5.9 KiB
5.9 KiB
tags
| tags | ||||||
|---|---|---|---|---|---|---|
|
OpenClash 配置备份
路由器:
192.168.68.63(iStoreOS, EasePi Pro) 最后更新:2026-03-19 用途:仅国内视频/音乐走代理回国,其余全部直连
1. 源配置
路径:/etc/openclash/config/vless-reality.yaml
DNS 段只写了最小声明,其余由 LuCI 覆写生成。
# ============================================================
# VLESS + XTLS-Vision + REALITY(翻墙回国 - 旁路由)
# 用途:仅国内视频/音乐走代理,其余全部直连
# 更新:2026-03-19 精简规则 + 安全加固 + sniffer 清理
# ============================================================
mixed-port: 7890
redir-port: 7892
tproxy-port: 7895
allow-lan: true
bind-address: "*"
mode: rule
log-level: warning
unified-delay: true
external-controller: 192.168.68.63:9090
dns:
enable: true
listen: 0.0.0.0:7874
proxies:
- name: "CN-Proxy"
type: vless
server: 8.138.1.192
port: 443
uuid: 04a7cfe3-10f6-4e38-8319-22a604e24018
network: tcp
udp: true
tls: true
flow: xtls-rprx-vision
servername: www.microsoft.com
reality-opts:
public-key: RTO_UOk5ncr3DAAYR08g08L0fo5ax9pmGFj8c8lXWgk
short-id: ""
client-fingerprint: chrome
proxy-groups:
- name: "Proxy"
type: select
proxies:
- CN-Proxy
- DIRECT
rules:
# K8s 节点直连(绕过 OpenClash)
- SRC-IP-CIDR,192.168.68.11/32,DIRECT
- SRC-IP-CIDR,192.168.68.21/32,DIRECT
- SRC-IP-CIDR,192.168.68.22/32,DIRECT
# 代理服务器本身必须直连(防环路)
- IP-CIDR,8.138.1.192/32,DIRECT
# 广告拦截
- GEOSITE,category-ads-all,REJECT
# 私有网络直连
- IP-CIDR,127.0.0.0/8,DIRECT
- IP-CIDR,10.0.0.0/8,DIRECT
- IP-CIDR,172.16.0.0/12,DIRECT
- IP-CIDR,192.168.0.0/16,DIRECT
# === 国内视频/流媒体(走代理回国) ===
# Bilibili
- DOMAIN-SUFFIX,bilibili.com,Proxy
- DOMAIN-SUFFIX,bilivideo.com,Proxy
- DOMAIN-SUFFIX,bilivideo.cn,Proxy
- DOMAIN-SUFFIX,biliapi.net,Proxy
- DOMAIN-SUFFIX,hdslb.com,Proxy
- DOMAIN-SUFFIX,acgvideo.com,Proxy
# 爱奇艺
- DOMAIN-SUFFIX,iqiyi.com,Proxy
- DOMAIN-SUFFIX,iqiyipic.com,Proxy
# 优酷
- DOMAIN-SUFFIX,youku.com,Proxy
# 芒果TV
- DOMAIN-SUFFIX,mgtv.com,Proxy
# 搜狐视频
- DOMAIN-SUFFIX,sohu.com,Proxy
# 腾讯视频
- DOMAIN-SUFFIX,v.qq.com,Proxy
- DOMAIN-SUFFIX,video.qq.com,Proxy
- DOMAIN-SUFFIX,livep.l.qq.com,Proxy
- DOMAIN-SUFFIX,vd.l.qq.com,Proxy
# 抖音/西瓜/字节
- DOMAIN-SUFFIX,douyin.com,Proxy
- DOMAIN-SUFFIX,douyinpic.com,Proxy
- DOMAIN-SUFFIX,douyincdn.com,Proxy
- DOMAIN-SUFFIX,douyinstatic.com,Proxy
- DOMAIN-SUFFIX,snssdk.com,Proxy
- DOMAIN-SUFFIX,amemv.com,Proxy
- DOMAIN-SUFFIX,ixigua.com,Proxy
- DOMAIN-SUFFIX,pstatp.com,Proxy
- DOMAIN-SUFFIX,bytedance.com,Proxy
- DOMAIN-SUFFIX,byteimg.com,Proxy
# 小红书
- DOMAIN-SUFFIX,xiaohongshu.com,Proxy
- DOMAIN-SUFFIX,xhscdn.com,Proxy
