Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Redir-Host(TUN)模式无法访问部分网站 #3915

Open
6 of 7 tasks
qiyuey opened this issue Jun 10, 2024 · 4 comments
Open
6 of 7 tasks

[Bug] Redir-Host(TUN)模式无法访问部分网站 #3915

qiyuey opened this issue Jun 10, 2024 · 4 comments
Labels
bug Something isn't working

Comments

@qiyuey
Copy link

qiyuey commented Jun 10, 2024
edited
Loading

Verify Steps

  • Tracker 我已经在 Issue Tracker 中找过我要提出的问题
  • Branch 我知道 OpenClash 的 Dev 分支切换开关位于插件设置-版本更新中,或者我会手动下载并安装 Dev 分支的 OpenClash
  • Latest 我已经使用最新 Dev 版本测试过,问题依旧存在
  • Relevant 我知道 OpenClash 与 内核(Core)、控制面板(Dashboard)、在线订阅转换(Subconverter)等项目之间无直接关系,仅相互调用
  • Definite 这确实是 OpenClash 出现的问题
  • Contributors 我有能力协助 OpenClash 开发并解决此问题
  • Meaningless 我提交的是无意义的催促更新或修复请求

OpenClash Version

v0.46.014-beta

Bug on Environment

Lean

OpenWrt Version

OpenWrt R24.5.1 / LuCI Master (git-24.161.65201-d950dac)

Bug on Platform

Linux-amd64(x86-64)

Describe the Bug

使用 Redir-Host(TUN)模式时,部分网站(如微软系、Steam商店等)访问卡住,无论是命中代理的还是 Direct 的。

通过以下方式是可以正常访问的:

  1. 关闭 OpenClash 访问正常
  2. 改为 Redis-Host(TUN-混合)模式【UDP-TUN,TCP-转发】访问正常
  3. 使用桌面端 Clash Verge Tun 模式访问正常

通过以下方式仍然存在问题:

  1. 改为 FakeIP(TUN)模式仍然无法访问
  2. 网络栈类型切换 System 和 gVisor 仍然无法访问

通过 curl 执行卡住的结果如下:

~ ❯ curl -v https://bing.com
* Host bing.com:443 was resolved.
* IPv6: 2620:1ec:c11::200
* IPv4: 204.79.197.200, 13.107.21.200
*   Trying 204.79.197.200:443...
* Connected to bing.com (204.79.197.200) port 443
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1

To Reproduce

使用 Redir-Host(TUN)模式,访问 bing.com、login.live.com 等网站

OpenClash Log

2024-06-11 00:58:16 level=info msg="[TCP] 192.168.1.2:1322 --> bing.com:443 match DomainSuffix(bing.com) using 🚀 节点选择[🇭🇰 香港07]

id: c514e44e-aa25-43aa-87d4-8234ab90104b
start: 2024-06-10T16:48:04.600108466Z
download: 0.0 KB
upload: 0.0 KB
rule: DomainSuffix
rulePayload: bing.com
chains: 
  1: 🇭🇰 香港08
  2: ♻️ 自动选择
  3: 🚀 节点选择
metadata: 
  sourceIP: 192.168.1.2
  sourcePort: 14734
  host: bing.com
  destinationIP: 204.79.197.200
  destinationPort: 443
  network: tcp
  type: Tun

id: eca99cd8-19a3-4ff5-b2db-2870a7eb2fdf
start: 2024-06-10T16:48:03.853253054Z
download: 0.0 KB
upload: 0.0 KB
rule: DomainSuffix
rulePayload: bing.com
chains: 
  1: 🇭🇰 香港08
  2: ♻️ 自动选择
  3: 🚀 节点选择
metadata: 
  sourceIP: 192.168.1.2
  sourcePort: 14731
  host: bing.com
  destinationIP: 204.79.197.200
  destinationPort: 443
  network: tcp
  type: Tun

id: da12a103-a59b-431d-8e2b-1a067ddaa120
start: 2024-06-10T16:48:05.298586907Z
download: 0.0 KB
upload: 0.0 KB
rule: DomainSuffix
rulePayload: bing.com
chains: 
  1: 🇭🇰 香港08
  2: ♻️ 自动选择
  3: 🚀 节点选择
metadata: 
  sourceIP: 192.168.1.2
  sourcePort: 14738
  host: bing.com
  destinationIP: 204.79.197.200
  destinationPort: 443
  network: tcp
  type: Tun

id: bffb9449-6a35-4fb4-874e-72cbc7902641
start: 2024-06-10T16:48:05.09572181Z
download: 0.0 KB
upload: 0.0 KB
rule: DomainSuffix
rulePayload: bing.com
chains: 
  1: 🇭🇰 香港08
  2: ♻️ 自动选择
  3: 🚀 节点选择
metadata: 
  sourceIP: 192.168.1.2
  sourcePort: 14735
  host: bing.com
  destinationIP: 204.79.197.200
  destinationPort: 443
  network: tcp
  type: Tun

id: bc04b3f2-f51f-4e3b-be03-1da263f5c3ef
start: 2024-06-10T16:48:03.606143908Z
download: 0.0 KB
upload: 0.0 KB
rule: DomainSuffix
rulePayload: bing.com
chains: 
  1: 🇭🇰 香港08
  2: ♻️ 自动选择
  3: 🚀 节点选择
metadata: 
  sourceIP: 192.168.1.2
  sourcePort: 14730
  host: bing.com
  destinationIP: 204.79.197.200
  destinationPort: 443
  network: tcp
  type: Tun

