curl -x socks5h://127.0.0.1:1086 http://bbs6.ustc.edu.cn/ -v

[2021-04-15 10:43:34][DEBUG] looking up domain bbs6.ustc.edu.cn on 114.114.114.114:53
[2021-04-15 10:43:34][DEBUG] looking up domain bbs6.ustc.edu.cn on 223.5.5.5:53
[2021-04-15 10:43:34][DEBUG] looking up domain bbs6.ustc.edu.cn on 114.114.114.114:53
[2021-04-15 10:43:34][DEBUG] looking up domain bbs6.ustc.edu.cn on 223.5.5.5:53
[2021-04-15 10:43:34][DEBUG] return 1 ips for bbs6.ustc.edu.cn from 223.5.5.5:53 in 133ms
[2021-04-15 10:43:34][TRACE] ips for bbs6.ustc.edu.cn:
[
    2001:da8:d800::3,
]
[2021-04-15 10:43:34][TRACE] re-matching with resolved ip [2001:da8:d800::3] for [bbs6.ustc.edu.cn]
[2021-04-15 10:43:34][DEBUG] [2001:da8:d800::3] matches geoip code [cn]
[2021-04-15 10:43:34][DEBUG] picked route [Direct] for 127.0.0.1:57306 -> bbs6.ustc.edu.cn:80
[2021-04-15 10:43:34][TRACE] active direct tcp connections +1: 39
[2021-04-15 10:43:34][DEBUG] dispatch tcp 127.0.0.1:57306 -> bbs6.ustc.edu.cn:80 to [Direct] failed: all attempts failed, last error: Address family not supported by protocol family (os error 47)
[2021-04-15 10:43:34][TRACE] active direct tcp connections -1: 38

curl -x socks5://127.0.0.1:1086 http://bbs6.ustc.edu.cn/ -v

[2021-04-15 10:50:18][DEBUG] [2001:da8:d800::3] matches geoip code [cn]
[2021-04-15 10:50:18][DEBUG] picked route [Direct] for 127.0.0.1:58225 -> [2001:da8:d800::3]:80
[2021-04-15 10:50:18][TRACE] active direct tcp connections +1: 1
[2021-04-15 10:50:18][DEBUG] dispatch tcp 127.0.0.1:58225 -> [2001:da8:d800::3]:80 to [Direct] failed: all attempts failed, last error: Address family not supported by protocol family (os error 47)
[2021-04-15 10:50:18][TRACE] active direct tcp connections -1: 0

I'm trying to add the EXTERNAL rules support to Maple, and I find that there's some problem in Leaf's parsing the rule.

pub fn load_file_or_default(filter: &str, default: &str) -> Result<(String, String)> {
    let parts: Vec<&str> = filter.split(':').collect();
    let (file, code) = if parts.len() == 3 {
      // ...
    }
}

The code above gets the path in EXTERNAL rule by splitting :. When it comes to Windows, absolute path won't work because the : comes after the drive letter:

EXTERNAL site:C:\Users\Perqin\geosite.dat:cn, Direct

Though we can simply concatenate the parts[2] and parts[3] if parts.len() == 4, I'm wondering if there's better way to solve this issue.

leaf already has a wide variety of proxy groups, but there is no select proxy group, the lack of this feature causes the user can not manually adjust, but rely on the program's algorithm, I think it is necessary to add this feature.

Run leaf with config

tun = utun8, 172.16.0.2, 255.255.255.0, 172.16.0.1, 1500

ifconfig utun7 172.16.0.2 netmask 255.255.255.0 172.16.0.1

route delete default
route delete default -ifscope en0
route add default 172.16.0.1
route add default 192.168.xx.1 -ifscope en0
networksetup -setdnsservers Ethernet 172.16.0.1

log, these logs will repeat thousand times in a few seconds. Bug ? or my setup with the wrong way.

