How to make ws server work on android app with ipv4 only no domain?

I have a question,which options used by server and which options used by client?And client also has a listening port,meaning like WG can be peer by another one?

Hello dear developer, thank you for this great vpn program. I have started this vpn on my linux server with docker command that you provided in readMe. and I have started caddy docker container as you suggested on my server for reverse proxy. and I have edited my Caddyfile exactly the same as you said. but on windows client when I start the vtun-win-amd64.exe with this parameters -s myServerAddress:443 -c 172.16.0.10/24 -k 12345678 -g -sip 172.16.0.1 -p wss -obfs -isv
it returns [client] failed to dial websocket wss://myServerAddress:443/freedom remote error: tls: internal error .
but when I use vtun without reverse proxy on my server, It connects with no problem and works perfectly.

通过隧道，三台设备可以互相ping通，客户端可以ssh连接服务端，但服务端无法连接客户端，且客户端也无法连接其他客户端，
websocket和udp都试过了，这个有解决方法吗。

hi.

on my mac:
yudeMacBook-Air:~ ym$ sudo vtun -k mykey -l 127.0.0.1:3000 -mtu 1200 -p tcp -s vps-public-ip:3001
显示：
2022/04/30 23:14:18 init config:{"LocalAddr":"127.0.0.1:3000","ServerAddr":"vps-public-ip:3001","CIDR":"172.16.0.10/24","Key":"mykey","Protocol":"tcp","DNS":"8.8.8.8:53","WebSocketPath":"/freedom","ServerMode":false,"GlobalMode":false,"Obfs":false,"MTU":1200,"Timeout":30}
2022/04/30 23:14:18 vtun tcp client started on 127.0.0.1:3000
2022/04/30 23:14:18 interface created: utun2
2022/04/30 23:14:18 exec cmd: ifconfig [utun2 inet 172.16.0.10 172.16.0.1 up]:
2022/04/30 23:14:18 physical interface en0 gateway 192.168.1.1 network 192.168.1.0/24
2022/04/30 23:14:18 exec cmd: route [add default 192.168.1.1]:
route: writing to routing socket: File exists
add net default: gateway 192.168.1.1: File exists
2022/04/30 23:14:18 exec cmd: route [change default 192.168.1.1]:
change net default: gateway 192.168.1.1

然后，在浏览器里访问显示IP的网站，并未显示我的vps的公网ip，而是我的isp分配给我的ip, 所以并不能用此vpn翻wall.
该怎么解决？

Linux Docker服务端
docker run -d --privileged --restart=always --net=host --name vtun-server netbyte/vtun -S -l :3001 -c 10.1.0.1/24 -k xxx

Windows客户端1号：
vtun.exe -s v1.cognsoft.com:3001 -c 10.1.0.2/24 -k xxx

Windows客户端2号：
vtun.exe -s v1.cognsoft.com:3001 -c 10.1.0.3/24 -k xxx

这样运行后，客户端1号和2号都能成功的ping服务端10.1.0.1，但是客户端1号10.1.0.2和客户端2号10.1.0.3则无法互相ping通，请问应该如何解决？谢谢

Which parameters need set at Client side and which parameters need set at Server side,pls show more details in help.Then,the program already set a tun device at Client side why still need listen a local address:port?

As far as I know, TCP is a stream based protocol, even if server side writes a full packet in one write call, there are chance that the packet is divided into mulitple reads. On the other hand, a single read may got multiple packets if it's way samll than MTU, which is 1500.

Is this a issue? Please tell me if I'm wrong.

知道的和不清楚的

• 客户端和服务端都是 tun + socket 的组合，客户端 tun 负责采集所有除了到 dns server 和 vpn server 的 IP Packet，然后通过 socket 发给服务端
• 服务端启动了转发，FORWARD 使其能接收 dstIP 不为自己的包，转发时 tun 和物理网卡都因 iptables masquerade 改写 srcIP 为自己
• 服务端从 socket 接收到的数据就是客户端 tun 捕获的包，udptotun 写入 tun，然后我就迷糊了。。。tun 是怎么通过物理网卡发出去的，回包又是怎么被再次交给 tun 或者 socket? 具体看下面的我的想法

• 这个图是描述客户端 APP 通过端口 12345 请求互联网上的服务器 IP: E, Port: 30000 的 udp 类型的服务时，数据传输过程
• 图中带颜色方格是一个 IP packet，颜色不同用于区分 (srcIP, srcPort, dstIP, dstPort) 有区别，连在一起的两个方格是一个包，后一个是前一个的 payload

