网上的配置抄了很多发现没有用,每个人的需求想法都不一样,理解每个配置的目的才是最主要的
基础设置
- Fake-Ip(TUN)模式 + Mixed 网络栈类型 是我用下来速度最快的,建议不要照抄我的,机器不同,可以每个都试一下,找到适合你的
- 如果改完之后XXX网站访问不了了,不要着急,不一定是你吧配置改崩了,网站那么多,换个试试呗
- 关于DNS,加很多公开的DNS可以提升速度,但是公开的DNS查询有被运营商劫持和泄露的可能,建议全部使用加密的DNS查询,国内外都是
- DNS查询结果会缓存,第一次会慢,后续都会从缓存查询,对速度影响很小,速度和安全不能同时兼顾,如果你想要速度,可以直接使用上记路由下发的DNS这是最快的,要安全将所有DNS缓存加密的
- 整个配置中唯一的未加密DNS查询是
default-nameserver中的119.29.29.29,default-nameserver中的DNS用于解析nameserver和fallbackDNS中的域名,这是必须的,且应该是国内的 nameserver用于没有命中规则的网站,即国内的网站,这里的配置应该全部使用国内DNSfallback用于命中规则的网站,此处不需要配置任何dns,因为解析在远程处理- 当你发现某个应该直连的网站没有直连时,可以尝试上网搜索这是哪个程序的,之后去这些网站上找到这个程序的规则,并设置为直连
- 规则设置,规则应该尽可能精简,规则越多匹配速度越慢,我的设置思想
- 分流国内流量为直连
- 需要经常切换的单独分流,比如Netflix,Spotify等
- 如果存在重复情况,先匹配少量规则再匹配大量规则,参考对Microsoft的分流
https://github.com/ACL4SSR/ACL4SSR/tree/master
https://github.com/blackmatrix7/ios_rule_script
tailscale兼容
- 将tailscale的域名
tailscale.io,tailscale.com加入到fake-ip-filter,tailscale的DNS查询均不会返回fake-ip
- "+.tailscale.com"
- "+.tailscale.io"- 自定义规则里添加,tailscale直连
- DOMAIN-SUFFIX,tailscale.io,DIRECT
- DOMAIN-SUFFIX,tailscale.com,DIRECT完整配置
这份配置实现了
1、填写proxy-providers中的url,自动分离分地区节点,只配置了我常用的地区
2、自动链式代理,两链式代理方式,①FALLBACK模式:故障转移,同一地区某个节点无法连接自动转移到其他节点上;②SELECT模式:手动选择,手动选择需要链式代理的前置节点
3、除了HK无法使用AI,对AI分流至US之外,无其他分流规则
port: 8080
socks-port: 1080
allow-lan: true
bind-address: '*'
mode: rule
log-level: info
ipv6: false
profile:
store-selected: true
store-fake-ip: false
unified-delay: true
tcp-concurrent: true
dns-servers:
proxy-doh: &proxy-doh <代理的DOH地址>
direct-doh: &direct-doh <直连的DOH地址>
dns:
enable: true
ipv6: false
listen: '[::]:1053'
enhanced-mode: redir-host
use-hosts: true
rebind: false
default-nameserver:
- 223.5.5.5
proxy-server-nameserver:
- 223.5.5.5
nameserver:
- *proxy-doh
nameserver-policy:
'rule-set:violet-ruleset-proxy':
- *proxy-doh
'rule-set:violet-ruleset-direct':
- *direct-doh
'rule-set:violet-ruleset-dns':
- *proxy-doh
'geosite:category-games,category-game-platforms-download,category-game-accelerator-cn':
- *direct-doh
'geosite:category-ai-!cn,tiktok,spotify':
- *proxy-doh
'geosite:geolocation-!cn@cn':
- *direct-doh
'geosite:geolocation-!cn,geolocation-cn@!cn':
- *proxy-doh
'geosite:geolocation-cn,tld-cn':
- *direct-doh
'geosite:category-dev':
- *proxy-doh
respect-rules: true
prefer-h3: false
use-system-hosts: true
node-airport: &node-airport
url: <XX机场的订阅链接>
node-violet: &node-violet
url: <自建节点的订阅链接>
proxy-providers:
AIR_PORT_HK:
<<: *node-airport
filter: '(?=.*(港|hk|🇭🇰|(?i)Hong))^((?!(台|日|韩|新|深|美|实验)).)*$'
type: http
interval: 86400
health-check:
enable: true
url: https://www.google.com/
