Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TUN下以及兼容模式打开UDP转发下,Switch NAT F #1997

Closed
duetg opened this issue Jan 26, 2022 · 23 comments
Closed

TUN下以及兼容模式打开UDP转发下,Switch NAT F #1997

duetg opened this issue Jan 26, 2022 · 23 comments
Labels

Comments

@duetg
Copy link

duetg commented Jan 26, 2022

如题,只有在兼容模式下关闭UDP转发ns的NAT才能是A。已对ns做全局代理,服务器用vmess+ws+tls,也开启了udp : true。还麻烦大佬能帮忙看一下,感激不尽。

OpenClash 调试日志

生成时间: 2022-01-27 03:04:53
插件版本: v0.44.09-beta
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息


#===================== 系统信息 =====================#

主机型号: FriendlyElec NanoPi R4S
固件版本: ImmortalWrt 18.06-SNAPSHOT r0-b47f1f5
LuCI版本: git-21.301.29548-c51300f-1
内核版本: 5.4.155
处理器架构: aarch64_generic

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
ruby-dbm: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 未安装

#===================== 内核检查 =====================#

运行状态: 运行中
进程pid: 32324
运行权限: 32324: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_resource=eip
运行用户: nobody
已选择的架构: 未选择架构

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2022.01.03
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.9.0-1-g8c6d0c6
Dev内核文件: 存在
Dev内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/config.yaml
启动配置文件: /etc/openclash/config.yaml
运行模式: redir-host-tun
默认代理模式: rule
UDP流量转发(tproxy): 启用
DNS劫持: 停用
自定义DNS: 停用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 停用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
DNS远程解析: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

