kai/knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e4382d01bb76d0c7551cbbf6775e994581caccec
knowledge-base/2 - Projects/VLESS-Reality/OpenClash-Configuration.md
Yaojia Wang e4382d01bb Openclash
2026-03-19 17:09:45 +01:00

258 lines
5.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
tags:
- openclash
- vless-reality
- clash-config
- router
- dns
- homelab
---
# OpenClash 配置备份
> 路由器:`192.168.68.63` (iStoreOS, EasePi Pro)
> 最后更新2026-03-19
> 用途:仅国内视频/音乐走代理回国,其余全部直连
---
## 1. 源配置
路径:`/etc/openclash/config/vless-reality.yaml`
> DNS 段只写了最小声明,其余由 LuCI 覆写生成。
```yaml
# ============================================================
# VLESS + XTLS-Vision + REALITY翻墙回国 - 旁路由)
# 用途:仅国内视频/音乐走代理,其余全部直连
# 更新2026-03-19 精简规则 + 安全加固 + sniffer 清理
# ============================================================
mixed-port: 7890
redir-port: 7892
tproxy-port: 7895
allow-lan: true
bind-address: "*"
mode: rule
log-level: warning
unified-delay: true
external-controller: 192.168.68.63:9090
dns:
enable: true
listen: 0.0.0.0:7874
proxies:
- name: "CN-Proxy"
type: vless
server: 8.138.1.192
port: 443
uuid: 04a7cfe3-10f6-4e38-8319-22a604e24018
network: tcp
udp: true
tls: true
flow: xtls-rprx-vision
servername: www.microsoft.com
reality-opts:
public-key: RTO_UOk5ncr3DAAYR08g08L0fo5ax9pmGFj8c8lXWgk
short-id: ""
client-fingerprint: chrome
proxy-groups:
- name: "Proxy"
type: select
proxies:
- CN-Proxy
- DIRECT
rules:
# K8s 节点直连(绕过 OpenClash
- SRC-IP-CIDR,192.168.68.11/32,DIRECT
- SRC-IP-CIDR,192.168.68.21/32,DIRECT
- SRC-IP-CIDR,192.168.68.22/32,DIRECT
# 代理服务器本身必须直连(防环路)
- IP-CIDR,8.138.1.192/32,DIRECT
# 广告拦截
- GEOSITE,category-ads-all,REJECT
# 私有网络直连
- IP-CIDR,127.0.0.0/8,DIRECT
- IP-CIDR,10.0.0.0/8,DIRECT
- IP-CIDR,172.16.0.0/12,DIRECT
- IP-CIDR,192.168.0.0/16,DIRECT
# === 国内视频/流媒体(走代理回国) ===
# Bilibili
- DOMAIN-SUFFIX,bilibili.com,Proxy
- DOMAIN-SUFFIX,bilivideo.com,Proxy
- DOMAIN-SUFFIX,bilivideo.cn,Proxy
- DOMAIN-SUFFIX,biliapi.net,Proxy
- DOMAIN-SUFFIX,hdslb.com,Proxy
- DOMAIN-SUFFIX,acgvideo.com,Proxy
# 爱奇艺
- DOMAIN-SUFFIX,iqiyi.com,Proxy
- DOMAIN-SUFFIX,iqiyipic.com,Proxy
# 优酷
- DOMAIN-SUFFIX,youku.com,Proxy
# 芒果TV
- DOMAIN-SUFFIX,mgtv.com,Proxy
# 搜狐视频
- DOMAIN-SUFFIX,sohu.com,Proxy
# 腾讯视频
- DOMAIN-SUFFIX,v.qq.com,Proxy
- DOMAIN-SUFFIX,video.qq.com,Proxy
- DOMAIN-SUFFIX,livep.l.qq.com,Proxy
- DOMAIN-SUFFIX,vd.l.qq.com,Proxy
# 抖音/西瓜/字节
- DOMAIN-SUFFIX,douyin.com,Proxy
- DOMAIN-SUFFIX,douyinpic.com,Proxy
- DOMAIN-SUFFIX,douyincdn.com,Proxy
- DOMAIN-SUFFIX,douyinstatic.com,Proxy
- DOMAIN-SUFFIX,snssdk.com,Proxy
- DOMAIN-SUFFIX,amemv.com,Proxy
- DOMAIN-SUFFIX,ixigua.com,Proxy
- DOMAIN-SUFFIX,pstatp.com,Proxy
- DOMAIN-SUFFIX,bytedance.com,Proxy
- DOMAIN-SUFFIX,byteimg.com,Proxy