我理解的流程如下

• app 发起请求，生成红色的包，由于 iptables 设定，所以流入 tun 设备
• vpn 从 tun 读出这个包并作为 udp socket 的 payload 发出。我这画的绿色的包可能有问题，udp socket 建立时选的默认网卡可能大概率就是物理网卡，不过应该不影响后续过程。如果选的是 tun 设备作为本地地址，那么出去的时候由于 iptables masquerade 也会改写成蓝色的包
• 蓝色的包到达服务端后，通过 udp socket 交给了 vpn，序号6的位置，现在想是画错了，应该没有蓝色的包了，直接就是红色包
• 红色包被 vpn 写入 tun，tun 送到内核，iptables masquerade 改变 srcIP 为 C，得到黑色包，经过物理网卡发送时，srcIP 变为 D，得到紫色包
• 服务响应发回橘黄包

我的问题

• 橘黄包要发送到 D 的 12345 端口，然而这个请求不是 D 发的，内核自然没办法给相应用户进程去处理？
• 图中序号 8-10 的过程是怎么完成的，服务端的配置仅仅是添加并启动了 tun 设备，并没有设置 tun 设备的路由，vpn 把 udp 的 payload 数据写入到 tun，tun 发给内核，内核查询路由发现什么都做不了？

希望能得到解答，感谢

is there any way to store debug or log like openvpn
also is there any way to add user authentication from bash file or any mysql database.
like every time a user try to connect vtun will call a bash file like /root/vtun/connect.sh
if this file say ok thats mean user authenticated and connected the VPN.

on the bash file we can call our web API and verify user.
like curl abc.com/api.php?userdi=$userid
web echo ok mean user verified. ealse mean not verified so kill the connection.

as the title says.

I should have added this to #24 , unless you already baked it in, specifying compression levels would be useful.

do all protocol need to reverse proxy with caddy/nginx?

对于application/octet-stream 类型非常不友好， 丢包一直重发，效率很低

quic/quicclient.go:11:2: //go:build comment without // +build comment
../go/pkg/mod/github.com/lucas-clemente/[email protected]/internal/qerr/error_codes.go:6:2: //go:build comment without // +build comment

win7下 先删除0.0.0.0 网关。 。 后执行添加虚拟网卡的网关。 这个命令怎么也不执行，没有错误提示但是路由里面就是没有，不知道怎么回事。 。

netutil.ExecCmd("cmd", "/C", "route", "add", "0.0.0.0", "mask", "0.0.0.0", gateway, "metric", "6")

这一条就没反应一直。 。 大神给分析分析

udp正常，多次测试tcp1分钟到5分钟之间vtun服务器端就出现错误：

panic: runtime error: index out of range [12] with length 8

goroutine 855 [running]:
github.com/net-byte/vtun/common/netutil.GetIPv4Source(...)
        /dev/shm/vtun/common/netutil/netutil.go:115
github.com/net-byte/vtun/tcp.toServer({{0x7ffdfa8bbe2f, 0x5}, {0x6c104b, 0x5}, {0x7ffdfa8bbe38, 0xd}, {0x7ffdfa8bbe49, 0x6}, {0x7ffdfa8bbe53, 0x3}, ...}, ...)
        /dev/shm/vtun/tcp/tcpserver.go:80 +0x3cc
created by github.com/net-byte/vtun/tcp.StartServer
        /dev/shm/vtun/tcp/tcpserver.go:35 +0x345

使用的命令：

./vtun -S -l=:3001 -c=172.16.0.1/24 -k=123456 -p tcp 
iperf3 -s
./vtun -l=:3000 -s=192.168.1.1:3001 -c=172.16.0.10/24 -k=123456 -p tcp 
iperf3 -c 172.16.0.1 -t 600

另vtun通过udp连接测速一直稳定在800mb左右，而tcp则在80mb到600mb之间波动很大，可以优化下tcp速度吗？
将mtu调大为9000可跑2Gbits左右，稳定了许多。
wget通过隧道下载没速度，一直停留在等待响应：

wget -O /dev/null 172.16.0.1/test.500
--2022-04-13 15:45:17--  http://172.16.0.1/test.500
Connecting to 172.16.0.1:80... connected.
HTTP request sent, awaiting response...