proxy-groups:
- name: Auto - UrlTest
  type: url-test
  use:
  - US
  - JP
  - EU
  - SG
  url: https://cp.cloudflare.com/generate_204
  interval: '600'
  tolerance: '150'
- name: Proxy
  type: select
  proxies:
  - Auto - UrlTest
  - DIRECT
  use:
  - US
  - JP
  - EU
  - SG
- name: Domestic
  type: select
  proxies:
  - DIRECT
  - Proxy
- name: Others
  type: select
  proxies:
  - Proxy
  - DIRECT
  - Domestic
- name: Microsoft
  type: select
  proxies:
  - DIRECT
  - Proxy
- name: Apple
  type: select
  proxies:
  - DIRECT
  - Proxy
  use:
  - US
  - JP
  - EU
  - SG
- name: Google FCM
  type: select
  proxies:
  - DIRECT
  - Proxy
  use:
  - US
  - JP
  - EU
  - SG
- name: Scholar
  type: select
  proxies:
  - DIRECT
  - Proxy
  use:
  - US
  - JP
  - EU
  - SG
- name: Bilibili
  type: select
  proxies:
  - Asian TV
  - DIRECT
  use:
  - US
  - JP
  - EU
  - SG
- name: Bahamut
  type: select
  proxies:
  - Global TV
  - DIRECT
  use:
  - US
  - JP
  - EU
  - SG
- name: HBO Max
  type: select
  proxies:
  - Global TV
  - DIRECT
  use:
  - US
  - JP
  - EU
  - SG
- name: HBO Go
  type: select
  proxies:
  - Global TV
  - DIRECT
  use:
  - US
  - JP
  - EU
  - SG
- name: Pornhub
  type: select
  proxies:
  - Global TV
  - DIRECT
  use:
  - US
  - JP
  - EU
  - SG
- name: Netflix
  type: select
  proxies:
  - Global TV
  - DIRECT
  use:
  - US
  - JP
  - EU
  - SG
- name: Disney
  type: select
  proxies:
  - Global TV
  - DIRECT
  use:
  - US
  - JP
  - EU
  - SG
- name: Youtube
  type: select
  disable-udp: true
  proxies:
  - Global TV
  - DIRECT
  use:
  - US
  - JP
  - EU
  - SG
- name: Spotify
  type: select
  proxies:
  - Global TV
  - DIRECT
  use:
  - US
  - JP
  - EU
  - SG
- name: Steam
  type: select
  proxies:
  - DIRECT
  - Proxy
  use:
  - US
  - JP
  - EU
  - SG
- name: AdBlock
  type: select
  proxies:
  - REJECT
  - DIRECT
  - Proxy
- name: Asian TV
  type: select
  proxies:
  - DIRECT
  - Proxy
  use:
  - US
  - JP
  - EU
  - SG
- name: Global TV
  type: select
  proxies:
  - Proxy
  - DIRECT
  use:
  - US
  - JP
  - EU
  - SG
- name: Speedtest
  type: select
  proxies:
  - Proxy
  - DIRECT
  use:
  - US
  - JP
  - EU
  - SG
- name: Telegram
  type: select
  proxies:
  - Proxy
  - DIRECT
  use:
  - US
  - JP
  - EU
  - SG
- name: PayPal
  type: select
  proxies:
  - DIRECT
  - Proxy
  use:
  - US
  - JP
  - EU
  - SG
rules:
- SRC-IP-CIDR,192.168.2.214/32,Proxy
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- RULE-SET,Reject,AdBlock
- RULE-SET,Special,DIRECT
- RULE-SET,Netflix,Netflix
- RULE-SET,Spotify,Spotify
- RULE-SET,YouTube,Youtube
- RULE-SET,Disney Plus,Disney
- RULE-SET,Bilibili,Bilibili
- RULE-SET,IQ,Asian TV
- RULE-SET,IQIYI,Asian TV
- RULE-SET,Letv,Asian TV
- RULE-SET,Netease Music,Asian TV
- RULE-SET,Tencent Video,Asian TV
- RULE-SET,Youku,Asian TV
- RULE-SET,WeTV,Asian TV
- RULE-SET,ABC,Global TV
- RULE-SET,Abema TV,Global TV
- RULE-SET,Amazon,Global TV
- RULE-SET,Apple News,Global TV
- RULE-SET,Apple TV,Global TV
- RULE-SET,Bahamut,Bahamut
- RULE-SET,BBC iPlayer,Global TV
- RULE-SET,DAZN,Global TV
- RULE-SET,Discovery Plus,Global TV
- RULE-SET,encoreTVB,Global TV
- RULE-SET,Fox Now,Global TV
- RULE-SET,Fox+,Global TV
- RULE-SET,HBO Go,HBO Go
- RULE-SET,HBO Max,HBO Max
- RULE-SET,Hulu Japan,Global TV
- RULE-SET,Hulu,Global TV
- RULE-SET,Japonx,Global TV
- RULE-SET,JOOX,Global TV
- RULE-SET,KKBOX,Global TV
- RULE-SET,KKTV,Global TV
- RULE-SET,Line TV,Global TV
- RULE-SET,myTV SUPER,Global TV
- RULE-SET,Pandora,Global TV
- RULE-SET,PBS,Global TV
- RULE-SET,Pornhub,Pornhub
- RULE-SET,Soundcloud,Global TV
- RULE-SET,ViuTV,Global TV
- RULE-SET,Telegram,Telegram
- RULE-SET,Steam,Steam
- RULE-SET,Speedtest,Speedtest
- RULE-SET,PayPal,PayPal
- RULE-SET,Microsoft,Microsoft
- RULE-SET,Apple,Apple
- RULE-SET,Google FCM,Google FCM
- RULE-SET,Scholar,Scholar
- RULE-SET,PROXY,Proxy
- RULE-SET,Domestic,Domestic
- RULE-SET,Domestic IPs,Domestic
- RULE-SET,LAN,DIRECT
- GEOIP,CN,Domestic
- MATCH,Others
dns:
  nameserver:
  - 114.114.114.114
  - 119.29.29.29
  - 123.14.112.1
  - https://doh.pub/dns-query
  - https://dns.alidns.com/dns-query
  fallback:
  - https://dns.cloudflare.com/dns-query
  - "[2001:da8::666]:53"
  - https://public.dns.iij.jp/dns-query
  - https://jp.tiar.app/dns-query
  - https://jp.tiarap.org/dns-query
  - tls://dot.tiar.app
  enable: true
  ipv6: false
  enhanced-mode: fake-ip
  listen: 127.0.0.1:7874
  default-nameserver:
  - 114.114.114.114
  - 119.29.29.29
  - "[2001:da8::666]:53"
  - 123.14.112.1
  fake-ip-range: 198.18.0.1/16
  fake-ip-filter:
  - "+.*"
redir-port: 7892
tproxy-port: 7895
port: 7890
socks-port: 7891
mixed-port: 7893
mode: rule
log-level: silent
allow-lan: true
external-controller: 0.0.0.0:9090
bind-address: "*"
external-ui: "/usr/share/openclash/dashboard"
ipv6: false
profile:
  store-selected: true
  store-fake-ip: true
rule-providers:
  Reject:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Reject.yaml
    path: "./rule_provider/Reject"
    interval: 86400
  Special:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Special.yaml
    path: "./rule_provider/Special"
    interval: 86400
  Netflix:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Netflix.yaml
    path: "./rule_provider/Netflix"
    interval: 86400
  Spotify:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Spotify.yaml
    path: "./rule_provider/Spotify"
    interval: 86400
  YouTube:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/YouTube.yaml
    path: "./rule_provider/YouTube"
    interval: 86400
  Bilibili:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Bilibili.yaml
    path: "./rule_provider/Bilibili"
    interval: 86400
  IQ:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/IQ.yaml
    path: "./rule_provider/IQI"
    interval: 86400
  IQIYI:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/IQIYI.yaml
    path: "./rule_provider/IQYI"
    interval: 86400
  Letv:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Letv.yaml
    path: "./rule_provider/Letv"
    interval: 86400
  Netease Music:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Netease%20Music.yaml
    path: "./rule_provider/Netease_Music"
    interval: 86400
  Tencent Video:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Tencent%20Video.yaml
    path: "./rule_provider/Tencent_Video"
    interval: 86400
  Youku:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Youku.yaml
    path: "./rule_provider/Youku"
    interval: 86400
  WeTV:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/WeTV.yaml
    path: "./rule_provider/WeTV"
    interval: 86400
  ABC:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/ABC.yaml
    path: "./rule_provider/ABC"
    interval: 86400
  Abema TV:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Abema%20TV.yaml
    path: "./rule_provider/Abema_TV"
    interval: 86400
  Amazon:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Amazon.yaml
