Git Product home page Git Product logo

homeproxy's Introduction

- Subscription page slow response with a large number of nodes
- Refactor nft rules
- Move ACL settings to a dedicated page
- Any other improvements

homeproxy's People


 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar


 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

homeproxy's Issues

Suggestion for Hysteria 2 Support

Considering that Sing-Box version 1.5.0 supports Hysteria 2, it would be great if HomeProxy could also incorporate Hysteria 2 support into its client proxy.


ECH Protocol Option Missing in HomeProxy LuCI UI

In the LuCI UI for HomeProxy, I cannot find an option to enable the ECH protocol in the node settings while TLS is enabled.

HomeProxy version: git-23.356.21884-c03d6fb

Based on this code in node.js , I was expecting to find an ECH option in the LuCI UI of HomeProxy:

if (features.with_ech) {
			so = ss.option(form.Flag, 'tls_ech', _('Enable ECH'),
				_('ECH (Encrypted Client Hello) is a TLS extension that allows a client to encrypt the first part of its ClientHello message.'));
			so.depends('tls', '1');
			so.default = so.disabled;
			so.modalonly = true;

			so = ss.option(form.Flag, 'tls_ech_tls_disable_drs', _('Disable dynamic record sizing'));
			so.depends('tls_ech', '1');
			so.default = so.disabled;
			so.modalonly = true;

			so = ss.option(form.Flag, 'tls_ech_enable_pqss', _('Enable PQ signature schemes'));
			so.depends('tls_ech', '1');
			so.default = so.disabled;
			so.modalonly = true;

			so = ss.option(form.Value, 'tls_ech_config', _('ECH config'));
			so.depends('tls_ech', '1');
			so.modalonly = true;

HTTP Transport Method in Node Setup Incorrectly Lowercased

In the node setup section, when configuring transport settings for nodes with the HTTP method, there seems to be a bug. The expected behavior is that the HTTP method should be in the uppercase format (e.g., "GET", "PUT", "POST") in the single-box JSON. However, when selecting an HTTP type (e.g., PUT), homeproxy generates it in lowercase format (e.g., "put"). This results in the node not receiving traffic due to the method case mismatch.

Allow for two DNS servers and non-standard port as supported by chinadns-ng

Currently, only one DNS server is allowed for both dns_server and china_dns_server, and specification of non-standard port is not possible in LuCI.
But in fact, chinadns-ng allows up to two DNS servers for both trust-dns and china-dns, and allows non-standard port.
Setting two DNS servers can increase stability compared with one server in case it fails. Non-standard port may be necessary for some use cases, e.g., DNS over HTTPS as implemented by https-dns-proxy.
As a workaround, it is possible to use UCI command to achieve the goal, for example:

uci set homeproxy.config.china_dns_server=','

And it works as expected. However, the input value is not considered as a valid IP address in LuCI, making it not possible to further modify other settings in LuCI.
It will be great if such setting can be allowed in future versions.

Issues with Apple Push Notification and iMessage Services in HomeProxy

I am experiencing problems with certain services, such as Apple Push Notification and iMessage, when using HomeProxy. These services are not functioning correctly, and I suspect the issue might be related to DNS settings. The following log entries were observed:

+0000 2023-12-15 20:01:53 DEBUG [160452879 10.13s] inbound/direct[dns-in]: connection closed: io: read/write on closed pipe | upstream: context canceled
+0000 2023-12-15 20:01:53 DEBUG [2821943100 10.13s] inbound/direct[dns-in]: connection closed: io: read/write on closed pipe | upstream: context canceled

I have tested this setup on multiple servers and believe the issue is on the client side. The same configuration and server work as expected on PC and mobile devices.

The issues started after updating to the latest version of HomeProxy. Prior to this update, I did not encounter these problems.

HomeProxy Version: git-23.334.31490-78704df
Sing-box Version: 1.7.1

UDP 不工作,无法连接上国外游戏

服务端是使用 shadowsocks-rust 1.15.3 部署的,服务端的配置:

	"servers": [
			"server_port": 4455,
			"server": "",
			"password": "mypassword",
			"mode": "tcp_and_udp",
			"method": "aes-256-gcm",
			"timeout": 300
	"security": {
		"replay_attack": {
			"policy": "detect"
	"udp_timeout": 120,
	"no_delay": true,
	"keep_alive": 30,
	"fast_open": true

这是在 HomeProxy 的设置:


同样的节点,它在 ssrp 上工作(NatTypeTester 显示为fullcone,并且国外游戏正常进行),这是在ssrp 上的配置填写:


不知道 HomeProxy 的 Shadowsocks 和 ShadowSocksR_Plus+ 的 Shadowsocks New Version 是否通用的,如果是不通用的话,我应该通过什么工具去部署一个适用于 HomeProxy UDP 使用的节点?



