网上的配置抄了很多发现没有用,每个人的需求想法都不一样,理解每个配置的目的才是最主要的
基础设置
- Fake-Ip(TUN)模式 + Mixed 网络栈类型 是我用下来速度最快的,建议不要照抄我的,机器不同,可以每个都试一下,找到适合你的
- 如果改完之后XXX网站访问不了了,不要着急,不一定是你吧配置改崩了,网站那么多,换个试试呗
- 关于DNS,加很多公开的DNS可以提升速度,但是公开的DNS查询有被运营商劫持和泄露的可能,建议全部使用加密的DNS查询,国内外都是
- DNS查询结果会缓存,第一次会慢,后续都会从缓存查询,对速度影响很小,速度和安全不能同时兼顾,如果你想要速度,可以直接使用上记路由下发的DNS这是最快的,要安全将所有DNS缓存加密的
- 整个配置中唯一的未加密DNS查询是
default-nameserver中的119.29.29.29,default-nameserver中的DNS用于解析nameserver和fallbackDNS中的域名,这是必须的,且应该是国内的 nameserver用于没有命中规则的网站,即国内的网站,这里的配置应该全部使用国内DNSfallback用于命中规则的网站,此处不需要配置任何dns,因为解析在远程处理- 当你发现某个应该直连的网站没有直连时,可以尝试上网搜索这是哪个程序的,之后去这些网站上找到这个程序的规则,并设置为直连
- 规则设置,规则应该尽可能精简,规则越多匹配速度越慢,我的设置思想
- 分流国内流量为直连
- 需要经常切换的单独分流,比如Netflix,Spotify等
- 如果存在重复情况,先匹配少量规则再匹配大量规则,参考对Microsoft的分流
https://github.com/ACL4SSR/ACL4SSR/tree/master
https://github.com/blackmatrix7/ios_rule_script
tailscale兼容
- 将tailscale的域名
tailscale.io,tailscale.com加入到fake-ip-filter,tailscale的DNS查询均不会返回fake-ip
- "+.tailscale.com"
- "+.tailscale.io"- 自定义规则里添加,tailscale直连
- DOMAIN-SUFFIX,tailscale.io,DIRECT
- DOMAIN-SUFFIX,tailscale.com,DIRECT完整配置
port: 7890
socks-port: 7891
allow-lan: true
bind-address: "*"
mode: rule
log-level: info
ipv6: false
profile:
store-selected: true
store-fake-ip: true
unified-delay: true
tcp-concurrent: true
dns:
enable: true
ipv6: false
listen: 0.0.0.0:7874
fake-ip-range: 198.18.0.1/16
use-hosts: true
default-nameserver:
- 119.29.29.29
nameserver:
- https://doh.pub/dns-query
fake-ip-filter:
- "*.lan"
# 此处隐藏
- "+.tailscale.com"
- "+.tailscale.io"
fallback:
- 1.1.1.1
- 8.8.8.8
fallback-filter:
geoip: true
geoip-code: CN
ipcidr:
- 240.0.0.0/4
fake-ip-filter-mode: blacklist
enhanced-mode: fake-ip
rules:
- IP-CIDR,45.121.184.0/24,DIRECT
- DOMAIN-SUFFIX,tailscale.io,DIRECT
- DOMAIN-SUFFIX,tailscale.com,DIRECT2025/3/23更新
主要更新规则匹配部分
port: 8080
socks-port: 1080
allow-lan: true
bind-address: "*"
mode: rule
log-level: warning
ipv6: false
profile:
store-selected: true
store-fake-ip: true
unified-delay: true
tcp-concurrent: true
dns:
enable: true
ipv6: false
listen: '[::]:1053'
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
use-hosts: true
default-nameserver:
- 223.5.5.5
- 119.29.29.29
nameserver:
- https://dns.alidns.com/dns-query
- https://doh.pub/dns-query
fake-ip-filter:
- "*.lan"
- "*.localdomain"
- "*.example"
- "*.invalid"
- "*.localhost"
- "*.test"
- "*.local"
- "*.home.arpa"
- time.*.com
- time.*.gov
- time.*.edu.cn
- time.*.apple.com
- time-ios.apple.com
- time1.*.com
- time2.*.com
- time3.*.com
- time4.*.com
- time5.*.com
- time6.*.com
- time7.*.com
- ntp.*.com
- ntp1.*.com
- ntp2.*.com
- ntp3.*.com
- ntp4.*.com
- ntp5.*.com
- ntp6.*.com
- ntp7.*.com
- "*.time.edu.cn"
- "*.ntp.org.cn"
- +.pool.ntp.org
- time1.cloud.tencent.com
- music.163.com
- "*.music.163.com"
- "*.126.net"
- musicapi.taihe.com
- music.taihe.com
- songsearch.kugou.com
- trackercdn.kugou.com
- "*.kuwo.cn"
- api-jooxtt.sanook.com
- api.joox.com
- joox.com
- y.qq.com
- "*.y.qq.com"
- streamoc.music.tc.qq.com
- mobileoc.music.tc.qq.com
- isure.stream.qqmusic.qq.com
- dl.stream.qqmusic.qq.com
- aqqmusic.tc.qq.com
- amobile.music.tc.qq.com
- "*.xiami.com"
- "*.music.migu.cn"
- music.migu.cn
- +.msftconnecttest.com
- +.msftncsi.com
- localhost.ptlogin2.qq.com
- localhost.sec.qq.com
- +.qq.com
- +.tencent.com
- +.srv.nintendo.net
- "*.n.n.srv.nintendo.net"
- +.cdn.nintendo.net
- +.stun.playstation.net