interval: 300
proxy: DIRECT
header:
User-Agent:
- 'mihomo'
AIR_PORT_US:
<<: *node-airport
filter: '(?=.*(美|us|🇺🇸|(?i)states|(?i)unitedstates))^((?!(台|日|韩|新|深|港|实验)).)*$'
type: http
interval: 86400
health-check:
enable: true
url: https://www.google.com/
interval: 300
proxy: DIRECT
header:
User-Agent:
- 'mihomo'
AIR_PORT_ALL:
<<: *node-airport
type: http
interval: 86400
health-check:
enable: true
url: https://www.google.com/
interval: 300
proxy: DIRECT
header:
User-Agent:
- 'mihomo'
VIOLET_NODE_LIST_US:
<<: *node-violet
filter: '(?=.*(美|us|🇺🇸|(?i)states|(?i)unitedstates))^((?!(台|日|韩|新|深|港|实验)).)*$'
type: http
interval: 86400
health-check:
enable: true
url: https://www.google.com/
interval: 300
proxy: DIRECT
header:
User-Agent:
- 'mihomo'
VIOLET_NODE_LIST_HK:
<<: *node-violet
filter: '(?=.*(港|hk|🇭🇰|(?i)Hong))^((?!(台|日|韩|新|深|美|实验)).)*$'
type: http
interval: 86400
health-check:
enable: true
url: https://www.google.com/
interval: 300
proxy: DIRECT
header:
User-Agent:
- 'mihomo'
VIOLET_NODE_LIST_ALL:
<<: *node-violet
type: http
interval: 86400
health-check:
enable: true
url: https://www.google.com/
interval: 300
proxy: DIRECT
header:
User-Agent:
- 'mihomo'
proxies:
# 用于链式代理的落地节点
- name: hk_CNF_EXIT_SS
server:
port:
client-fingerprint: chrome
type: ss
cipher: 2022-blake3-aes-256-gcm
password:
tfo: false
udp: true
default-group: &default-group
proxies: [ HK_AUTO_CHAIN, HK_SELECT_CHAIN, HK_SELECT, US_SELECT, HK_FALLBACK, US_FALLBACK, ALL_SELECT, DIRECT ]
proxy-groups:
- { name: PROXY, type: select, <<: *default-group }
- { name: MATCH, type: select, proxies: [ PROXY, DIRECT ] }
- { name: DNS, type: select, <<: *default-group }
- { name: TikTok, type: select, <<: *default-group }
- { name: Spotify, type: select, <<: *default-group }
- { name: AI, type: select, <<: *default-group }
- { name: GAME, type: select, <<: *default-group }
- name: HK_SELECT_CHAIN
type: relay
proxies:
- HK_SELECT
- hk_CNF_EXIT_SS
- name: HK_AUTO_CHAIN
type: relay
proxies:
- HK_FALLBACK
- hk_CNF_EXIT_SS
- { name: HK_SELECT, type: select, use: [ AIR_PORT_HK, VIOLET_NODE_LIST_HK ], filter: '(?=.*(港|🇭🇰|hk|(?i)Hong))^((?!(台|日|韩|新|深|美)).)*$' }
- { name: US_SELECT, type: select, use: [ AIR_PORT_US, VIOLET_NODE_LIST_US ], filter: '(?=.*(美|🇺🇸|(?i)States|us|(?i)unitedstates))^((?!(台|日|韩|新|深|港)).)*$' }
- { name: HK_FALLBACK, type: fallback, use: [ AIR_PORT_HK ], tolerance: 20, interval: 300 }
- { name: US_FALLBACK, type: fallback, use: [ AIR_PORT_US ], tolerance: 20, interval: 300 }
