sing-box tun 模式死活有问题，求助

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

现在注册

已注册用户请登录

各们好，最近在折腾 sing-box 的全局代理，发现同样的配置在新装的虚拟机 win10 和另一台闲置的 win10 上都无问题。但是放到自己的两台电脑上就死活不通了；最后把配置简化到 tun 透传 direct ，也是同样的状况。折腾几天了，实在想不到什么问题了，有懂的人麻烦指点一二。测试命令是 curl -v https://www.baidu.com , 症状是

* Host www.baidu.com:443 was resolved.
* IPv6: (none)
* IPv4: 180.101.49.44, 180.101.51.73
*   Trying 180.101.49.44:443...
* connect to 180.101.49.44 port 443 from 0.0.0.0 port 52489 failed: Timed out
*   Trying 180.101.51.73:443...
* connect to 180.101.51.73 port 443 from 0.0.0.0 port 58474 failed: Timed out
* Failed to connect to www.baidu.com port 443 after 42582 ms: Could not connect to server
* closing connection #0
curl: (28) Failed to connect to www.baidu.com port 443 after 42582 ms: Could not connect to server

以下是简化后在自己电脑上仍有问题的配置

{
    "log": {
        "disabled": false,
        "level": "trace",
        "timestamp": true,
        "output": ""
    },
    "inbounds": [{
            "type": "tun",
            "tag": "tun-in",
            "interface_name": "singbox-tun",
            "address": ["192.0.2.0/24"],
            "route_address": ["0.0.0.0/1", "128.0.0.0/1", "::/1", "8000::/1"],
            "route_exclude_address": [
                "10.0.0.0/8",
                "172.16.0.0/12",
                "192.168.0.0/16",
                "fc00::/7"
            ],
            "auto_route": true,
            "strict_route": false
        }, 
        {"tag": "dns-in","type": "direct","listen": "127.0.0.1","listen_port": 53}
    ],
    "outbounds": [
        {"type": "direct","tag": "direct"}, 
        {"type": "block","tag": "block"}
    ],
    "dns": {
        "strategy": "prefer_ipv4",
        "servers": [
            {"type": "local","tag": "local-dns"}, 
            {"type": "udp","tag": "cn-dns","server": "119.29.29.29"}
        ],
        "rules": [
            {"inbound": ["tun-in"],"server": "cn-dns"}
        ]
    },
    "route": {
        "auto_detect_interface": true,
        "default_domain_resolver": "local-dns",
        "final": "direct",
        "rules": [
            {"action": "sniff"}, 
            {"protocol": "dns","action": "hijack-dns"}, 
            {"ip_is_private": true,"outbound": "direct"}, 
            {"inbound": ["tun-in"],"outbound": "direct"}
        ]
    }
}

第 1 条附言 · 1 天前

以下是从sing-box启动后到 curl -v https://www.baidu.com 超时截取日志，日志级别 trace

2026-01-29 13:30:32 INFO network: updated default interface 以太网, index 26
2026-01-29 13:30:32 TRACE inbound/tun[tun-in]: creating stack
2026-01-29 13:30:32 INFO inbound/tun[tun-in]: started at singbox-tun
2026-01-29 13:30:32 INFO inbound/direct[dns-in]: tcp server started at 127.0.0.1:53
2026-01-29 13:30:32 INFO inbound/direct[dns-in]: udp server started at 127.0.0.1:53
2026-01-29 13:30:32 INFO sing-box started (0.311s)
2026-01-29 13:30:35 INFO [3235526638 0ms] inbound/tun[tun-in]: inbound packet connection from 192.0.2.1:61288
2026-01-29 13:30:35 INFO [3235526638 0ms] inbound/tun[tun-in]: inbound packet connection to 192.0.2.2:53
2026-01-29 13:30:35 DEBUG [3235526638 0ms] router: match[0] => sniff
2026-01-29 13:30:35 DEBUG [3235526638 0ms] router: sniffed packet protocol: dns
2026-01-29 13:30:35 DEBUG [3235526638 0ms] router: match[1] protocol=dns => hijack-dns
2026-01-29 13:30:35 DEBUG [3235526638 0ms] dns: exchange www.baidu.com. IN A
2026-01-29 13:30:35 DEBUG [3235526638 0ms] dns: match[1] inbound=tun-in => route(cn-dns)
2026-01-29 13:30:35 DEBUG [3235526638 7ms] dns: exchanged www.baidu.com NOERROR 54
2026-01-29 13:30:35 INFO [3235526638 7ms] dns: exchanged CNAME www.baidu.com. 54 IN CNAME www.a.shifen.com.
2026-01-29 13:30:35 INFO [3235526638 7ms] dns: exchanged A www.a.shifen.com. 54 IN A 180.101.51.73
2026-01-29 13:30:35 INFO [3235526638 7ms] dns: exchanged A www.a.shifen.com. 54 IN A 180.101.49.44

