siasbaily
commented
3 months ago 192.168.60.99是本机地址,192.168.60.211是linux docker地址,192.168.192.211是linux docker通过zerotier组网后的地址
Open siasbaily opened 3 months ago
siasbaily
commented
3 months ago 192.168.60.99是本机地址,192.168.60.211是linux docker地址,192.168.192.211是linux docker通过zerotier组网后的地址
siasbaily
commented
3 months ago 如果不使用浏览器配置的http代理,保持开启mihomo,内网可访问docker容器,外网端口映射不行。
axcsz
commented
3 months ago 192.168.60.99是本机地址,192.168.60.211是linux docker地址,192.168.192.211是linux docker通过zerotier组网后的地址
网关指向mihomo 不能通过ddns、openvpn等组网的形式,进行外网访问。具体原因,我暂时也不清楚。
siasbaily
commented
3 months ago 192.168.60.99是本机地址,192.168.60.211是linux docker地址,192.168.192.211是linux docker通过zerotier组网后的地址
网关指向mihomo 不能通过ddns、openvpn等组网的形式,进行外网访问。具体原因,我暂时也不清楚。
好的,教程刚更新的开启 TUN (二选一)开启路由转发 (二选一)是不是指docker部署的mihomo才需要操作,正常linux安装的不用?不太理解那些是干什么的。
axcsz
commented
3 months ago 192.168.60.99是本机地址,192.168.60.211是linux docker地址,192.168.192.211是linux docker通过zerotier组网后的地址
网关指向mihomo 不能通过ddns、openvpn等组网的形式,进行外网访问。具体原因,我暂时也不清楚。
好的,教程刚更新的开启 TUN (二选一)开启路由转发 (二选一)是不是指docker部署的mihomo才需要操作,正常linux安装的不用?不太理解那些是干什么的。
我教程没有docker 部署 mihomo 都是ct模板部署的
axcsz
commented
3 months ago 192.168.60.99是本机地址,192.168.60.211是linux docker地址,192.168.192.211是linux docker通过zerotier组网后的地址
网关指向mihomo 不能通过ddns、openvpn等组网的形式,进行外网访问。具体原因,我暂时也不清楚。
好的,教程刚更新的开启 TUN (二选一)开启路由转发 (二选一)是不是指docker部署的mihomo才需要操作,正常linux安装的不用?不太理解那些是干什么的。
路由转发 和TUN 是必须 要开启的 不开启 其他设备是没法连接上的,开启TUN 后需要重启机器,,新教程有
使用浏览器配置的http代理形式。开启mihomo后,无法访问docker容器,并且之前进行的外网端口映射也打不开。关闭miho后一切正常。TUN开启关闭均如此。
!name = mihomo 配置文件
!desc = 说明:理论上适用于 所有的 meta 内核,已测试的有 Clash Verg Rev、Openclash、mihomo
!date = 2024-05-03 17:00
!source = https://wiki.metacubex.one/example/conf/#__tabbed_1_3
######### 锚点 start #######
策略组相关锚点
pr: &pr {type: select, proxies: [手动选择, 自动选择, 负载均衡, 香港节点, 台湾节点, 美国节点, 狮城节点, 日本节点, 韩国节点, 国内直连]}
这里是机场订阅更新和延迟测试相关锚点
p: &p {type: http, interval: 3600, health-check: {enable: true, url: https://www.youtube.com/generate_204, interval: 300}}
######### 锚点 end #######
机场订阅,名称不能重复
proxy-providers: provider1: <<: *p url: "test"
provider2: <<: *p url: "test"
全局配置
开启 IPv6 总开关,关闭阻断所有 IPv6 链接和屏蔽 DNS 请求 AAAA 记录 true/false
ipv6: true
允许局域网连接
allow-lan: true
HTTP(S) 和 SOCKS 代理混合端口
mixed-port: 7890
更换延迟计算方式,去除握手等额外延迟
unified-delay: false
TCP 并发连接所有 IP, 将使用最快握手的 TCP
tcp-concurrent: true
配置 WEB UI
external-ui: /etc/mihomo/ui
外部控制器,可以使用 RESTful API 来控制你的 Clash 内核
external-controller: 0.0.0.0:9090
自定义外部用户界面下载地址
external-ui-url: "https://github.com/MetaCubeX/metacubexd/archive/refs/heads/gh-pages.zip"
匹配所有进程 always/strict/off
- always, 开启,强制匹配所有进程
- strict, 默认,由 mihomo 判断是否开启
- off, 不匹配进程,推荐在路由器上使用此模式
find-process-mode: strict
全局 TLS 指纹,优先低于 proxy 内的 client-fingerprint
- 可选: "chrome","firefox","safari","ios","random","none" options.
- Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan.
global-client-fingerprint: chrome
profile 应为扩展配置,但在 mihomo, 仅作为缓存项使用
profile:
储存 API 对策略组的选择,以供下次启动时使用
store-selected: true
储存 fakeip 映射表,域名再次发生连接时,使用原有映射地址
store-fake-ip: true
嗅探域名 可选配置
sniffer: enable: true
TLS 和 QUIC 默认如果不配置 ports 默认嗅探 443
sniff: HTTP: ports: [80, 8080-8880] override-destination: true TLS: ports: [443, 8443] QUIC: ports: [443, 8443]
需要跳过嗅探的域名
skip-classical:
TUN 配置
tun: enable: true
可选: gvisor/mixed
stack: mixed
DNS 劫持,一般设置为 any:53 即可, 即劫持所有53端口的 udp 流量
dns-hijack:
自动设置全局路由表,可以自动将全局流量路由进入 TUN 网卡。
auto-route: true
自动识别出口网卡
auto-detect-interface: true
DNS 配置
dns:
关闭将使用系统 DNS
enable: true
开启 DNS 服务器监听
listen: :53
IPV6解析开关;如果为false,将返回ipv6结果为空
ipv6: true
模式:redir-host 或 fake-ip (默认使用 fake-ip 模式)
enhanced-mode: fake-ip
Fake-IP解析地址池
fake-ip-range: 28.0.0.1/8 fake-ip-filter:
解析非 IP 的 DNS 用的 DNS 服务器,只支持纯 IP
default-nameserver:
这部分为主要 DNS 配置,支持udp/tcp/dot/doh/doq,影响所有直连,确保使用对大陆解析精准的 DNS
nameserver:
单个出站代理节点
proxies:
直连节点
策略组
proxy-groups:
策略分流分组
地区分组筛选
分流策略
rules:
规则集锚点
rule-anchor:
classical 规则相关
classical: &classical {type: http, interval: 86400, behavior: classical, format: text}
规则集
rule-providers:
广告拦截
Adrules: <<: *classical url: "https://adrules.top/adrules.list"
谷歌服务
YouTube: <<: classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Media/YouTube.list" Google: <<: classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/Google.list"
微软服务
Copilot: <<: classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/Copilot.list" GitHub: <<: classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/GitHub.list" OneDrive: <<: classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/OneDrive.list" Microsoft: <<: classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/Microsoft.list"
电报服务
Telegram: <<: *classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/Telegram.list"
ChatGPT
OpenAI: <<: *classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/OpenAI.list"
贝宝支付
PayPal: <<: *classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/PayPal.list"
推特加速
Twitter: <<: *classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/Twitter.list"
脸书加速
Facebook: <<: *classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/Facebook.list"
海外抖音
TikTok: <<: *classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Media/TikTok.list"
奈飞影视
Netflix: <<: *classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Media/Netflix.list"
迪士尼+
Disney+: <<: *classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Media/Disney+.list"
Spotify
Spotify: <<: *classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Media/Spotify.list"
海外媒体
GlobalMedia: <<: *classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Media/GlobalMedia.list"
海外服务
GlobalGFW: <<: *classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/GlobalGFW.list"
苹果服务
Apple: <<: *classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/Apple.list"
哔哩哔哩
Bilibili: <<: *classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Media/Bilibili.list"
国内服务
WeChat: <<: classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Other/WeChat.list" ChinaMedia: <<: classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Media/ChinaMedia.list" China: <<: *classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Direct.list"
局域网
Lan: <<: *classical url: "https://raw.githubusercontent.com/axcsz/Collect/master/Ruleset/Local.list"
屏蔽 443
script: shortcuts: quic: network == 'udp' and dst_port == 443
53 [warning] [TCP] dial China (match GeoIP/cn) 192.168.60.99:52597 --> XX.XX.XX.XX:4000 error: dial tcp XX.XX.XX.XX:4000: i/o timeout 52 [debug] [Process] find process XX.XX.XX.XX error: process not found 51 [debug] [Rule] use default rules 50 [warning] [TCP] dial China (match GeoIP/cn) 192.168.60.99:52577 --> XX.XX.XX.XX:4000 error: dial tcp XX.XX.XX.XX:4000: i/o timeout 49 [info] [TCP] 192.168.60.99:52581 --> api.mousegesturesapi.com:443 match Match using 兜底规则[香港2-hk68] 48 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:42:56 47 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:51:05 46 [debug] [Process] find process api.mousegesturesapi.com error: process not found 45 [debug] [Rule] use default rules 44 [warning] [TCP] dial China (match GeoIP/cn) 192.168.60.99:52575 --> XX.XX.XX.XX:4000 error: dial tcp XX.XX.XX.XX:4000: i/o timeout 43 [info] [TCP] 28.0.0.1:43398(NetworkManager) --> connectivity-check.ubuntu.com:80 match Match using 兜底规则[香港2-hk68] 42 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:51:05 41 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:42:56 40 [debug] [Rule] use default rules 39 [debug] [DNS] hijack udp:28.0.0.2:53 from 28.0.0.1:55700 38 [warning] [TCP] dial China (match GeoIP/cn) 192.168.60.99:52569 --> XX.XX.XX.XX:4000 error: dial tcp XX.XX.XX.XX:4000: i/o timeout 37 [debug] [Process] find process XX.XX.XX.XX error: process not found 36 [debug] [Rule] use default rules 35 [debug] [Process] find process XX.XX.XX.XX error: process not found 34 [debug] [Rule] use default rules 33 [info] [TCP] 192.168.60.99:52571 --> stats.g.doubleclick.net:443 match RuleSet(Adrules) using REJECT 32 [debug] [Rule] use default rules 31 [info] [TCP] 192.168.60.99:52570 --> stats.g.doubleclick.net:443 match RuleSet(Adrules) using REJECT 30 [debug] [Rule] use default rules 29 [debug] [Process] find process XX.XX.XX.XX error: process not found 28 [debug] [Rule] use default rules 27 [info] [TCP] 192.168.60.99:52567 --> github-wiki-see.page:443 match RuleSet(GitHub) using Microsoft[香港2-hk68] 26 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:51:05 25 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:42:56 24 [debug] [Rule] use default rules 23 [warning] [TCP] dial China (match GeoIP/cn) 192.168.60.99:52557 --> XX.XX.XX.XX:4000 error: dial tcp XX.XX.XX.XX:4000: i/o timeout 22 [info] [TCP] 192.168.60.99:52559 --> my.zerotier.com:443 match Match using 兜底规则[香港2-hk68] 21 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:51:05 20 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:42:56 19 [debug] [Process] find process my.zerotier.com error: process not found 18 [debug] [Rule] use default rules 17 [debug] [Process] find process XX.XX.XX.XX error: process not found 16 [debug] [Rule] use default rules 15 [info] [TCP] 192.168.60.99:52556 --> api.mousegesturesapi.com:443 match Match using 兜底规则[香港2-hk68] 14 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:51:05 13 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:42:56 12 [debug] [Process] find process api.mousegesturesapi.com error: process not found 11 [debug] [Rule] use default rules 10 [warning] [TCP] dial China (match RuleSet/Lan) 192.168.60.99:52551 --> 192.168.192.211:9000 error: dial tcp 192.168.192.211:9000: i/o timeout 9 [debug] [Rule] use default rules 8 [warning] [TCP] dial China (match GeoIP/cn) 192.168.60.99:52545 --> XX.XX.XX.XX:4000 error: dial tcp XX.XX.XX.XX:4000: i/o timeout 7 [debug] [Process] find process XX.XX.XX.XX error: process not found 6 [debug] [Rule] use default rules 5 [info] [TCP] 192.168.60.99:52544 --> clients4.google.com:443 match RuleSet(Google) using Google[香港2-hk68] 4 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:51:05 3 [debug] [DNS] cache hit for hk-68.mxrou.com., expire at 2024-05-13 12:42:56 2 [debug] [Rule] use default rules 1 [info] [TCP] 192.168.60.99:52518 --> api.mousegesturesapi.com:443 match Match using 兜底规则[香港2-hk68]