安卓手机 sing-box 和 tailscale 共存配置参考
一开始折腾 Clash-Meta 和 tailscaled-socks5-android 浪费了很多时间,指定 Userspace networking mode 的 socks5 代理出口一直报错:
dial tail-socks match IPCIDR/100.64.0.0/10 --> error: context deadline exceeded
172.19.0.1:41221 -> 100.170.x.x:9801 io/timeout
测试版本:Android 15 + SFA 1.14.0-alpha.15 、Windows-amd64 + SFA 1.13.9
基础配置来源:OkProxyConf Sing-Box Generator,修改 outbounds 和 endpoint 的配置
重点:
- sing-box inbounds 的 tun 不能加 route_exclude_address,加了的话
100.64.0.0/10会走直连不经过 tun (和 Windows 上的 Clash 配置有区别,被坑了) - 要访问自己的子网设备,route -> rules 的 IPCIDR 要加上自己的内网网段( 192.168.x.x/16),不然规则往下匹配会走直连
配置参考:
{
"$schema": "https://raw.githubusercontent.com/xmdhs/sing-box-generate-schema/refs/heads/master/schema.generated.json",
"log": {
"disabled": false,
"level": "error",
"timestamp": true
},
"dns": {
"strategy": "prefer_ipv4",
"servers": [
{
"tag": "dns_remote",
"type": "https",
"server": "1.1.1.1",
"detour": "proxy"
},
{
"tag": "dns_cn",
"type": "https",
"server": "223.5.5.5"
},
{
"tag": "dns_local",
"type": "udp",
"server": "223.5.5.5"
},
{
"tag": "dns_fakeip",
"type": "fakeip",
"inet4_range": "198.18.0.0/15",
"inet6_range": "fc00::/18"
}
],
"rules": [
{
"clash_mode": "direct",
"server": "dns_cn"
},
{
"clash_mode": "global",
"server": "dns_remote"
},
{
"rule_set": "geosite-cn",
"server": "dns_cn"
},
{
"query_type": [
"A",
"AAAA"
],
"rule_set": "geosite-geolocation-!cn",
"server": "dns_fakeip"
}
],
"final": "dns_remote"
},
"inbounds": [
{
"tag": "tun-in",
"type": "tun",
"address": [
"172.19.0.1/30",
"fdfe:dcba:9876::1/126"
],
"mtu": 9000,
"auto_route": true,
"strict_route": true,
"stack": "mixed"
},
{
"tag": "mixed-in",
"type": "mixed",
"listen": "127.0.0.1",
"listen_port": 7890
}
],
"experimental": {
"clash_api": {
"external_controller": "127.0.0.1:9095",
"external_ui": "ui",
"external_ui_download_url": "https://gh-proxy.com/https://github.com/Zephyruso/zashboard/archive/refs/heads/gh-pages.zip",
"external_ui_download_detour": "direct"
},
"cache_file": {
"enabled": true,
"path": "cache.db"
}
},
"outbounds": [
{
"tag": "proxy",
"type": "selector",
"default": "urltest",
"outbounds": [
"urltest",
"hysteria2",
"tls-reality"
]
},
{
"tag": "urltest",
"type": "urltest",
"outbounds": [
"hysteria2",
"tls-reality"
]
},
{
"password": "",
"server": "",
"server_port": 443,
"tag": "hysteria2",
"tls": {
"enabled": true,
"server_name": ""
},
"type": "hysteria2"
},
{
"server": "",
"server_port": 443,
"tag": "tls-reality",
"tls": {
"enabled": true,
"server_name": "www.visa.com.hk",
"utls": {
"enabled": true,
"fingerprint": "chrome"
},
"reality": {
"enabled": true,
"public_key": "",
"short_id": ""
}
},
"type": "vless",
"uuid": "",
"flow": "xtls-rprx-vision"
}
],
"endpoints": [
{
"type": "tailscale",
"tag": "tailscale-in",
"auth_key": "",
"accept_routes": true,
"system_interface": false,
"udp_timeout": "1m"
}
],
"route": {
"default_domain_resolver": {
"server": "dns_local"
},
"rules": [
{
"domain_suffix": [
"ts.net"
],
"outbound": "tailscale-in"
},
{
"ip_cidr": [
"100.64.0.0/10",
"fd7a:115c:a1e0::/48",
"192.168.31.1/24"
],
"outbound": "tailscale-in"
},
{
"action": "sniff",
"sniffer": [
"http",
"tls",
"quic",
"dns"
],
"timeout": "500ms"
},
{
"type": "logical",
"mode": "or",
"rules": [
{
"port": 53
},
{
"protocol": "dns"
}
],
"action": "hijack-dns"
},
{
"ip_is_private": true,
"action": "route",
"outbound": "direct"
},
{
"rule_set": [
"geosite-category-ads-all"
],
"action": "reject"
},
{
"clash_mode": "Global",
"action": "route",
"outbound": "proxy"
},
{
"clash_mode": "Direct",
"action": "route",
"outbound": "direct"
},
{
"type": "logical",
"mode": "and",
"rules": [
{
"rule_set": "geosite-geolocation-!cn"
},
{
"invert": true,
"rule_set": [
"geosite-cn"
]
}
],
"action": "route",
"outbound": "proxy"
},
{
"rule_set": [
"geosite-cn"
],
"action": "route",
"outbound": "direct"
},
{
"rule_set": [
"geoip-cn"
],
"action": "route",
"outbound": "direct"
}
],
"auto_detect_interface": true,
"rule_set": [
{
"tag": "geosite-category-ads-all",
"type": "remote",
"format": "binary",
"url": "https://ghfast.top/https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/sing/geo/geosite/category-ads-all.srs"
},
{
"tag": "geoip-cn",
"type": "remote",
"format": "binary",
"url": "https://ghfast.top/https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/sing/geo/geoip/cn.srs"
},
{
"tag": "geosite-cn",
"type": "remote",
"format": "binary",
"url": "https://ghfast.top/https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/sing/geo/geosite/cn.srs"
},
{
"tag": "geosite-geolocation-!cn",
"type": "remote",
"format": "binary",
"url": "https://ghfast.top/https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/sing/geo/geosite/geolocation-!cn.srs"
}
]
}
}
以下报错是正常的,不用管:
missing Tailscale IPv4 address 报错
implicit default HTTP client using default outbound for remote rule-sets is deprecated ,https://github.com/SagerNet/sing-box/issues/4051 说在 1.14-alpha 修了,但是启动还是会提示
REF: