![]() # strategy: consistent-hashing # or round-robin Load-balance: The request of the same eTLD+1 will be dial to the same proxy. The availability is tested by accessing an URL, just like an auto url-test group. Url-test select which proxy will be used by benchmarking speed to a URL.įallback selects an available policy by priority. # Traffic: clash http vmess ss1 ss2 Internet ![]() # auth_aes128_sha1 auth_chain_a auth_chain_b # random_head tls1.2_ticket_auth tls1.2_ticket_fastauth # The supported ciphers (encryption methods): all stream ciphers in ss # early-data-header-name: Sec-WebSocket-Protocolīeware that there’s currently no UDP support yet # cipher support auto/aes-128-gcm/chacha20-poly1305/none # The supported ciphers (encryption methods): This is a countermeasure against DNS pollution attacks. If fallback-filter.geoip is false, results from nameserver nameserversĪre always used if not match fallback-filter.ipcidr. IP address resolved with servers in nameserver is used whenįallback-filter.geoip is true and when GEOIP of the IP address is CN. Subnets below, they are considered invalid and results from fallback If IP addresses resolved with servers in nameservers are in the specified The answers from fallback servers are used when the GEOIP country To the servers in this section along with servers in nameservers. When fallback is present, the DNS server will send concurrent requests Clash answers the DNS question with the first result gathered. You can specify the port to connect to.Īll DNS questions are sent directly to the nameserver, without proxies questions to these domain names will always be answered with their real IP addresses fake-ip-filter: ‘.lan’ Specify IP addresses only default-nameserver: – 114.114.114.114 – 8.8.8.8 enhanced-mode: redir-host # or fake-ip fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR use-hosts: true # lookup hosts and return IP record Hostnames in this list will not be resolved with fake IPs i.e. dns: enable: false listen: 0.0.0.0:53 ipv6: false # when the false, response to AAAA questions will be empty These nameservers are used to resolve the DNS nameserver hostnames below. When not present, the DNS server will be disabled. foo.com and foo.com hosts: v’: 127.0.0.1 dev’: 127.0.0.1 ‘’: ‘::1’ profile: Store the select results in $HOME/.config/clash/.cache set false If you don’t want this behavior when two different configurations have groups with the same name, the selected values are shared store-selected: false DNS server settings This section is optional. Non-wildcard domain names have a higher priority than wildcard domain namesĮ.g. Static hosts for DNS server and connection establishment (like /etc/hosts) Clash core will thenĪuthenticate by spedifying HTTP header Authorization: Bearer $ĪLWAYS set a secret if RESTful API is listening on 0.0.0.0 When set to false, resolver won’t translate hostnames to IPv6 addressesĪ relative path to the configuration directory or an absolute path to aĭirectory in which you put some static web resource. Global: all packets will be forwarded to a single endpointĭirect: directly forward the packets to the Internet This is only applicable when allow-lan is trueġ92.168.122.11: bind a single IPv4 address Set to true to allow connections to the local-end server from HTTP(S) and SOCKS4(A)/SOCKS5 server on the same portĪuthentication of local SOCKS5/HTTP(S) server Transparent proxy server port for Linux (TProxy TCP and TProxy UDP) Transparent proxy server port for Linux and macOS (Redirect TCP and TProxy UDP) Port of SOCKS5 proxy server on the local end Port of HTTP(S) proxy server on the local end When a request, or say packet, comes in, Clash routes the packet to different remote servers (“nodes”) with either VMess, Shadowsocks, Snell, Trojan, SOCKS5 or HTTP protocol. In this chapter, we’ll cover the common features of Clash and how they should be used and configured.Ĭlash works by opening HTTP, SOCKS5, or the transparent proxy server on the local end. YAML is designed to be easy to be read, be written, and be interpreted by computers, and is commonly used for exact configuration files. You can now move forward to the next chapters of this wiki in which we’ll cover the configuration syntax of Clash.Ĭlash uses YAML, YAML Ain’t Markup Language, for configuration files. $ go install binary is built under $GOPATH/bin You can either grab the pre-built binaries of Clash from or build locally.Ĭlash requires Golang 1.17 or a higher version. TUN mode on macOS, Linux and Windows. Doc.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |