原版 openwrt/immortalwrt sing-box tun 模式不定时断流,症状是无法联网,需要重启后恢复。netstat 显示有大量 CLOSE_WAIT 连接。后来写了个定时脚本去 check ,CLOSE_WAIT 连接数超阀值了重启,改善不少,但偶尔还是会断流。 网上搜了,github issue 里有类似问题,但没找到有效解决办法。
求 V2 大神指导下~
客户端配置参考的是: https://www.right.com.cn/forum/thread-8314833-1-1.html
{
"log": {
"disabled": false,
"level": "debug",
"timestamp": true
},
"experimental": {
"clash_api": {
"external_controller": "127.0.0.1:9090",
"external_ui": "ui",
"external_ui_download_url": "",
"external_ui_download_detour": "",
"secret": "",
"default_mode": "Rule"
},
"cache_file": {
"enabled": true,
"path": "cache.db",
"store_fakeip": true
}
},
"dns": {
"servers": [
{
"tag": "proxydns",
"address": "tls://8.8.8.8/dns-query",
"detour": "select"
},
{
"tag": "localdns",
"address": "h3://223.5.5.5/dns-query",
"detour": "direct"
},
{
"address": "rcode://refused",
"tag": "block"
},
{
"tag": "dns_fakeip",
"address": "fakeip"
}
],
"rules": [
{
"outbound": "any",
"server": "localdns",
"disable_cache": true
},
{
"clash_mode": "Global",
"server": "proxydns"
},
{
"clash_mode": "Direct",
"server": "localdns"
},
{
"rule_set": "geosite-cn",
"server": "localdns"
},
{
"rule_set": "geosite-geolocation-!cn",
"server": "proxydns"
},
{
"rule_set": "geosite-geolocation-!cn",
"query_type": [
"A",
"AAAA"
],
"server": "dns_fakeip"
}
],
"fakeip": {
"enabled": true,
"inet4_range": "198.18.0.0/15",
"inet6_range": "fc00::/18"
},
"independent_cache": true,
"final": "proxydns"
},
"inbounds": [
{
"type": "tun",
"inet4_address": "172.19.0.1/30",
"inet6_address": "fd00::1/126",
"auto_route": true,
"stack": "system",
"strict_route": false,
"sniff": true,
"sniff_override_destination": true,
"domain_strategy": "prefer_ipv4"
}
],
"outbounds": [
{
"type": "trojan",
"tag": "trojan-us",
"server": "XXX.XXX.XXX.XXX",
"server_port": XXXXX,
"password": "XXXXXX",
"tls": {
"enabled": true,
"server_name": "XXX.XXX",
"utls": {
"enabled": true,
"fingerprint": "firefox"
}
},
"multiplex": {
"enabled": true
}
},
{
"type": "hysteria2",
"tag": "hy2-us",
"server": "XXX.XXX.XXX.XXX",
"server_port": XXXXX,
"password": "XXXXXX",
"tls": {
"enabled": true,
"server_name": "www.bing.com",
"insecure": true,
"alpn": [
"h3"
]
}
},
{
"tag": "direct",
"type": "direct"
},
{
"tag": "block",
"type": "block"
},
{
"tag": "dns-out",
"type": "dns"
},
{
"tag": "select",
"type": "selector",
"default": "auto",
"outbounds": [
"auto",
"trojan-us",
"hy2-us"
]
},
{
"tag": "auto",
"type": "urltest",
"outbounds": [
"trojan-us",
"hy2-us"
],
"url": "https://www.gstatic.com/generate_204",
"interval": "1m",
"tolerance": 50,
"interrupt_exist_connections": false
}
],
"route": {
"rule_set": [
{
"tag": "geosite-geolocation-!cn",
"type": "remote",
"format": "binary",
"url": "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geosite/geolocation-!cn.srs",
"download_detour": "select",
"update_interval": "1d"
},
{
"tag": "geosite-cn",
"type": "remote",
"format": "binary",
"url": "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geosite/geolocation-cn.srs",
"download_detour": "select",
"update_interval": "1d"
},
{
"tag": "geoip-cn",
"type": "remote",
"format": "binary",
"url": "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geoip/cn.srs",
"download_detour": "select",
"update_interval": "1d"
}
],
"auto_detect_interface": true,
"final": "select",
"rules": [
{
"domain_suffix": [
"synology.com",
"plex.tv"
],
"outbound": "direct"
},
{
"outbound": "dns-out",
"protocol": "dns"
},
{
"clash_mode": "Direct",
"outbound": "direct"
},
{
"clash_mode": "Global",
"outbound": "auto"
},
{
"rule_set": "geoip-cn",
"outbound": "direct"
},
{
"rule_set": "geosite-cn",
"outbound": "direct"
},
{
"ip_is_private": true,
"outbound": "direct"
},
{
"rule_set": "geosite-geolocation-!cn",
"outbound": "auto"
}
]
},
"ntp": {
"enabled": true,
"server": "ntp.aliyun.com",
"server_port": 123,
"interval": "30m",
"detour": "direct"
}
}
1
Immunize 12 天前
stack 换成 gvisor 试试呢,sing-box 的 system stack 实际上并不是完整的协议栈,对于 tcp/udp 端口快速复用的场景支持是有问题的。
|
2
evalfun 12 天前
系统连接数爆了,把连接数调高就行。能用 system 就不要用 gvisor ,gvisor 效率很低
echo 65536 > /proc/sys/net/netfilter/nf_conntrack_max |
3
JensenQian 12 天前
搞个现成的 gui 试试看
passwall ,或者 homeproxy |
4
onion83 11 天前
已经发现 sing-box / dae 都存在这个问题,无解。已经转投 mihomo ,多种负载均衡模式、自定义健康检查、更灵活的分流特性,yaml 格式能写注释不用 json 到处找闭合括弧。跑了快一个季度,因为健康检查功能过于强大,我都忘记梯子没续费了机器都被释放掉了 -_-
|
5
Rebron1900 11 天前
@onion83 我最近也在用 mihomo ,大佬这些功能都是那些配置项呀?
|
7
yyysuo 10 天前
用 tproxy 或者 redirect 呗,tun 启动那么慢,不能忍。
|
9
zhouqian 10 天前
我用的是 mixed ,也经常遇到这个情况。Android 手机和 Mac 都一样。
|