openwrt-passwall's People
Forkers
shenzt68 liuluo1979 willaytoun iyuohz lpflhh brokeld morpheusyeh jhs19891113 ganlu510 freedometernal breakersun dancwj ameykyl clovertf lzx2009vb xiexi1989 liaohhhh rance1230 caissonfiv ddaq dimracker aboutsnake kiss2u mkl0311 chancat87 bolin62007 liugengrong mit0chrondr1a keke1023 but-always sunlanhao ywgf88 qiyesc sc2meteor eric-ding lovewander gloryxzb might5 lede-actions ggsjj cakewalk598 alirezashahrivar chenghj87 my-uum kingtocheung myrime cancoseven realsteam ksong008 chinanjh wsdfy xiaoluoabc123 fuofox wealthy-man wjjxqx myfalcom knightlanglang lyf12322 xwcoco idotus royxia319 lyz52807 xyzbubu 849029780 gyflonely upsi1on wubin2 winthelba haohao036 lsf343634352 willsowd lism skool007 marsnego gonzalozm dboykey bmathis2002 olegate xiesaisai christinateng luckystoneshi rajmh shenganghao topwei euvzhik amitk1975 rugveddakhne dericeric swindlershen zcracker zerofo binsee szoctptccn y314503001 toouiae saoba1982 luutuan2503 wty446 jarodvip ldwxlopenwrt-passwall's Issues
passwall & vssr 泄漏本地 ISP
在全局模式下,会泄漏本地 ISP
测试网站
https://www.myip.com/
TCP代理方式使用 TPROXY 后访问控制失效
编译日期:2021/7/17
启动日志:
2021-07-19 19:30:05: 删除相关防火墙规则完成。
2021-07-19 19:30:08: 重启 dnsmasq 服务
2021-07-19 19:30:08: 清空并关闭相关程序和缓存完成。
2021-07-19 19:30:08: UDP节点:*****************,监听端口:1051
2021-07-19 19:30:08: 过滤服务配置:准备接管域名解析...
2021-07-19 19:30:08: + [0]Pdnsd (127.0.0.1:7913)...
2021-07-19 19:30:08: | - [0]上游DNS:8.8.8.8:53
2021-07-19 19:30:08: - 域名解析:pdnsd + 使用(TCP节点)解析域名...
2021-07-19 19:30:08: 发现ChinaDNS-NG,将启动。
2021-07-19 19:30:08: | - (chinadns-ng) 只支持2~4级的域名过滤...
2021-07-19 19:30:08: | - [0](chinadns-ng) 代理域名表合并到防火墙域名表
2021-07-19 19:30:08: | - [0](chinadns-ng) 域名白名单合并到**域名表
2021-07-19 19:30:08: + 过滤服务:ChinaDNS-NG(:7914) + pdnsd:国内DNS:218.2.2.2,218.4.4.4,可信DNS:127.0.0.1#7913
2021-07-19 19:30:08: * 请确认上游 DNS 支持 TCP 查询,如非直连地址,确保 TCP 代理打开,并且已经正确转发!
2021-07-19 19:30:09: - [0]节点列表中的域名(vpsiplist):218.2.2.2,218.4.4.4
2021-07-19 19:30:09: - [0]域名白名单(whitelist):218.2.2.2,218.4.4.4
2021-07-19 19:30:09: - [0]节点订阅域名(whitelist):218.2.2.2,218.4.4.4
2021-07-19 19:30:09: - [0]代理域名表(blacklist):127.0.0.1#7913
2021-07-19 19:30:09: - [0]Xray分流规则(shuntlist):127.0.0.1#7913
2021-07-19 19:30:09: - [0]防火墙域名表(gfwlist):默认
2021-07-19 19:30:09: - [0]**域名表(chnroute):默认
2021-07-19 19:30:09: - [0]以上所列以外及默认(chinadns-ng):127.0.0.1#7914
2021-07-19 19:30:09: 开始加载防火墙规则...
2021-07-19 19:30:09: 加入负载均衡的节点到ipset[vpsiplist]直连完成
2021-07-19 19:30:09: 加入所有节点到ipset[vpsiplist]直连完成
2021-07-19 19:30:09: 加载路由器自身 TCP 代理...
2021-07-19 19:30:09: - 启用 TPROXY 模式
2021-07-19 19:30:09: - [0]将上游 DNS 服务器 8.8.8.8:53 加入到路由器自身代理的 TCP 转发链2
2021-07-19 19:30:09: 加载路由器自身 UDP 代理...
2021-07-19 19:30:09: 访问控制:
2021-07-19 19:30:09: - MAC:00:11:32:DE:DF:37,不代理TCP
2021-07-19 19:30:09: - MAC:00:11:32:DE:DF:37,不代理UDP
2021-07-19 19:30:09: TCP默认代理:使用TCP节点 [**列表以外](TPROXY:1041)代理所有端口
2021-07-19 19:30:09: UDP默认代理:使用UDP节点 [**列表以外](TPROXY:1051)代理所有端口
2021-07-19 19:30:09: 防火墙规则加载完成!
2021-07-19 19:30:12: 重启 dnsmasq 服务
2021-07-19 19:30:12: 配置定时任务:自动更新规则。
2021-07-19 19:30:12: 配置定时任务:自动更新节点订阅。
2021-07-19 19:30:12: 运行完成!
MAC:00:11:32:DE:DF:37 设置的不走代理,实际仍走代理,换成IP也不行。
另外想问一下 tproxy 和 redirect 两种代理方式有啥区别?
DNS查询无法走VLESS节点的TCP
尝试连接一个VLESS+TCP+XTLS节点,同一个节点安卓上和macos上都没有出现问题,访问正常。
但是passwall+chinadns客户端出现连接问题或者是DNS无法走TCP的问题(pdnsd requery DNS by tcp node).
也尝试关掉DNS,但是访问也有问题。
下面是节点的配置:
root@OpenWrt:~# cat /var/etc/passwall/TCP_UDP.json
{
"outbounds": [
{
"settings": {
"vnext": [
{
"port": 443,
"users": [
{
"flow": "xtls-rprx-direct",
"encryption": "none",
"id": "7xxxxxxxxxxxx4",
"level": 0
}
],
"address": "x.x.x.x"
}
]
},
"_flag_tag": "3af280f760884225a68cce86a5defc66",
"_flag_is_proxy": "0",
"streamSettings": {
"network": "tcp",
"xtlsSettings": {
"allowInsecure": false,
"serverName": "subdomain.mydomain.com"
},
"tcpSettings": {
"header": {
"type": "none"
}
},
"security": "xtls"
},
"protocol": "vless",
"tag": "3af280f760884225a68cce86a5defc66"
},
{
"streamSettings": {
"sockopt": {
"mark": 255
}
},
"settings": {
"domainStrategy": "UseIPv4"
},
"protocol": "freedom",
"tag": "direct"
},
{
"protocol": "blackhole",
"tag": "blackhole"
},
{
"protocol": "dns",
"tag": "dns-out"
}
],
"log": {
"loglevel": "debug"
},
"inbounds": [
{
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"port": 1041,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
}
}
]
}
TCP node 的日志:
Xray 1.4.2 (Xray, Penetrates Everything.) Custom (go1.16 linux/mipsle)
A unified platform for anti-censorship.
