首页 注册 登录
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
evemoo

记录: clash-meta 配置 ss 回连访问局域网设备

  •   
  •   evemoo · 1 天前 · 596 次点击

    两个注意点:

    1. clash-meta 取消勾选“网络->绕过私有地址”,不然配置了 dns 和 tun 都会被直接过滤掉,连 debug 日志都不显示 192.168.0.0/16 的访问流量;
    2. dns -> proxy-server-nameserver 要加,不然解析不到回连的 ddns 域名

    配置如下:

    mixed-port: 7890

# Linux 和 macOS 的 redir 代理端口
redir-port: 7892

# 允许局域网的连接
allow-lan: true

# 规则模式:Rule (规则) / Global (全局代理)/ Direct (全局直连)
mode: rule

# 设置日志输出级别 (默认级别:silent ,即不输出任何内容,以避免因日志内容过大而导致程序内存溢出)。
# 5 个级别:silent / warning / error / info / debug 。级别越高日志输出量越大,越倾向于调试,若需要请自行开启。
log-level: info

# Clash 的 RESTful API
external-controller: '127.0.0.1:9091'

# RESTful API 的口令
secret: ''

tun:
  enable: true
  stack: mixed
  dns-hijack:
    - "any:53"
    - "tcp://any:53"
  auto-route: true
  auto-redirect: true
  auto-detect-interface: true

dns:
  enable: true
  ipv6: false
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  fake-ip-filter:
    - "*"
    - "+.lan"
    - "+.local"
    - "+.market.xiaomi.com"
  nameserver:
    - https://1.1.1.1/dns-query
    - https://8.8.8.8/dns-query
  proxy-server-nameserver: # 解析代理节点
    - https://doh.pub/dns-query
    - https://dns.alidns.com/dns-query
  nameserver-policy:
    "geosite:cn,private":
    - 223.5.5.5
    - 119.29.29.29

# proxy provider start here
proxies:
  - name: ss-in
    type: ss
    server: 
    port: 
    cipher: 2022-blake3-aes-128-gcm
    password: <openssl rand -base64 16>
    udp: true

proxy-providers:
  sub-1:
    type: http
    url: 
    interval: 3600

  sub-2:
    type: http
    url: 
    interval: 3600
# proxy provider end

proxy-groups:
  - name: 自动选择
    type: url-test
    url: 'http://www.gstatic.com/generate_204'
    interval: 300
    use:
      - sub-1
      - sub-2

  - name: alias-sub-1
    type: select
    use:
      - sub-1


rule-providers:
  reject:
    type: http
    behavior: domain
    url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/reject.txt"
    path: ./ruleset/reject.yaml
    interval: 86400

  icloud:
    type: http
    behavior: domain
    url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/icloud.txt"
    path: ./ruleset/icloud.yaml
    interval: 86400

  apple:
    type: http
    behavior: domain
    url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/apple.txt"
    path: ./ruleset/apple.yaml
    interval: 86400

  google:
    type: http
    behavior: domain
    url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/google.txt"
    path: ./ruleset/google.yaml
    interval: 86400

  proxy:
    type: http
    behavior: domain
    url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/proxy.txt"
    path: ./ruleset/proxy.yaml
    interval: 86400

  direct:
    type: http
    behavior: domain
    url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/direct.txt"
    path: ./ruleset/direct.yaml
    interval: 86400

  private:
    type: http
    behavior: domain
    url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/private.txt"
    path: ./ruleset/private.yaml
    interval: 86400

  gfw:
    type: http
    behavior: domain
    url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/gfw.txt"
    path: ./ruleset/gfw.yaml
    interval: 86400

  tld-not-cn:
    type: http
    behavior: domain
    url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/tld-not-cn.txt"
    path: ./ruleset/tld-not-cn.yaml
    interval: 86400

  telegramcidr:
    type: http
    behavior: ipcidr
    url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/telegramcidr.txt"
    path: ./ruleset/telegramcidr.yaml
    interval: 86400

  cncidr:
    type: http
    behavior: ipcidr
    url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/cncidr.txt"
    path: ./ruleset/cncidr.yaml
    interval: 86400

  lancidr:
    type: http
    behavior: ipcidr
    url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/lancidr.txt"
    path: ./ruleset/lancidr.yaml
    interval: 86400

  applications:
    type: http
    behavior: classical
    url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/applications.txt"
    path: ./ruleset/applications.yaml
    interval: 86400

rules:
  # ss-in
  - IP-CIDR,192.168.31.0/24,ss-in,no-resolve
  # custom rules
  - DOMAIN-SUFFIX,freenom.com,DIRECT
  # from rule-provider
  - RULE-SET,applications,DIRECT
  - DOMAIN,clash.razord.top,DIRECT
  - DOMAIN,yacd.haishan.me,DIRECT
  - RULE-SET,private,DIRECT
  - RULE-SET,reject,REJECT
  - RULE-SET,icloud,DIRECT
  - RULE-SET,apple,DIRECT
  - RULE-SET,google,自动选择
  - RULE-SET,proxy,自动选择
  - RULE-SET,direct,DIRECT
  - RULE-SET,lancidr,DIRECT
  - RULE-SET,cncidr,DIRECT
  - RULE-SET,telegramcidr,自动选择
  - GEOIP,LAN,DIRECT
  - GEOIP,CN,DIRECT
  - MATCH,自动选择



    最后就是 DNS 泄露问题到底重不重要?翻了好多配置以及解析流程的文章,各有观点

  • clash-meta
  • 局域网
  • DNS
    2 条回复    2026-04-24 15:48:04 +08:00
    evemoo
        1
    evemoo  
    OP
       1 天前
    才发现 overwall 跑路了,上周买的都还没怎么用,淦!
    MYDB
        2
    MYDB  
       1 天前
    dns 泄露看个人洁癖,重度洁癖的人不仅会全局 tun ,还会把设备的语言和时区都改成与节点对应的
    关于   ·   帮助文档   ·   自助推广系统   ·   博客   ·   API   ·   FAQ   ·   Solana   ·   2312 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 28ms · UTC 00:58 · PVG 08:58 · LAX 17:58 · JFK 20:58
    ♥ Do have faith in what you're doing.