OpenClash Config

No response

Expected Behavior

Redir-Host(TUN)模式可以正常访问

Additional Context

No response
@qiyuey qiyuey added the bug Something isn't working label Jun 10, 2024
@vernesong
Copy link
Owner

quic之类的排查了吗

@qiyuey
Copy link
Author

qiyuey commented Jun 15, 2024
edited
Loading

quic之类的排查了吗

禁用 quic 之后,确实大部分的访问可以恢复,但是 Windows 的 OneDrive 客户端仍然会一直卡在 signing in,我用 Charles 抓了一下包,发现是卡在这个请求了,这个请求是走的 DIRECT,同样关了 OpenClash 或者切换为混合没问题,只有 tun 模式会卡住:

~ ❯ curl -v -H "Accept-Language: zh-CN" -H "Authorization: WLID1.1 t=xxx" -H "User-Agent: Microsoft SkyDriveSync 24.116.0609.0002 ship; Windows NT 10.0 (26100)" -H "Application: SkyDriveSync" -H "Prefer: Migration=EnableRedirect,Include-Feature=Vault" -H "Scenario: NthRun_StorageProvisioningScenario_NoTags_GetOnline/SyncEngineSignIn/ScopeInit/ProvisionUserFolder" -H "ScenarioType: AUO" -H "X-RequestStats: did=feb34f73-ba10-6381-32a6-e7e7a171b8e0;ccmr=7;ftuc=0;btuc=0;" -H "X-TransactionId: 5843f430-d1f8-48b2-b554-b1afedbb5d0aStorageProvisioningScenario" -H "X-UpdateGroupId: 25" -H "X-UpdateRing: Insiders" -H "Host: blz04pap002.storage.live.com" "https://blz04pap002.storage.live.com/MyData/LiveFolders"
* Host blz04pap002.storage.live.com:443 was resolved.
* IPv6: (none)
* IPv4: 13.107.42.12
*   Trying 13.107.42.12:443...
* Connected to blz04pap002.storage.live.com (13.107.42.12) port 443
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
* ALPN: server accepted http/1.1
* using HTTP/1.x
> GET /MyData/LiveFolders HTTP/1.1
> Host: blz04pap002.storage.live.com
> Accept: */*
> Accept-Language: zh-CN
> Authorization: WLID1.1 t=xxx
> User-Agent: Microsoft SkyDriveSync 24.116.0609.0002 ship; Windows NT 10.0 (26100)
> Application: SkyDriveSync
> Prefer: Migration=EnableRedirect,Include-Feature=Vault
> Scenario: NthRun_StorageProvisioningScenario_NoTags_GetOnline/SyncEngineSignIn/ScopeInit/ProvisionUserFolder
> ScenarioType: AUO
> X-RequestStats: did=feb34f73-ba10-6381-32a6-e7e7a171b8e0;ccmr=7;ftuc=0;btuc=0;
> X-TransactionId: 5843f430-d1f8-48b2-b554-b1afedbb5d0aStorageProvisioningScenario
> X-UpdateGroupId: 25
> X-UpdateRing: Insiders
>
* schannel: remote party requests renegotiation
* schannel: renegotiating SSL/TLS connection
* schannel: SSL/TLS connection renegotiated
* Recv failure: Connection was reset
* schannel: recv returned CURLE_RECV_ERROR
* Closing connection
* schannel: shutting down SSL/TLS connection with blz04pap002.storage.live.com port 443
* Send failure: Connection was reset
* schannel: failed to send close msg: Failed sending data to the peer (bytes written: -1)
curl: (56) Recv failure: Connection was reset

连接详情:

{
  "id": "cd9a0227-b703-498e-885f-546ada15547f",
  "metadata": {
    "network": "tcp",
    "type": "Tun",
    "sourceIP": "192.168.1.2",
    "destinationIP": "13.107.42.12",
    "destinationGeoIP": null,
    "destinationIPASN": "",
    "sourcePort": "7746",
    "destinationPort": "443",
    "inboundIP": "13.107.42.12",
    "inboundPort": "443",
    "inboundName": "DEFAULT-TUN",
    "inboundUser": "",
    "host": "blz04pap002.storage.live.com",
    "dnsMode": "redir-host",
    "uid": 0,
    "process": "",
    "processPath": "",
    "specialProxy": "",
    "specialRules": "",
    "remoteDestination": "13.107.42.12",
    "dscp": 0,
    "sniffHost": ""
  },
  "upload": 80,
  "download": 9070,
  "start": "2024-06-15T04:11:50.825385322Z",
  "chains": [
    "DIRECT",
    "Ⓜ️ 微软云盘"
  ],
  "rule": "DomainSuffix",
  "rulePayload": "storage.live.com",
  "downloadSpeed": 0,
  "uploadSpeed": 0
}

@vernesong
Copy link
Owner

OneDrive直连能用?

@qiyuey
Copy link
Author

qiyuey commented Jun 15, 2024

OneDrive直连能用?

可以的

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@qiyuey @vernesong