2021/07/05 13:45:05 [Info] infra/conf/serial: Reading config: /var/etc/passwall/TCP_UDP.json
2021/07/05 13:45:05 [Debug] app/log: Logger started
2021/07/05 13:45:05 [Debug] app/proxyman/inbound: creating stream worker on 0.0.0.0:1041
2021/07/05 13:45:05 [Info] transport/internet/tcp: listening TCP on 0.0.0.0:1041
2021/07/05 13:45:05 [Info] transport/internet/udp: listening UDP on 0.0.0.0:1041
2021/07/05 13:45:05 [Warning] core: Xray 1.4.2 started
2021/07/05 13:45:18 [Debug] [2090192832] proxy/dokodemo: processing connection from: 192.168.123.153:49360
2021/07/05 13:45:18 [Info] [2090192832] proxy/dokodemo: received request for 192.168.123.153:49360
2021/07/05 13:45:18 [Debug] [51568957] proxy/dokodemo: processing connection from: 192.168.123.153:49359
2021/07/05 13:45:18 [Info] [51568957] proxy/dokodemo: received request for 192.168.123.153:49359
2021/07/05 13:45:18 [Info] [2090192832] app/dispatcher: default route for tcp:149.154.175.53:443
2021/07/05 13:45:18 [Info] [2090192832] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:18 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:18 [Info] [51568957] app/dispatcher: default route for tcp:149.154.175.53:443
2021/07/05 13:45:18 [Info] [51568957] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:18 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:18 192.168.123.153:49360 accepted tcp:149.154.175.53:443 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:18 192.168.123.153:49359 accepted tcp:149.154.175.53:443 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:18 [Debug] [693839327] proxy/dokodemo: processing connection from: 192.168.123.153:49361
2021/07/05 13:45:18 [Info] [693839327] proxy/dokodemo: received request for 192.168.123.153:49361
2021/07/05 13:45:18 [Info] [693839327] app/dispatcher: sniffed domain: signaler-pa.clients6.google.com
2021/07/05 13:45:18 [Info] [693839327] app/dispatcher: default route for tcp:signaler-pa.clients6.google.com:443
2021/07/05 13:45:18 [Info] [693839327] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:18 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:18 192.168.123.153:49361 accepted tcp:142.250.68.106:443 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:18 [Debug] [2547727641] proxy/dokodemo: processing connection from: 192.168.123.153:49362
2021/07/05 13:45:18 [Info] [2547727641] proxy/dokodemo: received request for 192.168.123.153:49362
2021/07/05 13:45:18 [Info] [2547727641] app/dispatcher: sniffed domain: 0.client-channel.google.com
2021/07/05 13:45:18 [Info] [2547727641] app/dispatcher: default route for tcp:0.client-channel.google.com:443
2021/07/05 13:45:18 [Info] [2547727641] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:18 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:18 192.168.123.153:49362 accepted tcp:64.233.189.189:443 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:18 [Debug] [1458018437] proxy/dokodemo: processing connection from: 192.168.123.153:49363
2021/07/05 13:45:18 [Info] [1458018437] proxy/dokodemo: received request for 192.168.123.153:49363
2021/07/05 13:45:18 [Info] [1458018437] app/dispatcher: sniffed domain: 0.client-channel.google.com
2021/07/05 13:45:18 [Info] [1458018437] app/dispatcher: default route for tcp:0.client-channel.google.com:443
2021/07/05 13:45:18 [Info] [1458018437] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:18 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:18 [Debug] [535579620] proxy/dokodemo: processing connection from: 192.168.123.153:49364
2021/07/05 13:45:18 [Info] [535579620] proxy/dokodemo: received request for 192.168.123.153:49364
2021/07/05 13:45:18 192.168.123.153:49363 accepted tcp:64.233.189.189:443 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:18 [Info] [535579620] app/dispatcher: sniffed domain: 0.client-channel.google.com
2021/07/05 13:45:18 [Info] [535579620] app/dispatcher: default route for tcp:0.client-channel.google.com:443
2021/07/05 13:45:18 [Info] [535579620] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:18 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:18 192.168.123.153:49364 accepted tcp:64.233.189.189:443 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:18 [Debug] [1743223243] proxy/dokodemo: processing connection from: 192.168.123.153:49365
2021/07/05 13:45:18 [Info] [1743223243] proxy/dokodemo: received request for 192.168.123.153:49365
2021/07/05 13:45:18 [Info] [1743223243] app/dispatcher: sniffed domain: safebrowsing.google.com
2021/07/05 13:45:18 [Info] [1743223243] app/dispatcher: default route for tcp:safebrowsing.google.com:443
2021/07/05 13:45:18 [Info] [1743223243] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:18 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:18 192.168.123.153:49365 accepted tcp:172.217.160.110:443 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:19 [Info] [2090192832] proxy/vless/outbound: tunneling request to tcp:149.154.175.53:443 via tcp:x.x.x.x:443
2021/07/05 13:45:19 [Info] [51568957] proxy/vless/outbound: tunneling request to tcp:149.154.175.53:443 via tcp:x.x.x.x:443
2021/07/05 13:45:19 [Info] [693839327] proxy/vless/outbound: tunneling request to tcp:signaler-pa.clients6.google.com:443 via tcp:x.x.x.x:443
2021/07/05 13:45:19 [Info] [2547727641] proxy/vless/outbound: tunneling request to tcp:0.client-channel.google.com:443 via tcp:x.x.x.x:443
2021/07/05 13:45:19 [Info] [1458018437] proxy/vless/outbound: tunneling request to tcp:0.client-channel.google.com:443 via tcp:x.x.x.x:443
2021/07/05 13:45:19 [Info] [535579620] proxy/vless/outbound: tunneling request to tcp:0.client-channel.google.com:443 via tcp:x.x.x.x:443
2021/07/05 13:45:19 [Info] [1743223243] proxy/vless/outbound: tunneling request to tcp:safebrowsing.google.com:443 via tcp:x.x.x.x:443
2021/07/05 13:45:20 [Debug] [2350005193] proxy/dokodemo: processing connection from: 192.168.123.153:49370
2021/07/05 13:45:20 [Info] [2350005193] proxy/dokodemo: received request for 192.168.123.153:49370
2021/07/05 13:45:20 [Debug] [2127283193] proxy/dokodemo: processing connection from: 192.168.123.153:49366
2021/07/05 13:45:20 [Info] [2127283193] proxy/dokodemo: received request for 192.168.123.153:49366
2021/07/05 13:45:20 [Debug] [3982992082] proxy/dokodemo: processing connection from: 192.168.123.153:49367
2021/07/05 13:45:20 [Info] [3982992082] proxy/dokodemo: received request for 192.168.123.153:49367
2021/07/05 13:45:20 [Debug] [3385493977] proxy/dokodemo: processing connection from: 192.168.123.153:49369
2021/07/05 13:45:20 [Info] [3385493977] proxy/dokodemo: received request for 192.168.123.153:49369
2021/07/05 13:45:20 [Info] [2350005193] app/dispatcher: default route for tcp:149.154.175.50:80
2021/07/05 13:45:20 [Info] [2350005193] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:20 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:20 [Info] [2127283193] app/dispatcher: default route for tcp:149.154.175.58:80
2021/07/05 13:45:20 [Info] [2127283193] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:20 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:20 [Info] [3982992082] app/dispatcher: default route for tcp:149.154.175.58:443
2021/07/05 13:45:20 [Info] [3982992082] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:20 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:20 [Info] [3385493977] app/dispatcher: default route for tcp:149.154.175.50:443
2021/07/05 13:45:20 [Info] [3385493977] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:20 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:20 192.168.123.153:49370 accepted tcp:149.154.175.50:80 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:20 192.168.123.153:49366 accepted tcp:149.154.175.58:80 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:20 192.168.123.153:49367 accepted tcp:149.154.175.58:443 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:20 192.168.123.153:49369 accepted tcp:149.154.175.50:443 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:20 [Info] [2127283193] proxy/vless/outbound: tunneling request to tcp:149.154.175.58:80 via tcp:x.x.x.x:443
2021/07/05 13:45:20 [Info] [3385493977] proxy/vless/outbound: tunneling request to tcp:149.154.175.50:443 via tcp:x.x.x.x:443
2021/07/05 13:45:20 [Info] [2350005193] proxy/vless/outbound: tunneling request to tcp:149.154.175.50:80 via tcp:x.x.x.x:443
2021/07/05 13:45:20 [Info] [3982992082] proxy/vless/outbound: tunneling request to tcp:149.154.175.58:443 via tcp:x.x.x.x:443
2021/07/05 13:45:21 [Debug] [1466970619] proxy/dokodemo: processing connection from: 192.168.123.153:49374
2021/07/05 13:45:21 [Info] [1466970619] proxy/dokodemo: received request for 192.168.123.153:49374
2021/07/05 13:45:21 [Info] [1466970619] app/dispatcher: sniffed domain: chat.google.com
2021/07/05 13:45:21 [Info] [1466970619] app/dispatcher: default route for tcp:chat.google.com:443
2021/07/05 13:45:21 [Info] [1466970619] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:21 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:21 192.168.123.153:49374 accepted tcp:142.250.188.238:443 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:21 [Info] [1466970619] proxy/vless/outbound: tunneling request to tcp:chat.google.com:443 via tcp:x.x.x.x:443
2021/07/05 13:45:22 [Debug] [4030725568] proxy/dokodemo: processing connection from: 192.168.123.153:49375
2021/07/05 13:45:22 [Info] [4030725568] proxy/dokodemo: received request for 192.168.123.153:49375
2021/07/05 13:45:22 [Info] [4030725568] app/dispatcher: sniffed domain: chat.google.com
2021/07/05 13:45:22 [Info] [4030725568] app/dispatcher: default route for tcp:chat.google.com:443
2021/07/05 13:45:22 [Info] [4030725568] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:22 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:22 192.168.123.153:49375 accepted tcp:142.250.188.238:443 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:22 [Info] [4030725568] proxy/vless/outbound: tunneling request to tcp:chat.google.com:443 via tcp:x.x.x.x:443
2021/07/05 13:45:22 [Debug] [2362527329] proxy/dokodemo: processing connection from: 192.168.123.153:49376
2021/07/05 13:45:22 [Info] [2362527329] proxy/dokodemo: received request for 192.168.123.153:49376
2021/07/05 13:45:22 [Info] [2362527329] app/dispatcher: sniffed domain: signaler-pa.clients6.google.com
2021/07/05 13:45:22 [Info] [2362527329] app/dispatcher: default route for tcp:signaler-pa.clients6.google.com:443
2021/07/05 13:45:22 [Info] [2362527329] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:22 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:22 192.168.123.153:49376 accepted tcp:142.250.68.106:443 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:23 [Debug] [2372870427] proxy/dokodemo: processing connection from: 192.168.1.2:20169
2021/07/05 13:45:23 [Info] [2372870427] proxy/dokodemo: received request for 192.168.1.2:20169
2021/07/05 13:45:23 [Info] [2372870427] app/dispatcher: default route for tcp:8.8.8.8:53
2021/07/05 13:45:23 [Info] [2372870427] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:23 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:23 192.168.1.2:20169 accepted tcp:8.8.8.8:53 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:23 [Info] [2362527329] proxy/vless/outbound: tunneling request to tcp:signaler-pa.clients6.google.com:443 via tcp:x.x.x.x:443
2021/07/05 13:45:23 [Info] [2372870427] proxy/vless/outbound: tunneling request to tcp:8.8.8.8:53 via tcp:x.x.x.x:443
2021/07/05 13:45:24 [Debug] [67277500] proxy/dokodemo: processing connection from: 192.168.123.153:49377
