Integrity requirements
Description
When Linux native TUN is used with autoSystemRoutingTable: ["0.0.0.0/0"] and without an explicit autoOutboundsInterface, Xray initially selects the physical outbound interface correctly. However, after a route/link update, automatic interface detection can fail.
I assume that after the TUN route is installed, a route update is emitted, which causes findOutboundInterface() to run again. After the TUN default route is installed, any later route/link update can make Xray re-run automatic outbound interface detection.
This is reproducible with freedom outbound only, so no server-side Xray instance is required.
Reproduction Method
- Use a Linux environment where Xray can create a TUN interface and manage routes.
- Make sure the existing physical IPv4 default route has a higher metric than the route Xray will install for TUN. For example:
Example before starting Xray:
default via 10.94.42.1 dev eth0 metric 100
- Start Xray with the client configuration provided below. Do not manually change routes after startup.
- Optionally, in another terminal, run this before starting Xray to observe the kernel route/link events:
- After Xray starts, it initially detects the physical outbound interface correctly:
[tun] update interface eth0 ...
xray_tun up
Xray 26.6.27 started
- Wait a few seconds. The system emits route/link events for the newly created TUN interface, such as xray_tun becoming UP, IPv6 link-local routes being added, and the TUN default route being installed.
- Xray then re-runs automatic outbound interface detection and fails:
[tun] failed to update interface > proxy/tun: no usable outbound interface found
No manual route changes are required to reproduce this in my test environment. The route/link events are produced by the TUN interface setup itself.
Client config
Details
{
"log": {
"loglevel": "debug",
"dnsLog": true
},
"inbounds": [
{
"tag": "tun-in",
"port": 0,
"protocol": "tun",
"settings": {
"name": "xray_tun",
"mtu": 1500,
"autoSystemRoutingTable": [
"0.0.0.0/0"
]
}
}
],
"outbounds": [
{
"tag": "direct",
"protocol": "freedom"
}
],
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"process": [
"curl"
],
"outboundTag": "direct"
},
{
"type": "field",
"inboundTag": [
"tun-in"
],
"outboundTag": "direct"
}
]
}
}
Server config
No server is needed.
Client log
Details
Xray 26.6.27 (Xray, Penetrates Everything.) 45cf289 (go1.26.4 linux/amd64)
A unified platform for anti-censorship.
2026/06/30 12:16:56.761963 [Info] infra/conf/serial: Reading config: &{Name:/tmp/xray-compact.json Format:json}
2026/06/30 12:16:56.764315 [Debug] app/log: Logger started
2026/06/30 12:16:56.767334 [Info] proxy/tun: [tun] update interface eth0 488
2026/06/30 12:16:56.767374 [Info] proxy/tun: xray_tun created
2026/06/30 12:16:56.772696 [Info] proxy/tun: xray_tun up
2026/06/30 12:16:56.772858 [Warning] core: Xray 26.6.27 started
2026/06/30 12:16:58.739816 [Info] proxy/tun: [tun] failed to update interface > proxy/tun: no usable outbound interface found
2026/06/30 12:16:58.846031 [Info] proxy/tun: [tun] failed to update interface > proxy/tun: no usable outbound interface found
Server log
No server is needed.
Integrity requirements
Description
When Linux native TUN is used with
autoSystemRoutingTable: ["0.0.0.0/0"]and without an explicitautoOutboundsInterface, Xray initially selects the physical outbound interface correctly. However, after a route/link update, automatic interface detection can fail.I assume that after the TUN route is installed, a route update is emitted, which causes
findOutboundInterface()to run again. After the TUN default route is installed, any later route/link update can make Xray re-run automatic outbound interface detection.This is reproducible with
freedomoutbound only, so no server-side Xray instance is required.Reproduction Method
Example before starting Xray:
No manual route changes are required to reproduce this in my test environment. The route/link events are produced by the TUN interface setup itself.
Client config
Details
Server config
No server is needed.
Client log
Details
Server log
No server is needed.