但是相同的singbox配置,在自定义路由模式时,国内组dns无法指定端口号了,连接检查中的百度检测失败,且singbox log有关于dns的报错,如果国内组dns直接设为运营商dns,发现打开国内网站的速度相比白名单模式时明显减慢。


server settings, HTTP/SOCKS等必须设置username & psasword

版本: 基于4.18日的master自己build
不知道是否有使用上的错误, 在配置server settings里面的http/socks代理时, username & password是必填项
但是某些情况下, 需要认证的代理使用起来不是很方便


Enhancement: specify chnlist-file for chinadns-ng

Currently, only the gfwlist-file is specified for chinadns-ng, but not the chnlist-file. This may cause suboptimal DNS resolution for some websites. For example:

  • Current behavior: since is in gfwlist-file, is resolved by trust-dns with proxy to a foreign IP address.
  • After specifying chnlist-file: since is in chnlist-file, is resolved by a DNS server in China to a China IP address.


DNS 服务器/国内 DNS 服务器 应该选择【禁用】还是选择【使用 WAN 下发的 DNS】才会把解析权交给mosdns使用呢?

node config

  1. the pre-shared-key option is not required for wireguard.
  2. the value for the wireguard's MTU has the quatation marks in sing-box-c.json.

大陆白名单路由模式 似乎不支持 代理域名列表?


代理机器 ping:

➜  ~ ping               
PING ( 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=118 time=7.70 ms
64 bytes from ( icmp_seq=2 ttl=118 time=11.1 ms
--- ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 7.704/9.397/11.090/1.693 ms

查看 sing-box 运行时配置文件(/var/run/homeproxy/sing-box.json)似乎也没有相应配置。

Homeproxy Not Functioning with Load Balancing Enabled in mwan3 Configuration

I have encountered an issue where homeproxy does not function as expected when load balancing is enabled in my mwan3 configuration. The issue is as follows:

config member 'wan_member'
    option interface 'wan'
    option metric '1'
    option weight '1'

config member 'wanb_member'
    option interface 'wanb'
    option metric '1'
    option weight '1'

config rule 'default_rule_v4'
    option dest_ip ''
    option use_policy 'load_balanced'
    option family 'ipv4'
    option proto 'all'
    option sticky '0'

config policy 'load_balanced'
    list use_member 'wan_member'
    list use_member 'wanb_member'
    option last_resort 'unreachable'

I expected homeproxy to work seamlessly alongside load balancing, allowing traffic to be load-balanced between the wan and wanb interfaces for other general network traffic.

However, the actual behavior is that homeproxy is completely blocked and can't send any packet.

+0000 2023-09-27 20:59:18 ERROR [3319903261 1.25s] inbound/redirect[redirect-in]: process connection from dial tcp connect: no route to host
+0000 2023-09-27 20:59:21 ERROR [3606825731 1.13s] inbound/redirect[redirect-in]: process connection from dial tcp connect: no route to host
+0000 2023-09-27 20:59:21 ERROR [3620684452 2.97s] inbound/redirect[redirect-in]: process connection from dial tcp connect: no route to host

of course, when disabling homeproxy, load-balancing works correctly.

Feature Request: Add Support for SSH Type Outband

I am writing to request the addition of "ssh" type outband to HomeProxy's existing options, which would significantly enhance its functionality for users in certain regions.

The JSON format for this "ssh" outband would look something like this:

    "type": "ssh"
    "tag": "ssh-out",
    "server": "server-address",
    "server_port": 2222,
    "user": "ed353c36-57dc-4f0c-b545-229cbb0c4b81",
    "private_key": "-----BEGIN OPENSSH PRIVATE KEY-----\n[...]\n-----END OPENSSH PRIVATE KEY-----\n",
    "host_key": [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBmeOGQXgbEwO4EMt+IW6OFiXnFugh8KBq3uYY5OqBGO",
        "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFTyzHf6aGR+GXPphhMhtshK/YN1kzhFrZbQa/HIQH5/QUXbUq+MHZ5nRN/Ej5o5XLchWQIDvnb77omOOpCx004="

I know this method is entirely custom and does not have standard share links, but it would be great if users could select and add these custom fields through the LuCI UI.

I live not in Mainland China but in Iran. In our country, this method of connection is very stable and secure. Adding this feature would greatly benefit users in regions with similar network constraints.

Thank you for considering this feature request. Your work on HomeProxy is greatly appreciated, and this addition would make it even more valuable for users like me.


