Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] 开放公网代理,设置 SOCKS5/HTTP(S) 认证信息无效 #4175

Open
5 of 7 tasks
tian4546 opened this issue Nov 13, 2024 · 5 comments
Open
5 of 7 tasks

[Bug] 开放公网代理,设置 SOCKS5/HTTP(S) 认证信息无效 #4175

tian4546 opened this issue Nov 13, 2024 · 5 comments
Labels
bug Something isn't working

Comments

@tian4546
Copy link

Verify Steps

  • Tracker 我已经在 Issue Tracker 中找过我要提出的问题
  • Branch 我知道 OpenClash 的 Dev 分支切换开关位于插件设置-版本更新中,或者我会手动下载并安装 Dev 分支的 OpenClash
  • Latest 我已经使用最新 Dev 版本测试过,问题依旧存在
  • Relevant 我知道 OpenClash 与 内核(Core)、控制面板(Dashboard)、在线订阅转换(Subconverter)等项目之间无直接关系,仅相互调用
  • Definite 这确实是 OpenClash 出现的问题
  • Contributors 我有能力协助 OpenClash 开发并解决此问题
  • Meaningless 我提交的是无意义的催促更新或修复请求

OpenClash Version

v0.46.050-beta

Bug on Environment

Immortalwrt, Other

OpenWrt Version

OpenWrt R23.7.7 GDQ V2[2023] Compiled by eSir

Bug on Platform

Linux-arm64

Describe the Bug

[Bug] 把openclash 开放公网代理,设置 SOCKS5/HTTP(S) 认证信息 用SwitchyOmega插件 http协议模式 设置了认证账号密码,但是你填不填账号密码都可以访问,这样导致不安全。
SOCKS5协议就需要认证账号密码

To Reproduce

插件设置-》流量控制-》仅允许内网 去掉,然后防火墙开放7893端口或者 7890。
覆写设置-》设置 SOCKS5/HTTP(S) 认证信息 设置账号密码
google浏览器安装 SwitchyOmega 在公网填写对应的信息进行代理使用就可以复现乱填账号密码或者不填都可以代理
SOCKS5 是正常需要认证密码的 用的是finalShell SOCKS5代理到家里进行ssh连接可以复现需要密码

OpenClash Log

OpenClash 调试日志

生成时间: 2024-11-13 17:11:42
插件版本: v0.46.050-beta
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息



#===================== 系统信息 =====================#

主机型号: BROUNION R86S/R86S - Intel(R) Celeron(R) N5105 @ 2.00GHz : 4C4T
固件版本: OpenWrt GDQ V2[2023]
LuCI版本: git-23.198.59743-991daf5-1
内核版本: 5.15.122
处理器架构: 

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

DNS劫持: Dnsmasq 转发
#DNS劫持为Dnsmasq时,此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.*.*#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
kmod-ipt-nat: 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
运行内核:Meta
进程pid: 27096
运行权限: 27096: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_admin,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限

Meta内核版本: alpha-g792f162
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/哈哈加速器.yaml
启动配置文件: /etc/openclash/哈哈加速器.yaml
运行模式: fake-ip-mix
默认代理模式: rule
UDP流量转发(tproxy): 停用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 停用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 启用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

mixed-port: 7893
allow-lan: true
bind-address: "*"
mode: rule
log-level: info
external-controller: 0.0.*.*:9090
dns:
  enable: true
  ipv6: false
  default-nameserver:
  - 223.5.*.*
  - 119.29.*.*
  fake-ip-range: 198.18.*.*/16
  use-hosts: true
  nameserver:
  - dhcp://"pppoe-wan"
  - 118.249.*.*
  - 222.246.*.*
  - 59.51.*.*
  fallback:
  - https://doh.dns.sb/dns-query
  - https://dns.cloudflare.com/dns-query
  - https://dns.twnic.tw/dns-query
  - tls://8.8.*.*:853
  fallback-filter:
    geoip: true
    ipcidr:
    - 240.0.*.*/4
    - 0.0.*.*/32
  enhanced-mode: fake-ip
  listen: 0.0.*.*:7874
  fake-ip-filter-mode: blacklist
  fake-ip-filter:
  - "*.lan"
  - "*.localdomain"
  - geosite:cn
proxy-groups:
- name: 哈哈加速器
  type: select
  proxies:
  - 自动选择
  - 故障转移
  - 剩余流量:218.09 GB
  - 套餐到期:2025-11-13
  - "\U0001F3D8️ 官网:tangdl.club"
  - "\U0001F517 节点异常请刷新订阅"
  - "\U0001F642刷新失败请官网重置(需重登账号)"
  - "\U0001F1ED\U0001F1F0 香港1"
  - "\U0001F1ED\U0001F1F0 香港2"
  - "\U0001F1ED\U0001F1F0 香港3"
  - "\U0001F1E8\U0001F1F3 台湾1"
  - "\U0001F1E8\U0001F1F3 台湾2"
  url: http://www.gstatic.com/generate_204
  interval: 180
  tolerance: 100
- name: 故障转移
  type: fallback
  proxies:
  - 剩余流量:218.09 GB
  - 套餐到期:2025-11-13
  - "\U0001F3D8️ 官网:tangdl.club"

