解决香橙派3B无法连接cloudfalre tunnel的问题
xfox@orangepi3b:~$ journalctl -xeu cloudflared.service
部分输出如下:
lines 1-95/316 25%
Aug 05 22:50:15 orangepi3b systemd[1]: Starting cloudflared.service - cloudflared...
░░ Subject: A start job for unit cloudflared.service has begun execution
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit cloudflared.service has begun execution.
░░
░░ The job identifier is 142.
Aug 05 22:50:20 orangepi3b cloudflared[1116]: 2024-08-05T14:50:20Z INF Starting tunnel tunnelID=740e1ff0-2276-4e32-9028-2a491dbd654a
Aug 05 22:50:20 orangepi3b cloudflared[1116]: 2024-08-05T14:50:20Z INF Version 2024.6.1
Aug 05 22:50:20 orangepi3b cloudflared[1116]: 2024-08-05T14:50:20Z INF GOOS: linux, GOVersion: go1.22.2, GoArch: arm64
Aug 05 22:50:20 orangepi3b cloudflared[1116]: 2024-08-05T14:50:20Z INF Settings: map[no-autoupdate:true token:*****]
Aug 05 22:50:20 orangepi3b cloudflared[1116]: 2024-08-05T14:50:20Z INF Generated Connector ID: f222f304-ee8e-4354-b409-212c19408f21
Aug 05 22:50:20 orangepi3b cloudflared[1116]: 2024-08-05T14:50:20Z INF cloudflared will not automatically update if installed by a package manager.
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z ERR Failed to fetch features, default to disable error="lookup cfd-features.argotunnel.com on [2001:4860:4860::8888]:53: dial udp [2001:4860:4860::8888]:53: connect: network is unreachable"
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z ERR update check failed error="Get \"https://update.argotunnel.com?arch=arm64&clientVersion=2024.6.1&os=linux\": dial tcp: lookup update.argotunnel.com on [2001:4860:4860::8888]:53: dial udp [2001:4860:4860::8888]:53: connect: network is unreachable"
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z WRN Unable to lookup protocol percentage.
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z INF Initial protocol quic
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z INF ICMP proxy will use 0.0.0.0 as source for IPv4
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z INF ICMP proxy will use ::1 in zone lo as source for IPv6
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z WRN The user running cloudflared process has a GID (group ID) that is not within ping_group_range. You might need to add that user to a group within that range, or instead update the range to encompass a group the user is already in by modifying /proc/sys/net/ipv4/ping_group_range. Otherwise cloudflared will not be able to ping this network error="Group ID 0 is not between ping group 1 to 0"
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z WRN ICMP proxy feature is disabled error="cannot create ICMPv4 proxy: Group ID 0 is not between ping group 1 to 0 nor ICMPv6 proxy: socket: permission denied"
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z ERR edge discovery: error looking up Cloudflare edge IPs: the DNS query failed error="lookup _v2-origintunneld._tcp.argotunnel.com on [2001:4860:4860::8888]:53: dial udp [2001:4860:4860::8888]:53: connect: network is unreachable" event=0
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z ERR Please try the following things to diagnose this issue: event=0
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z ERR 1. ensure that argotunnel.com is returning "origintunneld" service records. event=0
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z ERR Run your system's equivalent of: dig srv _origintunneld._tcp.argotunnel.com event=0
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z ERR 2. ensure that your DNS resolver is not returning compressed SRV records. event=0
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z ERR See GitHub issue https://github.com/golang/go/issues/27546 event=0
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z ERR For example, you could use Cloudflare's 1.1.1.1 as your resolver: event=0
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z ERR https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/ event=0
