From e6377eac9bbb9804b85672bc640b899143ec457a Mon Sep 17 00:00:00 2001 From: Larvan2 <78135608+Larvan2@users.noreply.github.com> Date: Sat, 25 Feb 2023 17:20:38 +0800 Subject: [PATCH] chore: adjust config.yaml. --- docs/config.yaml | 458 ++++++++++++++++++++++++----------------------- 1 file changed, 236 insertions(+), 222 deletions(-) diff --git a/docs/config.yaml b/docs/config.yaml index e1fc5d2e..f6e9502e 100644 --- a/docs/config.yaml +++ b/docs/config.yaml @@ -7,22 +7,17 @@ mixed-port: 10801 # HTTP(S) 和 SOCKS 代理混合端口 # tproxy-port: 7893 allow-lan: true # 允许局域网连接 -bind-address: "*" # 绑定IP地址,仅作用于 allow-lan 为 true,'*'表示所有地址 +bind-address: "*" # 绑定 IP 地址,仅作用于 allow-lan 为 true,'*'表示所有地址 -# find-process-mode has 3 values: always, strict, off +# find-process-mode has 3 values:always, strict, off # - always, 开启,强制匹配所有进程 -# - strict, 默认,由clash判断是否开启 +# - strict, 默认,由 clash 判断是否开启 # - off, 不匹配进程,推荐在路由器上使用此模式 find-process-mode: strict -# global-client-fingerprint:全局TLS指纹,优先低于proxy内的 client-fingerprint -# accepts "chrome","firefox","safari","ios","random","none" options. -# Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan. -global-client-fingerprint: chrome - mode: rule -#自定义 geox-url +#自定义 geodata url geox-url: geoip: "https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat" geosite: "https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat" @@ -32,16 +27,25 @@ log-level: debug # 日志等级 silent/error/warning/info/debug ipv6: true # 开启 IPv6 总开关,关闭阻断所有 IPv6 链接和屏蔽 DNS 请求 AAAA 记录 +tls: + certificate: string # 证书 PEM 格式,或者 证书的路径 + private-key: string # 证书对应的私钥 PEM 格式,或者私钥路径 + external-controller: 0.0.0.0:9093 # RESTful API 监听地址 external-controller-tls: 0.0.0.0:9443 # RESTful API HTTPS 监听地址,需要配置 tls 部分配置文件 -# secret: "123456" # `Authorization: Bearer ${secret}` +# secret: "123456" # `Authorization:Bearer ${secret}` -# tcp-concurrent: true # TCP并发连接所有IP, 将使用最快握手的TCP -external-ui: /path/to/ui/folder # 配置WEB UI目录,使用http://{{external-controller}}/ui 访问 +# tcp-concurrent: true # TCP 并发连接所有 IP, 将使用最快握手的 TCP +external-ui: /path/to/ui/folder # 配置 WEB UI 目录,使用 http://{{external-controller}}/ui 访问 # interface-name: en0 # 设置出口网卡 -# routing-mark: 6666 # 配置 fwmark 仅用于Linux +# 全局 TLS 指纹,优先低于 proxy 内的 client-fingerprint +# 可选: "chrome","firefox","safari","ios","random","none" options. +# Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan. +global-client-fingerprint: chrome + +# routing-mark:6666 # 配置 fwmark 仅用于 Linux experimental: # 类似于 /etc/hosts, 仅支持配置单个 IP @@ -50,6 +54,13 @@ hosts: # '.dev': 127.0.0.1 # 'alpha.clash.dev': '::1' +profile: + # 存储 select 选择记录 + store-selected: false + + # 持久化 fake-ip + store-fake-ip: true + # Tun 配置 tun: enable: false @@ -75,10 +86,10 @@ tun: #- 1000 # exclude_uid_range: # 排除路由的的用户范围 # - 1000-99999 - + # Android 用户和应用规则仅在 Android 下被支持 # 并且需要 auto_route - + # include_android_user: # 限制被路由的 Android 用户 # - 0 # - 10 @@ -105,15 +116,13 @@ sniffer: # 是否使用嗅探结果作为实际访问,默认 true # 全局配置,优先级低于 sniffer.sniff 实际配置 override-destination: false - sniff: - # TLS 默认如果不配置 ports 默认嗅探 443 + sniff: # TLS 默认如果不配置 ports 默认嗅探 443 TLS: # ports: [443, 8443] - + # 默认嗅探 80 - HTTP: - # 需要嗅探的端口 - + HTTP: # 需要嗅探的端口 + ports: [80, 8080-8880] # 可覆盖 