Mac OS开启TUN后，所有直连的连接报错 " connection refused"

[joooooshhhhhhhhhhhh]

RT,
走代理的连接不受影响，所有直连的连接都报错connection refused. 更奇怪的是，在terminal了telnet ip:port是可以连接成功的。已经排除了系统最大连接数问题，当前系统的连接数在900. 尝试过tun stack system/gvisor/mixed 都一样

报错日志:

time="2024-07-01T11:17:40.430119+08:00" level=debug msg="[Rule] use default rules"
time="2024-07-01T11:17:40.431321+08:00" level=debug msg="[DNS] cache hit for drive.weixin.qq.com., expire at 2024-07-01 11:25:18"
time="2024-07-01T11:17:40.431471+08:00" level=debug msg="[DNS] drive.weixin.qq.com --> 183.47.98.84"
time="2024-07-01T11:17:40.431655+08:00" level=debug msg="[DNS] cache hit for drive.weixin.qq.com., expire at 2024-07-01 11:25:18"
time="2024-07-01T11:17:40.441284+08:00" level=warning msg="[TCP] dial DIRECT (match RuleSet/ChinaMaxDomain) 198.18.0.1:56005(node) --> drive.weixin.qq.com:443 error: connect failed: dial tcp 183.47.98.84:443: connect: connection refused"
time="2024-07-01T11:17:40.452178+08:00" level=debug msg="[DNS] cache hit for drive.weixin.qq.com., expire at 2024-07-01 11:25:18"
time="2024-07-01T11:17:40.454933+08:00" level=warning msg="[TCP] dial DIRECT (match RuleSet/ChinaMaxDomain) 198.18.0.1:56005(node) --> drive.weixin.qq.com:443 error: connect failed: dial tcp 183.47.98.84:443: connect: connection refused"
time="2024-07-01T11:17:40.493842+08:00" level=debug msg="[DNS] cache hit for drive.weixin.qq.com., expire at 2024-07-01 11:25:18"
time="2024-07-01T11:17:40.515734+08:00" level=warning msg="[TCP] dial DIRECT (match RuleSet/ChinaMaxDomain) 198.18.0.1:56005(node) --> drive.weixin.qq.com:443 error: connect failed: dial tcp 183.47.98.84:443: connect: connection refused"
time="2024-07-01T11:17:40.55315+08:00" level=debug msg="[DNS] cache hit for drive.weixin.qq.com., expire at 2024-07-01 11:25:18"

配置文件：

mixed-port: 7893 # 混合端口 HTTP和SOCKS5用一个端口
geodata-mode: true #【Meta专属】使用geoip.dat数据库(默认：false使用mmdb数据库)
tcp-concurrent: false #【Meta专属】TCP 并发连接所有 IP, 将使用最快握手的 TCP
allow-lan: false # 允许局域网的连接（可用来共享代理）
bind-address: "*" # 仅在将allow-lan设置为true时适用
find-process-mode: strict #匹配所有进程（always/strict/off）
ipv6: false # 开启 IPv6 总开关，关闭阻断所有 IPv6 链接和屏蔽 DNS 请求 AAAA 记录
mode: rule # 规则模式：rule（规则） / global（全局代理）/ direct（全局直连）/ script (脚本)
log-level: info # 设置日志输出级别 (5 个级别：silent / error / warning / info / debug）
external-controller: 0.0.0.0:9093 #外部控制器,可以使用 RESTful API 来控制你的 clash 内核
global-client-fingerprint: chrome #全局 TLS 指纹，优先低于 proxy 内的 client-fingerprint
interface-name: en0
profile:
store-selected: true # 存储 select 选择记录
store-fake-ip: true # 持久化 fake-ip

sniffer: # 嗅探域名 可选配置
enable: false
parse-pure-ip: false # 是否使用嗅探结果作为实际访问，默认 true
sniff:
TLS: # TLS 默认嗅探 443
ports: [11443]
HTTP:
ports: [18110, 58080-58880]
override-destination: true
QUIC:
ports: [11443, 58443]
tun: # Tun 配置
device: utun5
enable: true
stack: gvisor
dns-hijack: [any:53, any:853] # dns劫持,一般设置为 any:53 即可, 即劫持所有53端口的udp流量
auto-route: true # 自动设置全局路由，可以自动将全局流量路由进入tun网卡。
auto-detect-interface: true # 自动识别出口网卡

dns:
enable: true # set true to enable dns (default is false)
ipv6: false # default is false
listen: 0.0.0.0:53

proxy-server-nameserver:
- https://dns.alidns.com/dns-query#h3=true

default-nameserver:
- tls://120.53.53.53
- tls://1.12.12.12
- tls://223.5.5.5
- tls://223.6.6.6

enhanced-mode: fake-ip # or fake-ip
fake-ip-range: 198.18.0.1/16 # if you don't know what it is, don't change it
fake-ip-filter:
# fake ip white domain list, aka Always Real IP
- '.lan'
- '.ddxq.mobi'
- '*.ddmc-inc.com'
nameserver:
- 'tls://8.8.8.8'
- 'tls://8.8.4.4'
- 'tls://1.1.1.1'
- 'tls://1.0.0.1'
follow-rule: true
nameserver-policy:
'+.weixin.com': 119.29.29.29
'+.qq.com': 119.29.29.29
'+.aliyun.com': 119.29.29.29
'+.alicdn.com': 119.29.29.29
'+.baidu.com': 119.29.29.29
'+.163.com': 119.29.29.29
'+.126.net': 119.29.29.29
'+.tencent.com': 119.29.29.29
'+.tencent-cloud.com': 119.29.29.29
'geosite:cn': 119.29.29.29

rules:

• PROCESS-NAME,naive,DIRECT
• DOMAIN-SUFFIX,ad.com,REJECT
• DOMAIN-SUFFIX,openai.com,手动切换
• DOMAIN-SUFFIX,github.com,手动切换
• DOMAIN-SUFFIX,codeium.com,手动切换
• RULE-SET,YouTube,YouTube,no-resolve
• RULE-SET,Google,Google,no-resolve
• RULE-SET,GitHub,GitHub
• RULE-SET,telegramcidr,Telegram,no-resolve
• RULE-SET,Spotify,Spotify,no-resolve
• RULE-SET,Netflix,Netflix
• RULE-SET,HBO,HBO
• RULE-SET,Bing,Bing
• RULE-SET,OpenAI,OpenAI
• RULE-SET,Disney,Disney
• RULE-SET,proxy,全球代理
• RULE-SET,gfw,全球代理
• RULE-SET,applications,DIRECT
• RULE-SET,ChinaMaxDomain,DIRECT
• RULE-SET,ChinaMaxIPNoIPv6,DIRECT,no-resolve
• RULE-SET,lan,DIRECT,no-resolve
• GEOIP,CN,DIRECT
• MATCH,自动选择