Hi, I'm a programmer, I need your help, how can I contact you, you have a telegram, I want to pay you to do a job, I would like you to help me with something, I know you can help me with this, give me your email or telegram, any way I can contact you

我目前就是用的WSL
windows 10 和 11自带的。
参考文章：https://docs.microsoft.com/zh-cn/windows/wsl/tutorials/gui-apps

i try to run over mac OS but its connected fine.
i can ping server to local fine and local to server fine. but its not pass data over the VPN tunnel.
i have a custom project i need a developer like you my project also similar like this Vtun.
please let me know is there any way to talk to you so may be you can help me out.
thank you

tun.go中
netutil.ExecCmd("route", "add", "default", config.ServerIP)
netutil.ExecCmd("route", "change", "default", config.ServerIP)
netutil.ExecCmd("route", "add", "0.0.0.0/1", "-interface", iface.Name())
netutil.ExecCmd("route", "add", "128.0.0.0/1", "-interface", iface.Name())
128.0.0.0/1是不是应该127.0.0.1着急写错了？

初始服务端无法ping通客户端，只有客户端ping了服务端之后才能从服务端ping通客户端，而且客户端停止ping之后服务端过5分钟后也无法ping通客户端。

Hi. Like vTun on linux, could you add the option to compress the tunnel stream?

Sir i running nginx 443 with http2, then create reverse proxy to vtun port. I running vtun with default key 123456 and address tun 172.16.254.1/24. Then try setting up the client on android apps always says invalid server/key
About reverse proxy i used the path /way-to-freedom

Android Client 1.5.0

Configuration cannot be saved, it gives error, Invalid server address or key

tried on different phones same

please check

windows使用后，删除不了本地连接是什么情况？

tls没有分包处理

您好，我用本地mac笔记本做client端,然后阿里云服务器起了一个server端。然后启动之后（client,server都没有报错,启动方式遵循README.md）。然后相互之间ping,发现ping不同。然后client也无法访问外网了。

iptables 规则是使用在client 还是server端？说明上只是说在linux上设置。没说是在client端还是server端.

两边windows10，奇怪的bug：
默认udp协议，互相组网后，两边日志显示只有上传，没有下载数据。
但是此时服务端主动发起ping，双方就会连通（stats:download 51.45KB upload 1.52KB）。但是客户端依旧ping不通服务器端ip，服务器能ping通客户端ip。
更换为ws协议后，客户端连接服务器提示i/o timeout，但是同样的，如果服务器端主动发起ping ，就会连接成功。不过依旧是服务器能ping通客户端，客户端ping不通服务端。

Feature request,pls add grpc path function,and can be the backend behind nginx.

mac客户端启动后日志

2022/05/09 00:26:36 vtun tcp client started on :3000
2022/05/09 00:26:36 interface created: utun3
2022/05/09 00:26:36 exec cmd: ifconfig [utun3 inet 172.16.0.10 172.16.0.1 up]:
2022/05/09 00:26:37 physical interface en0 gateway 192.168.1.1 network 192.168.1.0/24
2022/05/09 00:29:32 exec cmd: route [add 150.158.153.126 192.168.1.1]:
route: writing to routing socket: File exists
2022/05/09 00:29:32 exec cmd: route [add 8.8.8.8 192.168.1.1]:
route: writing to routing socket: File exists
2022/05/09 00:29:32 exec cmd: route [add 0.0.0.0/1 -interface utun3]:
2022/05/09 00:29:32 exec cmd: route [add 128.0.0.0/1 -interface utun3]:
add host 150.158.153.126: gateway 192.168.1.1: File exists
add host 8.8.8.8: gateway 192.168.1.1: File exists
add net 0.0.0.0: gateway utun3
add net 128.0.0.0: gateway utun3
add net default: gateway 172.16.0.1
change net default: gateway 172.16.0.1
2022/05/09 00:29:32 exec cmd: route [add default 172.16.0.1]:
2022/05/09 00:29:32 exec cmd: route [change default 172.16.0.1]:

然后debug发现b := packet[:n] n总是是16，一直死循环读到，然后上不去网。 关了也上不去，只有重启wifi才能又连上这是为什么呀

I just now know this project added QUIC and KCP.Great.But seems not support custom the detail settings.In another hand,can remove the client listening？Thx.