- { name: ALL_SELECT, type: select, include-all: true, use: [ AIR_PORT_ALL, VIOLET_NODE_LIST_ALL ] }
rule-providers:
violet-ruleset-proxy:
type: http
behavior: classical
format: yaml
url: "<自定义需要代理的域名(手动更新)>"
violet-ruleset-direct:
type: http
behavior: classical
format: yaml
url: "<自定义的需要直连的域名(手动更新)>"
violet-ruleset-dns:
type: http
behavior: classical
format: yaml
url: "<DOH的域名,手动选择DOH是否需要代理>"
rules:
- AND,((NETWORK,UDP),(DST-PORT,443)),REJECT
- RULE-SET,violet-ruleset-proxy,PROXY
- RULE-SET,violet-ruleset-direct,DIRECT
- RULE-SET,violet-ruleset-dns,DNS
- GEOSITE,category-games,GAME
- GEOSITE,category-game-platforms-download,GAME
- GEOSITE,category-game-accelerator-cn,GAME
- GEOSITE,category-ai-!cn,AI
- GEOSITE,tiktok,TikTok
- GEOSITE,spotify,Spotify
- GEOSITE,geolocation-!cn@cn,DIRECT
- GEOSITE,geolocation-!cn,PROXY
- GEOSITE,geolocation-cn@!cn,PROXY
- GEOSITE,geolocation-cn,DIRECT
- GEOSITE,tld-cn,DIRECT
- GEOSITE,category-dev,PROXY
- GEOIP,CN,DIRECT
- GEOIP,private,DIRECT
- MATCH,MATCH
find-process-mode: off
keep-alive-idle: 600
keep-alive-interval: 15
external-ui: ui
external-ui-url: https://github.com/Zephyruso/zashboard/archive/refs/heads/gh-pages.zip
external-controller: '[::]:9090'
secret: '998879'
mixed-port: 7890
redir-port: 7891
tproxy-port: 7892
tun:
enable: false
auto-route: false
auto-redirect: false
auto-detect-interface: false
device: nikki
stack: system
mtu: 9000
gso: true
gso-max-size: 65536
endpoint-independent-nat: false
sniffer:
enable: true
force-dns-mapping: true
parse-pure-ip: true
sniff:
HTTP:
port:
- '80'
- '8080'
override-destination: true
TLS:
port:
- '443'
- '8443'
override-destination: true
QUIC:
port:
- '443'
- '8443'
override-destination: true
geodata-mode: true
geodata-loader: standard
geox-url:
geosite: https://testingcf.jsdelivr.net/gh/v2fly/domain-list-community@release/dlc.dat
mmdb: https://ghfast.top/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip.metadb
geoip: https://cdn.jsdelivr.net/gh/Loyalsoldier/geoip@release/geoip.dat
asn: https://cdn.jsdelivr.net/gh/Loyalsoldier/geoip@release/GeoLite2-ASN.mmdb
geo-auto-update: true
geo-update-interval: 30
已知问题
HY2节点无法正常访问
相关issue:
https://github.com/MetaCubeX/mihomo/issues/1222
https://github.com/MetaCubeX/mihomo/issues/1911
解决办法:无
Mixed协议栈下,UDP无法正常转发
具体现象表现为所有UDP服务均无法正常访问,Teamspeak连接不上服务器,CS2显示无法连接到任意服务器
相关issue:
https://github.com/MetaCubeX/mihomo/issues/1866
https://github.com/MetaCubeX/mihomo/issues/1632
解决办法:使用System协议栈
UDP分流问题
FakeIP模式可忽略
使用TProxy时,由于UDP没有连接建立的过程,内核无法拿到连接进行分流,所以不能正确使用direct-nameserver,导致UDP流量不能正确分流,需要使用nameserver-policy
相关issue
0