一开始折腾 Clash-Meta 和 tailscaled-socks5-android 浪费了很多时间,指定 Userspace networking mode 的 socks5 代理出口一直报错:
dial tail-socks match IPCIDR/100.64.0.0/10 --> error: context deadline exceeded
172.19.0.1:41221 -> 100.170.x.x:9801 io/timeout
测试版本:Android 15 + SFA 1.14.0-alpha.15 、Windows-amd64 + SFA 1.13.9
基础配置来源:OkProxyConf Sing-Box Generator,修改 outbounds 和 endpoint 的配置
重点:
- sing-box inbounds 的 tun 不能加 route_exclude_address,加了的话
100.64.0.0/10会走直连不经过 tun (和 Windows 上的 Clash 配置有区别,被坑了) - 要访问自己的子网设备,route -> rules 的 IPCIDR 要加上自己的内网网段( 192.168.x.x/16),不然规则往下匹配会走直连
配置参考:
{
"$schema": "https://raw.githubusercontent.com/xmdhs/sing-box-generate-schema/refs/heads/master/schema.generated.json",
"log": {
"disabled": false,
"level": "error",
"timestamp": true
},
"dns": {
"strategy": "prefer_ipv4",
"servers": [
{
"tag": "dns_remote",
"type": "https",
"server": "1.1.1.1",
"detour": "proxy"
},
{
"tag": "dns_cn",
"type": "https",
"server": "223.5.5.5"
},
{
"tag": "dns_local",
"type": "udp",
"server": "223.5.5.5"
},
{
"tag": "dns_fakeip",
"type": "fakeip",
"inet4_range": "198.18.0.0/15",
"inet6_range": "fc00::/18"
}
],
"rules": [
{
"clash_mode": "direct",
"server": "dns_cn"
},
{
"clash_mode": "global",
"server": "dns_remote"
},
{
"rule_set": "geosite-cn",
"server": "dns_cn"
},
{
"query_type": [
"A",
"AAAA"
],
"rule_set": "geosite-geolocation-!cn",
"server": "dns_fakeip"
}
],
"final": "dns_remote"
},
"inbounds": [
{
"tag": "tun-in",
"type": "tun",
"address": [
"172.19.0.1/30",
"fdfe:dcba:9876::1/126"
],
"mtu": 9000,
"auto_route": true,
"strict_route": true,
"stack": "mixed"
},
{
"tag": "mixed-in",
"type": "mixed",
"listen": "127.0.0.1",
"listen_port": 7890
}
],
"experimental": {
"clash_api": {
"external_controller": "127.0.0.1:9095",
"external_ui": "ui",
"external_ui_download_url": "https://gh-proxy.com/https://github.com/Zephyruso/zashboard/archive/refs/heads/gh-pages.zip",
"external_ui_download_detour": "direct"
},
"cache_file": {
"enabled": true,
"path": "cache.db"
}
},
"outbounds": [
{
"tag": "proxy",
"type": "selector",
"default": "urltest",
"outbounds": [
"urltest",
"hysteria2",
"tls-reality"
]
},
{
"tag": "urltest",
"type": "urltest",
"outbounds": [
"hysteria2",
"tls-reality"
]
},
{
"password": "",
"server": "",
"server_port": 443,
"tag": "hysteria2",
"tls": {
"enabled": true,
"server_name": ""
},
"type": "hysteria2"
},
{
"server": "",
"server_port": 443,
"tag": "tls-reality",
"tls": {
"enabled": true,
"server_name": "www.visa.com.hk",
"utls": {
"enabled": true,
"fingerprint": "chrome"
},
"reality": {
"enabled": true,
"public_key": "",
"short_id": ""
}
},
"type": "vless",
"uuid": "",
"flow": "xtls-rprx-vision"
}
],
"endpoints": [
{
"type": "tailscale",
"tag": "tailscale-in",
"auth_key": "",
"accept_routes": true,
"system_interface": false,
"udp_timeout": "1m"
}
],
"route": {
"default_domain_resolver": {
"server": "dns_local"
},
"rules": [
{
"domain_suffix": [
"ts.net"
],
"outbound": "tailscale-in"
},
{
"ip_cidr": [
"100.64.0.0/10",
"fd7a:115c:a1e0::/48",
"192.168.31.1/24"
],
"outbound": "tailscale-in"
},
{
"action": "sniff",
"sniffer": [
"http",
"tls",
"quic",
"dns"
],
"timeout": "500ms"
},
{
"type": "logical",
"mode": "or",
"rules": [
{
"port": 53
},
{
"protocol": "dns"