第 2 条附言 · 1 天前

破案了，inbounds.tun 设置 "stack": "gvisor"，可用；但不知道为什么。

sing-box

tun

proxy

16 条回复 • 2026-01-29 15:50:49 +08:00

dxxzst

1 天前

我之前发现，如果电脑上有两个网卡，比如一个有线网卡、一个无线网卡，这两个网卡如果同时开启，tun 会有问题。把不用的网卡停掉，就 OK 了。

anytk

1 天前

你的 tun 为啥用 `"address": ["192.0.2.0/24"],` 这个公网大网段，一般都是 172 私有地址下的小网段（/30) 。

cchaan

1 天前

@dxxzst 试过了，把除了特理网卡外其他虚拟网卡都禁了，剩下一个 tailscale 不影响，也是一样的症状

cchaan

1 天前

@anytk 192.0.2.0/24 是类似 CGNAT (100.64.0.0/10) 的特殊网段

anytk

1 天前

试试 `strict_route: true`

crackself

1 天前 via Android

试试这个，win Android openwrt 都没问题
{
"type": "tun",
"tag": "tun",
"interface_name": "SingBox",
"address": [
"172.18.0.1/30",
"fdfe:dcba:9876::1/126"
],
"mtu": 1500,
"auto_route": true,
"strict_route": true,
"endpoint_independent_nat": false,
"stack": "mixed"
}

crc8

1 天前

这是 1.11 版本后的配置？

Ipsum

1 天前

sb 的日志不发来看看？

isAK47

1 天前

"address": ["192.0.2.0/24"]---->"address": ["192.0.2.1/30"]

cchaan

1 天前

@crackself 谢谢，试过了，没用

cchaan

1 天前

@Ipsum 发上来了，附在上面

angeltop

1 天前

{
"log": { "level": "trace", "timestamp": true },
"inbounds": [
{
"type": "tun",
"tag": "tun-in",
"interface_name": "singbox-tun",
"address": ["172.19.0.1/30"],
"auto_route": true,
"strict_route": true,
"route_address": ["0.0.0.0/1", "128.0.0.0/1"],
"route_exclude_address": ["10.0.0.0/8","172.16.0.0/12","192.168.0.0/16"]
}
],
"outbounds": [
{ "type": "direct", "tag": "direct" },
{ "type": "block", "tag": "block" }
],
"route": {
"auto_detect_interface": false,
"default_interface": "Wi-Fi",
"final": "direct",
"rules": [
{ "inbound": ["tun-in"], "outbound": "direct" }
]
}
}

cchaan

1 天前

@crackself 破案了，"stack": "gvisor"，可用；但不知道为什么。

Hazard001

1 天前 via iPhone

system 栈最好手动指定 mtu 为 1500

dcty

1 天前

我在路由器上跑 singbox 和 mihomo （ shellcrash ），singbox 有内存泄露问题，会导致路由器重启，mihomo 稳如老狗，当然不排除是我的配置文件有问题（规则和代理基本上一致，当然不排除规则有些许差异，懒得排查了）

heiher

1 天前 via Android

system stack 虽然可以复用内核网络栈实现，但 I/O 次数更多，效能还不如 userspace ，内核相关配置变动的干扰因素也多