diff --git a/listener/tun/ipstack/commons/router_darwin.go b/listener/tun/ipstack/commons/router_darwin.go
index 50e15542..f48b362c 100644
--- a/listener/tun/ipstack/commons/router_darwin.go
+++ b/listener/tun/ipstack/commons/router_darwin.go
@@ -13,14 +13,18 @@ func GetAutoDetectInterface() (string, error) {
 }
 
 func ConfigInterfaceAddress(dev device.Device, addr netip.Prefix, forceMTU int, autoRoute bool) error {
-	interfaceName := dev.Name()
 	if !addr.Addr().Is4() {
 		return fmt.Errorf("supported ipv4 only")
 	}
 
-	ip := addr.Addr()
-	netmask := IPv4MaskString(addr.Bits())
-	cmdStr := fmt.Sprintf("ifconfig %s inet %s netmask %s %s", interfaceName, ip, netmask, ip)
+	var (
+		interfaceName = dev.Name()
+		ip            = addr.Masked().Addr().Next()
+		gw            = addr.Addr()
+		netmask       = IPv4MaskString(addr.Bits())
+	)
+
+	cmdStr := fmt.Sprintf("ifconfig %s inet %s netmask %s %s", interfaceName, ip, netmask, gw)
 
 	_, err := cmd.ExecCmd(cmdStr)
 	if err != nil {
diff --git a/listener/tun/ipstack/commons/router_linux.go b/listener/tun/ipstack/commons/router_linux.go
index f8bc7224..a306c1f0 100644
--- a/listener/tun/ipstack/commons/router_linux.go
+++ b/listener/tun/ipstack/commons/router_linux.go
@@ -13,8 +13,12 @@ func GetAutoDetectInterface() (string, error) {
 }
 
 func ConfigInterfaceAddress(dev device.Device, addr netip.Prefix, forceMTU int, autoRoute bool) error {
-	interfaceName := dev.Name()
-	_, err := cmd.ExecCmd(fmt.Sprintf("ip addr add %s dev %s", addr.String(), interfaceName))
+	var (
+		interfaceName = dev.Name()
+		ip            = addr.Masked().Addr().Next()
+	)
+
+	_, err := cmd.ExecCmd(fmt.Sprintf("ip addr add %s dev %s", ip.String(), interfaceName))
 	if err != nil {
 		return err
 	}
@@ -31,8 +35,9 @@ func ConfigInterfaceAddress(dev device.Device, addr netip.Prefix, forceMTU int,
 }
 
 func configInterfaceRouting(interfaceName string, addr netip.Prefix) error {
+	linkIP := addr.Masked().Addr().Next()
 	for _, route := range ROUTES {
-		if err := execRouterCmd("add", route, interfaceName, addr.Addr().String()); err != nil {
+		if err := execRouterCmd("add", route, interfaceName, linkIP.String()); err != nil {
 			return err
 		}
 	}
diff --git a/listener/tun/ipstack/commons/router_windows.go b/listener/tun/ipstack/commons/router_windows.go
index ee6911ce..2a7fdfa8 100644
--- a/listener/tun/ipstack/commons/router_windows.go
+++ b/listener/tun/ipstack/commons/router_windows.go
@@ -40,12 +40,15 @@ startOver:
 		log.Infoln("[wintun]: tun adapter GUID: %s", guid.String())
 	}
 
-	addresses := []netip.Prefix{addr}
+	var (
+		ip        = addr.Masked().Addr().Next()
+		addresses = []netip.Prefix{netip.PrefixFrom(ip, addr.Bits())}
 
-	family := winipcfg.AddressFamily(windows.AF_INET)
-	familyV6 := winipcfg.AddressFamily(windows.AF_INET6)
+		family4       = winipcfg.AddressFamily(windows.AF_INET)
+		familyV6      = winipcfg.AddressFamily(windows.AF_INET6)
+		currentFamily = winipcfg.AddressFamily(windows.AF_INET6)
+	)
 
-	currentFamily := winipcfg.AddressFamily(windows.AF_INET6)
 	if addr.Addr().Is4() {
 		currentFamily = winipcfg.AddressFamily(windows.AF_INET)
 	}
@@ -114,7 +117,14 @@ startOver:
 			deduplicatedRoutes = append(deduplicatedRoutes, &r)
 		}
 
-		err = luid.SetRoutesForFamily(family, deduplicatedRoutes)
+		// append the gateway
+		deduplicatedRoutes = append(deduplicatedRoutes, &winipcfg.RouteData{
+			Destination: addr.Masked(),
+			NextHop:     addr.Addr(),
+			Metric:      0,
+		})
+
+		err = luid.SetRoutesForFamily(currentFamily, deduplicatedRoutes)
 		if err == windows.ERROR_NOT_FOUND && retryOnFailure {
 			goto startOver
 		} else if err != nil {
@@ -134,7 +144,7 @@ startOver:
 	}
 
 	var ipif *winipcfg.MibIPInterfaceRow
-	ipif, err = luid.IPInterface(family)
+	ipif, err = luid.IPInterface(family4)
 	if err != nil {
 		return err
 	}
@@ -181,7 +191,7 @@ startOver:
 	}
 
