We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
其他
所有系统均可复现
sing-box 原始命令行程序
No response
1.8.12 和 1.9.0-rc.14 都可以复现。(本人实测平台 iOS, macOS, Android)
sing-box 在连接多 IPv6 地址的远端 WireGuard peer 时,peer 回复握手可能会使用另一个 IPv6 源 IP,sing-box 不能很好的处理这种情况,导致握手失败。如果 sing-box 填写的 WireGuard 服务器 IPv6 地址正好是服务器对外发起请求的地址,那么不会有任何问题。而 WireGuard 的官方 APP 在这种情况下完全正常。
服务端的 tcpdump 如下(客户端 sing-box ipv6 地址 fd00::c00,服务端有两个地址 fd00::100 和 fd00::200):
13:17:32.943384 IP6 fd00::c00.56936 > fd00::100.51820: UDP, length 148 13:17:32.944278 IP6 fd00::200.51820 > fd00::c00.56936: UDP, length 92 13:17:38.223492 IP6 fd00::c00.56936 > fd00::100.51820: UDP, length 148 13:17:38.224126 IP6 fd00::200.51820 > fd00::c00.56936: UDP, length 92 13:17:43.365998 IP6 fd00::c00.56936 > fd00::100.51820: UDP, length 148 13:17:43.366585 IP6 fd00::200.51820 > fd00::c00.56936: UDP, length 92
sing-box 日志如下:
2024-05-01 13:17:31 DEBUG outbound/wireguard[wg-out]: peer(ZQ2n…4HGY) - sending handshake initiation 2024-05-01 13:17:37 DEBUG outbound/wireguard[wg-out]: peer(ZQ2n…4HGY) - handshake did not complete after 5 seconds, retrying (try 2) 2024-05-01 13:17:37 DEBUG outbound/wireguard[wg-out]: peer(ZQ2n…4HGY) - sending handshake initiation 2024-05-01 13:17:42 DEBUG outbound/wireguard[wg-out]: peer(ZQ2n…4HGY) - handshake did not complete after 5 seconds, retrying (try 2) 2024-05-01 13:17:42 DEBUG outbound/wireguard[wg-out]: peer(ZQ2n…4HGY) - sending handshake initiation
创建一个有多 IPv6 地址的 Debian Linux server,通过 curl ifconfig.me 确认服务器对外发起连接的 IPv6 地址,使用 sing-box 填入其余的 ipv6 地址去连接,无法握手成功。
curl ifconfig.me
{ "log": { "level": "debug" }, "dns": { "servers": [ { "tag": "local", "address": "local" }, { "tag": "block", "address": "rcode://refused" } ], "final": "local", "strategy": "prefer_ipv4" }, "inbounds": [ { "type": "mixed", "tag": "mixed-in", "listen": "::", "listen_port": 2080, "set_system_proxy": false } ], "outbounds": [ { "type": "direct", "tag": "direct" }, { "type": "block", "tag": "block" }, { "type": "dns", "tag": "dns-out" }, { "type": "wireguard", "tag": "wg-out", "server": "server-with-multi-ipv6-address.domain", "server_port": 51820, "system_interface": false, "local_address": [ "10.8.0.3/24" ], "private_key": "kBGr6Bs3Uw3S5YvR0rSGnUZJs8K83aSImJQA9dTVGlg=", "peer_public_key": "ZQ2nvYrz5acw5G9iYZV96D0k5HftWf1y4q44X4u4HGY=", "pre_shared_key": "s8AlLW+h8FZ79DX3DSwtSKGB30rFJIHwJcqvJJeNy34=", "mtu": 1280 } ], "route": { "rules": [ { "protocol": "dns", "outbound": "dns-out" } ], "auto_detect_interface": true, "final": "wg-out" } }
The text was updated successfully, but these errors were encountered:
我也出现了握手失败的问题, 跟你一样"local_address"只有一个ipv4地址段,server域名为AAAA单ipv6解析,clash跟nekobox4A同样的配置连接无问题。
Sorry, something went wrong.
你试下把wireguard里的workers的数量调高试下,8 or 16 or 32之类的
sing-box可以用wireguard协议吗?我怎么不知道?这样岂不是可以用warp了?
一两年前就已经支持了吧。一直这么配置warp的,稳如老狗。
No branches or pull requests
操作系统
其他
系统版本
所有系统均可复现
安装类型
sing-box 原始命令行程序
如果您使用图形客户端程序,请提供该程序版本。
No response
版本
1.8.12 和 1.9.0-rc.14 都可以复现。(本人实测平台 iOS, macOS, Android)
描述
sing-box 在连接多 IPv6 地址的远端 WireGuard peer 时,peer 回复握手可能会使用另一个 IPv6 源 IP,sing-box 不能很好的处理这种情况,导致握手失败。如果 sing-box 填写的 WireGuard 服务器 IPv6 地址正好是服务器对外发起请求的地址,那么不会有任何问题。而 WireGuard 的官方 APP 在这种情况下完全正常。
服务端的 tcpdump 如下(客户端 sing-box ipv6 地址 fd00::c00,服务端有两个地址 fd00::100 和 fd00::200):
sing-box 日志如下:
重现方式
创建一个有多 IPv6 地址的 Debian Linux server,通过
curl ifconfig.me
确认服务器对外发起连接的 IPv6 地址,使用 sing-box 填入其余的 ipv6 地址去连接,无法握手成功。最小 sing-box 配置:
日志
No response
支持我们
完整性要求
The text was updated successfully, but these errors were encountered: