A rule-based tunnel in Go.
Go to file
Noah Shang 4e91118a05 Feature: add freebsd release (#80)
add freebsd support
2018-12-31 20:57:21 +08:00
adapters Chore: improve outbound architecture 2018-12-22 23:56:42 +08:00
common Feature: add websocket headers support in vmess 2018-12-11 00:25:05 +08:00
component Chore: make a consistent code style 2018-12-23 00:42:08 +08:00
config Fix: ignore some general configuration 2018-12-21 22:51:37 +08:00
constant Chore: improve outbound architecture 2018-12-22 23:56:42 +08:00
dns Fix: dns crash & remove unused debug log 2018-12-10 11:00:52 +08:00
docs Update: README.md logo and badges 2018-06-23 00:44:28 +08:00
hub Fix: authentication with stream api 2018-12-29 14:11:54 +08:00
log Feature: add custom DNS support (#56) 2018-12-05 21:13:29 +08:00
proxy Chore: make a consistent code style 2018-12-23 00:42:08 +08:00
rules Improve: auto change payload to lowercase 2018-11-21 13:59:39 +08:00
tunnel Chore: improve outbound architecture 2018-12-22 23:56:42 +08:00
.gitignore Init: first commit 🎉 2018-06-10 22:50:03 +08:00
.travis.yml Feature: repalce dep with go module 2018-10-01 19:38:54 +08:00
Dockerfile Chore: clean up Dockerfile 2018-10-23 13:26:05 +08:00
LICENSE Initial commit 2018-06-10 22:28:14 +08:00
Makefile Feature: add freebsd release (#80) 2018-12-31 20:57:21 +08:00
README.md Chore: update `external-ui` explanation 2018-12-20 22:34:38 +08:00
go.mod Feature: add custom DNS support (#56) 2018-12-05 21:13:29 +08:00
go.sum Feature: add custom DNS support (#56) 2018-12-05 21:13:29 +08:00
main.go Chore: improve code architecture 2018-11-21 13:47:46 +08:00

README.md

Clash
Clash

A rule-based tunnel in Go.

Travis-CI

Features

  • HTTP/HTTPS and SOCKS protocol
  • Surge like configuration
  • GeoIP rule support
  • Support Vmess/Shadowsocks/Socks5
  • Support for Netfilter TCP redirect

Install

You can build from source:

go get -u -v github.com/Dreamacro/clash

Pre-built binaries are available: release

Requires Go >= 1.11.

Daemon

Unfortunately, there is no native elegant way to implement golang's daemon.

So we can use third-party daemon tools like pm2, supervisor, and so on.

In the case of pm2, we can start the daemon this way:

pm2 start clash

If you have Docker installed, you can run clash directly using docker-compose.

Run clash in docker

Config

NOTE: after v0.8.0, clash using yaml as configuration file

The default configuration directory is $HOME/.config/clash

The name of the configuration file is config.yml

If you want to use another directory, you can use -d to control the configuration directory

For example, you can use the current directory as the configuration directory

clash -d .

Below is a simple demo configuration file:

# port of HTTP
port: 7890

# port of SOCKS5
socks-port: 7891

# redir port for Linux and macOS
# redir-port: 7892

allow-lan: false

# Rule / Global/ Direct (default is Rule)
mode: Rule

# set log level to stdout (default is info)
# info / warning / error / debug / silent
log-level: info

# A RESTful API for clash
external-controller: 127.0.0.1:9090

# you can put the static web resource (such as clash-dashboard) to a directory, and clash would serve in `${API}/ui`
# input is a relative path to the configuration directory or an absolute path
# external-ui: folder

# Secret for RESTful API (Optional)
# secret: ""

dns:
  # enable: true # set true to enable dns (default is false)
  # ipv6: false # default is false
  # listen: 0.0.0.0:53
  # enhanced-mode: redir-host
  # nameserver:
  #   - 114.114.114.114
  #   - tls://dns.rubyfish.cn:853 # dns over tls
  # fallback: # concurrent request with nameserver, fallback used when GEOIP country isn't CN
  #   - 8.8.8.8