  
  url: http://www.gstatic.com/generate_204
  interval: 180
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.*.*/16,REJECT,no-resolve
- RULE-SET,Rule-provider - cfg2bac5a,DIRECT
- DOMAIN,38.180.*.*:43567,DIRECT
- DOMAIN-SUFFIX,services.googleapis.cn,哈哈加速器
- DOMAIN-SUFFIX,xn--ngstr-lra8j.com,哈哈加速器
- DOMAIN,safebrowsing.urlsec.qq.com,DIRECT
- DOMAIN,safebrowsing.googleapis.com,DIRECT
- IP-CIDR,220.181.*.*/32,哈哈加速器,no-resolve
- IP-CIDR,220.181.*.*/32,哈哈加速器,no-resolve
- DOMAIN,injections.adguard.org,DIRECT
- DOMAIN,local.adguard.org,DIRECT
- DOMAIN-SUFFIX,local,DIRECT
- IP-CIDR,127.0.*.*/8,DIRECT
- IP-CIDR,172.16.*.*/12,DIRECT
- IP-CIDR,192.168.*.*/16,DIRECT
- IP-CIDR,10.0.*.*/8,DIRECT
- IP-CIDR,17.0.*.*/8,DIRECT
- IP-CIDR,100.64.*.*/10,DIRECT
- IP-CIDR,224.0.*.*/4,DIRECT
- IP-CIDR6,fe80::/10,DIRECT
- DOMAIN-SUFFIX,cn,DIRECT
- DOMAIN-KEYWORD,-cn,DIRECT
- GEOIP,CN,DIRECT
- MATCH,哈哈加速器
redir-port: 7892
tproxy-port: 7895
port: 7890
socks-port: 7891
disable-keep-alive: true
external-ui: "/usr/share/openclash/ui"
ipv6: false
tcp-concurrent: true
unified-delay: true
sniffer:
  enable: true
  parse-pure-ip: true
tun:
  enable: true
  stack: gvisor
  device: utun
  dns-hijack:
  - tcp://any:53
  gso: true
  gso-max-size: 65536
  auto-route: false
  auto-detect-interface: false
  auto-redirect: false
  strict-route: false
profile:
  store-selected: true
  store-fake-ip: true
authentication:
- abc:abc123123
rule-providers:
  Rule-provider - cfg2bac5a:
    type: file
    behavior: domain
    path: "./rule_provider/Proxy_My"
    format: text
experimental:
  sniff-tls-sni: true

#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts

#===================== IPSET状态 =====================#

Name: cn
Type: hash:net
Revision: 7
Header: family inet hashsize 2048 maxelem 65536 bucketsize 12 initval 0x32dc1c6d
Size in memory: 230840
References: 0
Number of entries: 8618

Name: ct
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x83acb3b9
Size in memory: 60032
References: 0
Number of entries: 1962

Name: cnc
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x66d4a803
Size in memory: 32768
References: 0
Number of entries: 915

Name: cmcc
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x90a1c669
Size in memory: 3056
References: 0
Number of entries: 55

Name: crtc
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x2c43a08e
Size in memory: 1232
References: 0
Number of entries: 16

Name: cernet
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xf57f166b
Size in memory: 8096
References: 0
Number of entries: 171

Name: gwbn
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x3530914c
Size in memory: 12896
References: 0
Number of entries: 290

Name: othernet
Type: hash:net
Revision: 7
Header: family inet hashsize 2048 maxelem 65536 bucketsize 12 initval 0x8311c826
Size in memory: 149096
References: 0
Number of entries: 5209

Name: music
Type: hash:ip
Revision: 5
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x99de82e1
Size in memory: 888
References: 0
Number of entries: 17

Name: china_ip_route
Type: hash:net
Revision: 7
Header: family inet hashsize 4096 maxelem 1000000 bucketsize 12 initval 0x065a5e73
Size in memory: 256664
References: 4
Number of entries: 8659

Name: china_ip_route_pass
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 1000000 bucketsize 12 initval 0x991fbcbd
Size in memory: 464
References: 3
Number of entries: 0

Name: lan_ac_black_ports
Type: bitmap:port
Revision: 3
Header: range 0-65535
Size in memory: 8272
References: 4
Number of entries: 3

Name: localnetwork
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xd3a7bc04
Size in memory: 1088
References: 8
Number of entries: 13

Name: mwan3_connected_v4
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x85e93ff3
Size in memory: 1184
References: 1
Number of entries: 15

Name: mwan3_connected_v6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0x037aefcb
Size in memory: 1464
References: 1
Number of entries: 3

Name: mwan3_source_v6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0x6c96317c
Size in memory: 1320
References: 1
Number of entries: 1

Name: mwan3_dynamic_v4
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xf9e7d009
Size in memory: 464
References: 1
Number of entries: 0

