V2EX = way to explore V2EX 是一个关于分享和探索的地方
Sign Up Now For Existing Member Sign In
一开始折腾 Clash-Meta 和 tailscaled-socks5-android 浪费了很多时间,指定 Userspace networking mode 的 socks5 代理出口一直报错:
dial tail-socks match IPCIDR/100.64.0.0/10 --> error: context deadline exceeded 172.19.0.1:41221 -> 100.170.x.x:9801 io/timeout
测试版本:Android 15 + SFA 1.14.0-alpha.15 、Windows-amd64 + SFA 1.13.9
基础配置来源:OkProxyConf Sing-Box Generator,修改 outbounds 和 endpoint 的配置
重点:
- sing-box inbounds 的 tun 不能加 route_exclude_address,加了的话
100.64.0.0/10会走直连不经过 tun (和 Windows 上的 Clash 配置有区别,被坑了) - 要访问自己的子网设备,route -> rules 的 IPCIDR 要加上自己的内网网段( 192.168.x.x/16),不然规则往下匹配会走直连
配置参考:
{ "$schema": "https://raw.githubusercontent.com/xmdhs/sing-box-generate-schema/refs/heads/master/schema.generated.json", "log": { "disabled": false, "level": "error", "timestamp": true }, "dns": { "strategy": "prefer_ipv4", "servers": [ { "tag": "dns_remote", "type": "https", "server": "1.1.1.1", "detour": "proxy" }, { "tag": "dns_cn", "type": "https", "server": "223.5.5.5" }, { "tag": "dns_local", "type": "udp", "server": "223.5.5.5" }, { "tag": "dns_fakeip", "type": "fakeip", "inet4_range": "198.18.0.0/15", "inet6_range": "fc00::/18" } ], "rules": [ { "clash_mode": "direct", "server": "dns_cn" }, { "clash_mode": "global", "server": "dns_remote" }, { "rule_set": "geosite-cn", "server": "dns_cn" }, { "query_type": [ "A", "AAAA" ], "rule_set": "geosite-geolocation-!cn", "server": "dns_fakeip" } ], "final": "dns_remote" }, "inbounds": [ { "tag": "tun-in", "type": "tun", "address": [ "172.19.0.1/30", "fdfe:dcba:9876::1/126" ], "mtu": 9000, "auto_route": true, "strict_route": true, "stack": "mixed" }, { "tag": "mixed-in", "type": "mixed", "listen": "127.0.0.1", "listen_port": 7890 } ], "experimental": { "clash_api": { "external_controller": "127.0.0.1:9095", "external_ui": "ui", "external_ui_download_url": "https://gh-proxy.com/https://github.com/Zephyruso/zashboard/archive/refs/heads/gh-pages.zip", "external_ui_download_detour": "direct" }, "cache_file": { "enabled": true, "path": "cache.db" } }, "outbounds": [ { "tag": "proxy", "type": "selector", "default": "urltest", "outbounds": [ "urltest", "hysteria2", "tls-reality" ] }, { "tag": "urltest", "type": "urltest", "outbounds": [ "hysteria2", "tls-reality" ] }, { "password": "", "server": "", "server_port": 443, "tag": "hysteria2", "tls": { "enabled": true, "server_name": "" }, "type": "hysteria2" }, { "server": "", "server_port": 443, "tag": "tls-reality", "tls": { "enabled": true, "server_name": "www.visa.com.hk", "utls": { "enabled": true, "fingerprint": "chrome" }, "reality": { "enabled": true, "public_key": "", "short_id": "" } }, "type": "vless", "uuid": "", "flow": "xtls-rprx-vision" } ], "endpoints": [ { "type": "tailscale", "tag": "tailscale-in", "auth_key": "", "accept_routes": true, "system_interface": false, "udp_timeout": "1m" } ], "route": { "default_domain_resolver": { "server": "dns_local" }, "rules": [ { "domain_suffix": [ "ts.net" ], "outbound": "tailscale-in" }, { "ip_cidr": [ "100.64.0.0/10", "fd7a:115c:a1e0::/48", "192.168.31.1/24" ], "outbound": "tailscale-in" }, { "action": "sniff", "sniffer": [ "http", "tls", "quic", "dns" ], "timeout": "500ms" }, { "type": "logical", "mode": "or", "rules": [ { "port": 53 }, { "protocol": "dns" } ], "action": "hijack-dns" }, { "ip_is_private": true, "action": "route", "outbound": "direct" }, { "rule_set": [ "geosite-category-ads-all" ], "action": "reject" }, { "clash_mode": "Global", "action": "route", "outbound": "proxy" }, { "clash_mode": "Direct", "action": "route", "outbound": "direct" }, { "type": "logical", "mode": "and", "rules": [ { "rule_set": "geosite-geolocation-!cn" }, { "invert": true, "rule_set": [ "geosite-cn" ] } ], "action": "route", "outbound": "proxy" }, { "rule_set": [ "geosite-cn" ], "action": "route", "outbound": "direct" }, { "rule_set": [ "geoip-cn" ], "action": "route", "outbound": "direct" } ], "auto_detect_interface": true, "rule_set": [ { "tag": "geosite-category-ads-all", "type": "remote", "format": "binary", "url": "https://ghfast.top/https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/sing/geo/geosite/category-ads-all.srs" }, { "tag": "geoip-cn", "type": "remote", "format": "binary", "url": "https://ghfast.top/https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/sing/geo/geoip/cn.srs" }, { "tag": "geosite-cn", "type": "remote", "format": "binary", "url": "https://ghfast.top/https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/sing/geo/geosite/cn.srs" }, { "tag": "geosite-geolocation-!cn", "type": "remote", "format": "binary", "url": "https://ghfast.top/https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/sing/geo/geosite/geolocation-!cn.srs" } ] } }
以下报错是正常的,不用管:
missing Tailscale IPv4 address 报错 implicit default HTTP client using default outbound for remote rule-sets is deprecated ,https://github.com/SagerNet/sing-box/issues/4051 说在 1.14-alpha 修了,但是启动还是会提示 REF:
 | 1 evemoo OP 顺带吐槽:sing-box 配置真是一个版本一个变量名,可供参考的配置也不多,根本不敢更新 |
 | 2 ntdll 6 days ago sing-box 有遇到过,运行时间久了,或者网络状态多切换几次( WiFi 、数据网络) 然后就出来 DNS 解析不了情况吗,也不太能确定是 sing-box 的问题,还是我配置文件的问题,但这个情况只在 Android 上出现过,同样的配置文件,在 PC 上就没问题。 |
 | 3 qwvy2g 6 days ago via Android 我真的是服了,动不动改配置,之前用的带 tcp-brutal 加速 singbox 脚本自动失效了。 |
 | 5 Mystery0 6 days ago via Android 前段时间我也刚折腾好这个,核心就是用 endpoint 配置好 tailscale 组网,然后分流让请求走这个 tailscale 节点出去。singbox 的分流很好用,无论是 dns 还是网络请求,做链式代理也好实现。缺点就是你吐槽的,配置频繁改动不过还好,提示配置过时花点时间研究一下就行了,配置也就大版本变一下而已 |
| 6 evemoo OP @Mystery0 我测试了一下四个小时前发布的 1.14.0-alpha.15 ,加了 `accept_search_domain` 还是没法用 MagicDNS ,不然就完美了 ```json { "dns": { "servers": [ { "type": "tailscale", "tag": "", "endpoint": "ts-ep", "accept_default_resolvers": false, "accept_search_domain": false } ] } } ``` |
| 7 evemoo OP endpoint 部分的 `accept_routes: true` 还是有问题的,去掉 routes->rules 的 ip_cidr ("192.168.31.1/24 )就没法访问子网段 |
 | 8 Kobayashi 6 days ago via Android @ntdll 桌面端每天一次 dns: exchange failed ... context deadline exceeded 不知道怎么复现,但每天至少出现一次。 手机端 1.13 正式版后每次连接或者断开 WiFi 也出现。 应该有不少人有这个问题 https://github.com/SagerNet/sing-box/issues/2156 手机端暂时切回了 1.13 beta ,切换 WiFi 不会 DNS 查询失败。电脑端换回 clash meta + tailscale ,tailscale 命令行版是基于 utun ,clash 和 tailscale 2 个 utun 可以共存,clash 里稍微配置一下。 |
| 9 evemoo OP |
 | 11 Hitori0221 5 days ago sing-box 功能丰富,客制化属性强,跨平台支持好,但是用下来总有奇奇怪怪的小问题 比如这次从 1.13.x 迁移到 1.14.x 之后,因为改了 DNS 相关的配置,经常出现页面白屏/加载缓慢等情况,需要关闭 sing-box 才能加载,debug 了好几天也没有进展... |
 | 12 susandownes 5 days ago 这俩都有 Magisk 实现,magisk-tailscaled 实装后和 Linux 版本效果一样,有 root 的话可以尝试一下 |
 | 13 SinclairLin 4 days ago 其实可以家里开个 ss (或者随便什么协议)的 inbounds ,然后在外面用的配置文件 outbounds 里加上这个节点,家里内网的网段走这个节点。 |
| 14 evemoo OP @SinclairLin 有 xray 配置参考吗,我手机访问局域网其他设备提示:ERR_EMPTY_RESPONSE |
| 16 SinclairLin 2 days ago @evemoo #14 我用的是 singbox+vless ,你可以参考一下: ``` { "type": "vless", "tag": "vless-in", "tcp_fast_open": true, "listen": "0.0.0.0", "listen_port": xxxx, "users": [ { "name": "xxxx", "uuid": "xxxx" } ], "transport": { "type": "ws", "path": "/xxxx" } } ``` 如果没有公网 ipv4 的话可以选择监听"::",然后用 nginx+ddns 防止 ipv6 前缀变化,手机上对应着配置就好了。 QuantumultX 配置参考: ``` # 放在"[server_local]"里: vless=example.com:443, method=none, password=xxxx, obfs=wss, obfs-host=example.com, obfs-uri=/xxxx, tls-verification=true, fast-open=false, udp-relay=false, tag=example_tag # 放在"[policy]"里: static=vless-out, example_tag # 放在"[filter_local]"里: ip-cidr, 10.0.0.0/8, vless-out # 家里的局域网网段 ``` 之后打开代理软件的开关后就可以直接在外网访问家里的局域网网段了。 |
| 17 evemoo OP @SinclairLin 今天折腾 xray + ss 成功了,国内回连不用考虑什么特征问题 昨天遇到的 err_empty_response 是因为 xray 在上周合并了 freedom 的 ipsBlocked 选项。难怪在群晖 tcpdump 抓包一直没有回连流量(还是太相信 AI 了) 如果未显式配置 ipsBlocked ,且入站协议为 VLESS 、VMess 、Trojan 、Shadowsocks 、Hysteria 或 WireGuard ,Freedom 会默认阻止私有 IP 。 https://github.com/XTLS/Xray-core/issues/5972#issuecomment-4273482072 https://github.com/XTLS/Xray-core/pull/5947 |
Select Language