    path: "./rule_provider/Amazon"
    interval: 86400
  Apple News:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Apple%20News.yaml
    path: "./rule_provider/Apple_News"
    interval: 86400
  Apple TV:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Apple%20TV.yaml
    path: "./rule_provider/Apple_TV"
    interval: 86400
  Bahamut:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Bahamut.yaml
    path: "./rule_provider/Bahamut"
    interval: 86400
  BBC iPlayer:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/BBC%20iPlayer.yaml
    path: "./rule_provider/BBC_iPlayer"
    interval: 86400
  DAZN:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/DAZN.yaml
    path: "./rule_provider/DAZN"
    interval: 86400
  Discovery Plus:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Discovery%20Plus.yaml
    path: "./rule_provider/Discovery_Plus"
    interval: 86400
  Disney Plus:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Disney%20Plus.yaml
    path: "./rule_provider/Disney_Plus"
    interval: 86400
  encoreTVB:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/encoreTVB.yaml
    path: "./rule_provider/encoreTVB"
    interval: 86400
  Fox Now:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Fox%20Now.yaml
    path: "./rule_provider/Fox_Now"
    interval: 86400
  Fox+:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Fox%2B.yaml
    path: "./rule_provider/Fox+"
    interval: 86400
  HBO Go:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/HBO%20Go.yaml
    path: "./rule_provider/HBO_Go"
    interval: 86400
  HBO Max:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/HBO%20Max.yaml
    path: "./rule_provider/HBO_Max"
    interval: 86400
  Hulu Japan:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Hulu%20Japan.yaml
    path: "./rule_provider/Hulu_Japan"
    interval: 86400
  Hulu:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Hulu.yaml
    path: "./rule_provider/Hulu"
    interval: 86400
  Japonx:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Japonx.yaml
    path: "./rule_provider/Japonx"
    interval: 86400
  JOOX:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/JOOX.yaml
    path: "./rule_provider/JOOX"
    interval: 86400
  KKBOX:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/KKBOX.yaml
    path: "./rule_provider/KKBOX"
    interval: 86400
  KKTV:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/KKTV.yaml
    path: "./rule_provider/KKTV"
    interval: 86400
  Line TV:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Line%20TV.yaml
    path: "./rule_provider/Line_TV"
    interval: 86400
  myTV SUPER:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/myTV%20SUPER.yaml
    path: "./rule_provider/myTV_SUPER"
    interval: 86400
  Pandora:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Pandora.yaml
    path: "./rule_provider/Pandora"
    interval: 86400
  PBS:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/PBS.yaml
    path: "./rule_provider/PBS"
    interval: 86400
  Pornhub:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Pornhub.yaml
    path: "./rule_provider/Pornhub"
    interval: 86400
  Soundcloud:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Soundcloud.yaml
    path: "./rule_provider/Soundcloud"
    interval: 86400
  ViuTV:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/ViuTV.yaml
    path: "./rule_provider/ViuTV"
    interval: 86400
  Telegram:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Telegram.yaml
    path: "./rule_provider/Telegram"
    interval: 86400
  Steam:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Steam.yaml
    path: "./rule_provider/Steam"
    interval: 86400
  Speedtest:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Speedtest.yaml
    path: "./rule_provider/Speedtest"
    interval: 86400
  PayPal:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/PayPal.yaml
    path: "./rule_provider/PayPal"
    interval: 86400
  Microsoft:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Microsoft.yaml
    path: "./rule_provider/Microsoft"
    interval: 86400
  PROXY:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Proxy.yaml
    path: "./rule_provider/Proxy"
    interval: 86400
  Domestic:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Domestic.yaml
    path: "./rule_provider/Domestic"
    interval: 86400
  Apple:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Apple.yaml
    path: "./rule_provider/Apple"
    interval: 86400
  Google FCM:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Google%20FCM.yaml
    path: "./rule_provider/Google FCM"
    interval: 86400
  Scholar:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Scholar.yaml
    path: "./rule_provider/Scholar"
    interval: 86400
  Domestic IPs:
    type: http
    behavior: ipcidr
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Domestic%20IPs.yaml
    path: "./rule_provider/Domestic_IPs"
    interval: 86400
  LAN:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/LAN.yaml
    path: "./rule_provider/LAN"
    interval: 86400
script:
  code: |
    def main(ctx, metadata):
        ruleset_action = {"Reject": "AdBlock",
            "Special": "DIRECT",
            "Netflix": "Netflix",
            "Spotify": "Spotify",
            "YouTube": "Youtube",
            "Disney Plus": "Disney",
            "Bilibili": "Bilibili",
            "IQ": "Asian TV",
            "IQIYI": "Asian TV",
            "Letv": "Asian TV",
            "Netease Music": "Asian TV",
            "Tencent Video": "Asian TV",
            "Youku": "Asian TV",
            "WeTV": "Asian TV",
            "ABC": "Global TV",
            "Abema TV": "Global TV",
            "Amazon": "Global TV",
            "Apple News": "Global TV",
            "Apple TV": "Global TV",
            "Bahamut": "Bahamut",
            "BBC iPlayer": "Global TV",
            "DAZN": "Global TV",
            "Discovery Plus": "Global TV",
            "encoreTVB": "Global TV",
            "Fox Now": "Global TV",
            "Fox+": "Global TV",
            "HBO Go": "HBO Go",
            "HBO Max": "HBO Max",
            "Hulu Japan": "Global TV",
            "Hulu": "Global TV",
            "Japonx": "Global TV",
            "JOOX": "Global TV",
            "KKBOX": "Global TV",
            "KKTV": "Global TV",
            "Line TV": "Global TV",
            "myTV SUPER": "Global TV",
            "Pandora": "Global TV",
            "PBS": "Global TV",
            "Pornhub": "Pornhub",
            "Soundcloud": "Global TV",
            "ViuTV": "Global TV",
            "Telegram": "Telegram",
            "Steam": "Steam",
            "Speedtest": "Speedtest",
            "PayPal": "PayPal",
            "Microsoft": "Microsoft",
            "Apple": "Apple",
            "Google FCM": "Google FCM",
            "Scholar": "Scholar",
            "PROXY": "Proxy",
            "Domestic": "Domestic",
            "Domestic IPs": "Domestic",
            "LAN": "DIRECT"
          }

