各们好,最近在折腾 sing-box 的全局代理,发现同样的配置在新装的虚拟机 win10 和另一台闲置的 win10 上都无问题。但是放到自己的两台电脑上就死活不通了;最后把配置简化到 tun 透传 direct ,也是同样的状况。折腾几天了,实在想不到什么问题了,有懂的人麻烦指点一二。 测试命令是 curl -v https://www.baidu.com , 症状是
* Host www.baidu.com:443 was resolved. * IPv6: (noe) * IPv4: 180.101.49.44, 180.101.51.73 * Trying 180.101.49.44:443... * connect to 180.101.49.44 port 443 from 0.0.0.0 port 52489 failed: Timed out * Trying 180.101.51.73:443... * connect to 180.101.51.73 port 443 from 0.0.0.0 port 58474 failed: Timed out * Failed to connect to www.baidu.com port 443 after 42582 ms: Could not connect to server * closing connection #0 curl: (28) Failed to connect to www.baidu.com port 443 after 42582 ms: Could not connect to server 以下是简化后在自己电脑上仍有问题的配置
{ "log": { "disabled": false, "level": "trace", "timestamp": true, "output": "" }, "inbounds": [{ "type": "tun", "tag": "tun-in", "interface_name": "singbox-tun", "address": ["192.0.2.0/24"], "route_address": ["0.0.0.0/1", "128.0.0.0/1", "::/1", "8000::/1"], "route_exclude_address": [ "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "fc00::/7" ], "auto_route": true, "strict_route": false }, {"tag": "dns-in","type": "direct","listen": "127.0.0.1","listen_port": 53} ], "outbounds": [ {"type": "direct","tag": "direct"}, {"type": "block","tag": "block"} ], "dns": { "strategy": "prefer_ipv4", "servers": [ {"type": "local","tag": "local-dns"}, {"type": "udp","tag": "cn-dns","server": "119.29.29.29"} ], "rules": [ {"inbound": ["tun-in"],"server": "cn-dns"} ] }, "route": { "auto_detect_interface": true, "default_domain_resolver": "local-dns", "final": "direct", "rules": [ {"action": "sniff"}, {"protocol": "dns","action": "hijack-dns"}, {"ip_is_private": true,"outbound": "direct"}, {"inbound": ["tun-in"],"outbound": "direct"} ] } } 第 1 条附言 1 天前
以下是从sing-box启动后到 curl -v https://www.baidu.com 超时截取日志,日志级别 trace
2026-01-29 13:30:32 INFO network: updated default interface 以太网, index 26 2026-01-29 13:30:32 TRACE inbound/tun[tun-in]: creating stack 2026-01-29 13:30:32 INFO inbound/tun[tun-in]: started at singbox-tun 2026-01-29 13:30:32 INFO inbound/direct[dns-in]: tcp server started at 127.0.0.1:53 2026-01-29 13:30:32 INFO inbound/direct[dns-in]: udp server started at 127.0.0.1:53 2026-01-29 13:30:32 INFO sing-box started (0.311s) 2026-01-29 13:30:35 INFO [3235526638 0ms] inbound/tun[tun-in]: inbound packet connection from 192.0.2.1:61288 2026-01-29 13:30:35 INFO [3235526638 0ms] inbound/tun[tun-in]: inbound packet connection to 192.0.2.2:53 2026-01-29 13:30:35 DEBUG [3235526638 0ms] router: match[0] => sniff 2026-01-29 13:30:35 DEBUG [3235526638 0ms] router: sniffed packet protocol: dns 2026-01-29 13:30:35 DEBUG [3235526638 0ms] router: match[1] protocol=dns => hijack-dns 2026-01-29 13:30:35 DEBUG [3235526638 0ms] dns: exchange www.baidu.com. IN A 2026-01-29 13:30:35 DEBUG [3235526638 0ms] dns: match[1] inbound=tun-in => route(cn-dns) 2026-01-29 13:30:35 DEBUG [3235526638 7ms] dns: exchanged www.baidu.com NOERROR 54 2026-01-29 13:30:35 INFO [3235526638 7ms] dns: exchanged CNAME www.baidu.com. 54 IN CNAME www.a.shifen.com. 2026-01-29 13:30:35 INFO [3235526638 7ms] dns: exchanged A www.a.shifen.com. 54 IN A 180.101.51.73 2026-01-29 13:30:35 INFO [3235526638 7ms] dns: exchanged A www.a.shifen.com. 54 IN A 180.101.49.44 第 2 条附言 1 天前
破案了,inbounds.tun 设置 "stack": "gvisor",可用;但不知道为什么。
第 3 条附言 10 小时 18 分钟前
在Gemini和Grok两个AI帮助下,通过控制变量发现是防火墙的问题,确切说是受“公用网络”那个开关影响, 只要把开关关掉,curl立刻有返回了。大概原因是虚拟网络接口默认的Public网络类型,过滤策略极其严格。一个非常诡异的问题,背后的原因竟这么简单。
 | 1 dxxzst 2 天前 我之前发现,如果电脑上有两个网卡,比如一个有线网卡、一个无线网卡,这两个网卡如果同时开启,tun 会有问题。把不用的网卡停掉,就 OK 了。 |
 | 2 anytk 2 天前 你的 tun 为啥用 `"address": ["192.0.2.0/24"],` 这个公网大网段,一般都是 172 私有地址下的小网段(/30) 。 |
| 5 anytk 2 天前 试试 `strict_route: true` |
 | 6 crackself 2 天前 via Android 试试这个,win Android openwrt 都没问题 { "type": "tun", "tag": "tun", "interface_name": "SingBox", "address": [ "172.18.0.1/30", "fdfe:dcba:9876::1/126" ], "mtu": 1500, "auto_route": true, "strict_route": true, "endpoint_independent_nat": false, "stack": "mixed" } |
 | 7 crc8 2 天前 这是 1.11 版本后的配置? |
 | 8 Ipsum 2 天前 sb 的日志不发来看看? |
 | 9 isAK47 1 天前 "address": ["192.0.2.0/24"]---->"address": ["192.0.2.1/30"] |
 | 12 angeltop 1 天前 { "log": { "level": "trace", "timestamp": true }, "inbounds": [ { "type": "tun", "tag": "tun-in", "interface_name": "singbox-tun", "address": ["172.19.0.1/30"], "auto_route": true, "strict_route": true, "route_address": ["0.0.0.0/1", "128.0.0.0/1"], "route_exclude_address": ["10.0.0.0/8","172.16.0.0/12","192.168.0.0/16"] } ], "outbounds": [ { "type": "direct", "tag": "direct" }, { "type": "block", "tag": "block" } ], "route": { "auto_detect_interface": false, "default_interface": "Wi-Fi", "final": "direct", "rules": [ { "inbound": ["tun-in"], "outbound": "direct" } ] } } |
 | 14 Hazard001 1 天前 via iPhone system 栈最好手动指定 mtu 为 1500 |
 | 15 dcty 1 天前 我在路由器上跑 singbox 和 mihomo ( shellcrash ),singbox 有内存泄露问题,会导致路由器重启,mihomo 稳如老狗,当然不排除是我的配置文件有问题(规则和代理基本上一致,当然不排除规则有些许差异,懒得排查了) |
 | 16 heiher 1 天前 via Android system stack 虽然可以复用内核网络栈实现,但 I/O 次数更多,效能还不如 userspace ,内核相关配置变动的干扰因素也多 |
Select Language