2021/07/05 13:45:24 [Info] [67277500] proxy/dokodemo: received request for 192.168.123.153:49377
2021/07/05 13:45:24 [Info] [67277500] app/dispatcher: sniffed domain: play.google.com
2021/07/05 13:45:24 [Info] [67277500] app/dispatcher: default route for tcp:play.google.com:443
2021/07/05 13:45:24 [Info] [67277500] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:24 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:24 192.168.123.153:49377 accepted tcp:142.250.189.14:443 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:24 [Info] [67277500] proxy/vless/outbound: tunneling request to tcp:play.google.com:443 via tcp:x.x.x.x:443
2021/07/05 13:45:25 [Debug] [689406350] proxy/dokodemo: processing connection from: 192.168.1.2:44872
2021/07/05 13:45:25 [Info] [689406350] proxy/dokodemo: received request for 192.168.1.2:44872
2021/07/05 13:45:25 [Debug] [570307339] proxy/dokodemo: processing connection from: 192.168.123.153:49380
2021/07/05 13:45:25 [Info] [570307339] proxy/dokodemo: received request for 192.168.123.153:49380
2021/07/05 13:45:25 [Debug] [2329269716] proxy/dokodemo: processing connection from: 192.168.123.153:49381
2021/07/05 13:45:25 [Info] [2329269716] proxy/dokodemo: received request for 192.168.123.153:49381
2021/07/05 13:45:26 [Info] [689406350] app/dispatcher: default route for tcp:8.8.8.8:53
2021/07/05 13:45:26 [Info] [689406350] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:26 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:26 [Info] [570307339] app/dispatcher: sniffed domain: dns.google.com
2021/07/05 13:45:26 [Info] [570307339] app/dispatcher: default route for tcp:dns.google.com:443
2021/07/05 13:45:26 [Info] [570307339] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:26 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:26 [Info] [2329269716] app/dispatcher: sniffed domain: mozilla.cloudflare-dns.com
2021/07/05 13:45:26 [Info] [2329269716] app/dispatcher: default route for tcp:mozilla.cloudflare-dns.com:443
2021/07/05 13:45:26 [Info] [2329269716] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:26 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:26 192.168.1.2:44872 accepted tcp:8.8.8.8:53 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:26 192.168.123.153:49380 accepted tcp:8.8.8.8:443 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:26 192.168.123.153:49381 accepted tcp:104.16.249.249:443 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:26 [Info] [689406350] proxy/vless/outbound: tunneling request to tcp:8.8.8.8:53 via tcp:x.x.x.x:443
2021/07/05 13:45:26 [Info] [2329269716] proxy/vless/outbound: tunneling request to tcp:mozilla.cloudflare-dns.com:443 via tcp:x.x.x.x:443
2021/07/05 13:45:26 [Info] [570307339] proxy/vless/outbound: tunneling request to tcp:dns.google.com:443 via tcp:x.x.x.x:443
2021/07/05 13:45:26 [Info] [2127283193] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: connection ends > context canceled
2021/07/05 13:45:26 [Info] [3385493977] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: connection ends > context canceled
2021/07/05 13:45:26 [Info] [2350005193] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: connection ends > context canceled
2021/07/05 13:45:26 [Info] [3982992082] app/proxyman/inbound: connection ends > proxy/dokodemo: connection ends > context canceled
2021/07/05 13:45:26 [Info] [2127283193] app/proxyman/inbound: connection ends > proxy/dokodemo: connection ends > context canceled
2021/07/05 13:45:26 [Info] [3385493977] app/proxyman/inbound: connection ends > proxy/dokodemo: connection ends > context canceled
2021/07/05 13:45:26 [Info] [2350005193] app/proxyman/inbound: connection ends > proxy/dokodemo: connection ends > context canceled
2021/07/05 13:45:27 [Info] [3982992082] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: connection ends > context canceled
2021/07/05 13:45:30 [Debug] [1103625470] proxy/dokodemo: processing connection from: 192.168.123.153:49383
2021/07/05 13:45:30 [Info] [1103625470] proxy/dokodemo: received request for 192.168.123.153:49383
2021/07/05 13:45:31 192.168.123.153:49383 accepted tcp:142.250.188.238:443 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:31 [Debug] [3989570455] proxy/dokodemo: processing connection from: 192.168.123.153:49393
2021/07/05 13:45:31 [Info] [3989570455] proxy/dokodemo: received request for 192.168.123.153:49393
2021/07/05 13:45:31 [Debug] [2694405077] proxy/dokodemo: processing connection from: 192.168.123.153:49384
2021/07/05 13:45:31 [Info] [2694405077] proxy/dokodemo: received request for 192.168.123.153:49384
2021/07/05 13:45:31 [Debug] [353641082] proxy/dokodemo: processing connection from: 192.168.123.153:49387
2021/07/05 13:45:31 [Info] [353641082] proxy/dokodemo: received request for 192.168.123.153:49387
2021/07/05 13:45:31 [Info] [1103625470] app/dispatcher: sniffed domain: chat.google.com
2021/07/05 13:45:31 [Info] [1103625470] app/dispatcher: default route for tcp:chat.google.com:443
2021/07/05 13:45:31 [Info] [1103625470] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:31 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:31 [Debug] [31445312] proxy/dokodemo: processing connection from: 192.168.123.153:49388
2021/07/05 13:45:31 [Info] [31445312] proxy/dokodemo: received request for 192.168.123.153:49388
2021/07/05 13:45:31 [Debug] [3636665488] proxy/dokodemo: processing connection from: 192.168.123.153:49389
2021/07/05 13:45:31 [Info] [3636665488] proxy/dokodemo: received request for 192.168.123.153:49389
2021/07/05 13:45:31 [Debug] [1680938772] proxy/dokodemo: processing connection from: 192.168.123.153:49391
2021/07/05 13:45:31 [Info] [1680938772] proxy/dokodemo: received request for 192.168.123.153:49391
2021/07/05 13:45:31 [Info] [2694405077] app/dispatcher: sniffed domain: play.google.com
2021/07/05 13:45:31 [Info] [2694405077] app/dispatcher: default route for tcp:play.google.com:443
2021/07/05 13:45:31 [Info] [2694405077] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:31 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:31 [Info] [353641082] app/dispatcher: default route for tcp:149.154.175.58:80
2021/07/05 13:45:31 [Info] [353641082] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:31 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:31 [Info] [31445312] app/dispatcher: default route for tcp:149.154.175.58:443
2021/07/05 13:45:31 [Info] [31445312] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:31 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:31 [Info] [3636665488] app/dispatcher: default route for tcp:149.154.175.50:443
2021/07/05 13:45:31 [Info] [3636665488] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:31 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:31 [Info] [1680938772] app/dispatcher: default route for tcp:149.154.175.50:80
2021/07/05 13:45:31 [Info] [1680938772] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:31 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:31 192.168.123.153:49384 accepted tcp:142.250.189.14:443 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:31 192.168.123.153:49387 accepted tcp:149.154.175.58:80 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:31 192.168.123.153:49388 accepted tcp:149.154.175.58:443 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:31 192.168.123.153:49389 accepted tcp:149.154.175.50:443 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:31 192.168.123.153:49391 accepted tcp:149.154.175.50:80 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:31 [Debug] [267188606] proxy/dokodemo: processing connection from: 192.168.123.153:49394
2021/07/05 13:45:31 [Info] [267188606] proxy/dokodemo: received request for 192.168.123.153:49394
2021/07/05 13:45:31 [Info] [3989570455] app/dispatcher: default route for tcp:172.217.14.68:443
2021/07/05 13:45:31 [Info] [3989570455] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:31 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:31 192.168.123.153:49393 accepted tcp:172.217.14.68:443 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:31 [Info] [267188606] app/dispatcher: sniffed domain: play.google.com
2021/07/05 13:45:31 [Info] [267188606] app/dispatcher: default route for tcp:play.google.com:443
2021/07/05 13:45:31 [Info] [267188606] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:31 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:31 192.168.123.153:49394 accepted tcp:142.250.189.14:443 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:31 [Info] [1103625470] proxy/vless/outbound: tunneling request to tcp:chat.google.com:443 via tcp:x.x.x.x:443
2021/07/05 13:45:31 [Info] [1680938772] proxy/vless/outbound: tunneling request to tcp:149.154.175.50:80 via tcp:x.x.x.x:443
2021/07/05 13:45:31 [Info] [353641082] proxy/vless/outbound: tunneling request to tcp:149.154.175.58:80 via tcp:x.x.x.x:443
2021/07/05 13:45:31 [Info] [3636665488] proxy/vless/outbound: tunneling request to tcp:149.154.175.50:443 via tcp:x.x.x.x:443
2021/07/05 13:45:31 [Info] [2694405077] proxy/vless/outbound: tunneling request to tcp:play.google.com:443 via tcp:x.x.x.x:443
2021/07/05 13:45:31 [Info] [31445312] proxy/vless/outbound: tunneling request to tcp:149.154.175.58:443 via tcp:x.x.x.x:443
2021/07/05 13:45:31 [Info] [267188606] proxy/vless/outbound: tunneling request to tcp:play.google.com:443 via tcp:x.x.x.x:443
2021/07/05 13:45:31 [Info] [3989570455] proxy/vless/outbound: tunneling request to tcp:172.217.14.68:443 via tcp:x.x.x.x:443
2021/07/05 13:45:32 [Info] [51568957] app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: connection ends > context canceled
2021/07/05 13:45:32 [Info] [51568957] app/proxyman/inbound: connection ends > proxy/dokodemo: connection ends > context canceled
2021/07/05 13:45:32 [Debug] [1257141048] proxy/dokodemo: processing connection from: 192.168.123.153:49396
2021/07/05 13:45:32 [Info] [1257141048] proxy/dokodemo: received request for 192.168.123.153:49396
2021/07/05 13:45:32 [Info] [1257141048] app/dispatcher: default route for tcp:149.154.175.50:443
2021/07/05 13:45:32 [Info] [1257141048] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:32 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:32 192.168.123.153:49396 accepted tcp:149.154.175.50:443 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:32 [Info] [1257141048] proxy/vless/outbound: tunneling request to tcp:149.154.175.50:443 via tcp:x.x.x.x:443
2021/07/05 13:45:33 [Debug] [2507141370] proxy/dokodemo: processing connection from: 192.168.1.2:20631
2021/07/05 13:45:33 [Info] [2507141370] proxy/dokodemo: received request for 192.168.1.2:20631
2021/07/05 13:45:33 [Info] [2507141370] app/dispatcher: default route for tcp:8.8.8.8:53
2021/07/05 13:45:33 [Info] [2507141370] transport/internet/tcp: dialing TCP to tcp:x.x.x.x:443
2021/07/05 13:45:33 [Debug] transport/internet: dialing to tcp:x.x.x.x:443
2021/07/05 13:45:33 192.168.1.2:20631 accepted tcp:8.8.8.8:53 [3af280f760884225a68cce86a5defc66]
2021/07/05 13:45:33 [Info] [2507141370] proxy/vless/outbound: tunneling request to tcp:8.8.8.8:53 via tcp:x.x.x.x:443
passwall 服务端 127.0.0.1:53: server misbehaving
[ERROR] 2021/07/12 11:32:44 github.com/p4gefau1t/trojan-go/proxy.(*Proxy).relayConnLoop.func1.1:proxy.go:66 proxy failed to dial connection | freedom failed to dial www.gstatic.com:80 | dial tcp: lookup www.gstatic.com on 127.0.0.1:53: server misbehaving
请问passwall支持trojan-go的smux吗
trojan-go选择开启的mux是smux还是ray系的mux?
