It doesn't work properly when use global proxy to breach the Great Firewal, Cloudflare + Xray(V2ray)

My device is GL-iNet, version is "OpenWrt 21.02.1 r16325-88151b8303", I use XRAY (V2ray compatible), through cloudflare's CDN to pass the Great Firewall in China. Now I'm trying to set up a global proxy in OpenWrt to breach the Great Firewall (I can breach the Great Firewall normally with socks).

I checked a lot of information, according to the information on the Internet to configure: stop dnsmasq, use xray to handle all the DNS of port 53.

At first it's OK (with "curl google.com"), but after a minute or so, it can not access the Internet.

The "firewall" settings in OpenWrt have not been changed, and "net.ipv4.ip_forward=1" has been set correctly.

I don't know if the information on the internet is outdated or if my device is special, I hope someone can help point out the problem.

My iptables configuration:

ip rule add fwmark 1 table 100
ip route add local 0.0.0.0/0 dev lo table 100

iptables -t mangle -N XRAY
iptables -t mangle -A XRAY -d 223.5.5.5/32 -j RETURN
iptables -t mangle -A XRAY -d 1.0.0.1/32 -j RETURN
iptables -t mangle -A XRAY -d 1.1.1.1/32 -j RETURN
iptables -t mangle -A XRAY -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY -d 127.0.0.0/8 -p udp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A XRAY -d 192.0.0.0/24 -j RETURN
iptables -t mangle -A XRAY -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A XRAY -d 192.168.0.0/16 -p tcp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY -p tcp -j TPROXY --on-port 12346 --tproxy-mark 1
iptables -t mangle -A XRAY -p udp -j TPROXY --on-port 12346 --tproxy-mark 1
iptables -t mangle -A PREROUTING -j XRAY

#Cloudflare’s IPs, My v2ray is behide cloudflare
iptables -t mangle -A XRAY -d 173.245.48.0/20 -j RETURN
iptables -t mangle -A XRAY -d 103.21.244.0/22 -j RETURN
iptables -t mangle -A XRAY -d 103.22.200.0/22 -j RETURN
iptables -t mangle -A XRAY -d 103.31.4.0/22 -j RETURN
iptables -t mangle -A XRAY -d 141.101.64.0/18 -j RETURN
iptables -t mangle -A XRAY -d 108.162.192.0/18 -j RETURN
iptables -t mangle -A XRAY -d 190.93.240.0/20 -j RETURN
iptables -t mangle -A XRAY -d 188.114.96.0/20 -j RETURN
iptables -t mangle -A XRAY -d 197.234.240.0/22 -j RETURN
iptables -t mangle -A XRAY -d 198.41.128.0/17 -j RETURN
iptables -t mangle -A XRAY -d 162.158.0.0/15 -j RETURN
iptables -t mangle -A XRAY -d 104.16.0.0/13 -j RETURN
iptables -t mangle -A XRAY -d 104.24.0.0/14 -j RETURN
iptables -t mangle -A XRAY -d 172.64.0.0/13 -j RETURN
iptables -t mangle -A XRAY -d 131.0.72.0/22 -j RETURN

iptables -t mangle -N XRAY_SELF
iptables -t mangle -A XRAY_SELF -d 10.0.0.0/8 -j RETURN
iptables -t mangle -A XRAY_SELF -d 100.64.0.0/10 -j RETURN
iptables -t mangle -A XRAY_SELF -d 127.0.0.0/8 -p udp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY_SELF -d 169.254.0.0/16 -j RETURN
iptables -t mangle -A XRAY_SELF -d 172.16.0.0/12 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.0.0.0/24 -j RETURN
iptables -t mangle -A XRAY_SELF -d 224.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY_SELF -d 240.0.0.0/4 -j RETURN
iptables -t mangle -A XRAY_SELF -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.168.0.0/16 -p tcp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY_SELF -d 192.168.0.0/16 -p udp ! --dport 53 -j RETURN
iptables -t mangle -A XRAY_SELF -m mark --mark 0xff -j RETURN
iptables -t mangle -A XRAY_SELF -p tcp -j MARK --set-mark 1
iptables -t mangle -A XRAY_SELF -p udp -j MARK --set-mark 1
iptables -t mangle -A XRAY_SELF -d 1.0.0.1/32 -j RETURN
iptables -t mangle -A XRAY_SELF -d 1.1.1.1/32 -j RETURN