- DOMAIN-SUFFIX,xhslink.com,Proxy
# === 国内音乐(走代理回国) ===
# 网易云音乐
- DOMAIN-SUFFIX,music.163.com,Proxy
- DOMAIN-SUFFIX,163yun.com,Proxy
- DOMAIN-SUFFIX,126.net,Proxy
- DOMAIN-SUFFIX,netease.com,Proxy
# 酷狗
- DOMAIN-SUFFIX,kugou.com,Proxy
# 酷我
- DOMAIN-SUFFIX,kuwo.cn,Proxy
# QQ音乐
- DOMAIN-SUFFIX,y.qq.com,Proxy
- DOMAIN-SUFFIX,c.y.qq.com,Proxy
- DOMAIN-SUFFIX,streamoc.music.tc.qq.com,Proxy
# === 其他全部直连 ===
- MATCH,DIRECT
hosts:
"nas.colacoder.com": 192.168.68.70
"pve.colacoder.com": 192.168.68.70
"npm.colacoder.com": 192.168.68.70
"router.colacoder.com": 192.168.68.63
"adguard.colacoder.com": 192.168.68.63
"claw.colacoder.com": 192.168.68.70
"openvas.colacoder.com": 192.168.68.70
"invest-api.k8s.home": 192.168.68.240
"argocd.k8s.home": 192.168.68.240
"drone.k8s.home": 192.168.68.240
2. 自定义文件
2.1 Fake-IP 排除列表
路径:/etc/openclash/custom/openclash_custom_fake_filter.list
+.colacoder.com
+.k8s.home
*.lan
*.local
*.localdomain
*.home.arpa
+.quay.io
+.ghcr.io
+.docker.io
+.docker.com
+.gcr.io
+.k8s.io
+.registry.k8s.io
+.ecr.aws
+.billo.life
+.finance.yahoo.com
2.2 自定义 Hosts
路径:/etc/openclash/custom/openclash_custom_hosts.list
nas.colacoder.com: 192.168.68.70
pve.colacoder.com: 192.168.68.70
npm.colacoder.com: 192.168.68.70
router.colacoder.com: 192.168.68.63
adguard.colacoder.com: 192.168.68.63
claw.colacoder.com: 192.168.68.70
openvas.colacoder.com: 192.168.68.70
invest-api.k8s.home: 192.168.68.240
argocd.k8s.home: 192.168.68.240
drone.k8s.home: 192.168.68.240
2.3 自定义 Sniffer
路径:/etc/openclash/custom/openclash_custom_sniffer.yaml
sniffer:
force-dns-mapping: true
parse-pure-ip: true
override-destination: true
sniff:
QUIC:
ports: [443]
TLS:
ports: [443, 8443]
HTTP:
ports: [80, 8080-8880]
override-destination: true
force-domain: []
skip-domain:
- Mijia Cloud
- dlg.io.mi.com
- +.oray.com
- +.sunlogin.net
- +.push.apple.com
3. LuCI 覆写设置
以下设置通过 LuCI 后台配置,会覆盖源配置中的对应字段:
| 设置 | 值 |
|---|---|
| 运行模式 | Fake-IP (TUN) |
| 代理模式 | Rule 策略代理 |
| 区域绕过 | 停用 |
| 域名嗅探 | 启用 |
| Default-NameServer | 8.8.8.8, 1.1.1.1 |
| NameServer | 8.8.8.8, 1.1.1.1 |
| Fallback | dns.google, cloudflare-dns.com (DoH) |
| store-fake-ip | 启用 |
| respect-rules | 启用 |
| custom-fakeip-filter | 启用 (blacklist 模式) |
| custom-host | 启用 |
| custom-fallback-filter | 启用 |
| china_ip_route | 启用 |
| tcp-concurrent | 启用 |
| IPv6 | 关闭 |
| QUIC | 禁用 |
相关文档
- VLESS-REALITY-Router-iStoreOS -- 主网关配置文档
- OpenClash-Config-Review-2026-03-19 -- 配置审计报告
- 家庭网络基础设施 -- 网络拓扑总览