停用负载均衡设置后,所有节点变成hasn值!!!
luci-app-passwall 4-28 在官方openwrt-19.07源码编译后打不开管理页面
显示
/usr/lib/lua/luci/controller/passwall.lua:11: module 'luci.model.cbi.passwall.api.kcptun' not found:
no field package.preload['luci.model.cbi.passwall.api.kcptun']
no file './luci/model/cbi/passwall/api/kcptun.lua'
no file '/usr/share/lua/luci/model/cbi/passwall/api/kcptun.lua'
no file '/usr/share/lua/luci/model/cbi/passwall/api/kcptun/init.lua'
no file '/usr/lib/lua/luci/model/cbi/passwall/api/kcptun.lua'
no file '/usr/lib/lua/luci/model/cbi/passwall/api/kcptun/init.lua'
no file './luci/model/cbi/passwall/api/kcptun.so'
no file '/usr/lib/lua/luci/model/cbi/passwall/api/kcptun.so'
no file '/usr/lib/lua/loadall.so'
no file './luci.so'
no file '/usr/lib/lua/luci.so'
no file '/usr/lib/lua/loadall.so'
stack traceback:
[C]: in function 'require'
/usr/lib/lua/luci/controller/passwall.lua:11: in main chunk
[C]: in function 'require'
/usr/lib/lua/luci/dispatcher.lua:1081: in function 'createindex'
/usr/lib/lua/luci/dispatcher.lua:1192: in function 'createtree'
/usr/lib/lua/luci/dispatcher.lua:694: in function 'menu_json'
/usr/lib/lua/luci/dispatcher.lua:795: in function 'dispatch'
/usr/lib/lua/luci/dispatcher.lua:478: in function </usr/lib/lua/luci/dispatcher.lua:477>
自定义dns转发,在dnsmasq规则产生时候出现错误
当dnsmasq存在 /xxx.com/114.114.114.114 的自定义转发的时候,
在/var/etc/dnsmasq.d下面的规则转发变成了 形如 /google.com//xxx.com/114.114.114.114
最后导致不少域名解析失败。
建议在产生的时候过滤掉一些不合理的结果。
谢谢!
4.29版本使用一段时间后,出现Too many open files的问题,导致不可用
暂时退回4.26版本
4-30版本订阅报错!!!(见截图)
无法代理udp dns 53端口
开启了UDP代理,并检测为FullCone
局域网设备测试nslookup
$ nslookup google.com 8.8.8.8
;; connection timed out; no servers could be reached
如果使用tcp
$ nslookup -vc google.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: google.com
Address: 74.125.24.102
Name: google.com
Address: 74.125.24.139
Name: google.com
Address: 74.125.24.101
Name: google.com
Address: 74.125.24.138
Name: google.com
Address: 74.125.24.113
Name: google.com
Address: 74.125.24.100
Name: google.com
Address: 2404:6800:4003:c03::64
Name: google.com
Address: 2404:6800:4003:c03::66
Name: google.com
Address: 2404:6800:4003:c03::8b
Name: google.com
Address: 2404:6800:4003:c03::65
路由器的dns
$ nslookup google.com 192.168.2.1
Server: 192.168.2.1
Address: 192.168.2.1#53
Non-authoritative answer:
Name: google.com
Address: 74.125.24.139
Name: google.com
Address: 74.125.24.138
Name: google.com
Address: 74.125.24.102
Name: google.com
Address: 74.125.24.101
Name: google.com
Address: 74.125.24.113
Name: google.com
Address: 74.125.24.100
关于防火墙redirect和tproxy请教
我阅读了xray的透明代理教程,发现全篇使用的是mangle表,没有使用nat表。
然后我去看了下passwall的防火规则,发现v4同时存在mangle的tproxy和nat的redirect规则,请问这里nat的redirect规则起到什么作用?我观察流量统计,流量也几乎全走的mangle表,差不多6g,而nat只有1.6m。
关于直连名单无法生效问题
我是爱快虚拟的openwrt,然后用的passwall,手动添加了一下国内pt站点域名进直连名单中,保存并应用后经测试无法生效,登录各pt站的网页的时候发现还是走的代理。。。请问这是什么情况呢?
trojan-go的指纹伪造无法使用
trojan-go将指纹伪造设置成firefox或chrome都会自动变回停用,是bug吗?
xray的指纹伪造设置就正常
今天刚编译的passwall最新版本
brook长时占用100%CPU / ss-redir长时占用25%
4-27 使用自动切换功能主节点会断流,频繁的切换
原本以为是节点问题,换成一个很稳的节点仍然频繁断流、切换,关闭自动切换后断流就没有出现。
主节点vless,自动切换备用节点 Vmess
旁路由模式 勾选防火墙LAN口的IP动态伪装后 电脑端和无线端都无法访问本地网络 去掉的话 无线端访问代理不流畅 一直转圈 不加载 电脑端貌似不影响
passwall使用分流节点google商店下载一直转圈
宿主固件为大雕18.06,x86-64
这个问题应该五月份就发现了,之前没事。
使用分流节点google商店能搜索但是下载不了,要把网断开一下才能开始下载,如果直接选个tcp节点就没问题,其他都是默认设置。不知道本来就是这样还是什么原因,想求个答案。
OpenWrt 21.02.0-rc3 X86异常
OpenWrt 21.02.0-rc3 X86异常
刚启动就报错,然后就不停的切换节点,日志如下:
2021-07-27 15:25:41: 系统不兼容,终止执行!
2021-07-27 15:25:41: 重启 dnsmasq 服务
2021-07-27 15:25:41: 配置定时任务:自动更新节点订阅。
2021-07-27 15:25:41: 运行完成!
2021-07-27 15:26:08: 自动切换检测:TCP节点【Xray:[分流总节点]】异常,切换到下一个备用节点检测!
2021-07-27 15:26:55: 自动切换检测:TCP节点【Trojan-Go:[cdn1]】异常,切换到下一个备用节点检测!
2021-07-27 15:27:42: 自动切换检测:TCP节点【Trojan-Go:[cdn2]】异常,切换到下一个备用节点检测!
2021-07-27 15:28:30: 自动切换检测:TCP节点【Trojan-Go:[cdn3]】异常,切换到下一个备用节点检测!
节点是正常的,在windows平台使用qvr2ay可以正常使用。
7月27日编译的最新版本,系统日志中有这么一段,这个是否有影响?
Tue Jul 27 05:44:38 2021 daemon.notice procd: /etc/rc.d/S91ssrs: * Populating IPv6 nat table
Tue Jul 27 05:44:38 2021 daemon.notice procd: /etc/rc.d/S91ssrs: Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_lan_rule'
Tue Jul 27 05:44:38 2021 daemon.notice procd: /etc/rc.d/S91ssrs: Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_lan_rule'
Tue Jul 27 05:44:38 2021 daemon.notice procd: /etc/rc.d/S91ssrs: Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_wan_rule'
Tue Jul 27 05:44:38 2021 daemon.notice procd: /etc/rc.d/S91ssrs: Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_wan_rule'
Tue Jul 27 05:44:38 2021 daemon.notice procd: /etc/rc.d/S91ssrs: Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_rule'
Tue Jul 27 05:44:38 2021 daemon.notice procd: /etc/rc.d/S91ssrs: Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_rule'
以上这些rule我在防火墙列表中,发现是存在的。
升级到4-28,访问控制(ACL)出问题了。
以前的设置也不能用,也不能修改,删除,添加。
编译出来的passwall.ipk文件名是版本号缺失的,建议修复下(已经这样好久了,今天忍不住issues了一下)
请教一下如何编译可以让v2ray和xray共存…(或者如何编译使用v2ray)
额…其实就是xray现在在连grpc的时候有点小问题(会睡死)…v2ray好像解决了这个问题…其实xray的pr也解决了这个问题但是r大最近挺忙一直没有merge……
所以想用grpc的话大约也许可能得用一下v2ray…
编译的时候已经莫得这个选项了……
该怎么编译才能玩啊……
X86,原版固件编译,SS不能用,SSR正常
2021-07-19 23:48:18 INFO: plugin "obfs-local" enabled
2021-07-19 23:48:18 INFO: initializing ciphers... xchacha20-ietf-poly1305
No such file or directory
2021-07-19 23:48:18 INFO: listening at 0.0.0.0:1041
2021-07-19 23:48:18 INFO: tcp port reuse enabled
2021-07-19 23:48:18 INFO: UDP relay enabled
2021-07-19 23:48:18 INFO: udp port reuse enabled
2021-07-19 23:48:18 INFO: running from root user
2021-07-19 23:48:18 ERROR: plugin service exit unexpectedly
2021-07-19 23:48:18 INFO: error on terminating the plugin.
直连列表失效
設置直连列表是完全失效的
Hi, is it possible to make all my traffic passthrough, except only those Netflix related.
There are 5 modes down there in the drop list,
no proxy,
global,
gfw,
china,
not china
Unfortunately none of them seems to fit, is there a way to make my own one which effects only to Netflix?
Thanks.
访问控制列表的样式有问题,烦请修复一下,谢谢!
最新Naiveproxy编译不通过
如题,昨晚更新的Naiveproxy编译不通过
openwrt-21.02编译报错
编译原版openwrt时报错,v2ray-plugin编译总是失败
GFW列表好像没生效和**列表外效果一样,win10电脑天气定位会跑到国外
最近lean源码5.10编译的出现,之前5.4源码是正常的,不知道是哪里问题
可否考虑在”routing“中加入”domainMatcher“项目
domainMatcher
设置值为mph
时,好像有更好的域名匹配性能。
https://www.v2fly.org/config/routing.html
文档是v2ray的,但是xray也能通过配置文件检测:
> xray run -c /path/to/test.json -test
> Xray 1.4.2 (Xray, Penetrates Everything.) OpenWrt (go1.16.6 linux/arm)
A unified platform for anti-censorship.
2021/07/27 18:08:46 [Info] infra/conf/serial: Reading config: /path/to/test.json
Configuration OK.
