TUN mode 下无法 pull/push
buzzxI opened this issue · 2 comments
buzzxI commented
使用 clash meta 作为 kernel, 开启 TUN mode 之后, 可以正常访问 github, 但是 git pull/push 异常, 只要关闭 TUN mode 就可以正常 pull/push, 这个是不是分流规则需要修改一下 ?
$ git clone git@github.com:buzzxI/distribute-system-labs.git
Cloning into 'distribute-system-labs'...
Connection closed by 20.205.243.166 port 22
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
$ git push
ssh: connect to host github.com port 22: Connection timed out
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
TUN mode, DNS, 分流规则相关的配置
# 规则订阅
rule-providers:
# anti-AD 广告拦截规则
# https://github.com/privacy-protection-tools/anti-AD
# 如果误杀率高请自行更换
anti-AD:
type: http
behavior: domain
format: yaml
# path可为空(仅限clash.meta 1.15.0以上版本)
path: ./rule_provider/anti-AD.yaml
url: "https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-clash.yaml?"
interval: 600
# anti-AD 白名单规则
anti-AD-white:
type: http
behavior: domain
format: yaml
# path可为空(仅限clash.meta 1.15.0以上版本)
path: ./rule_provider/anti-AD-white.yaml
url: "https://raw.githubusercontent.com/privacy-protection-tools/dead-horse/master/anti-ad-white-for-clash.yaml?"
interval: 600
# 和 GEOIP/GEOSITE 轮换
reject:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt"
path: ./ruleset/reject.yaml
interval: 86400
icloud:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt"
path: ./ruleset/icloud.yaml
interval: 86400
apple:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt"
path: ./ruleset/apple.yaml
interval: 86400
google:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt"
path: ./ruleset/google.yaml
interval: 86400
proxy:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt"
path: ./ruleset/proxy.yaml
interval: 86400
direct:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt"
path: ./ruleset/direct.yaml
interval: 86400
private:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt"
path: ./ruleset/private.yaml
interval: 86400
gfw:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt"
path: ./ruleset/gfw.yaml
interval: 86400
tld-not-cn:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt"
path: ./ruleset/tld-not-cn.yaml
interval: 86400
telegramcidr:
type: http
behavior: ipcidr
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt"
path: ./ruleset/telegramcidr.yaml
interval: 86400
cncidr:
type: http
behavior: ipcidr
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt"
path: ./ruleset/cncidr.yaml
interval: 86400
lancidr:
type: http
behavior: ipcidr
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt"
path: ./ruleset/lancidr.yaml
interval: 86400
applications:
type: http
behavior: classical
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt"
path: ./ruleset/applications.yaml
interval: 86400
geodata-mode: true
# Geo 数据库下载地址
# 使用 FastGit 代理 (https://fgit.cf)
# 源地址 https://github.com/MetaCubeX/meta-rules-dat
# 可以更换镜像站但不要更换其他数据库,可能导致无法启动
geox-url:
geoip: "https://hub.gitmirror.com/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip.dat"
geosite: "https://hub.gitmirror.com/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geosite.dat"
mmdb: "https://hub.gitmirror.com/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/country.mmdb"
# tun 模式
tun:
enable: false # enable 'true'
stack: system # or 'gvisor'
dns-hijack:
- "any:53"
- "tcp://any:53"
auto-route: true
auto-detect-interface: true
# dns 设置
# 已配置 ipv6
dns:
enable: true
listen: :1053
ipv6: true
# 路由器个人建议使用 redir-host 以最佳兼容性
# 其他设备可以使用 fake-ip
enhanced-mode: redir-host
fake-ip-range: 28.0.0.1/8
fake-ip-filter:
- '*'
- '+.lan'
- '+.local'
default-nameserver:
- 223.5.5.5
- 119.29.29.29
- 114.114.114.114
- '[2402:4e00::]'
- '[2400:3200::1]'
nameserver:
- 'tls://8.8.4.4#dns'
- 'tls://1.0.0.1#dns'
- 'tls://[2001:4860:4860::8844]#dns'
- 'tls://[2606:4700:4700::1001]#dns'
proxy-server-nameserver:
- https://doh.pub/dns-query
nameserver-policy:
"geosite:cn,private":
- https://doh.pub/dns-query
- https://dns.alidns.com/dns-query
rules:
# 若需禁用 QUIC 请取消注释 QUIC 两条规则
# 防止 YouTube 等使用 QUIC 导致速度不佳, 禁用 443 端口 UDP 流量(不包括国内)
# github push
- DOMAIN-KEYWORD,github,PROXY
# rule-set 与 GEOIP/GEOSITE 轮换
- RULE-SET,applications,DIRECT
- DOMAIN,clash.razord.top,DIRECT
- DOMAIN,yacd.haishan.me,DIRECT
- RULE-SET,private,DIRECT
- RULE-SET,reject,REJECT
- RULE-SET,icloud,DIRECT
- RULE-SET,apple,DIRECT
- RULE-SET,google,PROXY
- RULE-SET,proxy,PROXY
- RULE-SET,direct,DIRECT
- RULE-SET,lancidr,DIRECT
- RULE-SET,cncidr,DIRECT
- RULE-SET,telegramcidr,PROXY
- GEOIP,LAN,DIRECT
- GEOIP,CN,DIRECT
# - AND,(AND,(DST-PORT,443),(NETWORK,UDP)),(NOT,((GEOSITE,cn))),REJECT # quic
- AND,((RULE-SET,anti-AD),(NOT,((RULE-SET,anti-AD-white)))),广告拦截 # 感谢 Telegram @nextyahooquery 提供的建议
# - GEOSITE,biliintl,哔哩东南亚
# - GEOSITE,bilibili,哔哩哔哩
- GEOSITE,openai,OpenAI
- GEOSITE,apple,Apple
- GEOSITE,apple-cn,Apple
- GEOSITE,ehentai,ehentai
- GEOSITE,github,Github
- GEOSITE,twitter,Twitter
- GEOSITE,youtube,YouTube
- GEOSITE,google,Google
- GEOSITE,google-cn,Google # Google CN 不走代理会导致香港等地区节点 Play Store 异常
- GEOSITE,telegram,Telegram
- GEOSITE,netflix,NETFLIX
- GEOSITE,bahamut,巴哈姆特
- GEOSITE,spotify,Spotify
- GEOSITE,pixiv,Pixiv
- GEOSITE,steam@cn,DIRECT
- GEOSITE,steam,Steam
- GEOSITE,onedrive,OneDrive
- GEOSITE,microsoft,微软服务
- GEOSITE,geolocation-!cn,其他
# - AND,(AND,(DST-PORT,443),(NETWORK,UDP)),(NOT,((GEOIP,CN))),REJECT # quic
- GEOIP,google,Google
- GEOIP,netflix,NETFLIX
- GEOIP,telegram,Telegram
- GEOIP,twitter,Twitter
- GEOSITE,CN,国内
- GEOIP,CN,国内
# - MATCH,其他
- MATCH,PROXY
Loyalsoldier commented
跟规则没关系。我猜是服务器端禁止了端口 22,参考这篇文章,换个端口试试:https://docs.github.com/en/authentication/troubleshooting-ssh/using-ssh-over-the-https-port
buzzxI commented
跟规则没关系。我猜是服务器端禁止了端口 22,参考这篇文章,换个端口试试:https://docs.github.com/en/authentication/troubleshooting-ssh/using-ssh-over-the-https-port
还真是这样, 应该就是机场禁用了端口, 换成 443 之后就好了