        port = int(metadata["dst_port"])

        if metadata["network"] == "UDP":
            if port == 443:
                ctx.log('[Script] matched QUIC traffic use reject')
                return "REJECT"

        port_list = [21, 22, 23, 53, 80, 123, 143, 194, 443, 465, 587, 853, 993, 995, 998, 2052, 2053, 2082, 2083, 2086, 2095, 2096, 5222, 5228, 5229, 5230, 8080, 8443, 8880, 8888, 8889]
        if port not in port_list:
            ctx.log('[Script] not common port use direct')
            return "DIRECT"

        if metadata["dst_ip"] == "":
            metadata["dst_ip"] = ctx.resolve_ip(metadata["host"])

        for ruleset in ruleset_action:
            if ctx.rule_providers[ruleset].match(metadata):
                return ruleset_action[ruleset]

        if metadata["dst_ip"] == "":
            return "DIRECT"

        code = ctx.geoip(metadata["dst_ip"])
        if code == "CN":
            ctx.log('[Script] Geoip CN')
            return "Domestic"

        ctx.log('[Script] FINAL')
        return "Others"
tun:
  enable: true
  stack: system
  dns-hijack:
  - tcp://8.8.8.8:53
  - tcp://8.8.4.4:53

#===================== 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Thu Jan 27 03:04:54 2022
*nat
:PREROUTING ACCEPT [1075:140252]
:INPUT ACCEPT [4180:178781]
:OUTPUT ACCEPT [935:62721]
:POSTROUTING ACCEPT [456:28082]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j ACCEPT
-A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j ACCEPT
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 5335
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 5335
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_wan_postrouting
-A MINIUPNPD -p tcp -m tcp --dport 59920 -j DNAT --to-destination 192.168.2.195:5000
-A MINIUPNPD -p tcp -m tcp --dport 59921 -j DNAT --to-destination 192.168.2.195:5001
-A MINIUPNPD-POSTROUTING -s 192.168.2.195/32 -p tcp -m tcp --sport 5000 -j MASQUERADE --to-ports 59920
-A MINIUPNPD-POSTROUTING -s 192.168.2.195/32 -p tcp -m tcp --sport 5001 -j MASQUERADE --to-ports 59921
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.1/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: ddns80 (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.1/32 -p udp -m udp --dport 80 -m comment --comment "!fw3: ddns80 (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.1/32 -p tcp -m tcp --dport 3000 -m comment --comment "!fw3: adghome (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.1/32 -p udp -m udp --dport 3000 -m comment --comment "!fw3: adghome (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.1/32 -p tcp -m tcp --dport 6800 -m comment --comment "!fw3: aria2 (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.1/32 -p udp -m udp --dport 6800 -m comment --comment "!fw3: aria2 (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_lan_prerouting -s 192.168.2.0/24 -d 123.14.119.60/32 -p tcp -m tcp --dport 8088 -m comment --comment "!fw3: ddns80 (reflection)" -j DNAT --to-destination 192.168.2.1:80
-A zone_lan_prerouting -s 192.168.2.0/24 -d 123.14.119.60/32 -p udp -m udp --dport 8088 -m comment --comment "!fw3: ddns80 (reflection)" -j DNAT --to-destination 192.168.2.1:80
-A zone_lan_prerouting -s 192.168.2.0/24 -d 123.14.119.60/32 -p tcp -m tcp --dport 3009 -m comment --comment "!fw3: adghome (reflection)" -j DNAT --to-destination 192.168.2.1:3000
-A zone_lan_prerouting -s 192.168.2.0/24 -d 123.14.119.60/32 -p udp -m udp --dport 3009 -m comment --comment "!fw3: adghome (reflection)" -j DNAT --to-destination 192.168.2.1:3000
-A zone_lan_prerouting -s 192.168.2.0/24 -d 123.14.119.60/32 -p tcp -m tcp --dport 6809 -m comment --comment "!fw3: aria2 (reflection)" -j DNAT --to-destination 192.168.2.1:6800
-A zone_lan_prerouting -s 192.168.2.0/24 -d 123.14.119.60/32 -p udp -m udp --dport 6809 -m comment --comment "!fw3: aria2 (reflection)" -j DNAT --to-destination 192.168.2.1:6800
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 8088 -m comment --comment "!fw3: ddns80" -j DNAT --to-destination 192.168.2.1:80
-A zone_wan_prerouting -p udp -m udp --dport 8088 -m comment --comment "!fw3: ddns80" -j DNAT --to-destination 192.168.2.1:80
-A zone_wan_prerouting -p tcp -m tcp --dport 3009 -m comment --comment "!fw3: adghome" -j DNAT --to-destination 192.168.2.1:3000
-A zone_wan_prerouting -p udp -m udp --dport 3009 -m comment --comment "!fw3: adghome" -j DNAT --to-destination 192.168.2.1:3000
-A zone_wan_prerouting -p tcp -m tcp --dport 6809 -m comment --comment "!fw3: aria2" -j DNAT --to-destination 192.168.2.1:6800
-A zone_wan_prerouting -p udp -m udp --dport 6809 -m comment --comment "!fw3: aria2" -j DNAT --to-destination 192.168.2.1:6800
-A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
COMMIT
# Completed on Thu Jan 27 03:04:54 2022

