Outbound 出站
Clash 中有几种类型的出站. 每种类型都有自己的特点和使用场景. 在本页中, 我们将介绍每种类型的通用特点以及如何使用和配置它们.
Proxies 代理节点
Proxies 代理节点是您可以配置的一些出站目标. 就像代理服务器一样, 您在这里为数据包定义目的地.
Shadowsocks
Clash 支持以下 Shadowsocks 的加密方法:
| 系列 | 加密方法 |
|---|---|
| AEAD | aes-128-gcm, aes-192-gcm, aes-256-gcm, chacha20-ietf-poly1305, xchacha20-ietf-poly1305 |
| 流式 | aes-128-cfb, aes-192-cfb, aes-256-cfb, rc4-md5, chacha20-ietf, xchacha20 |
| 块式 | aes-128-ctr, aes-192-ctr, aes-256-ctr |
此外, Clash 还支持流行的 Shadowsocks 插件 obfs 和 v2ray-plugin.
- name: "ss1"
type: ss
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
# udp: true- name: "ss2"
type: ss
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
plugin: obfs
plugin-opts:
mode: tls # or http
# host: bing.com- name: "ss3"
type: ss
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
plugin: v2ray-plugin
plugin-opts:
mode: websocket # QUIC not supported yet
# tls: true # wss
# skip-cert-verify: true
# host: bing.com
# path: "/"
# mux: true
# headers:
# custom: valueShadowsocksR
Clash 也支持声名狼藉的反审查协议 ShadowsocksR.
支持以下 ShadowsocksR 的加密方法:
| 系列 | 加密方法 |
|---|---|
| 流式 | aes-128-cfb, aes-192-cfb, aes-256-cfb, rc4-md5, chacha20-ietf, xchacha20 |
支持的混淆方法:
- plain
- http_simple
- http_post
- random_head
- tls1.2_ticket_auth
- tls1.2_ticket_fastauth
支持的协议:
- origin
- auth_sha1_v4
- auth_aes128_md5
- auth_aes128_sha1
- auth_chain_a
- auth_chain_b
Vmess
Clash 支持以下 Vmess 的加密方法:
- auto
- aes-128-gcm
- chacha20-poly1305
- none
- name: "vmess"
type: vmess
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
# udp: true
# tls: true
# skip-cert-verify: true
# servername: example.com
# network: ws
# ws-opts:
# path: /path
# headers:
# Host: v2ray.com- name: "vmess-http"
type: vmess
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
# udp: true
# network: http
# http-opts:
# # method: "GET"
# # path:
# # - '/'
# # headers:
# # Connection:
# # - keep-alive- name: "vmess-h2"
type: vmess
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
network: h2
tls: true
h2-opts:
host:
- http.example.com
- http-alt.example.com
path: /- name: vmess-grpc
type: vmess
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
network: grpc
tls: true
servername: example.com
# skip-cert-verify: true
grpc-opts:
grpc-service-name: "example"Socks5
此外, Clash 还支持 Socks5 代理.
HTTP
Clash 也支持 HTTP 代理:
- name: "http"
type: http
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
# username: username
# password: password- name: "http"
type: http
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
# username: username
# password: password
tls: true
skip-cert-verify: trueSnell
作为可选的反审查协议, Clash也集成了对Snell的支持.
Trojan
Clash 内置了对流行协议 Trojan 的支持:
- name: "trojan"
type: trojan
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
password: yourpsk
# udp: true
# sni: example.com
# alpn:
# - h2
# - http/1.1
# skip-cert-verify: true- name: trojan-grpc
type: trojan
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
password: "example"
network: grpc
sni: example.com
# skip-cert-verify: true
udp: true
grpc-opts:
grpc-service-name: "example"- name: trojan-ws
type: trojan
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
password: "example"
network: ws
sni: example.com
# skip-cert-verify: true
udp: true
# ws-opts:
# path: /path
# headers:
# Host: example.comProxy Groups 策略组
Proxy Groups 策略组用于根据不同策略分发规则传递过来的请求, 其可以直接被规则引用, 也可以被其他策略组引用, 而最上级策略组被规则引用.
relay 中继
请求将依次通过指定的代理服务器进行中继, 目前不支持 UDP. 指定的代理服务器不应包含另一个 relay 中继.
url-test 延迟测试
Clash 会周期性地通过指定的 URL 向列表中的代理服务器发送 HTTP HEAD 请求来测试每个代理服务器的延迟. 可以设置最大容忍值、测试间隔和目标 URL.
fallback 可用性测试
Clash 会周期性地通过指定的 URL 向列表中的代理服务器发送 HTTP HEAD 请求来测试每个代理服务器的可用性. 第一个可用的服务器将被使用.
load-balance 负载均衡
相同 eTLD+1 的请求将使用同一个代理服务器.
select 手动选择
Clash 启动时默认使用策略组中的第一个代理服务器. 用户可以使用 RESTful API 选择要使用的代理服务器. 在此模式下, 您可以在配置中硬编码服务器或使用 Proxy Providers 代理集动态添加服务器.
无论哪种方式, 有时您也可以使用直接连接来路由数据包. 在这种情况下, 您可以使用 DIRECT 直连出站.
要使用不同的网络接口, 您需要使用包含 DIRECT 直连出站的策略组, 并设置 interface-name 选项.
Proxy Providers 代理集
代理集使用户可以动态加载代理服务器列表, 而不是在配置文件中硬编码. 目前有两种代理集可以加载服务器列表:
http: Clash 会在启动时从指定的 URL 加载服务器列表. 如果设置了interval选项, Clash 会定期从远程拉取服务器列表.file: Clash 会在启动时从指定的文件位置加载服务器列表. 健康检查对两种模式都可用, 并且与策略组中的fallback完全相同.
Outbound
Clash has several types of outbound. Each type has its own characteristics and use cases. In this page, we will introduce the general characteristics of each type and how to configure them.
Proxies
Proxies are configurable outbound targets. Just like a proxy server, you define the destination for data packets here.
Shadowsocks
Clash supports the following Shadowsocks cipher methods:
| Family | Cipher Methods |
|---|---|
| AEAD | aes-128-gcm, aes-192-gcm, aes-256-gcm, chacha20-ietf-poly1305, xchacha20-ietf-poly1305 |
| Stream | aes-128-cfb, aes-192-cfb, aes-256-cfb, rc4-md5, chacha20-ietf, xchacha20 |
| Block | aes-128-ctr, aes-192-ctr, aes-256-ctr |
Clash also supports popular Shadowsocks plugins obfs and v2ray-plugin.
ShadowsocksR
Clash also supports the notoriously censorship-circumvention protocol ShadowsocksR.
Supported ShadowsocksR cipher methods:
| Family | Cipher Methods |
|---|---|
| Stream | aes-128-cfb, aes-192-cfb, aes-256-cfb, rc4-md5, chacha20-ietf, xchacha20 |
Supported obfuscation methods:
- plain
- http_simple
- http_post
- random_head
- tls1.2_ticket_auth
- tls1.2_ticket_fastauth
Supported protocols:
- origin
- auth_sha1_v4
- auth_aes128_md5
- auth_aes128_sha1
- auth_chain_a
- auth_chain_b
Vmess
Clash supports the following Vmess cipher methods:
- auto
- aes-128-gcm
- chacha20-poly1305
- none
- name: "vmess"
type: vmess
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
# udp: true
# tls: true
# skip-cert-verify: true
# servername: example.com
# network: ws
# ws-opts:
# path: /path
# headers:
# Host: v2ray.com- name: "vmess-http"
type: vmess
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
# udp: true
# network: http
# http-opts:
# # method: "GET"
# # path:
# # - '/'
# # headers:
# # Connection:
# # - keep-alive- name: "vmess-h2"
type: vmess
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
network: h2
tls: true
h2-opts:
host:
- http.example.com
- http-alt.example.com
path: /- name: vmess-grpc
type: vmess
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
network: grpc
tls: true
servername: example.com
# skip-cert-verify: true
grpc-opts:
grpc-service-name: "example"Socks5
Clash also supports Socks5 proxy.
HTTP
Clash also supports HTTP proxy.
- name: "http"
type: http
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
# username: username
# password: password- name: "http"
type: http
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
# username: username
# password: password
tls: true
skip-cert-verify: trueSnell
As an optional anti-censorship protocol, Clash also integrates support for Snell.
Trojan
Clash has built-in support for the popular Trojan protocol.
- name: "trojan"
type: trojan
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
password: yourpsk
# udp: true
# sni: example.com
# alpn:
# - h2
# - http/1.1
# skip-cert-verify: true- name: trojan-grpc
type: trojan
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
password: "example"
network: grpc
sni: example.com
# skip-cert-verify: true
udp: true
grpc-opts:
grpc-service-name: "example"- name: trojan-ws
type: trojan
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
password: "example"
network: ws
sni: example.com
# skip-cert-verify: true
udp: true
# ws-opts:
# path: /path
# headers:
# Host: example.comProxy Groups
Proxy Groups are used to distribute requests from rules according to different strategies. They can be referenced directly by rules, or referenced by other proxy groups, with the top-level proxy groups being referenced by rules.
relay
Requests are relayed through the specified proxy servers in sequence. UDP is not currently supported. The specified proxy servers should not contain another relay.
url-test
Clash periodically sends HTTP HEAD requests to each proxy server in the list via the specified URL to test latency. You can set the maximum tolerance, test interval, and target URL.
fallback
Clash periodically sends HTTP HEAD requests to each proxy server in the list via the specified URL to test availability. The first available server will be used.
load-balance
Requests with the same eTLD+1 will use the same proxy server.
select
By default, Clash uses the first proxy in the group on startup. Users can use the RESTful API to select which proxy to use. In this mode, you can hardcode servers in the configuration or use Proxy Providers to dynamically add servers.
In either case, sometimes you may also use a direct connection to route packets. In this case, you can use the DIRECT direct outbound.
To use a different network interface, you need a proxy group that includes DIRECT and set the interface-name option.
Proxy Providers
Proxy Providers allow users to dynamically load proxy server lists instead of hardcoding them in the configuration file. Currently there are two types of proxy providers:
http: Clash loads the server list from the specified URL on startup. If theintervaloption is set, Clash periodically pulls the server list from the remote.file: Clash loads the server list from the specified file path on startup. Health checks are available for both modes and are exactly the same asfallbackin proxy groups.