你好，希望vtun可以支持自签证书，谢谢。
https://github.com/FiloSottile/mkcert

PS C:\Downloads> .\vtun.exe -l :3000 -s 192.168.117.130:3001 -k 123456 -c 172.16.0.10/24 -p ws
2022/08/17 03:27:22
_
__ __ | |_ _ _ _ _
\ V / | | | || | | '
_/ _| _,| |||_|

A simple VPN written in Go. https://github.com/net-byte/vtun
2022/08/17 03:27:22 vtun version:v1.6.3
2022/08/17 03:27:22 vtun starting...
2022/08/17 03:27:22 initialized config:&{DeviceName: LocalAddr::3000 ServerAddr:192.168.117.130:3001 IntranetServerIP:172.16.0.1 IntranetServerIPv6:fced:9999::1 DNSServerIP:8.8.8.8 CIDR:172.16.0.10/24 CIDRv6:fced:9999::9999/64 Key:123456 Protocol:ws WebSocketPath:/freedom ServerMode:false GlobalMode:false Obfs:false Compress:false MTU:1500 Timeout:30 LocalGateway: TLSCertificateFilePath:./certs/server.pem TLSCertificateKeyFilePath:./certs/server.key TLSSni: TLSInsecureSkipVerify:false}
2022/08/17 03:27:22 vtun websocket client started on :3000
2022/08/17 03:27:22 Using existing driver 0.14
2022/08/17 03:27:22 Creating adapter
panic: The object already exists.

goroutine 8 [running]:
github.com/net-byte/water.openDev({0x1, {{0x6d0015, 0x4}, {0xc00001e130, 0xe}}})
/home/alex/go/pkg/mod/github.com/net-byte/[email protected]/syscalls_windows.go:48 +0x1ee
github.com/net-byte/water.New({0x1, {{0x6d0015, 0x4}, {0xc00001e130, 0xe}}})
/home/alex/go/pkg/mod/github.com/net-byte/[email protected]/if.go:61 +0x1ff
github.com/net-byte/vtun/tun.CreateTun({{0x0, 0x0}, {0xc00001e0b0, 0x5}, {0xc0000200f0, 0x14}, {0x6d457d, 0xa}, {0x6d60ca, 0xc}, ...})
/home/alex/Work/projects/vtun/tun/tun.go:27 +0xff
github.com/net-byte/vtun/ws.StartClient({{0x0, 0x0}, {0xc00001e0b0, 0x5}, {0xc0000200f0, 0x14}, {0x6d457d, 0xa}, {0x6d60ca, 0xc}, ...})
/home/alex/Work/projects/vtun/ws/wsclient.go:21 +0xa5
github.com/net-byte/vtun/app.(*Vtun).StartApp(0x0?)
/home/alex/Work/projects/vtun/app/app.go:71 +0x27c
created by main.main
/home/alex/Work/projects/vtun/main.go:41 +0x84e

开启代理前, route -n输出, 开启代理前能正常连网

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.17.0.1       0.0.0.0         UG    600    0        0 wlan0
10.17.0.0       0.0.0.0         255.255.0.0     U     600    0        0 wlan0

开启代理前, ifconfig输出:

enp49s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 88:a4:c2:c5:cc:a5  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 326  bytes 63188 (61.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 326  bytes 63188 (61.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.17.101.27  netmask 255.255.0.0  broadcast 10.17.255.255
        inet6 fe80::67e3:6e8:c207:4690  prefixlen 64  scopeid 0x20<link>
        ether 84:7b:57:42:a7:02  txqueuelen 1000  (Ethernet)
        RX packets 438207  bytes 175907326 (167.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 66163  bytes 12081391 (11.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

开启代理后, route -n输出, 开启代理后能ping通服务器, 但ping不通baidu, 下面的162.14.xxx.xx是我的服务器ip:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         128.0.0.0       U     0      0        0 tun0
0.0.0.0         10.17.0.1       0.0.0.0         UG    600    0        0 wlan0
10.17.0.0       0.0.0.0         255.255.0.0     U     600    0        0 wlan0
128.0.0.0       0.0.0.0         128.0.0.0       U     0      0        0 tun0
162.14.xxx.xx   10.17.0.1       255.255.255.255 UGH   0      0        0 wlan0
172.16.0.0      0.0.0.0         255.255.255.0   U     0      0        0 tun0

开启代理后ifconfig输出:

enp49s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 88:a4:c2:c5:cc:a5  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 326  bytes 63188 (61.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 326  bytes 63188 (61.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 172.16.0.10  netmask 255.255.255.0  destination 172.16.0.10
        inet6 fced:9999::9999  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::c0bb:4033:4ec8:cc63  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 43  bytes 5769 (5.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.17.101.27  netmask 255.255.0.0  broadcast 10.17.255.255
        inet6 fe80::67e3:6e8:c207:4690  prefixlen 64  scopeid 0x20<link>
        ether 84:7b:57:42:a7:02  txqueuelen 1000  (Ethernet)
        RX packets 440348  bytes 176323938 (168.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 66212  bytes 12090318 (11.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

