[问题报告 BUG] WebRTC泄露本机真实IPV6地址，即使配置中屏蔽了也不起作用

[lizhiliao]

问题描述

WebRTC泄露本机真实IPV6地址，同一份配置在Android端FlClash可以正常屏蔽不泄露。即使配置中将IPV6、STUN端口、UDP屏蔽了也不起作用。

基本信息

• 系统类型：HarmonyOS NEXT
• 设备型号：HUAWEI Mate 80 Pro
• 系统版本：6.0.0.130 SP26
• 软件版本：1.7.4(1007047) Release
• 内核版本：两种内核皆如此

截图

内容补充

配置如下：

allow-lan: false
find-process-mode: strict
mode: rule
log-level: info
ipv6: true

external-controller: 127.0.0.1:9090
external-ui: ui
external-ui-url: "https://github.com/zephyruso/zashboard/releases/latest/download/dist.zip"

disable-keep-alive: false
unified-delay: false
tcp-concurrent: true

profile:
  store-selected: true
  store-fake-ip: true

sniffer:
  enable: true
  sniff:
    HTTP:
      ports: [80, 8080-8880]
      override-destination: true
    TLS:
      ports: [443, 8443]
    QUIC:
      ports: [443, 8443]

tun:
  enable: true
  stack: mixed
  auto-detect-interface: true
  dns-hijack:
    - any:53
    - tcp://any:53
  auto-route: true
  mtu: 9000
  strict-route: true

dns:
  enable: true
  use-hosts: false
  use-system-hosts: false
  ipv6: true
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  fake-ip-range6: fdfe:dcba:9876::1/64
  default-nameserver:
    - 119.29.29.29
  nameserver:
    - https://dns.google/dns-query
  proxy-server-nameserver:
    - https://doh.pub/dns-query
  direct-nameserver:
    - https://doh.pub/dns-query
  respect-rules: true

proxies:
- name: "全球直连"
  type: direct
  udp: true
  ip-version: ipv6-prefer
- name: "vless-out"
  type: vless
  udp: true
  ip-version: ipv4-prefer
  server: 服务器IP
  port: 443
  uuid: UUID
  packet-encoding: xudp
  tls: true
  servername: 域名
  client-fingerprint: chrome
  reality-opts:
    public-key: 
    short-id: 
  smux:
    enabled: true
    protocol: h2mux
    padding: true
    brutal-opts:
      enabled: true
      up: 50
      down: 500

proxy-groups:
  - name: 节点选择
    type: select
    proxies: 
      - vless-out

rule-providers:
  DustinWin-Ads:
    type: http
    behavior: ipcidr
    format: mrs
    url: "https://github.com/DustinWin/ruleset_geodata/raw/mihomo-ruleset/ads.mrs"
    interval: 86400
    proxy: 节点选择
  geoip-cn:
    type: http
    behavior: ipcidr
    format: mrs
    url: "https://github.com/MetaCubeX/meta-rules-dat/raw/meta/geo/geoip/cn.mrs"
    interval: 86400
    proxy: 节点选择
  geoip-private:
    type: http
    behavior: ipcidr
    format: mrs
    url: "https://github.com/MetaCubeX/meta-rules-dat/raw/meta/geo/geoip/private.mrs"
    interval: 86400
    proxy: 节点选择
  geosite-cn:
    type: http
    behavior: domain
    format: mrs
    url: "https://github.com/MetaCubeX/meta-rules-dat/raw/meta/geo/geosite/cn.mrs"
    interval: 86400
    proxy: 节点选择
  geosite-geolocation-!cn:
    type: http
    behavior: domain
    format: mrs
    url: "https://github.com/MetaCubeX/meta-rules-dat/raw/meta/geo/geosite/geolocation-!cn.mrs"
    interval: 86400
    proxy: 节点选择
  geosite-private:
    type: http
    behavior: domain
    format: mrs
    url: "https://github.com/MetaCubeX/meta-rules-dat/raw/meta/geo/geosite/private.mrs"
    interval: 86400
    proxy: 节点选择

rules:
  - DST-PORT,853,REJECT

  # 屏蔽 STUN 标准端口 (UDP/TCP)
  - DST-PORT,3478,REJECT
  - DST-PORT,3479,REJECT
  - DST-PORT,5349,REJECT

  - RULE-SET,DustinWin-Ads,REJECT

  - RULE-SET,geosite-private,全球直连
  - RULE-SET,geoip-private,全球直连,no-resolve

  - RULE-SET,geosite-cn,全球直连

  - RULE-SET,geosite-geolocation-!cn,节点选择

  - RULE-SET,geoip-cn,全球直连

  - MATCH,节点选择

[kelanKL]

此问题可能与HarmonyOS的系统DNS配置有关，我们也许无法修复此问题，具体有待进一步研究。

目前系统的DNS设置没法传入容器环境（卓易通），和配置分流设置也有一定关系。