Docs(locales): add chinese locale support (#2772)

2023-07-14 22:20:15 +08:00
parent 24186a488a
commit c7e34bdc11
33 changed files with 2636 additions and 97 deletions
--- a/docs/zh_CN/advanced-usages/golang-api.md
+++ b/docs/zh_CN/advanced-usages/golang-api.md
@ -0,0 +1,59 @@
+---
+sidebarTitle: 在 Golang 程序中集成 Clash
+sidebarOrder: 3
+---
+
+# 在 Golang 程序中集成 Clash
+
+如果 Clash 不能满足您的需求, 您可以在自己的 Golang 代码中使用 Clash.
+
+目前已经有基本的支持:
+
+```go
+package main
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net"
+
+	"github.com/Dreamacro/clash/adapter/outbound"
+	"github.com/Dreamacro/clash/constant"
+	"github.com/Dreamacro/clash/listener/socks"
+)
+
+func main() {
+	in := make(chan constant.ConnContext, 100)
+	defer close(in)
+
+	l, err := socks.New("127.0.0.1:10000", in)
+	if err != nil {
+		panic(err)
+	}
+	defer l.Close()
+
+	println("listen at:", l.Address())
+
+	direct := outbound.NewDirect()
+
+	for c := range in {
+		conn := c
+		metadata := conn.Metadata()
+		fmt.Printf("请求从 %s 传入到 %s\n", metadata.SourceAddress(), metadata.RemoteAddress())
+		go func () {
+			remote, err := direct.DialContext(context.Background(), metadata)
+			if err != nil {
+				fmt.Printf("Dial 错误: %s\n", err.Error())
+				return
+			}
+			relay(remote, conn.Conn())
+		}()
+	}
+}
+
+func relay(l, r net.Conn) {
+	go io.Copy(l, r)
+	io.Copy(r, l)
+}
+```
--- a/docs/zh_CN/advanced-usages/openconnect.md
+++ b/docs/zh_CN/advanced-usages/openconnect.md
@ -0,0 +1,102 @@
+---
+sidebarTitle: 基于规则的 OpenConnect
+sidebarOrder: 2
+---
+
+# 基于规则的 OpenConnect
+
+支持以下 OpenConnect:
+
+- Cisco AnyConnect SSL VPN
+- Juniper Network Connect
+- Palo Alto Networks (PAN) GlobalProtect SSL VPN
+- Pulse Connect Secure SSL VPN
+- F5 BIG-IP SSL VPN
+- FortiGate SSL VPN
+- Array Networks SSL VPN
+
+例如, 您的公司使用 Cisco AnyConnect 作为内部网络访问的方式. 这里我将向您展示如何使用 Clash 提供的策略路由来使用 OpenConnect.
+
+首先, [安装 vpn-slice](https://github.com/dlenski/vpn-slice#requirements). 这个工具会覆写 OpenConnect 的默认路由表行为. 简单来说, 它会阻止 VPN 覆写您的默认路由.
+
+接下来您需要一个脚本 (比如 `tun0.sh`) 类似于这样:
+
+```sh
+#!/bin/bash
+ANYCONNECT_HOST="vpn.example.com"
+ANYCONNECT_USER="john"
+ANYCONNECT_PASSWORD="foobar"
+ROUTING_TABLE_ID="6667"
+TUN_INTERFACE="tun0"
+
+# 如果服务器在中国大陆, 请添加 --no-dtls. 中国大陆的 UDP 会很卡.
+echo "$ANYCONNECT_PASSWORD" | \
+  openconnect \
+    --non-inter \
+    --passwd-on-stdin \
+    --protocol=anyconnect \
+    --interface $TUN_INTERFACE \
+    --script "vpn-slice
+if [ \"\$reason\" = 'connect' ]; then
+  ip rule add from \$INTERNAL_IP4_ADDRESS table $ROUTING_TABLE_ID
+  ip route add default dev \$TUNDEV scope link table $ROUTING_TABLE_ID
+elif [ \"\$reason\" = 'disconnect' ]; then
+  ip rule del from \$INTERNAL_IP4_ADDRESS table $ROUTING_TABLE_ID
+  ip route del default dev \$TUNDEV scope link table $ROUTING_TABLE_ID
+fi" \
+    --user $ANYCONNECT_USER \
+    https://$ANYCONNECT_HOST
+```
+
+之后, 我们将其配置成一个 systemd 服务. 创建 `/etc/systemd/system/tun0.service`:
+
+```ini
+[Unit]
+Description=Cisco AnyConnect VPN
+After=network-online.target
+Conflicts=shutdown.target sleep.target
+
+[Service]
+Type=simple
+ExecStart=/path/to/tun0.sh
+KillSignal=SIGINT
+Restart=always
+RestartSec=3
+StartLimitIntervalSec=0
+
+[Install]
+WantedBy=multi-user.target
+```
+
+然后我们启用并启动服务.
+
+```shell
+chmod +x /path/to/tun0.sh
+systemctl daemon-reload
+systemctl enable tun0
+systemctl start tun0
+```
+
+这里您可以查看日志来查看它是否正常运行. 简单的方法是查看 `tun0` 接口是否已经创建.
+
+和 Wireguard 类似, 将 TUN 设备作为出站很简单, 只需要添加一个策略组:
+
+```yaml
+proxy-groups:
+  - name: Cisco AnyConnect VPN
+    type: select
+    interface-name: tun0
+    proxies:
+      - DIRECT
+```
+
+... 然后就可以使用了!
+
+添加您想要的规则:
+
+```yaml
+rules:
+  - DOMAIN-SUFFIX,internal.company.com,Cisco AnyConnect VPN
+```
+
+当您发现有问题时, 您应该查看 debug 级别的日志.
--- a/docs/zh_CN/advanced-usages/wireguard.md
+++ b/docs/zh_CN/advanced-usages/wireguard.md
@ -0,0 +1,40 @@
+---
+sidebarTitle: 基于规则的 Wireguard
+sidebarOrder: 1
+---
+
+# 基于规则的 Wireguard
+
+假设您的内核支持 Wireguard 并且您已经启用了它. `Table` 选项可以阻止 _wg-quick_ 覆写默认路由.
+
+例如 `wg0.conf`:
+
+```ini
+[Interface]
+PrivateKey = ...
+Address = 172.16.0.1/32
+MTU = ...
+Table = off
+PostUp = ip rule add from 172.16.0.1/32 table 6666
+
+[Peer]
+AllowedIPs = 0.0.0.0/0
+AllowedIPs = ::/0
+PublicKey = ...
+Endpoint = ...
+```
+
+然后在 Clash 中您只需要有一个 DIRECT 策略组, 它包含一个指定的出站接口:
+
+```yaml
+proxy-groups:
+  - name: Wireguard
+    type: select
+    interface-name: wg0
+    proxies:
+      - DIRECT
+rules:
+  - DOMAIN,google.com,Wireguard
+```
+
+这通常比 Clash 自己实现的用户空间 Wireguard 客户端性能更好. Wireguard 在内核中支持.