Name: mwan3_dynamic_v6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0x5f6a90f7
Size in memory: 1248
References: 1
Number of entries: 0

Name: mwan3_custom_v4
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xe1053380
Size in memory: 464
References: 1
Number of entries: 0

Name: mwan3_custom_v6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0x39971b01
Size in memory: 1248
References: 1
Number of entries: 0

Name: mwan3_sticky_v4_https
Type: hash:ip,mark
Revision: 3
Header: family inet markmask 0x00003f00 hashsize 1024 maxelem 65536 timeout 600 bucketsize 12 initval 0x183c8a41
Size in memory: 976
References: 1
Number of entries: 6

Name: mwan3_sticky_v6_https
Type: hash:ip,mark
Revision: 3
Header: family inet6 markmask 0x00003f00 hashsize 1024 maxelem 65536 timeout 600 bucketsize 12 initval 0xdd1e777d
Size in memory: 320
References: 1
Number of entries: 0

Name: mwan3_connected
Type: list:set
Revision: 3
Header: size 8
Size in memory: 376
References: 3
Number of entries: 6

Name: mwan3_sticky_https
Type: list:set
Revision: 3
Header: size 8
Size in memory: 184
References: 5
Number of entries: 2

#===================== 路由表状态 =====================#

#IPv4

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.*.*         118.249.*.*    0.0.*.*         UG    40     0        0 pppoe-wan
118.249.*.*    0.0.*.*         255.255.*.* UH    0      0        0 pppoe-wan
192.168.*.*     0.0.*.*         255.255.*.*   U     0      0        0 eth1.45
192.168.*.*     0.0.*.*         255.255.*.*   U     0      0        0 br-lan
198.18.*.*      0.0.*.*         255.255.*.* U     0      0        0 utun

#ip route list
default via 118.249.*.* dev pppoe-wan proto static metric 40 
118.249.*.* dev pppoe-wan proto kernel scope link src 118.249.*.* 
192.168.*.*/24 dev eth1.45 proto kernel scope link src 192.168.*.* 
192.168.*.*/24 dev br-lan proto kernel scope link src 192.168.*.* 
198.18.*.*/30 dev utun proto kernel scope link src 198.18.*.* 

#ip rule show
0:	from all lookup local
1001:	from all iif pppoe-wan lookup 1
2001:	from all fwmark 0x100/0x3f00 lookup 1
2061:	from all fwmark 0x3d00/0x3f00 blackhole
2062:	from all fwmark 0x3e00/0x3f00 unreachable
8000:	from all fwmark 0x162 ipproto icmp lookup main
8001:	from all fwmark 0x162 lookup 354
32766:	from all lookup main
32767:	from all lookup default


#===================== Tun设备状态 =====================#

utun: tun vnet_hdr

#===================== 端口占用状态 =====================#

tcp        0      0 :::7890                 :::*                    LISTEN      27096/clash
tcp        0      0 :::7891                 :::*                    LISTEN      27096/clash
tcp        0      0 :::7892                 :::*                    LISTEN      27096/clash
tcp        0      0 :::7893                 :::*                    LISTEN      27096/clash
tcp        0      0 :::7895                 :::*                    LISTEN      27096/clash
tcp        0      0 :::9090                 :::*                    LISTEN      27096/clash
udp        0      0 :::7874                 :::*                                27096/clash
udp        0      0 :::7891                 :::*                                27096/clash
udp        0      0 :::7892                 :::*                                27096/clash
udp        0      0 :::7893                 :::*                                27096/clash
udp        0      0 :::7895                 :::*                                27096/clash

OpenClash Config

No response

Expected Behavior

http 协议模式应该也需要密码认证

Additional Context

No response
@tian4546 tian4546 added the bug Something isn't working label Nov 13, 2024
@vernesong
Copy link
Owner

无法复现

@tian4546
Copy link
Author

无法复现
在防火墙通信规则开放7893端口,然后 openclash 插件设置-》流量控制-》仅允许内网 去掉 就可以外网连接了,

直接在外网用http协议 代理一下就能复现了,但是不输入认真账号密码,也可以直接代理到家里软路由上网

@vernesong
Copy link
Owner

内网是否正常

@tian4546
Copy link
Author

内网是否正常

我知道了,是正常的,外网也是正常的,可能是我前面输入正确账号密码,然后修改成错误的,好像这个openwrt 不会重新认证可以一直使用好像这个认证和其他工具不一样,这个认证会被记录,要切底关闭浏览器才能重新输入,其他浏览器只要密码错误会弹很多次

@psqtdhx
Copy link

psqtdhx commented Nov 15, 2024

内网是否正常

我知道了,是正常的,外网也是正常的,可能是我前面输入正确账号密码,然后修改成错误的,好像这个openwrt 不会重新认证可以一直使用好像这个认证和其他工具不一样,这个认证会被记录,要切底关闭浏览器才能重新输入,其他浏览器只要密码错误会弹很多次

这个http/socks认证密码貌似并不安全,可以跳过,油管哪位大佬视频好像提过这个

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tian4546 @vernesong @psqtdhx