 jump PSW2_RULE comment "默认" meta l4proto tcp jump PSW2_RULE comment "默认" meta l4proto tcp counter packets 66 bytes 5280 meta mark 0x00000001 tproxy to :1041 comment "默认" meta l4proto udp ip6 daddr @passwall2_global_whitelist6 counter packets 0 bytes 0 return comment "" meta l4proto udp ip6 daddr fc00::/18 jump PSW2_RULE comment "默认" meta l4proto udp jump PSW2_RULE comment "默认" meta l4proto udp counter packets 0 bytes 0 meta mark 0x00000001 tproxy to :1041 comment "默认" } chain PSW2_OUTPUT_MANGLE_V6 { ip6 daddr @passwall2_lanlist6 counter packets 414 bytes 125305 return ip6 daddr @passwall2_vpslist6 counter packets 0 bytes 0 return ip6 daddr @passwall2_global_whitelist6 counter packets 0 bytes 0 return meta mark 0x000000ff counter packets 5 bytes 461 return meta l4proto tcp ip6 daddr fc00::/18 jump PSW2_RULE meta l4proto tcp jump PSW2_RULE meta l4proto udp ip6 daddr fc00::/18 jump PSW2_RULE meta l4proto udp jump PSW2_RULE } } ```

github-actions[bot] commented 9 months ago

Stale Issue

xiaorouji commented 8 months ago

試一下最新的代碼

Someone-Practice commented 8 months ago

落地节点选项已确认可用

xiaorouji / openwrt-passwall2