Zerotrust cannot connect in Immortalwrt router

[turbo-feng]

Describe the bug
In immrotwrt routing, enabling openclamp causes zerotrust to fail to connect. Clash uses fake ip mode to filter cloudflare keyword domains, with direct , but still cannot access

If it's an issue with Cloudflare Tunnel:
Tunnel ID : 7cb3b295-a8f7-4c6b-b0a7-2522c768ac40
Cloudhighlighted config: Use default configuration, YAML is empty

Expected behavior
Restarting zeroturbine after stopping clash can obtain the IP address normally,

Environment and versions*

• OS: [Debian]
• Architecture: [AMD x86_64]
• Version: [e.g. 2025.05.0]
  
  Logs and errors
  {"level":"info","time":"2025-12-18T13:04:41Z","message":"Settings: map[config:/etc/cloudflared/config.yml logfile:/var/log/cloudflared.log loglevel:info no-autoupdate:true origincert:/etc/cloudflared/cert.pem p:http2 protocol:http2 region:us token:*****]"}
  {"level":"info","time":"2025-12-18T13:04:41Z","message":"Generated Connector ID: a1e6410d-9ddf-45e8-bc4a-79d31238023f"}
  {"level":"info","time":"2025-12-18T13:04:41Z","message":"Initial protocol http2"}
  {"level":"info","time":"2025-12-18T13:04:41Z","message":"ICMP proxy will use 192.168.10.100 as source for IPv4"}
  {"level":"info","time":"2025-12-18T13:04:41Z","message":"ICMP proxy will use 2409:8a62:342:a180:ac0:ebff:fe91:40a1 in zone eth0 as source for IPv6"}
  {"level":"warn","error":"Group ID 0 is not between ping group 1 to 0","time":"2025-12-18T13:04:41Z","message":"The user running cloudflared process has a GID (group ID) that is not within ping_group_range. You might need to add that user to a group within that range, or instead update the range to encompass a group the user is already in by modifying /proc/sys/net/ipv4/ping_group_range. Otherwise cloudflared will not be able to ping this network"}
  {"level":"warn","error":"cannot create ICMPv4 proxy: Group ID 0 is not between ping group 1 to 0 nor ICMPv6 proxy: socket: permission denied","time":"2025-12-18T13:04:41Z","message":"ICMP proxy feature is disabled"}
  {"level":"info","time":"2025-12-18T13:04:41Z","message":"ICMP proxy will use 192.168.10.100 as source for IPv4"}
  {"level":"info","time":"2025-12-18T13:04:41Z","message":"ICMP proxy will use 2409:8a62:342:a180:ac0:ebff:fe91:40a1 in zone eth0 as source for IPv6"}
  {"level":"info","time":"2025-12-18T13:04:41Z","message":"Starting metrics server on 127.0.0.1:20241/metrics"}
  {"level":"error","error":"Unauthorized: Failed to get tunnel","time":"2025-12-18T13:04:42Z","message":"failed to serve incoming request"}
  {"level":"error","event":0,"ip":"198.41.219.4","connIndex":0,"error":"Unauthorized: Failed to get tunnel","time":"2025-12-18T13:04:43Z","message":"Register tunnel error from server side"}
  {"level":"info","event":0,"ip":"198.41.219.4","connIndex":0,"time":"2025-12-18T13:04:43Z","message":"Retrying connection in up to 2s"}
  {"level":"error","error":"Unauthorized: Failed to get tunnel","time":"2025-12-18T13:04:46Z","message":"failed to serve incoming request"}
  {"level":"error","event":0,"ip":"198.41.219.4","connIndex":0,"error":"Unauthorized: Failed to get tunnel","time":"2025-12-18T13:04:46Z","message":"Register tunnel error from server side"}
  {"level":"info","event":0,"ip":"198.41.219.4","connIndex":0,"time":"2025-12-18T13:04:46Z","message":"Retrying connection in up to 4s"}
  {"level":"error","error":"Unauthorized: Failed to get tunnel","time":"2025-12-18T13:04:48Z","message":"failed to serve incoming request"}
  {"level":"error","event":0,"ip":"198.41.219.4","connIndex":0,"error":"Unauthorized: Failed to get tunnel","time":"2025-12-18T13:04:48Z","message":"Register tunnel error from server side"}
  
  
  Additional context
  clash err log：
  2025-12-18 17:22:41 level=info msg="[TCP] 192.168.10.100:39268 --> cloudflare-dns.com:443 match DomainKeyword(cloudflare) using DIRECT"
  2025-12-18 17:22:41 level=info msg="[TCP] 192.168.10.100:39262 --> cloudflare-dns.com:443 match DomainKeyword(cloudflare) using DIRECT"