Docker7530
105 lines
3.1 KiB
Markdown
105 lines
3.1 KiB
Markdown
解决方案:https://github.com/MetaCubeX/mihomo/discussions/1920
|
||
|
||
# 如何在 Tun 模式下让公司域名走公司 VPN?
|
||
|
||
各位社区的大佬好,最近遇到了一个关于 **Tun 模式与公司 VPN 共存** 的问题,希望能得到大家的帮助。
|
||
|
||
# 🎯 目标
|
||
|
||
我希望在 **登录公司 VPN** 的同时,使用 **Tun 模式**,并且能够正常访问公司的内部域名。
|
||
|
||
# 📌 现状
|
||
|
||
- **使用系统代理模式时**,公司域名可以正常解析和访问,因为配置了规则 `DIRECT` 转向 `system` 后,系统代理模式会识别到公司 VPN 的 DNS 解析。
|
||
- 但是 **启用 Tun 模式后**,公司域名解析失败,无法访问。
|
||
|
||
# 🛠️ 配置
|
||
|
||
当前 `Clash` 配置中的 `dns` 相关部分如下:
|
||
|
||
```yaml
|
||
dns:
|
||
enable: true
|
||
ipv6: true
|
||
prefer-h3: true
|
||
listen: 0.0.0.0:1053
|
||
respect-rules: false
|
||
enhanced-mode: fake-ip
|
||
fake-ip-range: 198.18.0.1/16
|
||
fake-ip-filter-mode: blacklist
|
||
fake-ip-filter:
|
||
- "+.stun.*.*"
|
||
- "+.stun.*.*.*"
|
||
- "+.stuns.*.*"
|
||
- "+.stuns.*.*.*"
|
||
- "+.wns.windows.com"
|
||
- "+.msftncsi.com"
|
||
- "+.msftconnecttest.com"
|
||
- "rule-set:private_domain,cn_domain"
|
||
default-nameserver:
|
||
- 223.5.5.5
|
||
- 119.29.29.29
|
||
proxy-server-nameserver:
|
||
- https://dns.alidns.com/dns-query
|
||
nameserver-policy:
|
||
rule-set:private_domain,cn_domain:
|
||
- 223.5.5.5
|
||
rule-set:geolocation-!cn:
|
||
- https://cloudflare-dns.com/dns-query
|
||
- https://dns.google/dns-query
|
||
nameserver:
|
||
- 119.29.29.29
|
||
fallback:
|
||
- tls://1.1.1.1:853
|
||
- tls://9.9.9.9:853
|
||
direct-nameserver:
|
||
- system
|
||
```
|
||
|
||
`rules` 相关如下:
|
||
|
||
```yaml
|
||
rules:
|
||
# >>>>>>>>>>>>>>>> Custom Rules >>>>>>>>>>>>>>>>
|
||
- DOMAIN-SUFFIX,公司域名.net,DIRECT
|
||
# <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
|
||
- RULE-SET,private_ip,DIRECT,no-resolve
|
||
- RULE-SET,private_domain,DIRECT
|
||
- RULE-SET,cn_ip,DIRECT,no-resolve
|
||
- RULE-SET,cn_domain,DIRECT
|
||
- RULE-SET,steamcn_domain,DIRECT
|
||
- RULE-SET,apple_domain,DIRECT
|
||
- RULE-SET,youtube_domain,YouTube
|
||
- RULE-SET,telegram_domain,Telegram
|
||
- RULE-SET,telegram_ip,Telegram
|
||
- RULE-SET,x_domain,X
|
||
- RULE-SET,facebook_domain,Facebook
|
||
- RULE-SET,facebook_ip,Facebook
|
||
- RULE-SET,instagram_domain,Instagram
|
||
- RULE-SET,openai_domain,OpenAi
|
||
- RULE-SET,github_domain,GitHub
|
||
- RULE-SET,onedrive_domain,OneDrive
|
||
- RULE-SET,netflix_ip,Netflix,no-resolve
|
||
- RULE-SET,netflix_domain,Netflix
|
||
- RULE-SET,paypal_domain,PayPal
|
||
- RULE-SET,steam_domain,Steam
|
||
- RULE-SET,google_ip,Google,no-resolve
|
||
- RULE-SET,google_domain,Google
|
||
- RULE-SET,microsoft_domain,Microsoft
|
||
- MATCH,Final
|
||
```
|
||
|
||
# 🔍 观察
|
||
|
||
- **VPN 启动后会创建一个新的网卡**,但在 Tun 模式下,公司内部域名似乎不会走公司 VPN 提供的 DNS 解析,从而导致解析失败。
|
||
- **猜测原因**:
|
||
1. Tun 模式可能会导致 DNS 请求不走公司 VPN 解析。
|
||
|
||
|
||
|
||
# ❓ 求助
|
||
|
||
- 在 **Tun 模式下**,如何让 **公司域名走公司 VPN** 进行解析和访问?
|
||
|
||
如果有大佬遇到过类似问题,或者有任何建议,万分感谢!🙏
|