近日尝试将了https://github.com/Hagb/docker-easyconnect, 但是我不想每次想要访问内网时还手动切换代理, 这简直比原来用 Windows 客户端还糟糕. 于是我找到了 Clash.
Clash 是一个基于规则的隧道转发器, 自然也能支持我们分流内网/国内网络/墙外网络, 最初我尝试修改飞机场提供的配置文件, 但是机场的配置文件会每天更新, 于是翻阅了文档后发现了proxy-providers这个功能
于是基本实现原理为: 将飞机场配置作为一个代理提供器, 在代理中添加来自 easyconnect 的代理, 首先匹配内网网段转发到 easyconnect, 之后按顺序匹配到机场. Clash 配置如下:
点击展开完整配置
mode: Script
mixed-port: 7890
external-controller: 127.0.0.1:19953
secret: 4616077c-8348-40f7-b29e-dd3aeb78595f
proxy-providers:
机场提供器:
type: http
path: "./ruleset/westworld.yaml"
url: "<你的机场订阅url>"
health-check:
enable: true
url: http://www.gstatic.com/generate_204
interval: 300
proxies:
- {
type: socks5, name: "easyconnect_vpn", server: "<你的easyconnect地址>", port: <端口>;
}
proxy-groups:
- { name: 机场, type: url-test, use: [机场提供器] }
rules:
- "IP-CIDR,10.20.0.0/16,easyconnect_vpn"
- "IP-CIDR,10.10.0.0/16,easyconnect_vpn"
- RULE-SET,applications,DIRECT
- DOMAIN,clash.razord.top,DIRECT
- DOMAIN,yacd.haishan.me,DIRECT
- RULE-SET,private,DIRECT
- RULE-SET,reject,REJECT
- RULE-SET,google,DIRECT
- RULE-SET,proxy,机场
- RULE-SET,direct,DIRECT
- RULE-SET,lancidr,DIRECT
- RULE-SET,cncidr,DIRECT
- RULE-SET,telegramcidr,机场
- GEOIP,LAN,DIRECT
- GEOIP,CN,DIRECT
- MATCH,机场
rule-providers:
reject:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt"
path: ./ruleset/reject.yaml
interval: 86400
icloud:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt"
path: ./ruleset/icloud.yaml
interval: 86400
apple:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt"
path: ./ruleset/apple.yaml
interval: 86400
google:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt"
path: ./ruleset/google.yaml
interval: 86400
proxy:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt"
path: ./ruleset/proxy.yaml
interval: 86400
direct:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt"
path: ./ruleset/direct.yaml
interval: 86400
private:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt"
path: ./ruleset/private.yaml
interval: 86400
gfw:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt"
path: ./ruleset/gfw.yaml
interval: 86400
tld-not-cn:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt"
path: ./ruleset/tld-not-cn.yaml
interval: 86400
telegramcidr:
type: http
behavior: ipcidr
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt"
path: ./ruleset/telegramcidr.yaml
interval: 86400
cncidr:
type: http
behavior: ipcidr
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt"
path: ./ruleset/cncidr.yaml
interval: 86400
lancidr:
type: http
behavior: ipcidr
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt"
path: ./ruleset/lancidr.yaml
interval: 86400
applications:
type: http
behavior: classical
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt"
path: ./ruleset/applications.yaml
interval: 86400
- 注1: proxy-providers 不能直接使用, 需要在 proxy-groups 中使用
use来引用 - 注2: rules-providers 中一大堆来自于 https://github.com/Loyalsoldier/clash-rules, 这里使用了 Github 镜像
20240129 update:
对于我来说, 我的启动命令是:
docker run --device /dev/net/tun --cap-add NET_ADMIN -ti -p 3333:1080 -p 3334:8888 \
-e EC_VER=7.6.7 -e CLI_OPTS="-d https://vpn.xxxxx.xx.cn -u [email protected] -p <password>" \
--name econn --restart=always -d hagb/docker-easyconnect:cli这个命令在 Windows 和 Linux 都可以用, 在 Windows 时应当在 wsl2 下关联 docker.
- 注3: 如果你使用 TUN 模式, TUN 配置中应当忽略 vpn host 和内网 ip, 否则会出现无尽回环风暴. 如果已经出现风暴, 把 Clash 模式调整为直连即可
- 注4: 上面的配置在 虚空终端 Mihomo 也可用
20240308 update:
把代理供子里的地址改成了 jsdelivr 托管的.