记录： clash-meta 配置 ss 回连访问局域网设备

两个注意点：

1. clash-meta 取消勾选“网络->绕过私有地址”，不然配置了 dns 和 tun 都会被直接过滤掉，连 debug 日志都不显示 192.168.0.0/16 的访问流量；
2. dns -> proxy-server-nameserver 要加，不然解析不到回连的 ddns 域名

配置如下：

mixed-port: 7890 # Linux 和 macOS 的 redir 代理端口 redir-port: 7892 # 允许局域网的连接 allow-lan: true # 规则模式：Rule （规则） / Global （全局代理）/ Direct （全局直连） mode: rule # 设置日志输出级别 (默认级别：silent ，即不输出任何内容，以避免因日志内容过大而导致程序内存溢出）。 # 5 个级别：silent / warning / error / info / debug 。级别越高日志输出量越大，越倾向于调试，若需要请自行开启。 log-level: info # Clash 的 RESTful API external-controller: '127.0.0.1:9091' # RESTful API 的口令 secret: '' tun: enable: true stack: mixed dns-hijack: - "any:53" - "tcp://any:53" auto-route: true auto-redirect: true auto-detect-interface: true dns: enable: true ipv6: false enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 fake-ip-filter: - "*" - "+.lan" - "+.local" - "+.market.xiaomi.com" nameserver: - https://1.1.1.1/dns-query - https://8.8.8.8/dns-query proxy-server-nameserver: # 解析代理节点 - https://doh.pub/dns-query - https://dns.alidns.com/dns-query nameserver-policy: "geosite:cn,private": - 223.5.5.5 - 119.29.29.29 # proxy provider start here proxies: - name: ss-in type: ss server: port: cipher: 2022-blake3-aes-128-gcm password: <openssl rand -base64 16> udp: true proxy-providers: sub-1: type: http url: interval: 3600 sub-2: type: http url: interval: 3600 # proxy provider end proxy-groups: - name: 自动选择 type: url-test url: 'http://www.gstatic.com/generate_204' interval: 300 use: - sub-1 - sub-2 - name: alias-sub-1 type: select use: - sub-1 rule-providers: reject: type: http behavior: domain url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/reject.txt" path: ./ruleset/reject.yaml interval: 86400 icloud: type: http behavior: domain url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/icloud.txt" path: ./ruleset/icloud.yaml interval: 86400 apple: typ: http behavior: domain url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/apple.txt" path: ./ruleset/apple.yaml interval: 86400 google: type: http behavior: domain url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/google.txt" path: ./ruleset/google.yaml interval: 86400 proxy: type: http behavior: domain url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/proxy.txt" path: ./ruleset/proxy.yaml interval: 86400 direct: type: http behavior: domain url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/direct.txt" path: ./ruleset/direct.yaml interval: 86400 private: type: http behavior: domain url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/private.txt" path: ./ruleset/private.yaml interval: 86400 gfw: type: http behavior: domain url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/gfw.txt" path: ./ruleset/gfw.yaml interval: 86400 tld-not-cn: type: http behavior: domain url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/tld-not-cn.txt" path: ./ruleset/tld-not-cn.yaml interval: 86400 telegramcidr: type: http behavior: ipcidr url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/telegramcidr.txt" path: ./ruleset/telegramcidr.yaml interval: 86400 cncidr: type: http behavior: ipcidr url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/cncidr.txt" path: ./ruleset/cncidr.yaml interval: 86400 lancidr: type: http behavior: ipcidr url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/lancidr.txt" path: ./ruleset/lancidr.yaml interval: 86400 applications: type: http behavior: classical url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/applications.txt" path: ./ruleset/applications.yaml interval: 86400 rules: # ss-in - IP-CIDR,192.168.31.0/24,ss-in,no-resolve # custom rules - DOMAIN-SUFFIX,freenom.com,DIRECT # from rule-provider - RULE-SET,applications,DIRECT - DOMAIN,clash.razord.top,DIRECT - DOMAIN,yacd.haishan.me,DIRECT - RULE-SET,private,DIRECT - RULE-SET,reject,REJECT - RULE-SET,icloud,DIRECT - RULE-SET,apple,DIRECT - RULE-SET,google,自动选择 - RULE-SET,proxy,自动选择 - RULE-SET,direct,DIRECT - RULE-SET,lancidr,DIRECT - RULE-SET,cncidr,DIRECT - RULE-SET,telegramcidr,自动选择 - GEOIP,LAN,DIRECT - GEOIP,CN,DIRECT - MATCH,自动选择 

最后就是 DNS 泄露问题到底重不重要？翻了好多配置以及解析流程的文章，各有观点