我在考虑怎么实现一个tun代理, 但是路由这步一直搞不定。希望能从你的路由配置里面找到点思路，但是一直跑不起来

The procedure followed on server and client was like this:

Server

1. Set up DNS A record for server www.example.com
2. SSH into server as root
3. Install Nginx
4. Install certbot and python3-certbot-nginx
5. Obtain SSL certificate for Nginx certbot --nginx -d www.example.com
6. Download wget https://github.com/net-byte/vtun/releases/download/v1.4.7/vtun-linux-amd64
7. Make executable chmod +x vtun-linux-amd64
8. echo 1 > /proc/sys/net/ipv4/ip_forward
9. sysctl -p
10. Masquerade IP address iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -o ens3 -j MASQUERADE
11. Run ./vtun-linux-amd64 -S -l=:3001 -c=172.16.0.1/24 -k=szqIOqNMb9Q8IAxm -path "/ycds09kr"
12. Leave vtun ws server running in terminal

Client

1. cd ~/Downloads
2. wget https://github.com/net-byte/vtun/releases/download/v1.4.7/vtun-linux-amd64
3. sudo chmod +x vtun-linux-amd64
4. sudo ./vtun-linux-amd64 -l=:3000 -s=www.example.com:3001 -c=172.16.0.10/24 -k=szqIOqNMb9Q8IAxm -path "/ycds09kr"

Result

A message appeared on the client:

[client] failed to dial websocket wss://www.example.com:3001/ycds09kr tls: first record does not look like a TLS handshake

start client with

vtun  -l :3000 -s [2002:12f0:5:184d:5400:1ff:fe41:1135]:3000 -c 172.16.0.10/24

add ipv6 route failed:

2022/08/25 18:21:49 interface created tun0
2022/08/25 18:21:49 exec /sbin/ip [link set dev tun0 mtu 1500]
2022/08/25 18:21:49 exec /sbin/ip [addr add 172.16.0.10/24 dev tun0]
2022/08/25 18:21:49 exec /sbin/ip [-6 addr add fced:9999::9999/64 dev tun0]
2022/08/25 18:21:49 exec /sbin/ip [link set dev tun0 up]
2022/08/25 18:21:49 exec /sbin/ip [route add 0.0.0.0/1 dev tun0]
2022/08/25 18:21:49 exec /sbin/ip [-6 route add ::/1 dev tun0]
2022/08/25 18:21:49 exec /sbin/ip [route add 128.0.0.0/1 dev tun0]
2022/08/25 18:21:49 exec /sbin/ip [route add 8.8.8.8/32 via 10.0.1.254 dev eth0]
2022/08/25 18:21:49 failed to exec cmd: exit status 2
2022/08/25 18:21:49 exec /sbin/ip [-6 route add 2002:12f0:5:184d:5400:1ff:fe41:1135/64 via 192.168.1.1 dev eth0]
2022/08/25 18:21:49 failed to exec cmd: exit status 1
2022/08/25 18:21:49 interface configured tun0
2022/08/25 18:21:49 vtun udp client started on :3000

should read ipv6 gateway from /proc/net/ipv6_route ref

Not sure if it will help much but here is a link to another vpn windows applications. Maybe it includes something useful that would help you build one?

https://github.com/xitongsys/pangolin-win

Wireguard - 100mbps
Vtun udp -5-30mbps

使用心跳包保持连接，断开重连。

vpn协议 网卡读取的数据包， 如何解析出获取访问的域名？客户端后服务端能实现么？感谢！

Can someone who got this running make a better installation wiki, If there is the need for caddy for websocket etc. As the instruction is not ordinary users friendly.
This woukd be appreciated.

Thanks all..

如题，可以降低延迟

When trying to setup this for the first time, I greatly missed some feedback on where things failed. A -v option with some feedback like 'connection from x.x.x.x', 'rejected, wrong key' etc would have been really helpful.

perhaps even some statistics printed periodically? like active connections, bytes transferred in/out etc

我用的ubuntu18测试，客户端 ping 服务端可以成功 但是

始终没办法连上公网？
这是server端的

root@ubuntu:~# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  172.16.0.0/24        0.0.0.0/0

client端 非global模式（global时所有路由都走tun0了 连服务端都连不上）

root@ubuntu:~# curl --interface tun0 ip.sb
无任何相应

对软件做了输出

服务端有收到客户端的请求 但是没有进行响应（ping的时候不但有请求 也有相应）