Closed Azadzadeh closed 11 months ago
@xishang0128 yeah, that solves it! thanks
listeners:
- name: 'socks5-always-direct'
type: socks
port: 8085
proxy: DIRECT
However, somehow i missed this inbound feature! Am i correct to assume that with this feature, Clash.Meta can act in server-side as a proxy server? for example with this commit, we don't need an independent hysteria2 binary at server-side, right?
@Azadzadeh Yes, clash meta can act as a proxy server for some protocols
@Azadzadeh Yes, clash meta can act as a proxy server for some protocols
You can refer to https://wiki.metacubex.one/config/inbound/ and https://wiki.metacubex.one/config/inbound/hysteria2, which are still being improved and are not available in English.
@xishang0128 and upstream Clash doesn't support this "acting as proxy server in server-side"? https://dreamacro.github.io/clash/configuration/inbound.html#inbound
Also, there is an ambiguity about inbound TUN and general top-level TUN. What does setting them both, mean in practice?
Also, there is an ambiguity about inbound TUN and general top-level TUN. What does setting them both, mean in practice?
They are equivalent, just set one of them
@xishang0128 and upstream Clash doesn't support this "acting as proxy server in server-side"? https://dreamacro.github.io/clash/configuration/inbound.html#inbound
The upstream only supports socks/http and does not support the encrypted proxy protocol. socks/http is not safe on public networks.
@xishang0128 about acting as inbound proxy at server-side, i think, in general, it's better to rely on each protocol's upstream binary since security updates are first apply there and take a while to propagate to Clash.Meta. What is your view on this matter?
@Azadzadeh No need to worry about this. If security issues arise, clash.meta will promptly update the protocol. If it's a minor issue, clash.meta may not be updated soon, or it may not be updated at all (clash.meta may not be affected by minor issues that occur upstream)
for example tuic , clash.meta have some implementations of their own.
Solved. So close it
Verify steps
Description
Assuming we are using TUN mode + hijacked DNS. In this mode, all traffic is controlled by Clash.Meta. we can bypass traffic to a domain or ip by setting a rule and using DIRECT.
my question: how to expose a certain port so all traffic going through it is bypassed like DIRECT? so i mean, in this TUN mode, all traffic is handled by Rule. I want a socks5 port that always behaves like DIRECT.
Possible Solution
No response