Replies: 8 comments 12 replies
-
打开IPv6代理 |
Beta Was this translation helpful? Give feedback.
-
ipv6dns劫持、代理、dns的ipv6开启,但是访问依旧出错,显示连接被重置,(ipv6dns劫持和代理开启,关闭dns模块的ipv6后恢复正常) |
Beta Was this translation helpful? Give feedback.
-
设置后问题依旧没有解决,但是感谢您的建议! |
Beta Was this translation helpful? Give feedback.
-
网络拓扑如 https://blog.gazer.win/essay/ikuai-multiwan-bypass-flow-with-openwrt.html 不属于旁路模式,dns解析是交由OpenWrt来处理的。 |
Beta Was this translation helpful? Give feedback.
-
针对对域名发起的连接,解析到IPv6地址≠核心会发起IPv6连接,如果是走代理的话,都是发送域名给节点,然后远端解析; 综上,原理上是没问题的,在我的主路由下测试也是正常的,你或许应该排查IPv6的流量是怎么走的,有没有进入到核心。 |
Beta Was this translation helpful? Give feedback.
-
想起来一个问题,cloudflare都给所有cdn都开启了ech,所以原因可能是走type65的HTTPS记录导致sni被隐藏统一显示为cloudflare-ech.com,最终分流出问题了 |
Beta Was this translation helpful? Give feedback.
-
自查
DNS 重定向
选项确认
系统
ImmortalWrt
系统版本
ImmortalWrt 23.05.4 r28061-399f9a1db3 / LuCI openwrt-23.05 branch git-24.265.44782-0ff45d8
插件版本
alpha-08dcef8
硬件架构
x86_64
BUG 描述
设置情况:
因为我的魔法没有ipv6,所以没有开启v6的代理,访问iOS客户端的chatgpt,cloudflare会直接连接ipv6地址,导致无法正常使用,同样的情况也出现在docker的安装上。
预期行为
国内v4v6双栈,国外仅v4
复现步骤
按配置设置后,使用iOS客户端的chatgpt或访问https://registry.hub.docker.com/ (首访v6异常,虽然刷新可以进入,但是会导致群晖下载错误的问题)
插件配置
mihomo.status=status
mihomo.config=config
mihomo.config.enabled='1'
mihomo.config.scheduled_restart='0'
mihomo.config.cron_expression='0 3 * * *'
mihomo.config.profile='file:mihomo.yaml'
mihomo.config.mixin='1'
mihomo.config.test_profile='1'
mihomo.config.fast_reload='1'
mihomo.config.upload_profile='/etc/mihomo/profiles/mihomo.yaml'
mihomo.proxy=proxy
mihomo.proxy.transparent_proxy='1'
mihomo.proxy.tcp_transparent_proxy_mode='tproxy'
mihomo.proxy.udp_transparent_proxy_mode='tun'
mihomo.proxy.ipv4_dns_hijack='1'
mihomo.proxy.ipv6_dns_hijack='1'
mihomo.proxy.ipv4_proxy='1'
mihomo.proxy.ipv6_proxy='0'
mihomo.proxy.router_proxy='1'
mihomo.proxy.lan_proxy='1'
mihomo.proxy.access_control_mode='all'
mihomo.proxy.bypass_china_mainland_ip='1'
mihomo.proxy.acl_tcp_dport='21 22 80 110 143 194 443 465 993 995 8080 8443'
mihomo.proxy.acl_udp_dport='123 443 8443'
mihomo.proxy.acl_ip='192.168.66.2'
mihomo.subscription=subscription
mihomo.subscription.name='default'
mihomo.subscription.url='http://example.com/default.yaml'
mihomo.subscription.user_agent='clash'
mihomo.mixin=mixin
mihomo.mixin.log_level='info'
mihomo.mixin.mode='rule'
mihomo.mixin.match_process='off'
mihomo.mixin.ipv6='1'
mihomo.mixin.tcp_keep_alive_idle='600'
mihomo.mixin.tcp_keep_alive_interval='15'
mihomo.mixin.ui_name='metacubexd'
mihomo.mixin.ui_url='https://mirror.ghproxy.com/https://github.com/MetaCubeX/metacubexd/archive/refs/heads/gh-pages.zip'
mihomo.mixin.api_port='9090'
mihomo.mixin.selection_cache='1'
mihomo.mixin.allow_lan='1'
mihomo.mixin.http_port='8080'
mihomo.mixin.socks_port='1080'
mihomo.mixin.mixed_port='7890'
mihomo.mixin.redir_port='7891'
mihomo.mixin.tproxy_port='7892'
mihomo.mixin.authentication='1'
mihomo.mixin.tun_stack='mixed'
mihomo.mixin.tun_mtu='9000'
mihomo.mixin.tun_gso='1'
mihomo.mixin.tun_gso_max_size='65536'
mihomo.mixin.tun_endpoint_independent_nat='0'
mihomo.mixin.dns_port='1053'
mihomo.mixin.dns_mode='redir-host'
mihomo.mixin.fake_ip_range='198.18.0.1/16'
mihomo.mixin.fake_ip_filter='0'
mihomo.mixin.fake_ip_filters='+.lan' '+.local'
mihomo.mixin.fake_ip_cache='1'
mihomo.mixin.dns_respect_rules='1'
mihomo.mixin.dns_doh_prefer_http3='0'
mihomo.mixin.dns_ipv6='0'
mihomo.mixin.dns_system_hosts='0'
mihomo.mixin.dns_hosts='1'
mihomo.mixin.hosts='1'
mihomo.mixin.dns_nameserver='1'
mihomo.mixin.dns_nameserver_policy='1'
mihomo.mixin.geoip_format='mmdb'
mihomo.mixin.geodata_loader='standard'
mihomo.mixin.geosite_url='https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geosite.dat'
mihomo.mixin.geoip_mmdb_url='https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip-lite.metadb'
