如题..

Hi . . .

I know it's not good to ask this question here, but no one really helped me. Thank you for helping me as a homeproxy developer.

I use the "kenzok8/small-package" package to build the "coolsnowwolf/lede" firmware. But when I added Luci-app-homeproxy, which uses Sing-Box kernel, to my package list, I encountered the following error.

Collected errors:
 * check_data_file_clashes: Package firewall4 wants to install file /home/m33ft/LEDE_RaspberryPi.4B/build_dir/target-aarch64_cortex-a72_musl/root-bcm27xx/etc/hotplug.d/iface/20-firewall
	But that file is already provided by package  * firewall
 * check_data_file_clashes: Package firewall4 wants to install file /home/m33ft/LEDE_RaspberryPi.4B/build_dir/target-aarch64_cortex-a72_musl/root-bcm27xx/etc/init.d/firewall
	But that file is already provided by package  * firewall
 * check_data_file_clashes: Package firewall4 wants to install file /home/m33ft/LEDE_RaspberryPi.4B/build_dir/target-aarch64_cortex-a72_musl/root-bcm27xx/sbin/fw3
	But that file is already provided by package  * firewall
 * opkg_install_cmd: Cannot install package firewall4.
 * check_data_file_clashes: Package firewall4 wants to install file /home/m33ft/LEDE_RaspberryPi.4B/build_dir/target-aarch64_cortex-a72_musl/root-bcm27xx/etc/hotplug.d/iface/20-firewall
	But that file is already provided by package  * firewall
 * check_data_file_clashes: Package firewall4 wants to install file /home/m33ft/LEDE_RaspberryPi.4B/build_dir/target-aarch64_cortex-a72_musl/root-bcm27xx/etc/init.d/firewall
	But that file is already provided by package  * firewall
 * check_data_file_clashes: Package firewall4 wants to install file /home/m33ft/LEDE_RaspberryPi.4B/build_dir/target-aarch64_cortex-a72_musl/root-bcm27xx/sbin/fw3
	But that file is already provided by package  * firewall
 * opkg_install_cmd: Cannot install package luci-app-homeproxy.
make[2]: *** [package/Makefile:70: package/install] Error 255
make[2]: Leaving directory '/home/m33ft/LEDE_RaspberryPi.4B'
make[1]: *** [package/Makefile:111: /home/m33ft/LEDE_RaspberryPi.4B/staging_dir/target-aarch64_cortex-a72_musl/stamp/.package_install] Error 2
make[1]: Leaving directory '/home/m33ft/LEDE_RaspberryPi.4B'
make: *** [/home/m33ft/LEDE_RaspberryPi.4B/include/toplevel.mk:231: world] Error 2

What I understood is that the homeproxy package uses Firewall 4 based on nftables which is supported by OpenWrt version 22.03, but here it is Firewall 3 !!!

You can see my ".config" file for RaspberryPi.4B here.

Thank you for your guidance.

先说Sorry因为我觉得应该是开在Discuss里的但天灵大佬没有开…
主要是有些许疑惑，刚开始尝试使用
请教一下，如果路由开启mosdns的情况下，
DNS 服务器/国内 DNS 服务器 应该选择【禁用】还是选择【使用 WAN 下发的 DNS】才会把解析权交给mosdns使用呢？
还是说……都不会？

tun模式用 trojan节点不能科学上网，redirect tcp模式正常。
OpenWrt 23.05-SNAPSHOT r23404-56827dac01 / LuCI openwrt-23.05 branch git-23.247.03875-7ade929
sing-box | 1.5.0-beta.2-1
chinadns-ng | 2023.06.01-1
luci-app-homeproxy git-23.236.37245-01ed8c9

In the LuCI UI for HomeProxy, I cannot find an option to enable the ECH protocol in the node settings while TLS is enabled.