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z INF Starting metrics server on 127.0.0.1:37845/metrics
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z ERR edge discovery: error looking up Cloudflare edge IPs: the DNS query failed error="lookup _v2-origintunneld._tcp.argotunnel.com on [2001:4860:4860::8888]:53: dial udp [2001:4860:4860::8888]:53: connect: network is unreachable" event=0
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z ERR Please try the following things to diagnose this issue: event=0
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z ERR 1. ensure that argotunnel.com is returning "origintunneld" service records. event=0
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z ERR Run your system's equivalent of: dig srv _origintunneld._tcp.argotunnel.com event=0
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z ERR 2. ensure that your DNS resolver is not returning compressed SRV records. event=0
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z ERR See GitHub issue https://github.com/golang/go/issues/27546 event=0
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z ERR For example, you could use Cloudflare's 1.1.1.1 as your resolver: event=0
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z ERR https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/ event=0
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z INF Tunnel server stopped
Aug 05 22:50:21 orangepi3b cloudflared[1116]: 2024-08-05T14:50:21Z ERR Initiating shutdown error="Could not lookup srv records on _v2-origintunneld._tcp.argotunnel.com: lookup _v2-origintunneld._tcp.argotunnel.com on [2001:4860:4860::8888]:53: dial udp [2001:4860:4860::8888]:53: connect: network is unreachable"
Aug 05 22:50:22 orangepi3b cloudflared[1116]: 2024-08-05T14:50:22Z INF Metrics server stopped
Aug 05 22:50:22 orangepi3b cloudflared[1116]: Could not lookup srv records on _v2-origintunneld._tcp.argotunnel.com: lookup _v2-origintunneld._tcp.argotunnel.com on [2001:4860:4860::8888]:53: dial udp [2001:4860:4860::8888]:53: connect: network is unreachable
除了刚执行服务部署的时候,其他时间大部分log只是在重复的报错各种连接失败和重试
在大量的日志中我发现参杂了这条:
2024-08-05T13:47:45Z ERR Failed to fetch features, default to disable error="lookup cfd-features.argotunnel.com on [fe80::1%end1]:53: dial udp [fe80::1%end1]:53: i/o timeout"
看上去是dns解析有问题,所以我去看了看/etc/resolv.conf
内容默认是H2-3V的ipv4地址和一个看上去不太对劲的ipv6内网地址,遂改为如下内容:
nameserver 8.8.8.8 # Google IPv4
nameserver 8.8.4.4 # Google IPv4
nameserver 2001:4860:4860::8888 # Google IPv6
nameserver 2001:4860:4860::8844 # Google IPv6
但是看注释这个文件内容貌似是由NetworkManager生成的,所以规范一点用nmcli解决问题。
xfox@orangepi3b:~$ nmcli connection show
NAME UUID TYPE DEVICE
Orange Pi ethernet b76cc74f-5847-4558-8098-5709829e4eb2 ethernet end1
lo 572b3c59-1519-4e09-b290-a48063e98424 loopback lo
sudo nmcli connection modify "Orange Pi ethernet" ipv4.dns "8.8.8.8,8.8.4.4"
sudo nmcli connection modify "Orange Pi ethernet" ipv6.dns "2001:4860:4860::8888,2001:4860:4860::8844"
启用自动获取dns服务器功能:
可选,特别是你的网络需要被劫持dns才能跳转认证页面完成认证的情况下。(某些大学) 但是对于我参数应为yes,因为我不想用路由器下发的的瘸腿DNS,特别是有这样一条提示:
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.
...
sudo nmcli connection modify "Orange Pi ethernet" ipv4.ignore-auto-dns no
sudo nmcli connection modify "Orange Pi ethernet" ipv6.ignore-auto-dns no
重启网络连接
我使用SSH连接,所以最好一次性执行完所有内容,以免需要重启设备。
sudo nmcli connection down "Orange Pi ethernet" && sudo nmcli connection up "Orange Pi ethernet"
查看当前DNS设置状态
cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 2001:4860:4860::8888
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.
nameserver 2001:4860:4860::8844
重新安装cloudflared服务
sudo cloudflared service uninstall
#最好先在cloudfalre zero trust > Networks > Tunnels里刷新一下token
#接着按照面板提供的指令直接安装即可。
sudo cloudflared service install *******
2024-08-05T15:00:44Z INF Using Systemd
2024-08-05T15:00:48Z INF Linux service for cloudflared installed successfully
END
问题成功解决!!!