- xbox.*.*.microsoft.com
- "*.*.xboxlive.com"
- xbox.*.microsoft.com
- xnotify.xboxlive.com
- +.battlenet.com.cn
- +.wotgame.cn
- +.wggames.cn
- +.wowsgame.cn
- +.wargaming.net
- proxy.golang.org
- stun.*.*
- stun.*.*.*
- +.stun.*.*
- +.stun.*.*.*
- +.stun.*.*.*.*
- +.stun.*.*.*.*.*
- heartbeat.belkin.com
- "*.linksys.com"
- "*.linksyssmartwifi.com"
- "*.router.asus.com"
- mesu.apple.com
- swscan.apple.com
- swquery.apple.com
- swdownload.apple.com
- swcdn.apple.com
- swdist.apple.com
- lens.l.google.com
- stun.l.google.com
- na.b.g-tun.com
- +.nflxvideo.net
- "*.square-enix.com"
- "*.finalfantasyxiv.com"
- "*.ffxiv.com"
- "*.ff14.sdo.com"
- ff.dorado.sdo.com
- "*.mcdn.bilivideo.cn"
- +.media.dssott.com
- shark007.net
- Mijia Cloud
- +.cmbchina.com
- +.cmbimg.com
- local.adguard.org
- +.sandai.net
- +.n0808.com
- +.uu.163.com
- ps.res.netease.com
- +.pub.3gppnetwork.org
- geosite:category-games
- geosite:apple-cn
- +.vio.vin
- +.openwrt.ai
- +.tailscale.com
- +.tailscale.io
- geosite:cn
fallback:
- 1.1.1.1
- 8.8.8.8
fallback-filter:
geoip: true
geoip-code: CN
ipcidr:
- 240.0.0.0/4
fake-ip-filter-mode: blacklist
respect-rules: true
prefer-h3: false
use-system-hosts: false
proxy-server-nameserver:
- https://dns.alidns.com/dns-query
- https://doh.pub/dns-query
direct-nameserver:
- https://dns.alidns.com/dns-query
- https://doh.pub/dns-query
proxy-providers:
Kuromisubs:
url: ""
type: http
interval: 86400
health-check:
enable: true
url: https://www.gstatic.com/generate_204
interval: 300
proxy: DIRECT
header:
User-Agent:
- "mihomo"
#proxies:
# - {name: DIRECT, type: direct, udp: true}
pr: &pr {type: select, proxies: [PROXY, 香港故转, 新加坡故转, 日本故转, 香港自动, 日本自动, 新加坡自动, 美国自动, 香港节点, 日本节点, 美国节点, 全部节点, DIRECT]}
proxy-groups:
- {name: PROXY, type: select, proxies: [香港故转, 新加坡故转, 日本故转, 香港自动, 日本自动, 新加坡自动, 美国自动, 香港节点, 日本节点, 美国节点, 全部节点, DIRECT]}
- {name: Microsoft, <<: *pr}
- {name: Github, <<: *pr}
- {name: NETFLIX, <<: *pr}
- {name: Spotify, <<: *pr}
- {name: MATCH, <<: *pr}
- {name: 香港节点, type: select, include-all: true, filter: "(?i)港|hk|hongkong|hong kong"}
- {name: 日本节点, type: select, include-all: true, filter: "(?i)日|jp|japan"}
- {name: 美国节点, type: select, include-all: true, filter: "(?i)美|us|unitedstates|united states"}
- {name: 香港故转, type: fallback, include-all: true, tolerance: 20, interval: 300, filter: "(?=.*(港|HK|(?i)Hong))^((?!(台|日|韩|新|深|美)).)*$"}
- {name: 日本故转, type: fallback, include-all: true, tolerance: 20, interval: 300, filter: "(?=.*(日|JP|(?i)Japan))^((?!(港|台|韩|新|美)).)*$" }
- {name: 新加坡故转, type: fallback, include-all: true, tolerance: 20, interval: 300, filter: "(?=.*(新|SG|(?i)Singapore))^((?!(港|台|日|韩|美)).)*$"}
- {name: 香港自动, type: url-test, include-all: true, tolerance: 20, interval: 300, filter: "(?=.*(港|HK|(?i)Hong))^((?!(台|日|韩|新|深|美)).)*$"}
- {name: 日本自动, type: url-test, include-all: true, tolerance: 20, interval: 300, filter: "(?=.*(日|JP|(?i)Japan))^((?!(港|台|韩|新|美)).)*$" }
- {name: 新加坡自动, type: url-test, include-all: true, tolerance: 20, interval: 300, filter: "(?=.*(新|SG|(?i)Singapore))^((?!(港|台|日|韩|美)).)*$"}
- {name: 美国自动, type: url-test, include-all: true, tolerance: 20, interval: 300, filter: "(?=.*(美|US|(?i)States|America))^((?!(港|台|日|韩|新)).)*$"}
- {name: 全部节点, type: select, include-all: true}
# 规则集
rule-anchor:
ip: &ip {type: http, interval: 86400, behavior: ipcidr, format: mrs}