HomeProxy version: git-23.356.21884-c03d6fb

Based on this code in node.js , I was expecting to find an ECH option in the LuCI UI of HomeProxy:

if (features.with_ech) {
			so = ss.option(form.Flag, 'tls_ech', _('Enable ECH'),
				_('ECH (Encrypted Client Hello) is a TLS extension that allows a client to encrypt the first part of its ClientHello message.'));
			so.depends('tls', '1');
			so.default = so.disabled;
			so.modalonly = true;

			so = ss.option(form.Flag, 'tls_ech_tls_disable_drs', _('Disable dynamic record sizing'));
			so.depends('tls_ech', '1');
			so.default = so.disabled;
			so.modalonly = true;

			so = ss.option(form.Flag, 'tls_ech_enable_pqss', _('Enable PQ signature schemes'));
			so.depends('tls_ech', '1');
			so.default = so.disabled;
			so.modalonly = true;

			so = ss.option(form.Value, 'tls_ech_config', _('ECH config'));
			so.depends('tls_ech', '1');
			so.modalonly = true;
		}

尝试修改过配置文件的各项参数，均不能解决问题

系统版本：ImmortalWrt 23.05.1 r27304-31bc47589e / LuCI openwrt-23.05 branch git-23.354.11083-b1b77b6
homeproxy版本：git-23.356.21884-c03d6fb

如题，想知道为什么会这样，有没有可以改善的方法。

REALITY是支持h2的，但是在homeproxy里没有看到h2的选项，请问是有什么特殊配法吗

1. the pre-shared-key option is not required for wireguard.
2. the value for the wireguard's MTU has the quatation marks in sing-box-c.json.

homeproxy在运行一阵（不到一小时）后，会导致pppoe掉线且无法再链接（必须重启光猫）
是不是非常离谱……
我也不知道是不是我自己遇到的bug，但能够100%复现……
master分支immortalwrt

hysteria模式节点的utls设置问题：
utls似乎需要禁用，但是选成禁用时无法保存配置。
如果选择别的，程序又无法启动，提示如下：
�[31mFATAL�[0m[0000] parse outbound[3]: unsupported usage for uTLS
2023-03-19 19:11:01 [DAEMON] Error: wrong configuration detected.
2023-03-19 19:11:49 [DAEMON] Reloading service...
2023-03-19 19:11:55 [DAEMON] Service stopped.
2023-03-19 19:12:24 [DAEMON] Reloading service...
2023-03-19 19:12:29 [DAEMON] Service stopped.

首先感谢大佬提供这么棒的工具，非常的轻快，目前深度体验下来发现几个小建议。

1、循环订阅功能。
目前很多便宜机场节点挂的很快，需要频繁更新订阅来获取最新的节点，比如每小时订阅一次。

2、节点自动切换功能。
理由同上，都是针对便宜机场的。

3、连接日志显示。
方便查看哪些连接走了代理，因为有些域名其实可以裸连的，但因为冷门导致走了代理。

4、几个列表的版本查询方式。
目前几个列表采用的是查询api的方式，这样容易触发API保护导致查询失败，进而导致更新失败。

几个小建议，希望大佬采纳，最后再次感谢大佬提供这么棒的工具！

Considering that Sing-Box version 1.5.0 supports Hysteria 2, it would be great if HomeProxy could also incorporate Hysteria 2 support into its client proxy.

Thanks

代理机器 ping：

➜  ~ ping cn.bing.com               
PING china.bing123.com (202.89.233.101) 56(84) bytes of data.
64 bytes from 202.89.233.101 (202.89.233.101): icmp_seq=1 ttl=118 time=7.70 ms
64 bytes from 202.89.233.101 (202.89.233.101): icmp_seq=2 ttl=118 time=11.1 ms
^C
--- china.bing123.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 7.704/9.397/11.090/1.693 ms