# 小红书
- DOMAIN-SUFFIX,xiaohongshu.com,Proxy
- DOMAIN-SUFFIX,xhscdn.com,Proxy
- DOMAIN-SUFFIX,xhslink.com,Proxy
# === 国内音乐(走代理回国) ===
# 网易云音乐
- DOMAIN-SUFFIX,music.163.com,Proxy
- DOMAIN-SUFFIX,163yun.com,Proxy
- DOMAIN-SUFFIX,126.net,Proxy
- DOMAIN-SUFFIX,netease.com,Proxy
# 酷狗
- DOMAIN-SUFFIX,kugou.com,Proxy
# 酷我
- DOMAIN-SUFFIX,kuwo.cn,Proxy
# QQ音乐
- DOMAIN-SUFFIX,y.qq.com,Proxy
- DOMAIN-SUFFIX,c.y.qq.com,Proxy
- DOMAIN-SUFFIX,streamoc.music.tc.qq.com,Proxy
# === 其他全部直连 ===
- MATCH,DIRECT
hosts:
"nas.colacoder.com": 192.168.68.70
"pve.colacoder.com": 192.168.68.70
"npm.colacoder.com": 192.168.68.70
"router.colacoder.com": 192.168.68.63
"adguard.colacoder.com": 192.168.68.63
"claw.colacoder.com": 192.168.68.70
"openvas.colacoder.com": 192.168.68.70
"invest-api.k8s.home": 192.168.68.240
"argocd.k8s.home": 192.168.68.240
"drone.k8s.home": 192.168.68.240
```
---
## 2. 自定义文件
### 2.1 Fake-IP 排除列表
路径:`/etc/openclash/custom/openclash_custom_fake_filter.list`
```
+.colacoder.com
+.k8s.home
*.lan
*.local
*.localdomain
*.home.arpa
+.quay.io
+.ghcr.io
+.docker.io
+.docker.com
+.gcr.io
+.k8s.io
+.registry.k8s.io
+.ecr.aws
+.billo.life
+.finance.yahoo.com
```
### 2.2 自定义 Hosts
路径:`/etc/openclash/custom/openclash_custom_hosts.list`
```yaml
nas.colacoder.com: 192.168.68.70
pve.colacoder.com: 192.168.68.70
npm.colacoder.com: 192.168.68.70
router.colacoder.com: 192.168.68.63
adguard.colacoder.com: 192.168.68.63
claw.colacoder.com: 192.168.68.70
openvas.colacoder.com: 192.168.68.70
invest-api.k8s.home: 192.168.68.240
argocd.k8s.home: 192.168.68.240
drone.k8s.home: 192.168.68.240
```
### 2.3 自定义 Sniffer
路径:`/etc/openclash/custom/openclash_custom_sniffer.yaml`
```yaml
sniffer:
force-dns-mapping: true
parse-pure-ip: true
override-destination: true
sniff:
QUIC:
ports: [443]
TLS:
ports: [443, 8443]
HTTP:
ports: [80, 8080-8880]
override-destination: true
force-domain: []
skip-domain:
- Mijia Cloud
- dlg.io.mi.com
- +.oray.com
- +.sunlogin.net
- +.push.apple.com
```
---
## 3. LuCI 覆写设置
以下设置通过 LuCI 后台配置,会覆盖源配置中的对应字段:
| 设置 | 值 |
|------|-----|
| 运行模式 | Fake-IP (TUN) |
| 代理模式 | Rule 策略代理 |
| 区域绕过 | 停用 |
| 域名嗅探 | 启用 |
| Default-NameServer | `8.8.8.8`, `1.1.1.1` |
| NameServer | `8.8.8.8`, `1.1.1.1` |
| Fallback | `dns.google`, `cloudflare-dns.com` (DoH) |
| store-fake-ip | 启用 |
| respect-rules | 启用 |
| custom-fakeip-filter | 启用 (blacklist 模式) |
| custom-host | 启用 |
| custom-fallback-filter | 启用 |
| china_ip_route | 启用 |
| tcp-concurrent | 启用 |
| IPv6 | 关闭 |
| QUIC | 禁用 |
---
## 相关文档
- [[VLESS-REALITY-Router-iStoreOS]] -- 主网关配置文档
- [[OpenClash-Config-Review-2026-03-19]] -- 配置审计报告
- [[家庭网络基础设施]] -- 网络拓扑总览
Reference in New Issue View Git Blame Copy Permalink