透明代理IPV6 DNS timeout #2498

HurryYU · 2023-08-29T14:26:14Z

各位大佬好.
我在旁网关上使用Xray搭建透明代理.下面是我的设备地址情况:

旁网关IPV4地址为:192.168.31.102
旁网关IPV6本地链路地址为:fe80::1

路由器IP地址为:192.168.31.1

设备IPV4地址:192.168.31.100
设备IPV6本地链路地址为:fe80::2

当我在设备上使用nslookup ipv6.google.com fe80::1时,出现了DNS request timed out,一共4次DNS请求结果都是timeout
查看Xray日志报错部分如下:

2023/08/29 21:22:32 [Info] [2774565985] proxy/dokodemo: received request for [fe80::2]:51989
2023/08/29 21:22:32 [Info] [2774565985] app/proxyman/inbound: connection ends > fake: socket bind: invalid argument
2023/08/29 21:22:32 [Info] [2774565985] app/dispatcher: taking detour [dns-out] for [udp:[fe80::1]:53]
2023/08/29 21:22:32 [Info] [2774565985] proxy/dns: handling DNS traffic to udp:8.8.8.8:53

上面这段报错日志反复打印了4次
其中fake: socket bind: invalid argument不太明白是什么原因引起的

如果在设备上使用nslookup ipv6.google.com 192.168.31.102 则能得到正确的解析结果
即只有IPV6 DNS会出现timeout

我的ip6tables配置如下:

ip6tables -t mangle -N XRAY6
ip6tables -t mangle -A XRAY6 -d ::1/128 -j RETURN
ip6tables -t mangle -A XRAY6 -d fe80::/10 -p tcp -j RETURN
ip6tables -t mangle -A XRAY6 -d fe80::/10 -p udp ! --dport 53 -j RETURN
ip6tables -t mangle -A XRAY6 -p udp -j TPROXY --on-ip ::1 --on-port 12345 --tproxy-mark 1
ip6tables -t mangle -A XRAY6 -p tcp -j TPROXY --on-ip ::1 --on-port 12345 --tproxy-mark 1
ip6tables -t mangle -A PREROUTING -j XRAY6

ip6tables -t mangle -N XRAY6_MASK
ip6tables -t mangle -A XRAY6_MASK -m owner --gid-owner 23333 -j RETURN
ip6tables -t mangle -A XRAY6_MASK -d fe80::/10 -p tcp -j RETURN
ip6tables -t mangle -A XRAY6_MASK -d fe80::/10 -p udp ! --dport 53 -j RETURN
ip6tables -t mangle -A XRAY6_MASK -p udp -j MARK --set-mark 1
ip6tables -t mangle -A XRAY6_MASK -p tcp -j MARK --set-mark 1
ip6tables -t mangle -A OUTPUT -j XRAY6_MASK

简化后的Xray配置如下:

{
    "inbounds": [
      {
        "tag": "transparent",
        "port": 12345,
        "protocol": "dokodemo-door",
        "settings": {
          "network": "tcp,udp",
          "followRedirect": true
        },
        "sniffing": {
          "enabled": true,
          "routeOnly": true,
          "domainsExcluded": [
            "res.res.res.res"
          ],
            "destOverride": [
            "http",
            "tls"
          ]
        },
        "streamSettings": {
          "sockopt": {
            "tproxy": "tproxy"
          }
        }
      }
    ],
    "outbounds": [
      {
        "tag": "direct",
        "protocol": "freedom",
        "settings": {
          "domainStrategy": "UseIP"
        }
      },
      {
        "tag": "proxy",
        "protocol": "vless",
        "settings": {
          "vnext": [
            {
              "address": "xxx.xxx.com",
              "port": 443,
              "users": [
                {
                  "id": "xxxxx",
                  "encryption": "none",
                  "flow": "xtls-rprx-vision"
                }
              ]
            }
          ]
        },
        "streamSettings": {
          "network": "tcp",
          "security": "tls",
          "tlsSettings": {
            "serverName": "xxx.xxx.com",
            "allowInsecure": false,
            "fingerprint": "chrome"
          }
        },
        "mux": {
          "enabled": true,
          "concurrency": -1,
          "xudpConcurrency": 16,
          "xudpProxyUDP443": "reject"
        }
      },
      {
        "tag": "block",
        "protocol": "blackhole",
        "settings": {
          "response": {
            "type": "http"
          }
        }
      },
      {
        "tag": "dns-out",
        "protocol": "dns",
        "settings": {
          "address": "8.8.8.8",
          "nonIPQuery": "skip"
        },
        "proxySettings": {
          "tag": "proxy"
        }
      }
    ],
    "dns": {
      "hosts": {
         "xxx.xxx.com": "66.66.66.66"
      },
      "servers": [
        {
          "address": "223.5.5.5",
          "port": 53,
          "domains": [
            "geosite:cn",
            "geosite:category-games@cn",
            "ntp.org",
            "xxx.xxx.com"
          ]
        },
        {
          "address": "114.114.114.114",
          "port": 53,
          "domains": [
            "geosite:cn",
            "geosite:category-games@cn",
            "ntp.org",
            "xxx.xxx.com"
          ]
        },
        {
          "address": "8.8.8.8",
          "port": 53,
          "domains": [
            "geosite:geolocation-!cn"
          ]
        },
        {
          "address": "1.1.1.1",
          "port": 53,
          "domains": [
            "geosite:geolocation-!cn"
          ]
        }
      ]
    },
    "routing": {
      "domainStrategy": "IPIfNonMatch",
      "rules": [
        {
          "type": "field",
          "inboundTag": [
            "transparent"
          ],
          "port": 53,
          "network": "udp",
          "outboundTag": "dns-out" 
        },    
        {
          "type": "field",
          "inboundTag": [
            "transparent"
          ],
          "port": 123,
          "network": "udp",
          "outboundTag": "direct" 
        },    
        {
          "type": "field", 
          "ip": [
            "223.5.5.5",
            "114.114.114.114"
          ],
          "outboundTag": "direct"
        },
        {
          "type": "field",
          "ip": [
            "8.8.8.8",
            "1.1.1.1"
          ],
          "outboundTag": "proxy"
        },
        // 其它代理配置
      ]
    }
  }

这个问题似乎与 #135 和 #137 有些类似,是关于fakeudp_linux.go中zone的问题,但 @RPRX 已经修复过了,不知是否还是与这个有关系?

出现问题的Xray版本为:1.7.5 1.8.0--1.8.3
旁网关系统:Ubuntu 22.04.3

The text was updated successfully, but these errors were encountered:

Fangliding closed this as completed Apr 14, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

透明代理IPV6 DNS timeout #2498

透明代理IPV6 DNS timeout #2498

HurryYU commented Aug 29, 2023 •

edited

Loading

透明代理IPV6 DNS timeout #2498

透明代理IPV6 DNS timeout #2498

Comments

HurryYU commented Aug 29, 2023 • edited Loading

HurryYU commented Aug 29, 2023 •

edited

Loading