}
],
"action": "hijack-dns"
},
{
"ip_is_private": true,
"action": "route",
"outbound": "direct"
},
{
"rule_set": [
"geosite-category-ads-all"
],
"action": "reject"
},
{
"clash_mode": "Global",
"action": "route",
"outbound": "proxy"
},
{
"clash_mode": "Direct",
"action": "route",
"outbound": "direct"
},
{
"type": "logical",
"mode": "and",
"rules": [
{
"rule_set": "geosite-geolocation-!cn"
},
{
"invert": true,
"rule_set": [
"geosite-cn"
]
}
],
"action": "route",
"outbound": "proxy"
},
{
"rule_set": [
"geosite-cn"
],
"action": "route",
"outbound": "direct"
},
{
"rule_set": [
"geoip-cn"
],
"action": "route",
"outbound": "direct"
}
],
"auto_detect_interface": true,
"rule_set": [
{
"tag": "geosite-category-ads-all",
"type": "remote",
"format": "binary",
"url": "https://ghfast.top/https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/sing/geo/geosite/category-ads-all.srs"
},
{
"tag": "geoip-cn",
"type": "remote",
"format": "binary",
"url": "https://ghfast.top/https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/sing/geo/geoip/cn.srs"
},
{
"tag": "geosite-cn",
"type": "remote",
"format": "binary",
"url": "https://ghfast.top/https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/sing/geo/geosite/cn.srs"
},
{
"tag": "geosite-geolocation-!cn",
"type": "remote",
"format": "binary",
"url": "https://ghfast.top/https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/sing/geo/geosite/geolocation-!cn.srs"
}
]
}
}
以下报错是正常的,不用管:
missing Tailscale IPv4 address 报错
implicit default HTTP client using default outbound for remote rule-sets is deprecated ,https://github.com/SagerNet/sing-box/issues/4051 说在 1.14-alpha 修了,但是启动还是会提示
REF:
 |
1
evemoo OP 顺带吐槽:sing-box 配置真是一个版本一个变量名,可供参考的配置也不多,根本不敢更新
|
 |
2
ntdll 1 天前
sing-box 有遇到过,运行时间久了,或者网络状态多切换几次( WiFi 、数据网络)
然后就出来 DNS 解析不了情况吗,也不太能确定是 sing-box 的问题,还是我配置文件的问题,但这个情况只在 Android 上出现过,同样的配置文件,在 PC 上就没问题。 |
 |
3
qwvy2g 1 天前 via Android
我真的是服了,动不动改配置,之前用的带 tcp-brutal 加速 singbox 脚本自动失效了。
|
 |
5
Mystery0 1 天前 via Android
前段时间我也刚折腾好这个,核心就是用 endpoint 配置好 tailscale 组网,然后分流让请求走这个 tailscale 节点出去。singbox 的分流很好用,无论是 dns 还是网络请求,做链式代理也好实现。缺点就是你吐槽的,配置频繁改动😅不过还好,提示配置过时花点时间研究一下就行了,配置也就大版本变一下而已
|
|
6
evemoo OP @Mystery0
我测试了一下四个小时前发布的 1.14.0-alpha.15 ,加了 `accept_search_domain` 还是没法用 MagicDNS ,不然就完美了 ```json { "dns": { "servers": [ { "type": "tailscale", "tag": "", "endpoint": "ts-ep", "accept_default_resolvers": false, "accept_search_domain": false } ] } } ``` |
|
7
evemoo OP endpoint 部分的 `accept_routes: true` 还是有问题的,去掉 routes->rules 的 ip_cidr ("192.168.31.1/24 )就没法访问子网段
|
 |
8
Kobayashi 1 天前 via Android
@ntdll 桌面端每天一次 dns: exchange failed ... context deadline exceeded
不知道怎么复现,但每天至少出现一次。 手机端 1.13 正式版后每次连接或者断开 WiFi 也出现。 应该有不少人有这个问题 https://github.com/SagerNet/sing-box/issues/2156 手机端暂时切回了 1.13 beta ,切换 WiFi 不会 DNS 查询失败。电脑端换回 clash meta + tailscale ,tailscale 命令行版是基于 utun ,clash 和 tailscale 2 个 utun 可以共存,clash 里稍微配置一下。 |
|
9
evemoo OP |
 |
11
Hitori0221 14 小时 58 分钟前
sing-box 功能丰富,客制化属性强,跨平台支持好,但是用下来总有奇奇怪怪的小问题
比如这次从 1.13.x 迁移到 1.14.x 之后,因为改了 DNS 相关的配置,经常出现页面白屏/加载缓慢等情况,需要关闭 sing-box 才能加载,debug 了好几天也没有进展... |
 |
12
susandownes 6 小时 16 分钟前
这俩都有 Magisk 实现,magisk-tailscaled 实装后和 Linux 版本效果一样,有 root 的话可以尝试一下
|
Select Language