sniffer.override-destination override-destination: true @@ -128,7 +137,7 @@ sniffer: - tls - http # 强制对此域名进行嗅探 - + # 仅对白名单中的端口进行嗅探,默认为 443,80 # 已废弃,若 sniffer.sniff 配置则此项无效 port-whitelist: @@ -136,27 +145,8 @@ sniffer: - "443" # - 8000-9999 -# shadowsocks,vmess 入口配置(传入流量将和socks,mixed等入口一样按照mode所指定的方式进行匹配处理) -# ss-config: ss://2022-blake3-aes-256-gcm:vlmpIPSyHH6f4S8WVPdRIHIlzmB+GIRfoH3aNJ/t9Gg=@:23456 -# vmess-config: vmess://1:9d0cb9d0-964f-4ef6-897d-6c6b3ccf9e68@:12345 -# tuic服务器入口(传入流量将和socks,mixed等入口一样按照mode所指定的方式进行匹配处理) -#tuic-server: -# enable: true -# listen: 127.0.0.1:10443 -# token: -# - TOKEN -# certificate: ./server.crt -# private-key: ./server.key -# congestion-controller: bbr -# max-idle-time: 15000 -# authentication-timeout: 1000 -# alpn: -# - h3 -# max-udp-relay-packet-size: 1500 - -tunnels: - # one line config +tunnels: # one line config - tcp/udp,127.0.0.1:6553,114.114.114.114:53,proxy - tcp,127.0.0.1:6666,rds.mysql.com:3306,vpn # full yaml config @@ -165,12 +155,6 @@ tunnels: target: target.com proxy: proxy -profile: - # 存储select选择记录 - store-selected: false - - # 持久化fake-ip - store-fake-ip: true # DNS配置 dns: @@ -178,7 +162,7 @@ dns: prefer-h3: true # 开启 DoH 支持 HTTP/3,将并发尝试 listen: 0.0.0.0:53 # 开启 DNS 服务器监听 # ipv6: false # false 将返回 AAAA 的空结果 - + # 用于解析 nameserver,fallback 以及其他DNS服务器配置的,DNS 服务域名 # 只能使用纯 IP 地址,可使用加密 DNS default-nameserver: @@ -187,16 +171,16 @@ dns: - tls://1.12.12.12:853 - tls://223.5.5.5:853 enhanced-mode: fake-ip # or redir-host - + fake-ip-range: 198.18.0.1/16 # fake-ip 池设置 - + # use-hosts: true # 查询 hosts - + # 配置不使用fake-ip的域名 # fake-ip-filter: # - '*.lan' # - localhost.ptlogin2.qq.com - + # DNS主要域名配置 # 支持 UDP,TCP,DoT,DoH,DoQ # 这部分为主要 DNS 配置,影响所有直连,确保使用对大陆解析精准的 DNS @@ -210,20 +194,20 @@ dns: - dhcp://en0 # dns from dhcp - quic://dns.adguard.com:784 # DNS over QUIC # - '8.8.8.8#en0' # 兼容指定DNS出口网卡 - + # 当配置 fallback 时,会查询 nameserver 中返回的 IP 是否为 CN,非必要配置 # 当不是 CN,则使用 fallback 中的 DNS 查询结果 # 确保配置 fallback 时能够正常查询 # fallback: # - tcp://1.1.1.1 # - 'tcp://1.1.1.1#ProxyGroupName' # 指定 DNS 过代理查询,ProxyGroupName 为策略组名或节点名,过代理配置优先于配置出口网卡,当找不到策略组或节点名则设置为出口网卡 - + # 专用于节点域名解析的 DNS 服务器,非必要配置项 # 配置服务器若查询失败将使用 nameserver,非并发查询 # proxy-server-nameserver: # - https://dns.google/dns-query # - tls://one.one.one.one - + # 配置 fallback 使用条件 # fallback-filter: # geoip: true # 配置是否使用 geoip @@ -238,14 +222,53 @@ dns: # - '+.google.com' # - '+.facebook.com' # - '+.youtube.com' - + # 配置查询域名使用的 DNS 服务器 - nameserver-policy: - # 'www.baidu.com': '114.114.114.114' + nameserver-policy: # 'www.baidu.com': '114.114.114.114' # '+.internal.crop.com': '10.0.0.1' - "geosite:cn": "https://doh.pub/dns-query" - "www.baidu.com": [https://doh.pub/dns-query,https://dns.alidns.com/dns-query] -proxies: + "geosite:cn": + - https://doh.pub/dns-query + - https://dns.alidns.com/dns-query + "www.baidu.com": [https://doh.pub/dns-query, https://dns.alidns.com/dns-query] + +proxies: # socks5 + - name: "socks" + type: socks5 + server: server + port: 443 + # username: username + # password: password + # tls: true + # fingerprint: xxxx + # skip-cert-verify: true + # udp: true + # ip-version: ipv6 + + # http + - name: "http" + type: http + server: server + port: 443 + # username: username + # password: password + # tls: true # https + # skip-cert-verify: true + # sni: custom.com + # fingerprint: xxxx # 同 experimental.fingerprints 使用 sha256 指纹,配置协议独立的指纹,将忽略 experimental.fingerprints + # ip-version: dual + + # Snell + # Beware that there's currently no UDP support yet + - name: "snell" + type: snell + server: server + port: 44046 + psk: yourpsk + # version: 2 + # obfs-opts: + # mode: http # or tls + # host: bing.com + # Shadowsocks # cipher支持: # aes-128-gcm aes-192-gcm aes-256-gcm @@ -268,6 +291,7 @@ proxies: # UDP 则为双栈解析,获取结果中的第一个 IPv4 # ipv6-prefer 同 ipv4-prefer # 现有协议都支持此参数,TCP 效果仅在开启 tcp-concurrent 生效 + - name: "ss2" type: ss server: server @@ -278,7 +302,7 @@ proxies: plugin-opts: mode: tls # or http # host: bing.com - + - name: "ss3" type: ss server: server @@ -288,17 +312,17 @@ proxies: plugin: v2ray-plugin plugin-opts: mode: websocket # no QUIC now - # tls: true # wss - # 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取 - # 配置指纹将实现 SSL Pining 效果 - # fingerprint: xxxx - # skip-cert-verify: true - # host: bing.com - # path: "/" - # mux: true - # headers: - # custom: value - + # tls: true # wss + # 可使用 openssl x509 -noout -fingerprint -sha256 -inform pem -in yourcert.pem 获取 + # 配置指纹将实现 SSL Pining 效果 + # fingerprint: xxxx + # skip-cert-verify: true + # host: bing.com + # path: "/" + # mux: true + # headers: + # custom: value + - name: "ss4" type: ss server: server @@ -310,7 +334,7 @@ proxies: host: "cloud.tencent.com" password: "shadow_tls_password" version: 2 # support 1/2/3 - + # vmess # cipher支持 auto/aes-128-gcm/chacha20-poly1305/none - name: "vmess" @@ -333,7 +357,7 @@ proxies: # Host: v2ray.com # max-early-data: 2048 # early-data-header-name: Sec-WebSocket-Protocol - + - name: "vmess-h2" type: vmess server: server @@ -349,7 +373,7 @@ proxies: - http.example.com - http-alt.example.com path: / - + - name: "vmess-http" type: vmess server: server @@ -360,15 +384,15 @@ proxies: # udp: true # network: http # http-opts: - # # method: "GET" - # # path: - # # - '/' - # # - '/video' - # # headers: - # # Connection: - # # - keep-alive + # method: "GET" + # path: + # - '/' + # - '/video' + # headers: + # Connection: + # - keep-alive # ip-version: ipv4 # 设置使用 IP 类型偏好,可选:ipv4,ipv6,dual,默认值:dual - + - name: vmess-grpc server: server port: 443 @@ -384,100 +408,7 @@ proxies: grpc-opts: grpc-service-name: "example" # ip-version: ipv4 - - # socks5 - - name: "socks" - type: socks5 - server: server - port: 443 - # username: username - # password: password - # tls: true - # fingerprint: xxxx - # skip-cert-verify: true - # udp: true - # ip-version: ipv6 - - # http - - name: "http" - type: http - server: server - port: 443 - # username: username - # password: password - # tls: true # https - # skip-cert-verify: true - # sni: custom.com - # fingerprint: xxxx # 同 experimental.fingerprints 使用 sha256 指纹,配置协议独立的指纹,将忽略 experimental.fingerprints - # ip-version: dual - - # Snell - # Beware that there's currently no UDP support yet - - name: "snell" - type: snell - server: server - port: 44046 - psk: yourpsk - # version: 2 - # obfs-opts: - # mode: http # or tls - # host: bing.com - - # Trojan - - name: "trojan" - type: trojan - server: server - port: 443 - password: yourpsk - # client-fingerprint: random # Available: "chrome","firefox","safari","random","none" - # fingerprint: xxxx - # udp: true - # sni: example.com # aka server name - # alpn: - # - h2 - # - http/1.1 - # skip-cert-verify: true - - - name: trojan-grpc - server: server - port: 443 - type: trojan - password: "example" - network: grpc - sni: example.com - # skip-cert-verify: true - # fingerprint: xxxx - udp: true - grpc-opts: - grpc-service-name: "example" - - - name: trojan-ws - server: server - port: 443 - type: trojan - password: "example" - network: ws - sni: example.com - # skip-cert-verify: true - # fingerprint: xxxx - udp: true - # ws-opts: - # path: /path - # headers: - # Host: example.com - - - name: "trojan-xtls" - type: trojan - server: server - port: 443 - password: yourpsk - flow: "xtls-rprx-direct" # xtls-rprx-origin xtls-rprx-direct - flow-show: true - # udp: true - # sni: example.com # aka server name - # skip-cert-verify: true - # fingerprint: xxxx - + # vless - name: "vless-tcp" type: vless @@ -490,7 +421,21 @@ proxies: # skip-cert-verify: true # fingerprint: xxxx # client-fingerprint: random # Available: "chrome","firefox","safari","random","none" - + + - name: "vless-vision" + type: vless + server: server + port: 443 + uuid: uuid + network: tcp + tls: true + udp: true + xudp: true + flow: xtls-rprx-vision # xtls-rprx-origin # enable XTLS + client-fingerprint: chrome + # fingerprint: xxxx + # skip-cert-verify: true + - name: "vless-ws" type: vless server: server @@ -507,6 +452,61 @@ proxies: path: "/" headers: Host: example.com + + # Trojan + - name: "trojan" + type: trojan + server: server + port: 443 + password: yourpsk + # client-fingerprint: random # Available: "chrome","firefox","safari","random","none" + # fingerprint: xxxx + # udp: true + # sni: example.com # aka server name + # alpn: + # - h2 + # - http/1.1 + # skip-cert-verify: true + + - name: trojan-grpc + server: server + port: 443 + type: trojan + password: "example" + network: grpc + sni: example.com + # skip-cert-verify: true + # fingerprint: xxxx + udp: true + grpc-opts: + grpc-service-name: "example" + + - name: trojan-ws + server: server + port: 443 + type: trojan + password: "example" + network: ws + sni: example.com + # skip-cert-verify: true + # fingerprint: xxxx + udp: true + # ws-opts: + # path: /path + # headers: + # Host: example.com + + - name: "trojan-xtls" + type: trojan + server: server + port: 443 + password: yourpsk + flow: "xtls-rprx-direct" # xtls-rprx-origin xtls-rprx-direct + flow-show: true + # udp: true + # sni: example.com # aka server name + # skip-cert-verify: true + # fingerprint: xxxx #hysteria - name: "hysteria" @@ -533,7 +533,8 @@ proxies: # disable_mtu_discovery: false # fingerprint: xxxx # fast-open: true # 支持 TCP 快速打开,默认为 false - + + # wireguard - name: "wg" type: wireguard server: 162.159.192.1 @@ -543,7 +544,9 @@ proxies: private-key: eCtXsJZ27+4PbhDkHnB923tkUn2Gj59wZw5wFA75MnU= public-key: Cr8hWlKvtDt7nrvf+f0brNQQzabAqrjfBvas9pmowjo= udp: true - # reserved: 'U4An' + reserved: "U4An" + + # tuic - name: tuic server: www.example.com port: 10443 @@ -552,16 +555,16 @@ proxies: # ip: 127.0.0.1 # for overwriting the DNS lookup result of the server address set in option 'server' # heartbeat-interval: 10000 # alpn: [h3] - # disable-sni: true + disable-sni: true reduce-rtt: true - # request-timeout: 8000 + request-timeout: 8000 udp-relay-mode: native # Available: "native", "quic". Default: "native" # congestion-controller: bbr # Available: "cubic", "new_reno", "bbr". Default: "cubic" # max-udp-relay-packet-size: 1500 # fast-open: true # skip-cert-verify: true # max-open-streams: 20 # default 100, too many open streams may hurt performance - + # ShadowsocksR # The supported ciphers (encryption methods): all stream ciphers in ss # The supported obfses: @@ -582,8 +585,7 @@ proxies: # protocol-param: "#" # udp: true -proxy-groups: - # 代理链,若落地协议支持 UDP over TCP 则可支持 UDP +proxy-groups: # 代理链,若落地协议支持 UDP over TCP 则可支持 UDP # Traffic: clash <-> http <-> vmess <-> ss1 <-> ss2 <-> Internet - name: "relay" type: relay @@ -592,7 +594,7 @@ proxy-groups: - vmess - ss1 - ss2 - + # url-test 将按照 url 测试结果使用延迟最低节点 - name: "auto" type: url-test @@ -604,7 +606,7 @@ proxy-groups: # lazy: true url: "https://cp.cloudflare.com/generate_204" interval: 300 - + # fallback 将按照 url 测试结果按照节点顺序选择 - name: "fallback-auto" type: fallback @@ -614,7 +616,7 @@ proxy-groups: - vmess1 url: "https://cp.cloudflare.com/generate_204" interval: 300 - + # load-balance 将按照算法随机选择节点 - name: "load-balance" type: load-balance @@ -624,8 +626,8 @@ proxy-groups: - vmess1 url: "https://cp.cloudflare.com/generate_204" interval: 300 - # strategy: consistent-hashing # 可选 round-robin 和 sticky-sessions - + # strategy: consistent-hashing # 可选 round-robin 和 sticky-sessions + # select 用户自行选择节点 - name: Proxy type: select @@ -635,7 +637,7 @@ proxy-groups: - ss2 - vmess1 - auto - + # 配置指定 interface-name 和 fwmark 的 DIRECT - name: en1 type: select @@ -643,7 +645,7 @@ proxy-groups: routing-mark: 6667 proxies: - DIRECT - + - name: UseProvider type: select filter: "HK|TW" # 正则表达式,过滤 provider1 中节点名包含 HK 或 TW @@ -690,7 +692,8 @@ rules: - DOMAIN-KEYWORD,google,ss1 - IP-CIDR,1.1.1.1/32,ss1 - IP-CIDR6,2409::/64,DIRECT - - SUB-RULE,(OR,((NETWORK,TCP),(NETWORK,UDP))),sub-rule-name1 # 当满足条件是 TCP 或 UDP 流量时,使用名为 sub-rule-name1 当规则集 + # 当满足条件是 TCP 或 UDP 流量时,使用名为 sub-rule-name1 的规则集 + - SUB-RULE,(OR,((NETWORK,TCP),(NETWORK,UDP))),sub-rule-name1 - SUB-RULE,(AND,((NETWORK,UDP))),sub-rule-name2 # 定义多个子规则集,规则将以分叉匹配,使用 SUB-RULE 使用 # google.com(not match)--> baidu.com(match) @@ -717,15 +720,6 @@ sub-rules: - IP-CIDR,8.8.8.8/32,ss1 - DOMAIN,dns.alidns.com,REJECT -tls: - certificate: string # 证书 PEM 格式,或者 证书的路径 - private-key: string # 证书对应的私钥 PEM 格式,或者私钥路径 - # 自定义证书验证,将加入 Clash 证书验证中,绝大多数 TLS 相关支持,如:DNS - # 可用于自定义证书的验证 - custom-certificates: - - certificate: string # 证书 PEM 格式,或者 证书的路径 - private-key: string # 证书对应的私钥 PEM 格式,或者私钥路径 - # 流量入站 listeners: - name: socks5-in-1 @@ -735,14 +729,14 @@ listeners: # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules # proxy: proxy # 如果不为空则直接将该入站流量交由指定proxy处理 # udp: false # 默认 true - + - name: http-in-1 type: http port: 10809 listen: 0.0.0.0 # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules # proxy: proxy # 如果不为空则直接将该入站流量交由指定proxy处理(当proxy不为空时,这里的proxy名称必须合法,否则会出错) - + - name: mixed-in-1 type: mixed # HTTP(S) 和 SOCKS 代理混合 port: 10810 @@ -750,14 +744,14 @@ listeners: # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules # proxy: proxy # 如果不为空则直接将该入站流量交由指定proxy处理(当proxy不为空时,这里的proxy名称必须合法,否则会出错) # udp: false # 默认 true - + - name: reidr-in-1 type: redir port: 10811 listen: 0.0.0.0 # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules # proxy: proxy # 如果不为空则直接将该入站流量交由指定proxy处理(当proxy不为空时,这里的proxy名称必须合法,否则会出错) - + - name: tproxy-in-1 type: tproxy port: 10812 @@ -765,7 +759,7 @@ listeners: # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules # proxy: proxy # 如果不为空则直接将该入站流量交由指定proxy处理(当proxy不为空时,这里的proxy名称必须合法,否则会出错) # udp: false # 默认 true - + - name: shadowsocks-in-1 type: shadowsocks port: 10813 @@ -774,7 +768,7 @@ listeners: # proxy: proxy # 如果不为空则直接将该入站流量交由指定proxy处理(当proxy不为空时,这里的proxy名称必须合法,否则会出错) password: vlmpIPSyHH6f4S8WVPdRIHIlzmB+GIRfoH3aNJ/t9Gg= cipher: 2022-blake3-aes-256-gcm - + - name: vmess-in-1 type: vmess port: 10814 @@ -785,7 +779,7 @@ listeners: - username: 1 uuid: 9d0cb9d0-964f-4ef6-897d-6c6b3ccf9e68 alterId: 1 - + - name: tuic-in-1 type: tuic port: 10815 @@ -802,7 +796,7 @@ listeners: # alpn: # - h3 # max-udp-relay-packet-size: 1500 - + - name: tunnel-in-1 type: tunnel port: 10816 @@ -811,7 +805,7 @@ listeners: # proxy: proxy # 如果不为空则直接将该入站流量交由指定proxy处理(当proxy不为空时,这里的proxy名称必须合法,否则会出错) network: [tcp, udp] target: target.com - + - name: tun-in-1 type: tun # rule: sub-rule-name1 # 默认使用 rules,如果未找到 sub-rule 则直接使用 rules @@ -827,25 +821,25 @@ listeners: inet6-address: # 必须手动设置ipv6地址段 - "fdfe:dcba:9877::1/126" # strict_route: true # 将所有连接路由到tun来防止泄漏,但你的设备将无法其他设备被访问 - # inet4_route_address: # 启用 auto_route 时使用自定义路由而不是默认路由 - # - 0.0.0.0/1 - # - 128.0.0.0/1 - # inet6_route_address: # 启用 auto_route 时使用自定义路由而不是默认路由 - # - "::/1" - # - "8000::/1" + # inet4_route_address: # 启用 auto_route 时使用自定义路由而不是默认路由 + # - 0.0.0.0/1 + # - 128.0.0.0/1 + # inet6_route_address: # 启用 auto_route 时使用自定义路由而不是默认路由 + # - "::/1" + # - "8000::/1" # endpoint_independent_nat: false # 启用独立于端点的 NAT # include_uid: # UID 规则仅在 Linux 下被支持,并且需要 auto_route # - 0 # include_uid_range: # 限制被路由的的用户范围 # - 1000-99999 # exclude_uid: # 排除路由的的用户 - #- 1000 + # - 1000 # exclude_uid_range: # 排除路由的的用户范围 # - 1000-99999 - + # Android 用户和应用规则仅在 Android 下被支持 # 并且需要 auto_route - + # include_android_user: # 限制被路由的 Android 用户 # - 0 # - 10 @@ -853,3 +847,23 @@ listeners: # - com.android.chrome # exclude_package: # 排除被路由的 Android 应用包名 # - com.android.captiveportallogin + +# 入口配置与 Listener 等价,传入流量将和 socks,mixed 等入口一样按照 mode 所指定的方式进行匹配处理 +# shadowsocks,vmess 入口配置(传入流量将和socks,mixed等入口一样按照mode所指定的方式进行匹配处理) +# ss-config: ss://2022-blake3-aes-256-gcm:vlmpIPSyHH6f4S8WVPdRIHIlzmB+GIRfoH3aNJ/t9Gg=@:23456 +# vmess-config: vmess://1:9d0cb9d0-964f-4ef6-897d-6c6b3ccf9e68@:12345 + +# tuic服务器入口(传入流量将和socks,mixed等入口一样按照mode所指定的方式进行匹配处理) +# tuic-server: +# enable: true +# listen: 127.0.0.1:10443 +# token: +# - TOKEN +# certificate: ./server.crt +# private-key: ./server.key +# congestion-controller: bbr +# max-idle-time: 15000 +# authentication-timeout: 1000 +# alpn: +# - h3 +# max-udp-relay-packet-size: 1500 \ No newline at end of file