mihomo.mixin.geoip_dat_url='https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip-lite.dat'
mihomo.mixin.geoip_asn_url='https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/GeoLite2-ASN.mmdb'
mihomo.mixin.geox_auto_update='1'
mihomo.mixin.geox_update_interval='48'
mihomo.mixin.api_secret='712996'
mihomo.@authentication[0]=authentication
mihomo.@authentication[0].enabled='1'
mihomo.@authentication[0].username='mihomo'
mihomo.@authentication[0].password='712996'
mihomo.@host[0]=host
mihomo.@host[0].enabled='1'
mihomo.@nameserver[0]=nameserver
mihomo.@nameserver[0].enabled='1'
mihomo.@nameserver[0].type='default-nameserver'
mihomo.@nameserver[0].nameserver='223.5.5.5' '119.29.29.29'
mihomo.@nameserver[1]=nameserver
mihomo.@nameserver[1].enabled='1'
mihomo.@nameserver[1].type='proxy-server-nameserver'
mihomo.@nameserver[1].nameserver='223.5.5.5' '119.29.29.29'
mihomo.@nameserver[2]=nameserver
mihomo.@nameserver[2].enabled='1'
mihomo.@nameserver[2].type='nameserver'
mihomo.@nameserver[2].nameserver='223.5.5.5' '119.29.29.29'
mihomo.@nameserver[3]=nameserver
mihomo.@nameserver[3].enabled='1'
mihomo.@nameserver_policy[0]=nameserver_policy
mihomo.@nameserver_policy[0].enabled='1'
mihomo.@nameserver_policy[0].matcher='"rule-set:private_domain,cn_domain"'
mihomo.@nameserver_policy[0].nameserver='223.5.5.5' '119.29.29.29'
mihomo.@nameserver_policy[1]=nameserver_policy
mihomo.@nameserver_policy[1].enabled='1'
mihomo.@nameserver_policy[1].matcher='"rule-set:geolocation-!cn"'
mihomo.@nameserver_policy[1].nameserver='https://dns.cloudflare.com/dns-query' 'https://dns.google/dns-query'
mihomo.editor=editor
mihomo.log=log
配置文件
插件日志
[2024-10-15 04:15:29] App is enabled.
[2024-10-15 04:15:29] Starting...
[2024-10-15 04:15:29] Use Profile: mihomo.yaml
[2024-10-15 04:15:29] Mixin is enabled, mixin all config.
[2024-10-15 04:15:30] Profile testing...
[2024-10-15 04:15:30] Profile test passed!
[2024-10-15 04:15:30] Start Core
[2024-10-15 04:15:30] Transparent Proxy is enabled.
[2024-10-15 04:15:30] Transparent Proxy: Start.
[2024-10-15 04:15:30] Transparent Proxy: IPv4 DNS Hijack is enabled, IPv4 dns request will redirect to the core.
[2024-10-15 04:15:30] Transparent Proxy: IPv6 DNS Hijack is enabled, IPv6 dns request will redirect to the core.
[2024-10-15 04:15:30] Transparent Proxy: IPv4 Proxy is enabled, set proxy for IPv4 traffic.
[2024-10-15 04:15:30] Transparent Proxy: Bypass china mainland ip is enabled.
[2024-10-15 04:15:30] Transparent Proxy: Destination TCP Port to Proxy: 21 22 80 110 143 194 443 465 993 995 8080 8443.
[2024-10-15 04:15:30] Transparent Proxy: Destination UDP Port to Proxy: 123 443 8443.
[2024-10-15 04:15:31] Transparent Proxy: Router Proxy is enabled, set proxy for router.
[2024-10-15 04:15:31] Transparent Proxy: Lan Proxy is enabled, set proxy for lan.
[2024-10-15 04:15:31] Transparent Proxy: Access Control is using all mode, set proxy for all client.
[2024-10-15 04:15:31] Start Successful!
核心日志
time="2024-10-15T04:15:30.366761912+08:00" level=info msg="Start initial configuration in progress"
time="2024-10-15T04:15:30.372030632+08:00" level=info msg="Geodata Loader mode: standard"
time="2024-10-15T04:15:30.372056161+08:00" level=info msg="Geosite Matcher implementation: succinct"
time="2024-10-15T04:15:30.372873657+08:00" level=info msg="Initial configuration complete, total time: 6ms"
configuration file /etc/mihomo/run/config.yaml test is successful
附加信息
配置文件适当精简了一点,使用的是真实IP模式,非fakeip模式,目前关闭dns的ipv6,国内外都没有使用v6。
网络拓扑如 https://blog.gazer.win/essay/ikuai-multiwan-bypass-flow-with-openwrt.html 参考(可能稍微有一点复杂,但是就使用来说类似于融合的主路由模式)如果有任何需要补充的信息,我会立即补充上,非常感谢!
Beta Was this translation helpful? Give feedback.
All reactions