查看 sing-box 运行时配置文件（/var/run/homeproxy/sing-box.json）似乎也没有相应配置。

sing-box已经支持，请作者尽快跟进

选择tun模式后老是运行不成功 要多次更换dns才能运行

I have encountered an issue where homeproxy does not function as expected when load balancing is enabled in my mwan3 configuration. The issue is as follows:

config member 'wan_member'
    option interface 'wan'
    option metric '1'
    option weight '1'

config member 'wanb_member'
    option interface 'wanb'
    option metric '1'
    option weight '1'

config rule 'default_rule_v4'
    option dest_ip '0.0.0.0/0'
    option use_policy 'load_balanced'
    option family 'ipv4'
    option proto 'all'
    option sticky '0'

config policy 'load_balanced'
    list use_member 'wan_member'
    list use_member 'wanb_member'
    option last_resort 'unreachable'

I expected homeproxy to work seamlessly alongside load balancing, allowing traffic to be load-balanced between the wan and wanb interfaces for other general network traffic.

However, the actual behavior is that homeproxy is completely blocked and can't send any packet.

+0000 2023-09-27 20:59:18 ERROR [3319903261 1.25s] inbound/redirect[redirect-in]: process connection from 192.168.2.172:64224: dial tcp 45.141.21.54:443: connect: no route to host
+0000 2023-09-27 20:59:21 ERROR [3606825731 1.13s] inbound/redirect[redirect-in]: process connection from 192.168.2.172:64239: dial tcp 45.141.21.54:443: connect: no route to host
+0000 2023-09-27 20:59:21 ERROR [3620684452 2.97s] inbound/redirect[redirect-in]: process connection from 192.168.2.172:64233: dial tcp 45.141.21.54:443: connect: no route to host

of course, when disabling homeproxy, load-balancing works correctly.

I try to add a node,then start the server it shows Error: no valid inbound found.

Currently, only the gfwlist-file is specified for chinadns-ng, but not the chnlist-file. This may cause suboptimal DNS resolution for some websites. For example:

• Current behavior: since google.com is in gfwlist-file, dl.google.com is resolved by trust-dns with proxy to a foreign IP address.
• After specifying chnlist-file: since dl.google.com is in chnlist-file, dl.google.com is resolved by a DNS server in China to a China IP address.

两个问题
1，因为家里的路由器，怕更新了，sing-box1.8+ geosite移除了，还要重新配置
2，hp的配置文件支持手搓不，像配置rule-set，不能手搓有点麻烦
感谢大佬

无论是订阅还是导入分享链接都不支持vmess

UI里没有这俩选项,生成的配置里也没有,配置错误,启动失败

Repeat update chnlist

编译后有软件包里luci-app-homeproxy，sing-box，但服务界面没有homeproxy，启动项homeproxy里启动，提示权限不足。用https://github.com/immortalwrt/immortalwrt源码可以编译成功

Hello, I wanted to know if it is possible to manually import the json configuration file because there is no way to run shadowtls.
Thanks alot.

[31mFATAL�[0m[0000] decode config at /var/run/homeproxy/sing-box-c.json: outbound options: json: cannot unmarshal string into Go struct field BrutalOptions.multiplex.brutal.up_mbps of type int

Currently, only one DNS server is allowed for both dns_server and china_dns_server, and specification of non-standard port is not possible in LuCI.
But in fact, chinadns-ng allows up to two DNS servers for both trust-dns and china-dns, and allows non-standard port.
Setting two DNS servers can increase stability compared with one server in case it fails. Non-standard port may be necessary for some use cases, e.g., DNS over HTTPS as implemented by https-dns-proxy.
As a workaround, it is possible to use UCI command to achieve the goal, for example:

uci set homeproxy.config.china_dns_server='127.0.0.1#5054,127.0.0.1#5053'

And it works as expected. However, the input value is not considered as a valid IP address in LuCI, making it not possible to further modify other settings in LuCI.
It will be great if such setting can be allowed in future versions.

能教下吗？谢谢。

ss.option 改为 s.option

版本: 基于4.18日的master自己build
问题:
不知道是否有使用上的错误, 在配置server settings里面的http/socks代理时, username & password是必填项
未找到可以不设置的办法
但是某些情况下, 需要认证的代理使用起来不是很方便
期待:
是否考虑去除这个限制
或者
是否有其他替代方法

谢谢

假设路由器ip为192.168.1.1。

局域网内有 设备A 192.168.1.2 和 设备B 192.168.1.3

不开启homeproxy的情况下下。设备A和设备B均可正常访问 www.gstatic.com 。

开启homeproxy 在访问控制中 LAN IP 策略设置 代理过滤模式 设置为 仅允许列表内。设置允许的地址为设备A 192.168.1.2。

此时设备B无法正常访问www.gstatic.com。因为其DNS的请求被转发到homeproxy解析并返回IP。

是否可以修改一下逻辑，如果开启仅允许列表内等访问策略时，将允许列表内的设备的dns通过防火墙规则劫持。这样可以不影响列表外的DNS解析。

目前发现受影响的域名有 google.cn dl.google.com等。开启homeproxy后，会造成不在允许列表内的设备无法访问上述网站。

虽然可以通过直连域名列表解决，但是还是希望能把这个DNS解析的逻辑更改一下。

天灵灵大佬，已在 sing-box 项目提出请求，SagerNet/sing-box#729
并且有一位大佬 [liaoliaots] 回复如下：

sing-box支持如下格式的 dns

tcp://x.x.x.x:3305
udp://x.x.x.x:3306
tls://x.x.x.x:3307
https://x.x.x.x:3308/dns-query
quic://xxx.com:3309
h3://x.x.x.x:3310/dns-query

希望 homeproxy 能支持上，谢谢！

I am experiencing problems with certain services, such as Apple Push Notification and iMessage, when using HomeProxy. These services are not functioning correctly, and I suspect the issue might be related to DNS settings. The following log entries were observed:

+0000 2023-12-15 20:01:53 DEBUG [160452879 10.13s] inbound/direct[dns-in]: connection closed: io: read/write on closed pipe | upstream: context canceled
+0000 2023-12-15 20:01:53 DEBUG [2821943100 10.13s] inbound/direct[dns-in]: connection closed: io: read/write on closed pipe | upstream: context canceled

I have tested this setup on multiple servers and believe the issue is on the client side. The same configuration and server work as expected on PC and mobile devices.

The issues started after updating to the latest version of HomeProxy. Prior to this update, I did not encounter these problems.

HomeProxy Version: git-23.334.31490-78704df
Sing-box Version: 1.7.1

如题

I had a problem using TUN mode after restarting the device, the homeproxy didn't run with an error

I use the latest version of homeproxy and the latest sing-box on OpenWRT firmware version 23.5

In the node setup section, when configuring transport settings for nodes with the HTTP method, there seems to be a bug. The expected behavior is that the HTTP method should be in the uppercase format (e.g., "GET", "PUT", "POST") in the single-box JSON. However, when selecting an HTTP type (e.g., PUT), homeproxy generates it in lowercase format (e.g., "put"). This results in the node not receiving traffic due to the method case mismatch.

使用brightdata，HP默认设置没办法代理，选择自定义端口，添加了brightdata服务器的端口22225，又在代理域名选项添加brightdata的服务器域名，也没成功，请教如何正确设置才可以代理需要的端口或者域名

目前直连/代理列表输入类似下方内容会提示无效主机名

#baidu
www.baidu.com

路由模式:大陆白名单
访问控制-接口控制-监听接口功能下
只启用eth0, eth1, eth2这三个物理接口, 三个物理接口下的设备无法访问外网
启用br-lan, br-lan下的所有设备能够正常访问外网, 不指定接口也能正常访问

I am writing to request the addition of "ssh" type outband to HomeProxy's existing options, which would significantly enhance its functionality for users in certain regions.

