Sing-box: TUN inbound in client configuration did not work for HTTP(S) traffics

Help
2

I don’t know why, but setting

let
  tunName = "tun0";
in
networking.firewall.trustedInterfaces = [ tunName ];
services.sing-box.settings.inbounds = [
  {
    "tag" = "tun-in";
    "type" = "tun";
    "interface_name" = tunName;
    # ...
  }
];

solves this.