V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
lyo710
V2EX  ›  宽带症候群

sing-box tun 模式不定时断流,需要重启

  •  
  •   lyo710 · 39 天前 · 1791 次点击
    这是一个创建于 39 天前的主题,其中的信息可能已经有所发展或是发生改变。

    原版 openwrt/immortalwrt sing-box tun 模式不定时断流,症状是无法联网,需要重启后恢复。netstat 显示有大量 CLOSE_WAIT 连接。后来写了个定时脚本去 check ,CLOSE_WAIT 连接数超阀值了重启,改善不少,但偶尔还是会断流。 网上搜了,github issue 里有类似问题,但没找到有效解决办法。

    求 V2 大神指导下~

    客户端配置参考的是: https://www.right.com.cn/forum/thread-8314833-1-1.html

    {
      "log": {
        "disabled": false,
        "level": "debug",
        "timestamp": true
      },
      "experimental": {
        "clash_api": {
          "external_controller": "127.0.0.1:9090",
          "external_ui": "ui",
          "external_ui_download_url": "",
          "external_ui_download_detour": "",
          "secret": "",
          "default_mode": "Rule"
        },
        "cache_file": {
          "enabled": true,
          "path": "cache.db",
          "store_fakeip": true
        }
      },
      "dns": {
        "servers": [
          {
            "tag": "proxydns",
            "address": "tls://8.8.8.8/dns-query",
            "detour": "select"
          },
          {
            "tag": "localdns",
            "address": "h3://223.5.5.5/dns-query",
            "detour": "direct"
          },
          {
            "address": "rcode://refused",
            "tag": "block"
          },
          {
            "tag": "dns_fakeip",
            "address": "fakeip"
          }
        ],
        "rules": [
          {
            "outbound": "any",
            "server": "localdns",
            "disable_cache": true
          },
          {
            "clash_mode": "Global",
            "server": "proxydns"
          },
          {
            "clash_mode": "Direct",
            "server": "localdns"
          },
          {
            "rule_set": "geosite-cn",
            "server": "localdns"
          },
          {
            "rule_set": "geosite-geolocation-!cn",
            "server": "proxydns"
          },
          {
            "rule_set": "geosite-geolocation-!cn",
            "query_type": [
              "A",
              "AAAA"
            ],
            "server": "dns_fakeip"
          }
        ],
        "fakeip": {
          "enabled": true,
          "inet4_range": "198.18.0.0/15",
          "inet6_range": "fc00::/18"
        },
        "independent_cache": true,
        "final": "proxydns"
      },
      "inbounds": [
        {
          "type": "tun",
          "inet4_address": "172.19.0.1/30",
          "inet6_address": "fd00::1/126",
          "auto_route": true,
          "stack": "system",
          "strict_route": false,
          "sniff": true,
          "sniff_override_destination": true,
          "domain_strategy": "prefer_ipv4"
        }
      ],
      "outbounds": [
        {
          "type": "trojan",
          "tag": "trojan-us",
          "server": "XXX.XXX.XXX.XXX",
          "server_port": XXXXX,
          "password": "XXXXXX",
          "tls": {
            "enabled": true,
            "server_name": "XXX.XXX",
            "utls": {
              "enabled": true,
              "fingerprint": "firefox"
            }
          },
          "multiplex": {
            "enabled": true
          }
        },
        {
          "type": "hysteria2",
          "tag": "hy2-us",
          "server": "XXX.XXX.XXX.XXX",
          "server_port": XXXXX,
          "password": "XXXXXX",
          "tls": {
            "enabled": true,
            "server_name": "www.bing.com",
            "insecure": true,
            "alpn": [
              "h3"
            ]
          }
        },
        {
          "tag": "direct",
          "type": "direct"
        },
        {
          "tag": "block",
          "type": "block"
        },
        {
          "tag": "dns-out",
          "type": "dns"
        },
        {
          "tag": "select",
          "type": "selector",
          "default": "auto",
          "outbounds": [
            "auto",
            "trojan-us",
            "hy2-us"
          ]
        },
        {
          "tag": "auto",
          "type": "urltest",
          "outbounds": [
            "trojan-us",
            "hy2-us"
          ],
          "url": "https://www.gstatic.com/generate_204",
          "interval": "1m",
          "tolerance": 50,
          "interrupt_exist_connections": false
        }
      ],
      "route": {
        "rule_set": [
          {
            "tag": "geosite-geolocation-!cn",
            "type": "remote",
            "format": "binary",
            "url": "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geosite/geolocation-!cn.srs",
            "download_detour": "select",
            "update_interval": "1d"
          },
          {
            "tag": "geosite-cn",
            "type": "remote",
            "format": "binary",
            "url": "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geosite/geolocation-cn.srs",
            "download_detour": "select",
            "update_interval": "1d"
          },
          {
            "tag": "geoip-cn",
            "type": "remote",
            "format": "binary",
            "url": "https://cdn.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@sing/geo/geoip/cn.srs",
            "download_detour": "select",
            "update_interval": "1d"
          }
        ],
        "auto_detect_interface": true,
        "final": "select",
        "rules": [
          {
            "domain_suffix": [
              "synology.com",
              "plex.tv"
            ],
            "outbound": "direct"
          },
          {
            "outbound": "dns-out",
            "protocol": "dns"
          },
          {
            "clash_mode": "Direct",
            "outbound": "direct"
          },
          {
            "clash_mode": "Global",
            "outbound": "auto"
          },
          {
            "rule_set": "geoip-cn",
            "outbound": "direct"
          },
          {
            "rule_set": "geosite-cn",
            "outbound": "direct"
          },
          {
            "ip_is_private": true,
            "outbound": "direct"
          },
          {
            "rule_set": "geosite-geolocation-!cn",
            "outbound": "auto"
          }
        ]
      },
      "ntp": {
        "enabled": true,
        "server": "ntp.aliyun.com",
        "server_port": 123,
        "interval": "30m",
        "detour": "direct"
      }
    }
    