The JSON format for this "ssh" outband would look something like this:

{
    "type": "ssh"
    "tag": "ssh-out",
    "server": "server-address",
    "server_port": 2222,
    "user": "ed353c36-57dc-4f0c-b545-229cbb0c4b81",
    "private_key": "-----BEGIN OPENSSH PRIVATE KEY-----\n[...]\n-----END OPENSSH PRIVATE KEY-----\n",
    "host_key": [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBmeOGQXgbEwO4EMt+IW6OFiXnFugh8KBq3uYY5OqBGO",
        "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFTyzHf6aGR+GXPphhMhtshK/YN1kzhFrZbQa/HIQH5/QUXbUq+MHZ5nRN/Ej5o5XLchWQIDvnb77omOOpCx004="
    ]
}

I know this method is entirely custom and does not have standard share links, but it would be great if users could select and add these custom fields through the LuCI UI.

I live not in Mainland China but in Iran. In our country, this method of connection is very stable and secure. Adding this feature would greatly benefit users in regions with similar network constraints.

Thank you for considering this feature request. Your work on HomeProxy is greatly appreciated, and this addition would make it even more valuable for users like me.

参考了资料如下：
https://gist.github.com/douglarek/b9e8a6e64abb1e7dce222dd047185606

发现有以下问题：
使用singbox版本1.7.5，若在大陆白名单模式时，可以手动指定国内组dns的端口号，连接检查中的百度检测通过；
但是相同的singbox配置，在自定义路由模式时，国内组dns无法指定端口号了，连接检查中的百度检测失败，且singbox log有关于dns的报错，如果国内组dns直接设为运营商dns，发现打开国内网站的速度相比白名单模式时明显减慢。
上述两种情况的国外组都可以手动指定端口号，连接检查无问题。

大佬看看自定义路由模式有没有什么问题呢？

Hi, could you add listen address config to inbound server?

https://github.com/immortalwrt/homeproxy/blob/a9063bd60be9c3d258787146787b777f0ee89a58/root/etc/homeproxy/scripts/generate_server.uc#L47C7-L47C7

服务端是使用 shadowsocks-rust 1.15.3 部署的，服务端的配置：

{
	"servers": [
		{
			"server_port": 4455,
			"server": "0.0.0.0",
			"password": "mypassword",
			"mode": "tcp_and_udp",
			"method": "aes-256-gcm",
			"timeout": 300
		}
	],
	"security": {
		"replay_attack": {
			"policy": "detect"
		}
	},
	"udp_timeout": 120,
	"no_delay": true,
	"keep_alive": 30,
	"fast_open": true
}

这是在 HomeProxy 的设置：

同样的节点，它在 ssrp 上工作（NatTypeTester 显示为fullcone，并且国外游戏正常进行），这是在ssrp 上的配置填写：

不知道 HomeProxy 的 Shadowsocks 和 ShadowSocksR_Plus+ 的 Shadowsocks New Version 是否通用的，如果是不通用的话，我应该通过什么工具去部署一个适用于 HomeProxy UDP 使用的节点？

修改访问控制下的代理域名列表和直连域名列表的内容点击保存并应用提示没有待应用的更改
需要手动切换节点或者修改其他设置才能保存并应用让域名列表生效

I'm using SmartDNS as the ChinaDNS upstream server, and the target address should be something like 127.0.0.1#6053, but this cannot pass the luci's ip4addr validation.

Code lines:
https://github.com/immortalwrt/homeproxy/blob/ee8ee1a67217b88dc44a1b50e939a3727e92f067/htdocs/luci-static/resources/view/homeproxy/client.js#L204C7-L204C82

在自定义路由模式下，给路由节点添加 “类型” 属性，可选择 Selector 和 URLTest 两种类型的路由节点，下方的节点选项可以选择多个节点。

这样可以直接利用 sing-box 的 Selector 和 URLTest 出站，同时也能再当前路由节点所选择的节点不可用的情况下实现自动切换。

RT