[2021-04-08 00:45:21][INFO] inbound listening tcp 127.0.0.1:1086
[2021-04-08 00:45:21][INFO] inbound listening udp 127.0.0.1:1086
[2021-04-08 00:45:21][INFO] inbound listening tcp 127.0.0.1:1087
[2021-04-08 00:45:21][INFO] tun inbound started
[2021-04-08 00:45:27][DEBUG] added udp session 172.16.0.2:59845 -> 172.16.0.1:53 (1)
[2021-04-08 00:45:27][DEBUG] [172.16.0.1] matches ip-cidr [172.16.0.0/16]
[2021-04-08 00:45:27][DEBUG] picked route [Direct] for 172.16.0.2:59845 -> 172.16.0.1:53
[2021-04-08 00:45:27][INFO] [tun] [udp] [Direct] [0ms] 172.16.0.1:53
[2021-04-08 00:45:27][DEBUG] added udp session 172.16.0.2:53843 -> 172.16.0.1:53 (2)
[2021-04-08 00:45:27][DEBUG] added udp session 172.16.0.2:57597 -> 172.16.0.1:53 (3)
[2021-04-08 00:45:27][DEBUG] [172.16.0.1] matches ip-cidr [172.16.0.0/16]
[2021-04-08 00:45:27][DEBUG] picked route [Direct] for 172.16.0.2:53843 -> 172.16.0.1:53
[2021-04-08 00:45:27][INFO] [tun] [udp] [Direct] [0ms] 172.16.0.1:53
[2021-04-08 00:45:27][DEBUG] [172.16.0.1] matches ip-cidr [172.16.0.0/16]

i'm not familiar with leaf, here is my testing:

os: ubuntu 1804 leaf version: 0.3.1 (9afcc27 - 2021-05-07 17:55:14 +0800) conf:

[General]
loglevel = trace
dns-server = 114.114.114.114, 223.5.5.5
routing-domain-resolve = true
#always-real-ip = *
#dns-interface = 192.168.31.244

# Local SOCKS5 proxy with UDP Associate support
socks-interface = 127.0.0.1
socks-port = 1086

# TUN interface
#tun = tun2, 10.255.0.2, 255.255.255.0, 10.255.0.1, 1500

[Proxy]
Socks = socks, 47.110.x.x, 8118, interface=192.168.31.244
Direct = direct, interface=192.168.31.244
Reject = reject

[Rule]
IP-CIDR, 223.5.5.5/32, Direct
IP-CIDR, 114.114.114.114/32, Direct
IP-CIDR, 192.168.0.0/16, Direct
IP-CIDR, 10.0.0.0/8, Direct
IP-CIDR, 172.16.0.0/12, Direct
DOMAIN, www.baidu.com, Socks
DOMAIN-SUFFIX, sina.com, Socks
DOMAIN-KEYWORD, sina, Socks
PORT-RANGE, 3478-3478, Socks

FINAL, Reject

i ran with ./leaf -c /etc/leaf.conf

start with options:
StartOptions {
    config: File(
        "/etc/leaf.conf",
    ),
    auto_reload: false,
    runtime_opt: MultiThreadAuto(
        131072,
    ),
}
[2021-05-27 10:53:37][DEBUG] default handler [Reject]
[2021-05-27 10:53:37][TRACE] add handler [Reject]
[2021-05-27 10:53:37][TRACE] add handler [Socks]
[2021-05-27 10:53:37][TRACE] add handler [Direct]
[2021-05-27 10:53:37][INFO] inbound listening tcp 127.0.0.1:1086
[2021-05-27 10:53:37][INFO] inbound listening udp 127.0.0.1:1086

and then i test with curl www.baidu.com, and no packet was captured on my remote socks server (47.110.x.x).

did i missed something, any suggestion will be appreciated

When I use Leaf Trojan to test on speedtest, the download will reach 200+Mbps, but the upload will reach 30+Mbps and drop to 1Mbps immediately.

When I use Leaf SS to test on speedtest, the download will reach 200+Mbps, the upload will reach 30+Mbps and remain the speed until it's finished testing.

When I use Trojan-qt5 and same Trojan server to test on speedtest, the download will reach 200+Mbps, the upload will reach 30+Mbps and remain the speed until it's finished testing.

When I use WireShark to check the activities, I see there are tons of TCP Out of Order, TCP Dup Ack and TCP retransmission when it's uploading.

I use Macbook and all tests are done in outside of China. I see there are several issues talking about the uploading issue. When they upload videos or images to YouTube or Instagram, it will stuck.

Hope this can help. I wish i know more in rust.

Proxy=select,Fffff, AllSelect, Fallback, Failover, Tryall, HKAuto, Random
HKAuto=url-test, x1.0香港-中转1, x1.0香港-中转2, x1.0香港-中转3, x1.0香港-中转4, x1.0香港-中转5, x1.0香港-中转6, x1.0香港1, x1.0香港2, x1.0香港3, x1.0香港4, x1.0香港5, x1.0香港6, 香港丨专线丨HKBN丨1x, 香港丨专线丨HGC丨1x, 香港丨专线丨NTT丨1x, interval=60, timeout=5
Fallback=fallback, x1.0香港-中转1, x1.0香港-中转2, x1.0香港-中转3, x1.0香港-中转4, x1.0香港-中转5, x1.0香港-中转6, x1.0香港1, x1.0香港2, x1.0香港3, x1.0香港4, x1.0香港5, x1.0香港6, 香港丨专线丨HKBN丨1x, 香港丨专线丨HGC丨1x, 香港丨专线丨NTT丨1x, interval=600, timeout=5
Failover=failover, x1.0香港-中转1, x1.0香港-中转2, x1.0香港-中转3, x1.0香港-中转4, x1.0香港-中转5, x1.0香港-中转6, x1.0香港1, x1.0香港2, x1.0香港3, x1.0香港4, x1.0香港5, x1.0香港6, 香港丨专线丨HKBN丨1x, 香港丨专线丨HGC丨1x, 香港丨专线丨NTT丨1x, health-check=true, check-interval=600, fail-timeout=5, failover=true
Tryall=tryall, x1.0香港-中转1, x1.0香港-中转2, x1.0香港-中转3, x1.0香港-中转4, x1.0香港-中转5, x1.0香港-中转6, x1.0香港1, x1.0香港2, x1.0香港3, x1.0香港4, x1.0香港5, x1.0香港6, 香港丨专线丨HKBN丨1x, 香港丨专线丨HGC丨1x, 香港丨专线丨NTT丨1x,  delay-base=0
Random=random, x1.0香港-中转1, x1.0香港-中转2, x1.0香港-中转3, x1.0香港-中转4, x1.0香港-中转5, x1.0香港-中转6, x1.0香港1, x1.0香港2, x1.0香港3, x1.0香港4, x1.0香港5, x1.0香港6, 香港丨专线丨HKBN丨1x, 香港丨专线丨HGC丨1x, 香港丨专线丨NTT丨1x
AllSelect=select, x1.0香港-中转1, x1.0香港-中转2, x1.0香港-中转3, x1.0香港-中转4, x1.0香港-中转5, x1.0香港-中转6, x1.0香港1, x1.0香港2, x1.0香港3, x1.0香港4, x1.0香港5, x1.0香港6, 香港丨专线丨HKBN丨1x, 香港丨专线丨HGC丨1x, 香港丨专线丨NTT丨1x
Fffff=fallback, AllSelect, HKAuto

If Fffff exists and in Proxy group, Proxy will return {"selected":null} when requests with get select API, and can't set Proxy group's select.