�[31mFATAL�[0m[0000] parse outbound[3]: unsupported usage for uTLS
2023-03-19 19:11:01 [DAEMON] Error: wrong configuration detected.
2023-03-19 19:11:49 [DAEMON] Reloading service...
2023-03-19 19:11:55 [DAEMON] Service stopped.
2023-03-19 19:12:24 [DAEMON] Reloading service...
2023-03-19 19:12:29 [DAEMON] Service stopped.

Import json config for shadowtls

Hello, I wanted to know if it is possible to manually import the json configuration file because there is no way to run shadowtls.
Thanks alot.

TCP Brutal 配置生成错误

[31mFATAL�[0m[0000] decode config at /var/run/homeproxy/sing-box-c.json: outbound options: json: cannot unmarshal string into Go struct field BrutalOptions.multiplex.brutal.up_mbps of type int










局域网内有 设备A 和 设备B


开启homeproxy 在访问控制中 LAN IP 策略设置 代理过滤模式 设置为 仅允许列表内。设置允许的地址为设备A。








tun模式用 trojan节点不能科学上网,redirect tcp模式正常。
OpenWrt 23.05-SNAPSHOT r23404-56827dac01 / LuCI openwrt-23.05 branch git-23.247.03875-7ade929
sing-box | 1.5.0-beta.2-1
chinadns-ng | 2023.06.01-1
luci-app-homeproxy git-23.236.37245-01ed8c9


1,因为家里的路由器,怕更新了,sing-box1.8+ geosite移除了,还要重新配置

Cannot install package "luci-app-homeproxy" . . .

Hi . . .

I know it's not good to ask this question here, but no one really helped me. Thank you for helping me as a homeproxy developer.

I use the "kenzok8/small-package" package to build the "coolsnowwolf/lede" firmware. But when I added Luci-app-homeproxy, which uses Sing-Box kernel, to my package list, I encountered the following error.

Collected errors:
 * check_data_file_clashes: Package firewall4 wants to install file /home/m33ft/LEDE_RaspberryPi.4B/build_dir/target-aarch64_cortex-a72_musl/root-bcm27xx/etc/hotplug.d/iface/20-firewall
	But that file is already provided by package  * firewall
 * check_data_file_clashes: Package firewall4 wants to install file /home/m33ft/LEDE_RaspberryPi.4B/build_dir/target-aarch64_cortex-a72_musl/root-bcm27xx/etc/init.d/firewall
	But that file is already provided by package  * firewall
 * check_data_file_clashes: Package firewall4 wants to install file /home/m33ft/LEDE_RaspberryPi.4B/build_dir/target-aarch64_cortex-a72_musl/root-bcm27xx/sbin/fw3
	But that file is already provided by package  * firewall
 * opkg_install_cmd: Cannot install package firewall4.
 * check_data_file_clashes: Package firewall4 wants to install file /home/m33ft/LEDE_RaspberryPi.4B/build_dir/target-aarch64_cortex-a72_musl/root-bcm27xx/etc/hotplug.d/iface/20-firewall
	But that file is already provided by package  * firewall
 * check_data_file_clashes: Package firewall4 wants to install file /home/m33ft/LEDE_RaspberryPi.4B/build_dir/target-aarch64_cortex-a72_musl/root-bcm27xx/etc/init.d/firewall
	But that file is already provided by package  * firewall
 * check_data_file_clashes: Package firewall4 wants to install file /home/m33ft/LEDE_RaspberryPi.4B/build_dir/target-aarch64_cortex-a72_musl/root-bcm27xx/sbin/fw3
	But that file is already provided by package  * firewall
 * opkg_install_cmd: Cannot install package luci-app-homeproxy.
make[2]: *** [package/Makefile:70: package/install] Error 255
make[2]: Leaving directory '/home/m33ft/LEDE_RaspberryPi.4B'
make[1]: *** [package/Makefile:111: /home/m33ft/LEDE_RaspberryPi.4B/staging_dir/target-aarch64_cortex-a72_musl/stamp/.package_install] Error 2
make[1]: Leaving directory '/home/m33ft/LEDE_RaspberryPi.4B'
make: *** [/home/m33ft/LEDE_RaspberryPi.4B/include/ world] Error 2

What I understood is that the homeproxy package uses Firewall 4 based on nftables which is supported by OpenWrt version 22.03, but here it is Firewall 3 !!!

You can see my ".config" file for RaspberryPi.4B here.

Thank you for your guidance.

[Feature Request] Selector and URLTest for Routing Nodes

在自定义路由模式下,给路由节点添加 “类型” 属性,可选择 Selector 和 URLTest 两种类型的路由节点,下方的节点选项可以选择多个节点。

这样可以直接利用 sing-box 的 Selector 和 URLTest 出站,同时也能再当前路由节点所选择的节点不可用的情况下实现自动切换。



Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.