还没有测试过性能变化。
为啥7月开始固件版本要同步官方op
之前的版本蛮好用,7月第一版一刷还以为砖了,从弱电箱找出来发现版本变了,又重新配置,发现多线多拨用不了(也可能是我技术不行)。移除了京东签到,自己装的不管是1.0.3还是5都显示不出来二维码,自己填了cookies,也无法使用。想刷回7月之前版本zz。。。。。
使用了一段时间后 (1个小时-3个小时) 访问不了网页,应该是DNS的问题
试过了几个固件版本的Openwrt,也试过自己编译。
运行起来改IP和WAN口信息,打开了 Turbo Acc 里面的 DNS 缓存,其它插件没动。
直接配置Passwall,添加节点,启用,更新规则,DNS是默认的 pdnsd (8.8.8.8),一开始用的好好的,过一段时间后访问不了网页了。手机微信,手机youtube正常,所以我觉得是DNS这方面的问题,但是想不通啥问题,不知道还要提供什么信息,希望大佬给点头绪,我在回复那里提供信息。
TPROXY代理方式迷之问题
非常感谢各位大侠的无私贡献,最近开始体验 paswall 用着很舒心,但是遇到一点问题,希望能获得大佬指点一二。
症状:TPROXY代理方式下,局域网设备无法扶墙,各种情况测试结果如下。
TCP代理方式 | 局域网设备扶墙 | 路由器本身扶墙 | Wireguard设备扶墙 | 谷歌连接检测结果 |
---|---|---|---|---|
默认 | 正常 | 正常 | 正常 | 正常 |
REDIRECT | 正常 | 正常 | 正常 | 正常 |
TPROXY | 失败 | 正常 | 正常 | 正常 |
paswall 版本信息:
PKG_NAME:=luci-app-passwall
PKG_VERSION:=4
PKG_RELEASE:=28
PKG_DATE:=20210712
openwrt 信息:
openwrt 21.02 rc3
用的 immortalwrt 的 uboot-rockchip 以及 target/linux/rockchip 以及用 r8168
Linux R4S 5.4.128 #0 SMP PREEMPT Wed Jun 30 20:01:25 2021 aarch64 GNU/Linux
自行编译
软路由信息:
Friendlyarm NanoPi R4S 4GB
网络环境:
电信千兆,桥接光猫,pppoe 拨号,双栈公网
其他内置软件:
docker, wireguard, nfs, ddns, upnp, adblock, acme, nlbwmon, luci-app-statistics
日志信息:
2021-07-18 17:00:01: 删除相关防火墙规则完成。
2021-07-18 17:00:04: 重启 dnsmasq 服务
2021-07-18 17:00:04: 清空并关闭相关程序和缓存完成。
2021-07-18 17:00:05: TCP节点:[❻H2.此处隐去节点名称 [NF] [h2] [1]]xxxx.xxxx.xxxxx:2096,监听端口:1041
2021-07-18 17:00:05: UDP节点没有选择或为空,不代理UDP。
2021-07-18 17:00:05: 过滤服务配置:准备接管域名解析...
2021-07-18 17:00:05: + [0]Pdnsd (127.0.0.1:7913)...
2021-07-18 17:00:05: | - [0]上游DNS:8.8.8.8:53
2021-07-18 17:00:05: - 域名解析:pdnsd + 使用(TCP节点)解析域名...
2021-07-18 17:00:05: * 请确认上游 DNS 支持 TCP 查询,如非直连地址,确保 TCP 代理打开,并且已经正确转发!
2021-07-18 17:00:05: - [0]节点列表中的域名(vpsiplist):116.228.111.118,180.168.255.18
2021-07-18 17:00:05: - [0]域名白名单(whitelist):116.228.111.118,180.168.255.18
2021-07-18 17:00:05: - [0]节点订阅域名(whitelist):116.228.111.118,180.168.255.18
2021-07-18 17:00:05: - [0]代理域名表(blacklist):127.0.0.1#7913
2021-07-18 17:00:06: - [0]防火墙域名表(gfwlist):127.0.0.1#7913
2021-07-18 17:00:13: - [0]**域名表(chnroute):116.228.111.118,180.168.255.18
2021-07-18 17:00:13: 开始加载防火墙规则...
2021-07-18 17:00:13: 加入负载均衡的节点到ipset[vpsiplist]直连完成
2021-07-18 17:00:13: 加入所有节点到ipset[vpsiplist]直连完成
2021-07-18 17:00:13: 加载路由器自身 TCP 代理...
2021-07-18 17:00:13: - 启用 TPROXY 模式
2021-07-18 17:00:13: - [0]将上游 DNS 服务器 8.8.8.8:53 加入到路由器自身代理的 TCP 转发链2
2021-07-18 17:00:14: TCP默认代理:使用TCP节点 防火墙列表代理所有端口
2021-07-18 17:00:14: 防火墙规则加载完成!
2021-07-18 17:00:17: 重启 dnsmasq 服务
2021-07-18 17:00:18: 运行完成!
TCP.log 信息如下(部分):
Xray 1.4.2 (Xray, Penetrates Everything.) OpenWrt (go1.16.5 linux/arm64)
A unified platform for anti-censorship.
2021/07/18 17:02:06 [Info] infra/conf/serial: Reading config: /var/etc/passwall/TCP.json
2021/07/18 17:02:06 [Debug] app/log: Logger started
2021/07/18 17:02:06 [Debug] app/proxyman/inbound: creating stream worker on 0.0.0.0:1041
2021/07/18 17:02:06 [Info] transport/internet/tcp: listening TCP on 0.0.0.0:1041
2021/07/18 17:02:06 [Warning] core: Xray 1.4.2 started
2021/07/18 17:02:29 [Debug] [1277473509] proxy/dokodemo: processing connection from: 58.41.13.6:47763
2021/07/18 17:02:29 [Info] [1277473509] proxy/dokodemo: received request for 58.41.13.6:47763
2021/07/18 17:02:29 [Info] [1277473509] app/dispatcher: default route for tcp:8.8.8.8:53
2021/07/18 17:02:29 58.41.13.6:47763 accepted tcp:8.8.8.8:53 [3987f6dfc4da4c4888a7c6dc685b0121]
2021/07/18 17:02:29 [Debug] transport/internet: dialing to tcp:hkbnjl0.zhs.company:2096
2021/07/18 17:02:30 [Debug] [4144790889] proxy/dokodemo: processing connection from: 58.41.13.6:43238
2021/07/18 17:02:30 [Info] [4144790889] proxy/dokodemo: received request for 58.41.13.6:43238
2021/07/18 17:02:30 [Info] [4144790889] app/dispatcher: default route for tcp:8.8.8.8:53
2021/07/18 17:02:30 58.41.13.6:43238 accepted tcp:8.8.8.8:53 [3987f6dfc4da4c4888a7c6dc685b0121]
2021/07/18 17:02:30 [Info] [1277473509] proxy/vmess/outbound: tunneling request to tcp:8.8.8.8:53 via tcp:hkbnjl0.zhs.company:2096
2021/07/18 17:02:30 [Info] [4144790889] proxy/vmess/outbound: tunneling request to tcp:8.8.8.8:53 via tcp:hkbnjl0.zhs.company:2096
2021/07/18 17:02:30 [Debug] [1186422243] proxy/dokodemo: processing connection from: 58.41.13.6:48925
2021/07/18 17:02:30 [Info] [1186422243] proxy/dokodemo: received request for 58.41.13.6:48925
2021/07/18 17:02:30 [Info] [1186422243] app/dispatcher: default route for tcp:8.8.8.8:53
2021/07/18 17:02:30 58.41.13.6:48925 accepted tcp:8.8.8.8:53 [3987f6dfc4da4c4888a7c6dc685b0121]
2021/07/18 17:02:30 [Debug] [3016637425] proxy/dokodemo: processing connection from: 58.41.13.6:26848
2021/07/18 17:02:30 [Info] [3016637425] proxy/dokodemo: received request for 58.41.13.6:26848
2021/07/18 17:02:30 [Info] [3016637425] app/dispatcher: default route for tcp:8.8.8.8:53
2021/07/18 17:02:30 58.41.13.6:26848 accepted tcp:8.8.8.8:53 [3987f6dfc4da4c4888a7c6dc685b0121]
2021/07/18 17:02:30 [Info] [1186422243] proxy/vmess/outbound: tunneling request to tcp:8.8.8.8:53 via tcp:hkbnjl0.zhs.company:2096
2021/07/18 17:02:30 [Info] [3016637425] proxy/vmess/outbound: tunneling request to tcp:8.8.8.8:53 via tcp:hkbnjl0.zhs.company:2096
2021/07/18 17:02:31 [Debug] [3830069137] proxy/dokodemo: processing connection from: 58.41.13.6:40970
2021/07/18 17:02:31 [Info] [3830069137] proxy/dokodemo: received request for 58.41.13.6:40970
2021/07/18 17:02:31 [Info] [3830069137] app/dispatcher: sniffed domain: www.google.com
2021/07/18 17:02:31 [Info] [3830069137] app/dispatcher: default route for tcp:www.google.com:443
2021/07/18 17:02:31 58.41.13.6:40970 accepted tcp:172.217.174.196:443 [3987f6dfc4da4c4888a7c6dc685b0121]
2021/07/18 17:02:31 [Info] [3830069137] proxy/vmess/outbound: tunneling request to tcp:www.google.com:443 via tcp:hkbnjl0.zhs.company:2096
2021/07/18 17:02:31 [Info] [1277473509] app/proxyman/inbound: connection ends > proxy/dokodemo: connection ends > context canceled
2021/07/18 17:02:31 [Info] [1277473509] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: connection ends > context canceled
2021/07/18 17:02:31 [Info] [4144790889] app/proxyman/inbound: connection ends > proxy/dokodemo: connection ends > context canceled
2021/07/18 17:02:31 [Info] [4144790889] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: connection ends > context canceled
2021/07/18 17:02:32 [Info] [1186422243] app/proxyman/inbound: connection ends > proxy/dokodemo: connection ends > context canceled
2021/07/18 17:02:32 [Info] [3016637425] app/proxyman/inbound: connection ends > proxy/dokodemo: connection ends > context canceled
2021/07/18 17:02:32 [Info] [3016637425] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: connection ends > context canceled
2021/07/18 17:02:32 [Info] [1186422243] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: connection ends > context canceled
2021/07/18 17:02:35 [Debug] [3979918850] proxy/dokodemo: processing connection from: 58.41.13.6:45977
2021/07/18 17:02:35 [Info] [3979918850] proxy/dokodemo: received request for 58.41.13.6:45977
2021/07/18 17:02:35 [Info] [3979918850] app/dispatcher: default route for tcp:8.8.8.8:53
2021/07/18 17:02:35 58.41.13.6:45977 accepted tcp:8.8.8.8:53 [3987f6dfc4da4c4888a7c6dc685b0121]
2021/07/18 17:02:35 [Debug] [1953975629] proxy/dokodemo: processing connection from: 58.41.13.6:7921
2021/07/18 17:02:35 [Info] [1953975629] proxy/dokodemo: received request for 58.41.13.6:7921
2021/07/18 17:02:35 [Info] [1953975629] app/dispatcher: default route for tcp:8.8.8.8:53
2021/07/18 17:02:35 58.41.13.6:7921 accepted tcp:8.8.8.8:53 [3987f6dfc4da4c4888a7c6dc685b0121]
2021/07/18 17:02:35 [Info] [3979918850] proxy/vmess/outbound: tunneling request to tcp:8.8.8.8:53 via tcp:hkbnjl0.zhs.company:2096
2021/07/18 17:02:35 [Info] [1953975629] proxy/vmess/outbound: tunneling request to tcp:8.8.8.8:53 via tcp:hkbnjl0.zhs.company:2096
2021/07/18 17:02:36 [Debug] [2428850977] proxy/dokodemo: processing connection from: 58.41.13.6:38334
2021/07/18 17:02:36 [Info] [2428850977] proxy/dokodemo: received request for 58.41.13.6:38334
2021/07/18 17:02:36 [Info] [2428850977] app/dispatcher: sniffed domain: downloads.openwrt.org
2021/07/18 17:02:36 [Info] [2428850977] app/dispatcher: default route for tcp:downloads.openwrt.org:443
2021/07/18 17:02:36 58.41.13.6:38334 accepted tcp:168.119.138.211:443 [3987f6dfc4da4c4888a7c6dc685b0121]
2021/07/18 17:02:36 [Info] [2428850977] proxy/vmess/outbound: tunneling request to tcp:downloads.openwrt.org:443 via tcp:hkbnjl0.zhs.company:2096
2021/07/18 17:02:37 [Info] [3979918850] app/proxyman/inbound: connection ends > proxy/dokodemo: connection ends > context canceled
2021/07/18 17:02:37 [Info] [3979918850] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: connection ends > context canceled
2021/07/18 17:02:37 [Info] [1953975629] app/proxyman/inbound: connection ends > proxy/dokodemo: connection ends > context canceled
2021/07/18 17:02:37 [Info] [1953975629] app/proxyman/outbound: failed to process outbound traffic > proxy/vmess/outbound: connection ends > context canceled
passwall 配置文件信息:
config global
option socks_enabled '0'
option udp_node 'nil'
option dns_mode 'pdnsd'
option up_china_dns 'default'
option dns_forward '8.8.8.8'
option udp_proxy_mode 'chnroute'
option localhost_tcp_proxy_mode 'default'
option localhost_udp_proxy_mode 'default'
option close_log_tcp '0'
option close_log_udp '0'
option trojan_loglevel '2'
option enabled '1'
option tcp_proxy_mode 'gfwlist'
option tcp_node '3987f6dfc4da4c4888a7c6dc685b0121'
option loglevel 'debug'
config global_haproxy
option balancing_enable '0'
config global_delay
option auto_on '0'
option start_daemon '0'
option start_delay '1'
config global_forwarding
option process '0'
option tcp_no_redir_ports 'disable'
option udp_redir_ports '1:65535'
option proxy_ipv6 '0'
option udp_no_redir_ports 'disable'
option tcp_redir_ports '1:65535'
option accept_icmp '1'
option tcp_proxy_way 'tproxy'
config global_other
option nodes_ping 'auto_ping tcping'
option ipv6_tproxy '0'
option status 'big_icon'
config global_rules
option auto_update '0'
option chnlist_update '1'
option chnroute_update '1'
option chnroute6_update '1'
option gfwlist_update '1'
option gfwlist_url 'https://cdn.jsdelivr.net/gh/YW5vbnltb3Vz/domain-list-community@release/gfwlist.txt'
option chnroute_url 'https://ispip.clang.cn/all_cn.txt'
option chnroute6_url 'https://ispip.clang.cn/all_cn_ipv6.txt'
list chnlist_url 'https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/accelerated-domains.china.conf'
list chnlist_url 'https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/apple.china.conf'
list chnlist_url 'https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/google.china.conf'
option xray_location_asset '/usr/share/xray/'
option geosite_update '1'
option geoip_update '1'
config global_app
option xray_file '/usr/bin/xray'
option trojan_go_file '/usr/bin/trojan-go'
option kcptun_client_file '/usr/bin/kcptun-client'
option brook_file '/usr/bin/brook'
config global_subscribe
option subscribe_proxy '0'
option auto_update_subscribe '0'
option allowInsecure '1'
option filter_keyword_mode '2'
list filter_keep_list 'HK'
list filter_keep_list 'SG'
config auto_switch
option enable '0'
option testing_time '1'
option connect_timeout '3'
option retry_num '3'
config nodes '696cd32c1d5149ee95fd1b3accbad6df'
option remarks '分流总节点'
option type 'Xray'
option protocol '_shunt'
option youtube 'nil'
option netflix 'nil'
option TVB 'nil'
option Telegram 'nil'
option default_node 'nil'
option default_proxy '0'
option domainStrategy 'IPIfNonMatch'
config shunt_rules 'ads'
option remarks '广告'
option domain_list 'geosite:category-ads'
config shunt_rules 'China'
option remarks 'China'
option domain_list 'geosite:cn'
option ip_list 'geoip:cn'
config shunt_rules 'Telegram'
option remarks 'Telegram'
option ip_list '149.154.160.0/20
91.108.4.0/22
91.108.56.0/24
109.239.140.0/24
67.198.55.0/24'
config shunt_rules 'youtube'
option remarks 'youtube'
option domain_list 'youtube
youtube.com
youtu.be
googlevideo.com
ytimg.com
gvt2.com'
config shunt_rules 'netflix'
option remarks '奈飞'
option domain_list 'fast.com
netflix
netflix.com
netflix.net
nflxso.net
nflxext.com
nflximg.com
nflximg.net
nflxvideo.net
netflixdnstest0.com
netflixdnstest1.com
netflixdnstest2.com
netflixdnstest3.com
netflixdnstest4.com
netflixdnstest5.com
netflixdnstest6.com
netflixdnstest7.com
netflixdnstest8.com
netflixdnstest9.com'
config shunt_rules 'TVB'
option remarks 'TVB'
option domain_list 'tvb.com
mytvsuper.com'
...
[new future] 关于tcping真实延迟的feature
想要检测真实延迟,而不是tcping的延迟,tcping延迟有可能是不准确的,比如当服务器还有国内中转的时候,真实延迟永远测不准
已经设置成全局访问了,QQ的居然没有经过代理
xray vmess无法使用
新手第一次尝试编译passwall,节点在windows v2rayN客户端中使用是可以正常访问google的
尝试在openwrt中passwall使用v2ray一直不成功
以下是我选的passwall选项
[ ] Include Brook
[*] Include ChinaDNS-NG
[ ] Include Dns2socks
[ ] Include Haproxy
[ ] Include Kcptun
[ ] Include NaiveProxy
[ ] Include PDNSD
[*] Include Shadowsocks Libev Client
[ ] Include Shadowsocks Libev Server
[ ] Include Shadowsocks Rust Client
[*] Include ShadowsocksR Libev Client
[ ] Include ShadowsocksR Libev Server
[*] Include Simple-Obfs (Shadowsocks Plugin)
[ ] Include Trojan-GO
[*] Include Trojan-Plus
[*] Include V2ray-Plugin (Shadowsocks Plugin)
[*] Include Xray
目前状况是我手动订阅获取到了节点,成功启动tcp和udp进程,但是就是访问不了google
root@OpenWrt:/# ps | grep passwall
5010 root 21904 R /var/etc/passwall/bin/xray -config=/var/etc/passwall
5060 root 21904 R /var/etc/passwall/bin/xray -config=/var/etc/passwall
9711 root 1352 R grep passwall
root@OpenWrt:/# cat tmp/log/passwall.log
2021-07-06 12:22:35: 删除相关防火墙规则完成。
2021-07-06 12:22:39: 重启 dnsmasq 服务
2021-07-06 12:22:39: 清空并关闭相关程序和缓存完成。
2021-07-06 12:22:39: 没有选择节点!
2021-07-06 12:22:40: 运行于非代理模式,仅允许服务启停的定时任务。
2021-07-06 12:22:40: 运行完成!
2021-07-06 12:22:40: 开始订阅...
2021-07-06 12:22:44: 成功解析节点数量: 23
2021-07-06 12:22:47: 订阅完毕...
2021-07-06 12:22:48: 删除相关防火墙规则完成。
2021-07-06 12:22:53: 重启 dnsmasq 服务
2021-07-06 12:22:53: 清空并关闭相关程序和缓存完成。
2021-07-06 12:22:53: 没有选择节点!
2021-07-06 12:22:53: 运行于非代理模式,仅允许服务启停的定时任务。
2021-07-06 12:22:54: 运行完成!
2021-07-06 12:23:23: 删除相关防火墙规则完成。
2021-07-06 12:23:27: 重启 dnsmasq 服务
2021-07-06 12:23:27: 清空并关闭相关程序和缓存完成。
2021-07-06 12:23:28: TCP节点:[**1 Hinet]211.21.92.117:543,监听端口:1041
2021-07-06 12:23:29: UDP节点:[**1 Hinet]211.21.92.117:543,监听端口:1051
2021-07-06 12:23:29: 过滤服务配置:准备接管域名解析...
2021-07-06 12:23:29: - 不过滤DNS...
2021-07-06 12:23:29: - 不对域名进行分流解析
2021-07-06 12:23:29: 开始加载防火墙规则...
2021-07-06 12:23:34: 加入所有节点到ipset[vpsiplist]直连完成
2021-07-06 12:23:34: 加入负载均衡的节点到ipset[vpsiplist]直连完成
2021-07-06 12:23:36: 加载路由器自身 TCP 代理...
2021-07-06 12:23:36: 加载路由器自身 UDP 代理...