#Cloudflare’s IPs, My v2ray is behide cloudflare
iptables -t mangle -A XRAY_SELF -d 173.245.48.0/20 -j RETURN
iptables -t mangle -A XRAY_SELF -d 103.21.244.0/22 -j RETURN
iptables -t mangle -A XRAY_SELF -d 103.22.200.0/22 -j RETURN
iptables -t mangle -A XRAY_SELF -d 103.31.4.0/22 -j RETURN
iptables -t mangle -A XRAY_SELF -d 141.101.64.0/18 -j RETURN
iptables -t mangle -A XRAY_SELF -d 108.162.192.0/18 -j RETURN
iptables -t mangle -A XRAY_SELF -d 190.93.240.0/20 -j RETURN
iptables -t mangle -A XRAY_SELF -d 188.114.96.0/20 -j RETURN
iptables -t mangle -A XRAY_SELF -d 197.234.240.0/22 -j RETURN
iptables -t mangle -A XRAY_SELF -d 198.41.128.0/17 -j RETURN
iptables -t mangle -A XRAY_SELF -d 162.158.0.0/15 -j RETURN
iptables -t mangle -A XRAY_SELF -d 104.16.0.0/13 -j RETURN
iptables -t mangle -A XRAY_SELF -d 104.24.0.0/14 -j RETURN
iptables -t mangle -A XRAY_SELF -d 172.64.0.0/13 -j RETURN
iptables -t mangle -A XRAY_SELF -d 131.0.72.0/22 -j RETURN
iptables -t mangle -A OUTPUT -j XRAY_SELF

My xray configuration (similar to v2ray, compatible):

{
  "log": {"loglevel": "debug"
  },
  "inbounds": [
    {
      "port": 12345,
      "protocol": "socks",
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ]
      }
    },
    {
      "tag": "all-in",
      "port": 12346,
      "protocol": "dokodemo-door",
      "settings": {
        "network": "tcp,udp",
        "followRedirect": true
      },
      "sniffing": {
        "enabled": true,
        "destOverride": ["http", "tls"]
      },
      "streamSettings": {
        "sockopt": {
          "tproxy": "tproxy"
        }
      }
    }  
  ],
  "outbounds": [{
	"tag": "proxy",
    "protocol": "vless",
    "settings": {
      "vnext": [{
        "address": "XXXXXXX",
        "port": 443,
        "users": [{
          "id": "XXXXXXXX",
          "encryption": "none"
        }]
      }]
    },
    "streamSettings": {
      "network": "grpc",
      "security": "tls",	  
      "grpcSettings": {
		  "serviceName": "XXXXXXXXX",
		  "multiMode": true
	  },
	  "sockopt": {
		"mark": 255,
	  	"tcpFastOpen": true
	  },
	  "tlsSettings": {
	    "serverName": "XXXXXXXXX",
		"minVersion": "1.3"
	  }
    }
  },
  
      {
      "tag": "direct",
      "protocol": "freedom",
      "streamSettings": {
        "sockopt": {
          "mark": 255
        }
      }
    },
    {
      "tag": "block",
      "protocol": "blackhole",
      "settings": {
        "response": {
          "type": "http"
        }
      }
    },	
	{
      "tag": "dns-out",
      "protocol": "dns",
      "streamSettings": {
        "sockopt": {
          "mark": 255
        }
      }
    }
  
  ],

  "dns": {
    "servers": [
	  "https+local://1.0.0.1/dns-query",
      "https+local://1.1.1.1/dns-query"
    ]
  },
  
  
    "routing": {
    "domainStrategy": "IPIfNonMatch",
    "rules": [
      {
          "type": "field",
          "inboundTag": [
              "all-in"
          ],
		  "port": 53,
		  "network": "udp",
          "outboundTag": "dns-out"
      },
      {
        "type": "field",
        "ip": ["8.8.8.8", "1.1.1.1", "1.0.0.1"],
        "outboundTag": "proxy"
      },
      {
        "type": "field",
        "domain": ["geosite:category-ads-all"],
        "outboundTag": "block"
      },
    {
      "type": "field",
      "ip": ["geoip:private"],
      "outboundTag": "direct"
    },
      {
        "type": "field",
        "domain": ["geosite:geolocation-!cn"],
        "outboundTag": "proxy"
      }
	]
	}
}

英语不是太好,中文如下,配置见上:

我的设备是GL-iNet的,版本是“OpenWrt 21.02.1 r16325-88151b8303”,我使用XRAY(兼容V2ray),通过cloudflare的CDN来翻墙。现在正在尝试设置全局代理的方式来翻墙(用socks可以正常翻墙)。

我查询了很多资料,按照网上的信息来配置,停止了dnsmasq,用xray来处理所有53端口的DNS。

刚开始可以正常使用(用"curl google.com",正常),但过了一分钟左右,就无法上网了。

“防火墙”设置并未更改,已经正确设置"net.ipv4.ip_forward=1",

不知道是网上的资料已经过时,还是自己设备比较特殊,希望有人能帮助指出问题所在。