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Thu Jan 27 03:04:54 2022
*mangle
:PREROUTING ACCEPT [124365:43066587]
:INPUT ACCEPT [122294:42799127]
:FORWARD ACCEPT [1978:210554]
:OUTPUT ACCEPT [72751:40541716]
:POSTROUTING ACCEPT [74420:40737730]
:openclash - [0:0]
:openclash_dns_hijack - [0:0]
:openclash_output - [0:0]
-A PREROUTING -j openclash
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -j openclash_output
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 68 -j RETURN
-A openclash -s 192.168.2.1/32 -p udp -m udp --sport 6800 -j RETURN
-A openclash -s 192.168.2.1/32 -p tcp -m tcp --sport 6800 -j RETURN
-A openclash -p udp -m udp --dport 6809 -j RETURN
-A openclash -p tcp -m tcp --dport 6809 -j RETURN
-A openclash -s 192.168.2.1/32 -p udp -m udp --sport 3000 -j RETURN
-A openclash -s 192.168.2.1/32 -p tcp -m tcp --sport 3000 -j RETURN
-A openclash -p udp -m udp --dport 3009 -j RETURN
-A openclash -p tcp -m tcp --dport 3009 -j RETURN
-A openclash -s 192.168.2.1/32 -p udp -m udp --sport 80 -j RETURN
-A openclash -s 192.168.2.1/32 -p tcp -m tcp --sport 80 -j RETURN
-A openclash -p udp -m udp --dport 8088 -j RETURN
-A openclash -p tcp -m tcp --dport 8088 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -j MARK --set-xmark 0x162/0xffffffff
-A openclash_output -p udp -m udp --sport 500 -j RETURN
-A openclash_output -p udp -m udp --sport 68 -j RETURN
-A openclash_output -p udp -m udp --sport 6809 -j RETURN
-A openclash_output -p tcp -m tcp --sport 6809 -j RETURN
-A openclash_output -p udp -m udp --sport 3009 -j RETURN
-A openclash_output -p tcp -m tcp --sport 3009 -j RETURN
-A openclash_output -p udp -m udp --sport 8088 -j RETURN
-A openclash_output -p tcp -m tcp --sport 8088 -j RETURN
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff
COMMIT
# Completed on Thu Jan 27 03:04:54 2022

#IPv6 NAT chain


#IPv6 Mangle chain


#===================== IPSET状态 =====================#

Name: china_ip_route
Name: localnetwork

#===================== 路由表状态 =====================#

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         123.14.112.1    0.0.0.0         UG    0      0        0 pppoe-wan
123.14.112.1    0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-wan
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
198.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 utun
#ip route list
default via 123.14.112.1 dev pppoe-wan proto static 
123.14.112.1 dev pppoe-wan proto kernel scope link src 123.14.119.60 
192.168.2.0/24 dev br-lan proto kernel scope link src 192.168.2.1 
198.18.0.0/16 dev utun proto kernel scope link src 198.18.0.1 
#ip rule show
0:	from all lookup local
32765:	from all fwmark 0x162 lookup 354
32766:	from all lookup main
32767:	from all lookup default

#===================== Tun设备状态 =====================#

utun: tun

#===================== 端口占用状态 =====================#

tcp        0      0 198.18.0.1:7777         0.0.0.0:*               LISTEN      32324/clash
tcp        0      0 :::7893                 :::*                    LISTEN      32324/clash
tcp        0      0 :::7895                 :::*                    LISTEN      32324/clash
tcp        0      0 :::9090                 :::*                    LISTEN      32324/clash
tcp        0      0 :::7890                 :::*                    LISTEN      32324/clash
tcp        0      0 :::7891                 :::*                    LISTEN      32324/clash
tcp        0      0 :::7892                 :::*                    LISTEN      32324/clash
udp        0      0 198.18.0.1:7777         0.0.0.0:*                           32324/clash
udp        0      0 127.0.0.1:7874          0.0.0.0:*                           32324/clash
udp        0      0 :::7891                 :::*                                32324/clash
udp        0      0 :::7892                 :::*                                32324/clash
udp        0      0 :::7893                 :::*                                32324/clash
udp        0      0 :::7895                 :::*                                32324/clash
udp        0      0 :::53749                :::*                                32324/clash

#===================== 测试本机DNS查询 =====================#

Server:		127.0.0.1
Address:	127.0.0.1:53

Non-authoritative answer:
www.baidu.com	canonical name = www.a.shifen.com
Name:	www.a.shifen.com
Address: 110.242.68.4
Name:	www.a.shifen.com
Address: 110.242.68.3

Non-authoritative answer:
www.baidu.com	canonical name = www.a.shifen.com


#===================== resolv.conf.auto =====================#

# Interface wan
nameserver 114.114.114.114
nameserver 119.29.29.29

#===================== resolv.conf.d =====================#

# Interface wan
nameserver 114.114.114.114
nameserver 119.29.29.29

#===================== 测试本机网络连接 =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Wed, 26 Jan 2022 19:04:56 GMT
Etag: "575e1f59-115"
Last-Modified: Mon, 13 Jun 2016 02:50:01 GMT
Pragma: no-cache
Server: bfe/1.0.8.18


#===================== 测试本机网络下载 =====================#

HTTP/2 200 
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: "d4e60d9a3856c12991dd63fedfa9268ee6b68ea052f1be85a56a3886d9c16009"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: BD16:2A4D:ADD9B:127F01:61F1189A
accept-ranges: bytes
date: Wed, 26 Jan 2022 19:04:57 GMT
via: 1.1 varnish
x-served-by: cache-sjc10071-SJC
x-cache: HIT
x-cache-hits: 1
x-timer: S1643223897.100850,VS0,VE1
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
x-fastly-request-id: af9f6f7d8995e3def1bd6d1a5335339760713159
expires: Wed, 26 Jan 2022 19:09:57 GMT
source-age: 269
content-length: 80


#===================== 最近运行日志 =====================#

time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Abema TV"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider PBS"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Scholar"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Netflix"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Domestic IPs"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider encoreTVB"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider PROXY"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Fox Now"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Google FCM"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Telegram"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Steam"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider PayPal"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Domestic"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider WeTV"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Discovery Plus"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Japonx"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Fox+"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Line TV"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Bahamut"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Spotify"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Youku"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider JOOX"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Apple"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Pandora"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Tencent Video"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Disney Plus"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider HBO Max"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider LAN"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Netease Music"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Hulu"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Microsoft"
time="2022-01-26T19:02:11Z" level=info msg="Start initial rule provider Reject"
time="2022-01-26T19:02:12Z" level=info msg="Start initial rule provider KKBOX"
time="2022-01-26T19:02:12Z" level=info msg="Start initial rule provider Amazon"
time="2022-01-26T19:02:12Z" level=info msg="Start initial rule provider Bilibili"
time="2022-01-26T19:02:12Z" level=info msg="Start initial rule provider DAZN"
time="2022-01-26T19:02:12Z" level=info msg="Start initial rule provider ABC"
time="2022-01-26T19:02:12Z" level=info msg="Start initial rule provider Special"
time="2022-01-26T19:02:12Z" level=info msg="Start initial rule provider ViuTV"
time="2022-01-26T19:02:12Z" level=info msg="Start initial rule provider myTV SUPER"
time="2022-01-26T19:02:12Z" level=info msg="Start initial rule provider Speedtest"
time="2022-01-26T19:02:12Z" level=info msg="Start initial rule provider Letv"
time="2022-01-26T19:02:12Z" level=info msg="Start initial rule provider IQIYI"
time="2022-01-26T19:02:12Z" level=info msg="DNS server listening at: 127.0.0.1:7874"
2022-01-27 03:02:14 Step 6: Wait For The File Downloading...
2022-01-27 03:02:15 Step 7: Set Control Panel...
2022-01-27 03:02:15 Step 8: Set Firewall Rules...
2022-01-27 03:02:15 Step 9: Restart Dnsmasq...
2022-01-27 03:02:18 Step 10: Add Cron Rules, Start Daemons...
2022-01-27 03:02:18 OpenClash Start Successful!

#===================== 活动连接信息 =====================#

1. SourceIP:【192.168.2.202】 - Host:【p13n.adobe.io】 - DestinationIP:【34.193.227.236】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【Akko】
2. SourceIP:【192.168.2.202】 - Host:【Empty】 - DestinationIP:【110.242.68.3】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
3. SourceIP:【192.168.2.134】 - Host:【Empty】 - DestinationIP:【40.91.72.120】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【Akko】
4. SourceIP:【192.168.2.202】 - Host:【Empty】 - DestinationIP:【218.29.49.20】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
5. SourceIP:【192.168.2.202】 - Host:【avatars.githubusercontent.com】 - DestinationIP:【185.199.110.133】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【Akko】
6. SourceIP:【192.168.2.202】 - Host:【Empty】 - DestinationIP:【110.242.68.3】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
7. SourceIP:【192.168.2.134】 - Host:【Empty】 - DestinationIP:【210.149.135.89】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【Akko】
8. SourceIP:【192.168.2.129】 - Host:【Empty】 - DestinationIP:【23.23.78.12】 - Network:【udp】 - RulePayload:【】 - Lastchain:【Akko】
9. SourceIP:【192.168.2.202】 - Host:【alive.github.com】 - DestinationIP:【140.82.114.25】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【Akko】
10. SourceIP:【192.168.2.185】 - Host:【Empty】 - DestinationIP:【60.29.239.250】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
11. SourceIP:【192.168.2.214】 - Host:【app-b02.lp1.npns.srv.nintendo.net】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【192.168.2.214/32】 - Lastchain:【Akko】
12. SourceIP:【192.168.2.202】 - Host:【api.ipify.org】 - DestinationIP:【3.232.242.170】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【Akko】
13. SourceIP:【192.168.2.201】 - Host:【play.googleapis.com】 - DestinationIP:【172.217.161.42】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【Akko】
14. SourceIP:【192.168.2.185】 - Host:【Empty】 - DestinationIP:【220.194.95.164】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
15. SourceIP:【192.168.2.134】 - Host:【Empty】 - DestinationIP:【40.119.211.203】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【Akko】
16. SourceIP:【192.168.2.202】 - Host:【myip.ipip.net】 - DestinationIP:【118.212.233.24】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
17. SourceIP:【192.168.2.202】 - Host:【s1.music.126.net】 - DestinationIP:【61.158.238.35】 - Network:【tcp】 - RulePayload:【Domestic】 - Lastchain:【DIRECT】
18. SourceIP:【192.168.2.202】 - Host:【Empty】 - DestinationIP:【104.17.108.55】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【Akko】
19. SourceIP:【192.168.2.202】 - Host:【avatars.githubusercontent.com】 - DestinationIP:【185.199.111.133】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【Akko】
20. SourceIP:【192.168.2.202】 - Host:【Empty】 - DestinationIP:【218.29.49.20】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
21. SourceIP:【192.168.2.202】 - Host:【Empty】 - DestinationIP:【172.217.175.110】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【Akko】
22. SourceIP:【192.168.2.202】 - Host:【myip.ipip.net】 - DestinationIP:【118.212.233.24】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
23. SourceIP:【192.168.2.185】 - Host:【api.io.mi.com】 - DestinationIP:【111.202.0.44】 - Network:【tcp】 - RulePayload:【Domestic】 - Lastchain:【DIRECT】
24. SourceIP:【192.168.2.201】 - Host:【Empty】 - DestinationIP:【203.208.39.226】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
25. SourceIP:【192.168.2.202】 - Host:【github.com】 - DestinationIP:【13.114.40.48】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【Akko】
26. SourceIP:【192.168.2.134】 - Host:【Empty】 - DestinationIP:【54.167.72.5】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【Akko】
27. SourceIP:【192.168.2.201】 - Host:【Empty】 - DestinationIP:【108.177.125.188】 - Network:【tcp】 - RulePayload:【Google FCM】 - Lastchain:【DIRECT】
28. SourceIP:【123.14.119.60】 - Host:【Empty】 - DestinationIP:【111.202.1.237】 - Network:【udp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
29. SourceIP:【192.168.2.201】 - Host:【play.googleapis.com】 - DestinationIP:【172.217.161.42】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【Akko】
30. SourceIP:【192.168.2.185】 - Host:【connect.play.aiseet.atianqi.com】 - DestinationIP:【60.29.240.53】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
31. SourceIP:【192.168.2.134】 - Host:【cm5-lax1.cm.steampowered.com】 - DestinationIP:【162.254.195.71】 - Network:【tcp】 - RulePayload:【Steam】 - Lastchain:【Akko】
32. SourceIP:【192.168.2.202】 - Host:【api.ipify.org】 - DestinationIP:【54.91.59.199】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【Akko】
33. SourceIP:【192.168.2.134】 - Host:【content-system.gog.com】 - DestinationIP:【210.149.135.121】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【Akko】
34. SourceIP:【192.168.2.202】 - Host:【clients4.google.com】 - DestinationIP:【172.217.161.78】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【Akko】
35. SourceIP:【123.14.119.60】 - Host:【Empty】 - DestinationIP:【94.140.14.15】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【Akko】
36. SourceIP:【192.168.2.202】 - Host:【Empty】 - DestinationIP:【108.177.125.188】 - Network:【tcp】 - RulePayload:【Google FCM】 - Lastchain:【DIRECT】
37. SourceIP:【192.168.2.134】 - Host:【Empty】 - DestinationIP:【52.139.250.253】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【Akko】
38. SourceIP:【192.168.2.202】 - Host:【myip.ipip.net】 - DestinationIP:【118.212.233.24】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
39. SourceIP:【192.168.2.202】 - Host:【avatars.githubusercontent.com】 - DestinationIP:【185.199.109.133】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【Akko】
40. SourceIP:【192.168.2.202】 - Host:【github.com】 - DestinationIP:【13.114.40.48】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【Akko】
41. SourceIP:【192.168.2.202】 - Host:【clients4.google.com】 - DestinationIP:【172.217.161.78】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【Akko】
42. SourceIP:【192.168.2.202】 - Host:【Empty】 - DestinationIP:【185.199.111.133】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【Akko】
43. SourceIP:【192.168.2.202】 - Host:【s1.music.126.net】 - DestinationIP:【123.12.188.35】 - Network:【tcp】 - RulePayload:【Domestic】 - Lastchain:【DIRECT】
44. SourceIP:【192.168.2.173】 - Host:【Empty】 - DestinationIP:【58.83.177.124】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
45. SourceIP:【192.168.2.201】 - Host:【Empty】 - DestinationIP:【108.177.125.188】 - Network:【tcp】 - RulePayload:【Google FCM】 - Lastchain:【DIRECT】
46. SourceIP:【192.168.2.134】 - Host:【Empty】 - DestinationIP:【52.137.108.37】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【Akko】
47. SourceIP:【192.168.2.202】 - Host:【myip.ipip.net】 - DestinationIP:【118.212.233.201】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
48. SourceIP:【192.168.2.202】 - Host:【api-ipv4.ip.sb】 - DestinationIP:【104.26.13.31】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【Akko】
49. SourceIP:【192.168.2.202】 - Host:【avatars.githubusercontent.com】 - DestinationIP:【185.199.108.133】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【Akko】
50. SourceIP:【192.168.2.222】 - Host:【Empty】 - DestinationIP:【124.251.58.154】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
51. SourceIP:【192.168.2.202】 - Host:【github.com】 - DestinationIP:【13.114.40.48】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【Akko】
52. SourceIP:【192.168.2.202】 - Host:【api.ipify.org】 - DestinationIP:【54.91.59.199】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【Akko】
53. SourceIP:【192.168.2.202】 - Host:【Empty】 - DestinationIP:【110.242.68.3】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
54. SourceIP:【192.168.2.202】 - Host:【yiban.io】 - DestinationIP:【193.112.227.80】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
55. SourceIP:【192.168.2.202】 - Host:【Empty】 - DestinationIP:【172.67.75.147】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【Akko】
56. SourceIP:【192.168.2.202】 - Host:【api.ipify.org】 - DestinationIP:【3.220.57.224】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【Akko】
57. SourceIP:【192.168.2.185】 - Host:【Empty】 - DestinationIP:【120.79.193.196】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
58. SourceIP:【192.168.2.202】 - Host:【avatars.githubusercontent.com】 - DestinationIP:【185.199.110.133】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【Akko】
59. SourceIP:【192.168.2.202】 - Host:【avatars.githubusercontent.com】 - DestinationIP:【185.199.111.133】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【Akko】

@vernesong
Copy link
Owner

节点的udp正常吗,换个软件测试一下

@duetg
Copy link
Author

duetg commented Jan 28, 2022

通过本地和节点使用nc -u和nc -ul测试udp通信是正常的,但用passwall的话ns的nat是d,不过用ssr plus的结果则是a。请问还有什么方法可以让我用来确定可能发生问题的位置吗?
另外补充一下,尽管TUN下以及兼容模式打开UDP转发下,Switch NAT是F,但在电脑上运行NatTypeTester结果是fullcone。
刚刚又测试了一下,如果使用TUN模式,用- SRC-IP-CIDR给电脑开全局,然后登录另一台服务器开nc -ul,在本地是无法用nc -u来和服务器通信。但用兼容模式不开udp转发的话通信是正常的。

@HytonightYX
Copy link

遇到了和你一模一样的问题,Switch NAT 类型 F,使用 TUN 模式

@vernesong
Copy link
Owner

redir模式,用mixed-port单独试试

@TaeYeon233
Copy link

同样的问题,不知是从哪个版本开始的,升级后就有问题了。同SWITCH玩家,兼容模式勾了UDP转发,TUN,混合模式,NAT类型都是F,但用电脑NatTypetester测却是FULLCONE的,有点不解。。。

@kurtn2005
Copy link

同F,记得以前是好的,mark一下等等看。

@duetg
Copy link
Author

duetg commented Feb 8, 2022

redir模式,用mixed-port单独试试

redir下打开混合模式,再用NatTypeTester大多数情况显示UdpBlocked,偶尔会有其他的结果。switch nat仍然是F。
服务器上装的是v2ray原版,使用的是vmess + ws +tls的连接方式,不知道是不是和这个有关。另外我也不太明白服务器端的udp支持到底是怎么检查的,我在网上查了一下v2ray,说是UDP over TCP,只需要在客户端开启udp就行,这个在配置里也确实开了true。不知道服务器端是否还有其他设置要做。

@kurtn2005
Copy link

redir-host 兼容 关掉udp转发,Switch NAT A。🤷‍♂️

@vernesong
Copy link
Owner

#1076

@duetg
Copy link
Author

duetg commented Feb 9, 2022

#1076

那看来是得换协议了吧?我今晚装个trojan试试看

一开始用了xray的trojan-grpc,可能是不太熟悉配置,没有通。卸载了之后又换了原版的trojan,目前的结果如下:

  • 使用redir的兼容模式,打开udp流量转发,switch nat A
  • 使用redir的TUN模式和混合模式,switch nat B(感觉TUN模式上下行不太稳定)

不知道TUN模式下是否可以提升到A,还麻烦大佬能给解答一下,多谢。
太晚了,还没有和其他switch联机测试,明天找台机器联一下看看。

@vernesong
Copy link
Owner

tun的问题可能需要去内核那边反馈,因为是闭源的

@vernesong vernesong pinned this issue Feb 9, 2022
@vernesong
Copy link
Owner

image
自己加一下

@TaeYeon233
Copy link

头有点大,,,我不管降了插件还是路由器固件,switch nat都是F,仔细测试了下发现用SWITCH UDP走Nintendo的链接只有上传流量没有下载流量,但玩其他第三方游戏UDP是通的,电脑的nattypetester也是通的,规则默认机场的托管,协议用的SS,不知道索尼PS端是什么情况。
屏幕截图 2022-02-11 182446

@vernesong
Copy link
Owner

头有点大,,,我不管降了插件还是路由器固件,switch nat都是F,仔细测试了下发现用SWITCH UDP走Nintendo的链接只有上传流量没有下载流量,但玩其他第三方游戏UDP是通的,电脑的nattypetester也是通的,规则默认机场的托管,协议用的SS,不知道索尼PS端是什么情况。 屏幕截图 2022-02-11 182446

换个插件呢

@github-actions
Copy link
Contributor

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

@hcym
Copy link

hcym commented Jun 1, 2022

范本,一直都在用兼容tun

@killsting
Copy link

Vmess 可能会有 UDP 转发问题,使用 SS + Redir-Host 混合模式 + 防火墙开启转发,Nat 马上 A 了。

@zgc
Copy link

zgc commented Jan 17, 2023

我用兼容模式,固件也装了docker,switch和ps4一直是nat A,是因为我用的都是trojan节点吗?而且还套了cdn

@duetg
Copy link
Author

duetg commented Jan 17, 2023

应该和用trojan有关,vmess貌似确实不行,我已经不用了vmess了,现在用meta内核和vless。

@Sentaku1129
Copy link

Sentaku1129 commented Aug 5, 2023

可以问下,我用的Redir-Host模式,使用tun模式,nat类型是F。使用混合模式,开启udp转发,nat类型也是F,关闭了udp转发,nat类型是B。如果关闭了udp转发,是不是走的直连?我的节点类型是vmess,我可以怎么做,使nat类型变为A

@DawnAleax
Copy link

可以问下,我用的Redir-Host模式,使用tun模式,nat类型是F。使用混合模式,开启udp转发,nat类型也是F,关闭了udp转发,nat类型是B。如果关闭了udp转发,是不是走的直连?我的节点类型是vmess,我可以怎么做,使nat类型变为A
模式无所谓 不使用tun模式 关udp流量代理就是natA了,因为这点 我一直都没法用tun模式,影响游戏联机

@duetg
Copy link
Author

duetg commented Nov 3, 2023

插件设置
注意: 如遇到配置丢失或者需要还原默认配置,请尝试访问地址: http://192.168.2.1/cgi-bin/luci/admin/services/openclash/restore
注意: 路由不建议开启 IPV6 和相关服务,目前反馈的网络连接问题多数与它有关
注意: 浏览器开启安全 DNS,会导致分流异常,请注意关闭
注意: 部分软件会修改设备 HOSTS,会导致分流异常,请注意检查

注意: 游戏代理请使用 Vmess 以外的节点

注意: Fake-ip 模式下如需要进行客户端访问控制,请将DNS劫持模式改为防火墙转发
注意: 默认代理路由本机流量,BT、PT 下载等请尽量使用 redir 模式并注意进行流量规避
注意: 连接异常时请按照此页步骤先进行检查: 点击前往

作者已经在插件上写的很清楚了,游戏代理不要使用Vmess
这帖子已经关过了,不要再问了

@vernesong
Copy link
Owner

新版加了UTUN接口后,使用system stack下switch游戏应该没问题了

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

10 participants