    9 条回复    2024-11-11 19:35:45 +08:00
    Immunize
        1
    Immunize  
       39 天前
    stack 换成 gvisor 试试呢,sing-box 的 system stack 实际上并不是完整的协议栈,对于 tcp/udp 端口快速复用的场景支持是有问题的。
    evalfun
        2
    evalfun  
       39 天前
    系统连接数爆了,把连接数调高就行。能用 system 就不要用 gvisor ,gvisor 效率很低
    echo 65536 > /proc/sys/net/netfilter/nf_conntrack_max
    JensenQian
        3
    JensenQian  
       39 天前
    搞个现成的 gui 试试看
    passwall ,或者 homeproxy
    onion83
        4
    onion83  
       38 天前
    已经发现 sing-box / dae 都存在这个问题,无解。已经转投 mihomo ,多种负载均衡模式、自定义健康检查、更灵活的分流特性,yaml 格式能写注释不用 json 到处找闭合括弧。跑了快一个季度,因为健康检查功能过于强大,我都忘记梯子没续费了机器都被释放掉了 -_-
    Rebron1900
        5
    Rebron1900  
       38 天前
    @onion83 我最近也在用 mihomo ,大佬这些功能都是那些配置项呀?
    yyysuo
        7
    yyysuo  
       37 天前
    用 tproxy 或者 redirect 呗,tun 启动那么慢,不能忍。
    lyo710
        8
    lyo710  
    OP
       37 天前
    @evalfun 我查了下默认值是 36112 ,也不算低了吧。按你说的扩了,继续观察中。最近一次挂掉,只有一个连接是 CLOSE_WAIT 。
    zhouqian
        9
    zhouqian  
       37 天前
    我用的是 mixed ,也经常遇到这个情况。Android 手机和 Mac 都一样。
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   3220 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 20ms · UTC 12:28 · PVG 20:28 · LAX 04:28 · JFK 07:28
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.