2021-07-06 12:23:36: - [0]不代理 UDP 端口:80,443
2021-07-06 12:23:36: TCP默认代理:使用TCP节点 [**列表以外](REDIRECT:1041)代理所有端口
2021-07-06 12:23:37: UDP默认代理:使用UDP节点 [**列表以外](TPROXY:1051)代理除80,443外的所有端口
2021-07-06 12:23:37: 防火墙规则加载完成!
2021-07-06 12:23:41: 重启 dnsmasq 服务
2021-07-06 12:23:42: 运行完成!
请问一下,我该如何入手排查问题?谢谢
官方openwrt 21.02.0-rc3中安装后在登录路由器前会暴露菜单
kcptun版本更新
tor无法连接
更新了最近的版本后,发现tor无法连接,但是在本地使用同样的线路,设置socks代理,就能正常连接。
UDP代理(11.1.1.1)泄漏
这种情况自Fake IP模式开发出来后就一直存在,目前的passwall版本是4-29,服务端日志如下:
2021/07/19 21:51:09 myIP:0 accepted tcp:pagead2.googlesyndication.com:443 [block]
2021/07/19 21:51:09 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:09 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:10 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:10 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:11 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:11 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:13 myIP:0 accepted tcp:mtalk.google.com:5228 [direct]
2021/07/19 21:51:15 myIP:0 accepted tcp:youtubei.googleapis.com:443 [direct]
2021/07/19 21:51:15 myIP:0 accepted tcp:i.ytimg.com:443 [direct]
2021/07/19 21:51:16 myIP:0 accepted tcp:suggestqueries.google.com:443 [direct]
2021/07/19 21:51:17 myIP:0 accepted tcp:youtubei.googleapis.com:443 [direct]
2021/07/19 21:51:17 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:17 myIP:0 accepted tcp:redirector.googlevideo.com:443 [direct]
2021/07/19 21:51:17 myIP:0 accepted tcp:redirector.googlevideo.com:443 [direct]
2021/07/19 21:51:17 myIP:0 accepted tcp:redirector.googlevideo.com:443 [direct]
2021/07/19 21:51:18 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:18 myIP:0 accepted tcp:r3---sn-a5meknl6.googlevideo.com:443 [direct]
2021/07/19 21:51:18 myIP:0 accepted tcp:r2---sn-a5msen7l.googlevideo.com:443 [direct]
2021/07/19 21:51:18 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:19 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:19 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:19 myIP:0 accepted tcp:r6---sn-a5mekney.googlevideo.com:443 [direct]
2021/07/19 21:51:19 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:19 myIP:0 accepted tcp:r1---sn-a5meknzs.googlevideo.com:443 [direct]
2021/07/19 21:51:19 myIP:0 accepted tcp:r1---sn-a5meknzs.googlevideo.com:443 [direct]
2021/07/19 21:51:19 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:19 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:19 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:20 myIP:0 accepted tcp:r1---sn-a5meknzs.googlevideo.com:443 [direct]
2021/07/19 21:51:20 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:21 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:21 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:21 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:21 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:21 myIP:0 accepted tcp:r1---sn-a5mlrn7z.googlevideo.com:443 [direct]
2021/07/19 21:51:22 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:22 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:22 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:22 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:23 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:23 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:23 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:23 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:25 myIP:0 accepted udp:11.1.1.1:443 [block]
2021/07/19 21:51:25 myIP:0 accepted tcp:mtalk.google.com:5228 [direct]
2021/07/19 21:51:26 myIP:0 accepted tcp:mtalk.google.com:5228 [direct]
2021/07/19 21:51:28 myIP:0 accepted tcp:play.googleapis.com:443 [direct]
看u2b视频时情况特别严重,因服务端接收过多的UDP:11.1.1.1请求,一开始在iptables里添加了drop 11.1.1.1的防火墙出站过滤规则,后来发现包太多,于是就在xray config中设置blocked了。
且本地WAN口(PPPoE)也会发出11.1.1.1请求,只不过量没有被代理发向服务端的那么大,同样在本地防火墙采取了措施:
root@openwrt:/# iptables -nvL |grep 11.1.1.1
19 1000 zone_wan_dest_DROP all -- * * 0.0.0.0/0 11.1.1.1 /* !fw3: drop11.1.1.1 */
客户端配置方式:
root@openwrt:/# cat /overlay/upper/etc/config/passwall
config global
option up_china_dns 'default'
option loglevel 'warning'
option trojan_loglevel '2'
option enabled '1'
option tcp_node '696cd32c1d5149ee95fd1b3accbad6df'
option socks_enabled '0'
option udp_proxy_mode 'gfwlist'
option dns_mode 'fake_ip'
option tcp_proxy_mode 'chnroute'
option udp_node 'tcp'
option localhost_tcp_proxy_mode 'default'
option localhost_udp_proxy_mode 'default'
option close_log_tcp '0'
option close_log_udp '0'
config global_haproxy
option balancing_enable '0'
config global_delay
option auto_on '0'
option start_delay '1'
option start_daemon '1'
config global_forwarding
option process '0'
option tcp_no_redir_ports 'disable'
option proxy_ipv6 '0'
option accept_icmp '0'
option tcp_redir_ports '1:65535'
option udp_no_redir_ports 'disable'
option udp_redir_ports '1:65535'
option tcp_proxy_way 'tproxy'
config global_other
option status 'big_icon show_check_port show_ip111'
option ipv6_tproxy '0'
option nodes_ping 'tcping info'
config global_rules
option chnlist_update '1'
option chnroute_update '1'
option chnroute6_update '1'
option gfwlist_update '1'
option gfwlist_url 'https://cdn.jsdelivr.net/gh/Loukky/gfwlist-by-loukky/gfwlist.txt'
option chnroute6_url 'https://ispip.clang.cn/all_cn_ipv6.txt'
list chnlist_url 'https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/accelerated-domains.china.conf'
list chnlist_url 'https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/apple.china.conf'
list chnlist_url 'https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/google.china.conf'
option xray_location_asset '/usr/share/xray/'
option geosite_update '1'
option geoip_update '1'
option auto_update '1'
option week_update '7'
option time_update '6'
option chnroute_url 'https://ispip.clang.cn/all_cn.txt'
config global_app
option xray_file '/usr/bin/xray'
option trojan_go_file '/usr/bin/trojan-go'
option kcptun_client_file '/usr/bin/kcptun-client'
option brook_file '/usr/bin/brook'
config global_subscribe
option subscribe_proxy '0'
option auto_update_subscribe '0'
option allowInsecure '1'
option filter_keyword_mode '1'
list filter_discard_list '过期时间'
list filter_discard_list '剩余流量'
list filter_discard_list 'QQ群'
list filter_discard_list '官网'
config auto_switch
option testing_time '1'
option enable '0'
config nodes '696cd32c1d5149ee95fd1b3accbad6df'
option type 'Xray'
option default_proxy '0'
option protocol '_balancing'
option domainStrategy 'AsIs'
option remarks 'HA_tcp'
list balancing_node '17fa59001c1749a1af8050212f030ab3'
list balancing_node 'e1705be319b04ec0aa5c875b1f71a2a7'
list balancing_node '79fa15198586414dbb03283c3db1b81b'
list balancing_node 'aa43bb674eb949ab98fe450ec9871445'
list balancing_node '9921952c832044a3baf9f8403778ec48'
list balancing_node '1d66dc6145504edfa614fa0b3055cc6e'
list balancing_node '25696e32c21d42afadc1ff8d964a1205'
list balancing_node '26900939eff24497a1001d3ea966096e'
config shunt_rules 'ads'
option remarks '广告'
option domain_list 'geosite:category-ads'
option protocol 'http tls bittorrent'
config shunt_rules 'China'
option remarks 'China'
option domain_list 'geosite:cn'
option ip_list 'geoip:cn'
config shunt_rules 'Telegram'
option remarks 'Telegram'
option ip_list '149.154.160.0/20
91.108.4.0/22
91.108.56.0/24
109.239.140.0/24
67.198.55.0/24'
config shunt_rules 'youtube'
option remarks 'youtube'
option domain_list 'youtube
youtube.com
youtu.be
googlevideo.com
ytimg.com
gvt2.com'
config shunt_rules 'netflix'
option remarks '奈飞'
option domain_list 'fast.com
netflix
netflix.com
netflix.net
nflxso.net
nflxext.com
nflximg.com
nflximg.net
nflxvideo.net
netflixdnstest0.com
netflixdnstest1.com
netflixdnstest2.com
netflixdnstest3.com
netflixdnstest4.com
netflixdnstest5.com
netflixdnstest6.com
netflixdnstest7.com
netflixdnstest8.com
netflixdnstest9.com'
config shunt_rules 'TVB'
option remarks 'TVB'
option domain_list 'tvb.com
mytvsuper.com'
config nodes '17fa59001c1749a1af8050212f030ab3'
option protocol 'vless'
option encryption 'none'
option ws_host 'myDOMAIN'
option type 'Xray'
option tls_serverName 'myDOMAIN'
option port '443'
option tls '1'
option uuid 'myUUID'
option xtls '0'
option transport 'ws'
option remarks '1'
option address 'cloudflareCDNip1'
option ws_path '/myPATH?ed=2048'
option fingerprint 'chrome'
option alpn 'http/1.1'
config nodes 'e1705be319b04ec0aa5c875b1f71a2a7'
option protocol 'vless'
option encryption 'none'