使用0.3.1的正式版编译的ios静态库，没有碰到过上传大文件导致VPN崩溃的现象，用speedtest测试上传速度也没问题。不过0.3.1版本在iPhone上用起来感觉经常卡顿，特别是网页上域名特别多的页面。由于不知道怎么去调试，只能靠猜测感觉是UDP或者是DNS解析方面有某种问题。

这两天看到leaf有更新，就试着编译了一个新的ios库。测试下来刷页面非常流畅，没有卡顿的现象了。但是发现在电报等软件上传3张以上的图片都不行。用Speedtest测试，一到上传测试阶段，leaf就会出现15M内存崩溃的现象。

以前很多人讨论过ios NE 15M内存限制的问题，希望leaf在下一个正式版里能解决这个问题。

如果高手能指明一些调查方向，我也希望自己能为解决这个问题出点力量。

mac 网络->高级->代理 勾选了 https/http/socks 代理和配置文件代理一致

打开商店版tg的,不使用tg自带的代理功能，出现以下日志错误信息，打开tg自带的代理，可以正常连接  [37m[2021-04-23 19:58:34][DEBUG] accept conn failed: invalid HTTP method parsed [2021-04-23 19:58:34][DEBUG] handle inbound tcp failed: Custom { kind: Other, error: "unspecified" } [2021-04-23 19:58:34][DEBUG] accept conn failed: invalid HTTP method parsed [2021-04-23 19:58:34][DEBUG] handle inbound tcp failed: Custom { kind: Other, error: "unspecified" } [2021-04-23 19:58:34][DEBUG] accept conn failed: invalid HTTP method parsed [2021-04-23 19:58:34][DEBUG] handle inbound tcp failed: Custom { kind: Other, error: "unspecified" }

System: macOS 11.1 leaf version: v0.2.14

[2021-04-07 18:29:57][INFO] inbound listening tcp 127.0.0.1:1086
[2021-04-07 18:29:57][INFO] inbound listening udp 127.0.0.1:1086
[2021-04-07 18:29:57][INFO] inbound listening tcp 127.0.0.1:1087
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Io(Os { code: 1, kind: PermissionDenied, message: "Operation not permitted" })', leaf/src/proxy/tun/inbound.rs:75:46
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Must this feature need root permission?

when I enabled domainResolve option in routing, I can't access block sites because my isp change the responded DNS because DNS client create UDP socket and UDP socket protect from android VPN service

Hey!

Can someone share the configuration for Linux? At the same level as Leaf VPN client works on Android?

I mean it would work with pre-configured servers list and node pool.

Is it feasible ?

Rust: 1.65.0 OS: MacOS 13.0.1 (arm64) Command: cargo build -p leaf-bin --release

The log is below.

error[E0277]: the trait bound `Vec<u8>: std::convert::From<bytes::Bytes>` is not satisfied
   --> leaf/src/proxy/tun/inbound.rs:256:37
    |
256 |                     stack_sink.send(pkt.into_bytes().into()).await.unwrap();
    |                                     ^^^^^^^^^^^^^^^^ ---- required by a bound introduced by this call
    |                                     |
    |                                     the trait `std::convert::From<bytes::Bytes>` is not implemented for `Vec<u8>`

The change that is "stack_sink.send(pkt.into_bytes().into()).await.unwrap();" was import in "Limit memory consumption" commit.

If revert the change to stack_sink.send(pkt.get_bytes().to_vec()).await.unwrap(); , it's built successfully.

Is that a bug?

Leaf is a terrific VPN service on iOS, especially via the Premium subscription.

On Google PlayStore, it's mentioned:

The techniques adopted by Leaf VPN are open sourced, you could deploy your own VPN server for non-Android OS with the following resources:

• https://www.vultr.com/?ref=9154349-8H
• https://github.com/eycorsican/leaf

The first link is broken, and here I didn't find a step-by-step tutorial on how to run a simple VPN between a Mac/Linux client and a Linux server using Leaf.

Up to now, I understood that on both sides, I should install Leaf at the first place, e.g. brew install leaf-proxy

Then I should make a leaf-client.conf and a leaf-server.conf files on machines, respectively.

Then I should run leaf -c leaf-client.conf on the client and leaf -c leaf-server.conf on the server machine.

Okay . . .

Could you provide a simple example for leaf-client.conf and leaf-server.conf to the README.md so that we'll be able to start with a beginners guide?

That's because the examples at https://github.com/eycorsican/leaf/tree/master/leaf/tests are a bit advanced and confusing at the first glance.