Proxy:

# shadowsocks
# The types of cipher are consistent with go-shadowsocks2
# support AEAD_AES_128_GCM AEAD_AES_192_GCM AEAD_AES_256_GCM AEAD_CHACHA20_POLY1305 AES-128-CTR AES-192-CTR AES-256-CTR AES-128-CFB AES-192-CFB AES-256-CFB CHACHA20-IETF XCHACHA20
# In addition to what go-shadowsocks2 supports, it also supports chacha20 rc4-md5 xchacha20-ietf-poly1305
- { name: "ss1", type: ss, server: server, port: 443, cipher: AEAD_CHACHA20_POLY1305, password: "password" }
- { name: "ss2", type: ss, server: server, port: 443, cipher: AEAD_CHACHA20_POLY1305, password: "password", obfs: tls, obfs-host: bing.com }

# vmess
# cipher support auto/aes-128-gcm/chacha20-poly1305/none
- { name: "vmess", type: vmess, server: server, port: 443, uuid: uuid, alterId: 32, cipher: auto }
# with tls
- { name: "vmess", type: vmess, server: server, port: 443, uuid: uuid, alterId: 32, cipher: auto, tls: true }
# with tls and skip-cert-verify
- { name: "vmess", type: vmess, server: server, port: 443, uuid: uuid, alterId: 32, cipher: auto, tls: true, skip-cert-verify: true }
# with ws-path and ws-headers
- { name: "vmess", type: vmess, server: server, port: 443, uuid: uuid, alterId: 32, cipher: auto, network: ws, ws-path: /path, ws-headers: { Host: v2ray.com } }
# with ws + tls
- { name: "vmess", type: vmess, server: server, port: 443, uuid: uuid, alterId: 32, cipher: auto, network: ws, ws-path: /path, tls: true }

# socks5
- { name: "socks", type: socks5, server: server, port: 443 }
# socks5 with authentication
- { name: "socks", type: socks5, server: server, port: 443, username: "username", password: "password" }
# with tls
- { name: "socks", type: socks5, server: server, port: 443, tls: true }
# with tls and skip-cert-verify
- { name: "socks", type: socks5, server: server, port: 443, tls: true, skip-cert-verify: true }

# http
- { name: "http", type: http, server: server, port: 443 }
# http with authentication
- { name: "http", type: http, server: server, port: 443, username: "username", password: "password" }
# with tls (https)
- { name: "http", type: http, server: server, port: 443, tls: true }
# with tls (https) and skip-cert-verify
- { name: "http", type: http, server: server, port: 443, tls: true, skip-cert-verify: true }

Proxy Group:
# url-test select which proxy will be used by benchmarking speed to a URL.
- { name: "auto", type: url-test, proxies: ["ss1", "ss2", "vmess1"], url: http://www.gstatic.com/generate_204, interval: 300 }

# fallback select an available policy by priority. The availability is tested by accessing an URL, just like an auto url-test group.
- { name: "fallback-auto", type: fallback, proxies: ["ss1", "ss2", "vmess1"], url: http://www.gstatic.com/generate_204, interval: 300 }

# select is used for selecting proxy or proxy group
# you can use RESTful API to switch proxy, is recommended for use in GUI.
- { name: "Proxy", type: select, proxies: ["ss1", "ss2", "vmess1", "auto"] }

Rule:
- DOMAIN-SUFFIX,google.com,Proxy
- DOMAIN-KEYWORD,google,Proxy
- DOMAIN,google.com,Proxy
- DOMAIN-SUFFIX,ad.com,REJECT
- IP-CIDR,127.0.0.0/8,DIRECT
- GEOIP,CN,DIRECT
# FINAL would remove after prerelease
# you also can use `FINAL,Proxy` or `FINAL,,Proxy` now
- MATCH,Proxy

Thanks

riobard/go-shadowsocks2

v2ray/v2ray-core

License

FOSSA Status

TODO

  • Complementing the necessary rule operators
  • Redir proxy
  • UDP support
  • Connection manager