domain: &domain {type: http, interval: 86400, behavior: domain, format: mrs}
class: &class {type: http, interval: 86400, behavior: classical, format: text}
yaml: &yaml {type: http, interval: 86400, behavior: domain, format: yaml, path: payload}
rule-providers:
# ChinaMax: { <<: *yaml, url: "https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/refs/heads/master/rule/Clash/ChinaMax/ChinaMax_Classical.yaml" }
# Microsoft: { <<: *yaml, url: "https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/refs/heads/master/rule/Clash/Microsoft/Microsoft.yaml"}
# Speedtest: { <<: *yaml, url: "https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/refs/heads/master/rule/Clash/Speedtest/Speedtest_No_Resolve.yaml"}
# GFW: { <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/gfw.mrs"}
# Game: { <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/category-games.mrs"}
rules:
- DOMAIN-SUFFIX,mojang.com,PROXY
- DOMAIN-SUFFIX,vio.vin,DIRECT
- DOMAIN-SUFFIX,violet.vin,PROXY
- DOMAIN-SUFFIX,tailscale.io,DIRECT
- DOMAIN-SUFFIX,tailscale.com,DIRECT
- GEOSITE,CN,DIRECT
- GEOIP,CN,DIRECT
- GEOSITE,CATEGORY-GAME-ACCELERATOR-CN,DIRECT
- GEOSITE,CATEGORY-GAMES,DIRECT
- GEOSITE,apple,DIRECT
- GEOSITE,apple-cn,DIRECT
- GEOSITE,netflix,NETFLIX,no-resolve
- GEOSITE,spotify,Spotify,no-resolve
- GEOSITE,github,Github,no-resolve
- GEOSITE,onedrive,Microsoft,no-resolve
- GEOSITE,microsoft,Microsoft,no-resolve
- MATCH,MATCH
find-process-mode: off
keep-alive-idle: 600
keep-alive-interval: 15
external-ui: ui
external-ui-url: https://github.com/Zephyruso/zashboard/archive/refs/heads/gh-pages.zip
external-controller: '[::]:9090'
secret: "998879"
mixed-port: 7890
redir-port: 7891
tproxy-port: 7892
tun:
enable: true
auto-route: false
auto-redirect: false
auto-detect-interface: false
device: nikki
stack: mixed
mtu: 9000
gso: true
gso-max-size: 65536
endpoint-independent-nat: false
sniffer:
enable: false
force-dns-mapping: false
parse-pure-ip: false
geodata-mode: false
geodata-loader: standard
geox-url:
geosite: https://ghfast.top/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geosite.dat
mmdb: https://ghfast.top/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip-lite.metadb
geoip: https://ghfast.top/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip-lite.dat
asn: https://ghfast.top/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/GeoLite2-ASN.mmdb
geo-auto-update: true
geo-update-interval: 302025/4/1更新
更新了规则,有效防止DNS泄露
rules:
- DOMAIN-SUFFIX,mojang.com,PROXY
- DOMAIN-SUFFIX,vio.vin,DIRECT
- DOMAIN-SUFFIX,violet.vin,PROXY
- DOMAIN-SUFFIX,tailscale.io,DIRECT
- DOMAIN-SUFFIX,tailscale.com,DIRECT
- GEOSITE,CATEGORY-GAME-ACCELERATOR-CN,DIRECT
- GEOSITE,CATEGORY-GAMES,DIRECT
- GEOSITE,apple,DIRECT
- GEOSITE,apple-cn,DIRECT
- GEOSITE,netflix,NETFLIX,no-resolve
- GEOSITE,spotify,Spotify,no-resolve
- GEOSITE,github,Github,no-resolve
- GEOSITE,onedrive,OneDrive
- GEOSITE,microsoft,Microsoft
- GEOSITE,geolocation-!cn,PROXY,no-resolve
- GEOIP,private,DIRECT
- GEOIP,CN,DIRECT
- GEOSITE,CN,DIRECT
- MATCH,MATCH已知问题
HY2节点无法正常访问
相关issue:
https://github.com/MetaCubeX/mihomo/issues/1222
https://github.com/MetaCubeX/mihomo/issues/1911
解决办法:无
Mixed协议栈下,UDP无法正常转发
具体现象表现为所有UDP服务均无法正常访问,Teamspeak连接不上服务器,CS2显示无法连接到任意服务器
相关issue:
https://github.com/MetaCubeX/mihomo/issues/1866
https://github.com/MetaCubeX/mihomo/issues/1632
解决办法:使用System协议栈
0