option ws_host 'myDOMAIN'
option type 'Xray'
option tls_serverName 'myDOMAIN'
option port '443'
option tls '1'
option uuid 'myUUID'
option xtls '0'
option transport 'ws'
option remarks '2'
option address 'cloudflareCDNip2'
option ws_path '/myPATH?ed=2048'
option fingerprint 'chrome'
option alpn 'http/1.1'
config nodes '79fa15198586414dbb03283c3db1b81b'
option ws_host 'myDOMAIN'
option protocol 'vless'
option encryption 'none'
option tls '1'
option type 'Xray'
option tls_serverName 'myDOMAIN'
option port '443'
option uuid 'myUUID'
option xtls '0'
option transport 'ws'
option remarks '3'
option address 'cloudflareCDNip3'
option ws_path '/myPATH?ed=2048'
option fingerprint 'chrome'
option alpn 'http/1.1'
config nodes 'aa43bb674eb949ab98fe450ec9871445'
option protocol 'vless'
option encryption 'none'
option ws_host 'myDOMAIN'
option tls '1'
option type 'Xray'
option tls_serverName 'myDOMAIN'
option port '443'
option uuid 'myUUID'
option xtls '0'
option transport 'ws'
option remarks '4'
option address 'cloudflareCDNip4'
option ws_path '/myPATH?ed=2048'
option fingerprint 'chrome'
option alpn 'http/1.1'
config nodes '9921952c832044a3baf9f8403778ec48'
option ws_host 'myDOMAIN'
option protocol 'vless'
option encryption 'none'
option tls '1'
option type 'Xray'
option tls_serverName 'myDOMAIN'
option port '443'
option uuid 'myUUID'
option xtls '0'
option transport 'ws'
option address 'cloudflareCDNip5'
option remarks '5'
option ws_path '/myPATH?ed=2048'
option fingerprint 'chrome'
option alpn 'http/1.1'
config nodes '1d66dc6145504edfa614fa0b3055cc6e'
option protocol 'vless'
option encryption 'none'
option ws_host 'myDOMAIN'
option tls '1'
option type 'Xray'
option tls_serverName 'myDOMAIN'
option port '443'
option uuid 'myUUID'
option xtls '0'
option transport 'ws'
option remarks '6'
option address 'cloudflareCDNip6'
option ws_path '/myPATH?ed=2048'
option fingerprint 'chrome'
option alpn 'http/1.1'
config nodes '25696e32c21d42afadc1ff8d964a1205'
option ws_host 'myDOMAIN'
option protocol 'vless'
option encryption 'none'
option tls '1'
option type 'Xray'
option tls_serverName 'myDOMAIN'
option port '443'
option uuid 'myUUID'
option xtls '0'
option transport 'ws'
option remarks '7'
option address 'cloudflareCDNip7'
option ws_path '/myPATH?ed=2048'
option fingerprint 'chrome'
option alpn 'http/1.1'
config nodes '26900939eff24497a1001d3ea966096e'
option protocol 'vless'
option encryption 'none'
option ws_host 'myDOMAIN'
option tls '1'
option type 'Xray'
option tls_serverName 'myDOMAIN'
option port '443'
option uuid 'myUUID'
option xtls '0'
option transport 'ws'
option remarks '8'
option address 'cloudflareCDNip8'
option ws_path '/myPATH?ed=2048'
option fingerprint 'chrome'
option alpn 'http/1.1'
config nodes 'acee937d29f94d3ca8677e7b9f7cf0e6'
option remarks 'HA_udp'
option type 'Xray'
option protocol '_balancing'
option domainStrategy 'AsIs'
list balancing_node '25696e32c21d42afadc1ff8d964a1205'
list balancing_node '26900939eff24497a1001d3ea966096e'
不知道这算不算问题,在此特别感谢各位大神的辛劳付出。
使用访问控制之后出现DNS解析问题
您好,最近使用中发现一个问题。当在访问控制中添加了项目并启用,无论设置为何种代理模式,只要打开一个有错误的网址,就会显示无法找到XXX.XXX.XXX的DNS地址,正在诊断该问题。随后所有网页均无法打开,只有重启PASSWALL主开关才可以恢复。如果不启用访问控制,打开错误网址只会显示检查XXX.XXX.XXX中是否有拼写错误,但是并不影响后续其他网页的打开。想请教大佬,有没有什么方法可以解决吗?
指定alpn后依然无法使用gRPC
最近编译升级后发现多出了指定alpn选项,很是惊喜,感谢大佬的付出!
不过设定alpn为h2,http/1.1或者单h2还是无法使用gRPC,换为ShadowsocksR Plus+后正常
麻烦有识之士帮忙看看是哪里出了问题
使用的一键脚本
https://github.com/kirin10000/Xray-script
xray服务端配置
{
"log": {
"loglevel": "none"
},
"inbounds": [
{
"port": 443,
"protocol": "vless",
"settings": {
"clients": [
{
"id": "uuid",
"flow": "xtls-rprx-direct"
}
],
"decryption": "none",
"fallbacks": [
{
"path": "/ecb4f50",
"dest": "@/dev/shm/xray/ws.sock"
},
{
"alpn": "h2",
"dest": "/dev/shm/nginx_unixsocket/h2.sock"
},
{
"dest": "/dev/shm/nginx_unixsocket/default.sock"
}
]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": {
"alpn": [
"h2",
"http/1.1"
],
"minVersion": "1.2",
"cipherSuites": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"certificates": [
{
"certificateFile": "/usr/local/nginx/certs/域名.cer",
"keyFile": "/usr/local/nginx/certs/域名.key",
"ocspStapling": 3600
}
]
}
}
},
{
"listen": "/dev/shm/xray_unixsocket/grpc.sock",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "uuid"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "grpc",
"grpcSettings": {
"serviceName": "4b5ef2c"
}
}
},
{
"listen": "@/dev/shm/xray/ws.sock",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "uuid"
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/ecb4f50"
}
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
nginx配置(/usr/local/nginx/conf/nginx.conf)
user root root;
worker_processes auto;
google_perftools_profiles /dev/shm/nginx_tcmalloc/tcmalloc;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include /usr/local/nginx/conf.d/xray.conf;
}
nginx配置(/usr/local/nginx/conf.d/xray.conf)
server {
listen 80 reuseport default_server;
listen [::]:80 reuseport default_server;
return 301 https://域名;
}
server {
listen 80;
listen [::]:80;
server_name 域名;
return 301 https://$host$request_uri;
}
server {
listen unix:/dev/shm/nginx_unixsocket/default.sock default_server;
listen unix:/dev/shm/nginx_unixsocket/h2.sock http2 default_server;
return 301 https://域名;
}
server {
listen unix:/dev/shm/nginx_unixsocket/default.sock;
listen unix:/dev/shm/nginx_unixsocket/h2.sock http2;
server_name 域名;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always;
location = /4b5ef2c/TunMulti {
grpc_pass grpc://unix:/dev/shm/xray_unixsocket/grpc.sock;
}
location / {
proxy_set_header X-Forwarded-For 127.0.0.1;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unix:/dev/shm/cloudreve_unixsocket/cloudreve.sock;
client_max_body_size 0;
}
}
#-----------------不要修改以下内容----------------
#domain_list=域名
#true_domain_list=域名
#domain_config_list=2
#pretend_list=1
为UDP代理增加**列表之外
get app
how i cant download ipk..?
最新版本haproxy运行一段时间会高CPU占用
naiveproxy编译失败,提示Linux AMD64 only
编译环境:Debian ARM64 on Apple M1 Parallels Desktop VM
编译固件:OpenWrt v21.02-rc3 for 树莓派4B
make -j1 V=s
打印日志:
make[3]: Entering directory '/home/parallels/openwrt/feeds/passwall/naiveproxy'
mkdir -p /home/parallels/openwrt/dl
SHELL= flock /home/parallels/openwrt/tmp/.naiveproxy-91.0.4472.77-1.tar.gz.flock -c ' /home/parallels/openwrt/scripts/download.pl "/home/parallels/openwrt/dl" "naiveproxy-91.0.4472.77-1.tar.gz" "01c660efd162859a2cabdf336cf889c191449fbd63883fc5a7b1be1348005fe1" "" "https://codeload.github.com/klzgrad/naiveproxy/tar.gz/v91.0.4472.77-1?" '
rm -f /home/parallels/openwrt/build_dir/target-aarch64_cortex-a72_musl/naiveproxy-91.0.4472.77-1/.built
touch /home/parallels/openwrt/build_dir/target-aarch64_cortex-a72_musl/naiveproxy-91.0.4472.77-1/.built_check
( cd "/home/parallels/openwrt/build_dir/target-aarch64_cortex-a72_musl/naiveproxy-91.0.4472.77-1/src" ; . ../init_env.sh "aarch64" "cortex-a72" "" "/home/parallels/openwrt/staging_dir/toolchain-aarch64_cortex-a72_gcc-8.4.0_musl" ; export naive_flags+=" ${naive_ccache_flags}" ; mkdir -p "out" ; ./gn/out/gn gen "out/Release" --args="${naive_flags}" --script-executable="/home/parallels/openwrt/staging_dir/hostpkg/bin/python3" ; )
Support Linux AMD64 only.
make[3]: *** [Makefile:130: /home/parallels/openwrt/build_dir/target-aarch64_cortex-a72_musl/naiveproxy-91.0.4472.77-1/.built] Error 1
make[3]: Leaving directory '/home/parallels/openwrt/feeds/passwall/naiveproxy'
time: package/feeds/passwall/naiveproxy/compile#0.18#0.06#0.20
ERROR: package/feeds/passwall/naiveproxy failed to build.
make[2]: *** [package/Makefile:114: package/feeds/passwall/naiveproxy/compile] Error 1
make[2]: Leaving directory '/home/parallels/openwrt'
make[1]: *** [package/Makefile:108: /home/parallels/openwrt/staging_dir/target-aarch64_cortex-a72_musl/stamp/.package_compile] Error 2
make[1]: Leaving directory '/home/parallels/openwrt'
make: *** [/home/parallels/openwrt/include/toplevel.mk:230: world] Error 2
再次出现了点击Save and apply后没有实际响应的问题
R4S,内核5.x,编译最新的25版固件,之前已经修复的点击保存并应用按钮无效的问题又再次出现了,在启动里找到passwall点击restart,可以正确的启动或者关闭。
Lean源码下编译固件 passwall无法运行
一个多月之前开始一直这样,编译后passwall都无法运行 所有插件保持默认 就添加passwall也无法运行 排除了与其他插件冲突的假设
编译环境是ESXI虚拟 ubuntu18 20 21 桌面版本 服务器版本(未尝试github云编译)都试过 都在非root账户下编译 问题一直存在
解决方法是赋予 /etc/init/d下passwall passwall_server 及/usr/share/passwall/下所有文件755权限(这些权限默认是644
)
这样操作后才能运行 否则会一直显示 tcp未运行 DSN未运行等等
希望作者解决此问题
无法使用Xray的gRPC传输协议
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.