 	dnsAdds := []netip.Addr{netip.MustParseAddr("198.18.0.2")}
-	err = luid.SetDNS(family, dnsAdds, nil)
+	err = luid.SetDNS(family4, dnsAdds, nil)
 	if err == windows.ERROR_NOT_FOUND && retryOnFailure {
 		goto startOver
 	} else if err != nil {
diff --git a/listener/tun/ipstack/system/stack.go b/listener/tun/ipstack/system/stack.go
index 693d7f2f..27f83c7e 100644
--- a/listener/tun/ipstack/system/stack.go
+++ b/listener/tun/ipstack/system/stack.go
@@ -38,8 +38,10 @@ func (s sysStack) Close() error {
 var ipv4LoopBack = netip.MustParsePrefix("127.0.0.0/8")
 
 func New(device device.Device, dnsHijack []netip.AddrPort, tunAddress netip.Prefix, tcpIn chan<- C.ConnContext, udpIn chan<- *inbound.PacketAdapter) (ipstack.Stack, error) {
-	portal := tunAddress.Addr()
-	gateway := portal
+	var (
+		portal  = tunAddress.Addr()
+		gateway = tunAddress.Masked().Addr().Next()
+	)
 
 	stack, err := mars.StartListener(device, gateway, portal)
 	if err != nil {
diff --git a/listener/tun/tun_adapter.go b/listener/tun/tun_adapter.go
index 2fe7cf4c..a4a701a5 100644
--- a/listener/tun/tun_adapter.go
+++ b/listener/tun/tun_adapter.go
@@ -28,7 +28,7 @@ func New(tunConf *config.Tun, tcpIn chan<- C.ConnContext, udpIn chan<- *inbound.
 		devName = generateDeviceName()
 	}
 
-	tunAddress := netip.MustParsePrefix("198.18.0.1/16")
+	tunAddress := netip.MustParsePrefix("198.18.255.254/16")
 	autoRoute := tunConf.AutoRoute
 	stackType := tunConf.Stack
 	mtu := 9000
@@ -87,9 +87,9 @@ func New(tunConf *config.Tun, tcpIn chan<- C.ConnContext, udpIn chan<- *inbound.
 		return nil, fmt.Errorf("setting interface address and routing failed: %w", err)
 	}
 
-	setAtLatest(stackType)
+	setAtLatest(stackType, devName)
 
-	log.Infoln("TUN stack listening at: %s(%s), mtu: %d, auto route: %v, ip stack: %s", tunDevice.Name(), tunAddress.Addr().String(), mtu, autoRoute, stackType)
+	log.Infoln("TUN stack listening at: %s(%s), mtu: %d, auto route: %v, ip stack: %s", tunDevice.Name(), tunAddress.Masked().Addr().Next().String(), mtu, autoRoute, stackType)
 	return tunStack, nil
 }
 
@@ -127,7 +127,7 @@ func parseDevice(s string, mtu uint32) (device.Device, error) {
 	}
 }
 
-func setAtLatest(stackType C.TUNStack) {
+func setAtLatest(stackType C.TUNStack, devName string) {
 	if stackType != C.TunSystem {
 		return
 	}
@@ -137,6 +137,18 @@ func setAtLatest(stackType C.TUNStack) {
 		_, _ = cmd.ExecCmd("ipconfig /renew")
 	case "linux":
 		// _, _ = cmd.ExecCmd("sysctl -w net.ipv4.ip_forward=1")
+		// _, _ = cmd.ExecCmd("sysctl -w net.ipv4.conf.all.forwarding = 1")
+		// _, _ = cmd.ExecCmd("sysctl -w net.ipv4.conf.all.accept_local = 1")
+		// _, _ = cmd.ExecCmd("sysctl -w net.ipv4.conf.all.accept_redirects = 1")
+		// _, _ = cmd.ExecCmd("sysctl -w net.ipv4.conf.all.rp_filter = 2")
+		// _, _ = cmd.ExecCmd("sysctl -w net.ipv4.conf.default.forwarding = 1")
+		// _, _ = cmd.ExecCmd("sysctl -w net.ipv4.conf.default.accept_local = 1")
+		// _, _ = cmd.ExecCmd("sysctl -w net.ipv4.conf.default.accept_redirects = 1")
+		// _, _ = cmd.ExecCmd("sysctl -w net.ipv4.conf.default.rp_filter = 2")
+		// _, _ = cmd.ExecCmd(fmt.Sprintf("sysctl -w net.ipv4.conf.%s.forwarding = 1", devName))
+		// _, _ = cmd.ExecCmd(fmt.Sprintf("sysctl -w net.ipv4.conf.%s.accept_local = 1", devName))
+		// _, _ = cmd.ExecCmd(fmt.Sprintf("sysctl -w net.ipv4.conf.%s.accept_redirects = 1", devName))
+		// _, _ = cmd.ExecCmd(fmt.Sprintf("sysctl -w net.ipv4.conf.%s.rp_filter = 2", devName))
 		// _, _ = cmd.ExecCmd("iptables -t filter -P FORWARD ACCEPT")
 	}
 }