Shadowsocks-libev-ss-redir not working

Yesterday, I upgraded openwrt to 18.06.1,and installed shadowsocks-libev series components. The ss-local and ss-tunnel is running correctly, but ss-redir is not working as I expected. The versions of the mentioned components are as following:
luci-app-shadowsocks-libev - git-18.247.71242-9541751-1
shadowsocks-libev-config - 3.1.3-2
shadowsocks-libev-ss-local - 3.1.3-2
shadowsocks-libev-ss-redir - 3.1.3-2
shadowsocks-libev-ss-rules - 3.1.3-2
shadowsocks-libev-ss-tunnel - 3.1.3-2
Is the openwrt 18.06.1 is not compatible with ss-redir/ss-rules 3.1.3-2 ?
Any help is appreciated.

Hey fasthorse, it's been 25d since you posted, did you get it working?

I'm using the same versions as you and ss-redir is working fine for me.

I'm just having some trouble getting the DNS traffic to go through the VPN. Please let me know if you figured that one out :sweat_smile:

I met the same problem, too. The transparent proxy doesn't work on some HTTPS sites(e.g. Google, facebook). I even tried https://github.com/shadowsocks/luci-app-shadowsocks, which I used in earlier versions. All the settings are the same, but it doesn't work, same situation.

I am not sure if it is an OpenWrt bug or shadowsocks-libev bug

I got the same exact problem too. Most of the https sites work, but Facebook, Twitter, Google and etc. don't. My OpenWrt is 18.06.2. shadowsocks-libev-ss-tunnel - 3.1.3-3.

But if I don't use the transparent proxy ss-redir and use ss-local, all these sites work. I suspect it's due to the DNS pollution problem, and something is over-writing the ss-tunnel.

1 Like

Very likely a DNS issue, but not likely that something is hijacking ss-tunnel. There are a few things to check and try

  • Does it work if you add 8.8.8.8 to list of dst_ips_forward and configure your host to use static dns 8.8.8.8
  • How do you configure /etc/config/dhcp to tell dnsmasq to use the tunneled dns service
  • What the result of doing dig twitter.com
  • What the result of doing dig @ss-tunnel-listen-ip -p ss-tunnel-listen-port twitter.com