sing-box TUN作为旁路由时，与共存的web服务冲突

pachakutiqer · February 25, 2024, 4:27am

光猫->主路由->软路由

通过光猫和主路由的端口转到软路由web服务，局域网访问二者可以共存，外网访问时二者有冲突
配置如下

{
  "log": {
    "level": "info",
    "timestamp": true
  },
  "dns": {
    "servers": [
    {
        "tag": "dns_proxy",
        "address": "8.8.8.8",
        "address_resolver": "dns_resolver",
        "strategy": "ipv4_only",
        "detour": "proxy"
      },
      {
        "tag": "dns_direct",
        "address": "h3://dns.alidns.com/dns-query",
        "address_resolver": "dns_resolver",
        "strategy": "ipv4_only",
        "detour": "direct"
      },
      {
        "tag": "dns_block",
        "address": "rcode://refused"
      },
      {
        "tag": "dns_resolver",
        "address": "223.5.5.5",
        "strategy": "ipv4_only",
        "detour": "direct"
      }


     ],
    "rules": [
      {
        "outbound": [
          "any"
        ],
        "server": "dns_resolver"
      },
      {
        "geosite": [
          "geolocation-!cn"
        ],
        "server": "dns_proxy"
      },
  {
        "geosite": [
          "category-ads-all"
        ],
        "server": "dns_block",
        "disable_cache": true
      },
      {
        "geosite": [
          "cn",
          "private"
        ],
        "server": "dns_direct"
      }
    ]
  },
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      },
      {
        "geosite": "cn",
        "geoip": [
          "private",
          "cn"
        ],
 "domain_suffix":[
  ".visualstudio.com"
 ],
        "outbound": "direct"
      },
  {
 "domain_suffix":[
    ".google.com"
 ],
        "outbound": "proxy"
      },
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      }
    ],
    "auto_detect_interface": true
  },
  "inbounds": [
    {
      "type": "tun",
      "tag": "tun-in",
      "inet4_address": "172.19.0.1/30",
      "inet6_address": "fdfe:dcba:9876::1/126",
      "auto_route": true,
      "strict_route": true,
      "stack": "system",
      "sniff": true,
      "sniff_override_destination": false
    }
  ],
  "outbounds": [
    {
      "tag": "proxy",
     ...
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ]
}

pachakutiqer · March 4, 2024, 2:44am

这个问题已经解决是，路由验证问题，现在的新问题是 tun作为旁路由时，当设备上（apple 系列）网关和dns都设置旁路由ip时，无法解析，只能将dns 设为9.9.9.9 或者其他公共dns