看到大版本更新了,
作为参与者,
准备做第一个吃螃蟹的人,
结果彻底无法上网了,
下面把症状详细描述下:
1.准备工作
为了控制变量,
彻底重装系统,
防止出现残留问题。
因此,
安装的是 openwrt-21.02.1-x86-64-generic-ext4-combined-efi 原版系统
插件仅安装最新的 luci-app-xray_1.2.0-1_all.ipk
系统仅设置了拨号上网和系统更新,
其他插件一概未装
2.插件安装
安装插件后,
自动安装了内置的xray,
然后仅设置了Xray Servers,添加了geoip和geosite至指定文件夹,设置了geoip为cn,routing domain为IPIfNonMatch,
其他未动,
具体config.json如下(已脱敏):
{
"outbounds": [
{
"streamSettings": {
"network": "tcp",
"xtlsSettings": {
"alpn": [
"h2",
"http/1.1"
],
"allowInsecure": false
},
"tcpSettings": {
"header": {
"type": "none"
}
},
"sockopt": {
"mark": 255,
"domainStrategy": "UseIP"
},
"security": "xtls"
},
"settings": {
"vnext": [
{
"port": 443,
"users": [
{
"id": "xxx-xxx-xxx-xxx-xxx",
"flow": "xtls-rprx-direct",
"encryption": "none"
}
],
"address": "xxx-xxx-xxx-xxx-xxx"
}
]
},
"protocol": "vless",
"tag": "tcp_outbound"
},
{
"streamSettings": {
"network": "tcp",
"xtlsSettings": {
"alpn": [
"h2",
"http/1.1"
],
"allowInsecure": false
},
"tcpSettings": {
"header": {
"type": "none"
}
},
"sockopt": {
"mark": 255,
"domainStrategy": "UseIP"
},
"security": "xtls"
},
"settings": {
"vnext": [
{
"port": 443,
"users": [
{
"id": "xxx-xxx-xxx-xxx-xxx",
"flow": "xtls-rprx-direct",
"encryption": "none"
}
],
"address": "xxx-xxx-xxx-xxx-xxx"
}
]
},
"protocol": "vless",
"tag": "udp_outbound"
},
{
"streamSettings": {
"sockopt": {
"mark": 255
}
},
"protocol": "freedom",
"tag": "direct"
},
{
"tag": "dns_server_outbound",
"protocol": "dns",
"streamSettings": {
"sockopt": {
"mark": 255
}
}
}
],
"log": {
"loglevel": "debug",
"access": "none",
"dnsLog": false
},
"dns": {
"servers": [
{
"port": 53,
"domains": [
"xxx-xxx-xxx-xxx-xxx"
],
"address": "114.114.114.114"
},
{
"port": 53,
"domains": [
"geosite:geolocation-!cn"
],
"address": "8.8.8.8"
},
{
"port": 53,
"domains": [
"geosite:cn"
],
"address": "114.114.114.114"
},
{
"port": 53,
"address": "1.1.1.1"
}
],
"tag": "dns_conf_inbound"
},
"api": {
"services": [
"HandlerService",
"LoggerService",
"StatsService"
],
"tag": "api"
},
"routing": {
"rules": [
{
"domain": [
"geosite:cn"
],
"type": "field",
"inboundTag": [
"tproxy_tcp_inbound",
"tproxy_udp_inbound",
"dns_conf_inbound",
"https_inbound",
"http_inbound"
],
"outboundTag": "direct"
},
{
"domain": [
"geosite:geolocation-!cn"
],
"type": "field",
"inboundTag": [
"tproxy_tcp_inbound",
"tproxy_udp_inbound",
"dns_conf_inbound"
],
"outboundTag": "tcp_outbound"
},
{
"domain": [
"geosite:geolocation-!cn"
],
"type": "field",
"inboundTag": [
"tproxy_udp_inbound"
],
"outboundTag": "udp_outbound"
},
{
"ip": [
"geoip:private"
],
"type": "field",
"inboundTag": [
"tproxy_tcp_inbound",
"tproxy_udp_inbound",
"dns_conf_inbound",
"socks_inbound",
"https_inbound",
"http_inbound"
],
"outboundTag": "direct"
},
{
"ip": [
"geoip:cn"
],
"type": "field",
"inboundTag": [
"tproxy_tcp_inbound",
"tproxy_udp_inbound",
"dns_conf_inbound"
],
"outboundTag": "direct"
},
{
"type": "field",
"inboundTag": [
"tproxy_tcp_inbound",
"dns_conf_inbound",
"socks_inbound",
"https_inbound",
"http_inbound"
],
"outboundTag": "tcp_outbound"
},
{
"type": "field",
"inboundTag": [
"tproxy_udp_inbound"
],
"outboundTag": "udp_outbound"
},
{
"type": "field",
"inboundTag": [
"dns_server_inbound_5300",
"dns_server_inbound_5301",
"dns_server_inbound_5302",
"dns_server_inbound_5303"
],
"outboundTag": "dns_server_outbound"
},
{
"type": "field",
"inboundTag": [
"api"
],
"outboundTag": "api"
}
],
"domainStrategy": "IPIfNonMatch"
},
"policy": {
"system": {
"statsInboundDownlink": false,
"statsOutboundDownlink": false,
"statsOutboundUplink": false,
"statsInboundUplink": false
},
"levels": {
"0": {
"uplinkOnly": 0,
"statsUserDownlink": false,
"statsUserUplink": false,
"connIdle": 0,
"bufferSize": 0,
"handshake": 0,
"downlinkOnly": 0
}
}
},
"inbounds": [
{
"settings": {
"allowTransparent": false
},
"port": "1083",
"protocol": "http",
"tag": "http_inbound"
},
{
"port": "1080",
"protocol": "dokodemo-door",
"streamSettings": {
"sockopt": {
"tproxy": "tproxy",
"mark": 255
}
},
"settings": {
"network": "tcp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
],
"metadataOnly": false
},
"tag": "tproxy_tcp_inbound"
},
{
"port": "1081",
"protocol": "dokodemo-door",
"streamSettings": {
"sockopt": {
"tproxy": "tproxy",
"mark": 255
}
},
"settings": {
"network": "udp",
"followRedirect": true
},
"tag": "tproxy_udp_inbound"
},
{
"settings": {
"udp": true
},
"port": "1082",
"protocol": "socks",
"tag": "socks_inbound"
},
{
"settings": {
"port": 53,
"network": "tcp,udp",
"address": "1.1.1.1"
},
"port": 5300,
"protocol": "dokodemo-door",
"tag": "dns_server_inbound_5300"
},
{
"settings": {
"port": 53,
"network": "tcp,udp",
"address": "1.1.1.1"
},
"port": 5301,
"protocol": "dokodemo-door",
"tag": "dns_server_inbound_5301"
},
{
"settings": {
"port": 53,
"network": "tcp,udp",
"address": "1.1.1.1"
},
"port": 5302,
"protocol": "dokodemo-door",
"tag": "dns_server_inbound_5302"
},
{
"settings": {
"port": 53,
"network": "tcp,udp",
"address": "1.1.1.1"
},
"port": 5303,
"protocol": "dokodemo-door",
"tag": "dns_server_inbound_5303"
},
{
"port": 8080,
"protocol": "dokodemo-door",
"tag": "api",
"settings": {
"address": "127.0.0.1"
},
"listen": "127.0.0.1"
}
]
}
3.症状
启动xray后,
整个网络无法使用,
无论是国内还是国外均无法打开,
使用内置网络诊断显示
ping: bad address 'openwrt.org'
nslokup;; connection timed out; no servers could be reached
而关闭xray后
则国内网站可以访问,
使用内置网络诊断显示
PING openwrt.org (139.59.209.225): 56 data bytes
64 bytes from 139.59.209.225: seq=0 ttl=53 time=243.199 ms
64 bytes from 139.59.209.225: seq=1 ttl=53 time=243.675 ms
64 bytes from 139.59.209.225: seq=2 ttl=53 time=243.078 ms
64 bytes from 139.59.209.225: seq=3 ttl=53 time=242.920 ms
64 bytes from 139.59.209.225: seq=4 ttl=53 time=243.514 ms
--- openwrt.org ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 242.920/243.277/243.675 ms
nslokup
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: openwrt.org
Address 1: 139.59.209.225
Address 2: 2a03:b0c0:3:d0::1af1:1
因此,
貌似有较大问题,
不清楚是哪个环节出了问题。