history-museum/clash
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2024-09-06. You can view files and clone it, but cannot push or open issues or pull requests.
clash/docs/advanced-usages/wireguard.md
Birkhoff Lee ca42ca2ca8
Docs: new documentation site (#2723) 
This commit adds a VitePress build to the main repository,
aiming to ditch GitHub Wiki. Moving further, we're going to
host our own documentation site eithor on GitHub Pages or
something alike.
2023-05-15 21:47:01 +08:00

850 B
Raw Permalink Blame History

sidebarTitle, sidebarOrder
sidebarTitle sidebarOrder
Rule-based Wireguard 1

Rule-based Wireguard

Suppose your kernel supports Wireguard and you have it enabled. The Table option stops wg-quick from overriding default routes.

Example wg0.conf:

[Interface]
PrivateKey = ...
Address = 172.16.0.1/32
MTU = ...
Table = off
PostUp = ip rule add from 172.16.0.1/32 table 6666

[Peer]
AllowedIPs = 0.0.0.0/0
AllowedIPs = ::/0
PublicKey = ...
Endpoint = ...

Then in Clash you would only need to have a DIRECT proxy group that has a specific outbound interface:

proxy-groups:
  - name: Wireguard
    type: select
    interface-name: wg0
    proxies:
      - DIRECT
rules:
  - DOMAIN,google.com,Wireguard

This should perform better than whereas if Clash implemented its own userspace Wireguard client. Wireguard is supported in the kernel.