General configuration¶
Allow LAN¶
Allows other devices to access the internet through Clash proxy port.
Optional values: true/false
Binding address, only allows other devices to access through this address.
"*"
binds to all IP addresses."192.168.31.31"
binds to a single IPV4 address."[aaaa::a8aa:ff:fe09:57d8]"
binds to a single IPV6 address.
Allowed IP address ranges for connection, applicable only when allow-lan
is set to true
.
Default values are 0.0.0.0/0
and ::/0
.
Disallowed IP address ranges for connection. Blacklist takes precedence over whitelist, default is empty.
User Authentication¶
User authentication for http(s), socks, and mixed proxies.
Set the IP ranges allowed to skip authentication.
Operation Mode¶
rule
Rule-based matchingglobal
Global proxy (requires selecting proxy/strategy in GLOBAL proxy group)direct
Global direct connection
defaulting to rule
mode.
Log Level¶
Controls the logging level of Clash core, only output to console and control page.
silent
Silent, no output.error
Outputs logs of errors and unusable logs.warning
Outputs logs of errors that do not affect operations, and logs of error level.info
Outputs general operational logs, as well as logs of error and warning levels.debug
Outputs as much information as possible during runtime.
IPv6¶
Whether to allow the kernel to accept IPv6 traffic.
default is true
.
TCP Keep Alive Interval¶
Controls the interval at which Clash sends out TCP Keep Alive packets to reduce temporary measures for mobile device power consumption.
unit is seconds
The time Clash discovers and closes an invalid TCP connection:
1 × keep-alive-interval + 9 × keep-alive-interval
Process Matching Mode¶
Controls whether Clash matches processes.
always
Enables, forces matching of all processes.strict
Default, Clash determines whether to enable.off
Does not match processes, recommended for use on routers.
External Control (API)¶
External controller, allows controlling your Clash kernel using RESTful API.
API listening address, you can change 127.0.0.1
to 0.0.0.0
to listen on all IPs.
Unix socket API listening address
Accessing API endpoints via Unix socket does not verify secrets. If enabled, please ensure security measures are in place.
HTTPS-API listening address, requires configuring the tls section for certificate and private key configuration, external-controller must also be filled in.
Access key for the API.
External User Interface¶
Allows running static webpage resources (such as Clash-dashboard) on Clash API, path is API address/ui.
Can be an absolute path or a relative path to the Clash working directory.
Custom External User Interface Name¶
Not mandatory, will be updated to the specified folder during updates, if not configured, it will be updated directly to the external-ui
directory.
Custom External User Interface Download URL¶
Cache¶
In Clash official, profile should be an extension configuration, but in Clash.meta, it is only used as a cache item.
Unified Delay¶
Change delay calculation method, remove additional delays such as handshakes.
TCP Concurrency¶
Outbound Interface¶
Clash's traffic outbound interface.
Routing Mark¶
Provides a default traffic mark for outbound connections on Linux.
TLS¶
Currently only used for https in API.
Global Client Fingerprint¶
Global TLS fingerprint, lower priority than client-fingerprint inside proxy.
Currently supports TCP/grpc/WS/HTTP transport with TLS, supported protocols are VLESS
, Vmess
, and trojan
.
Note
Options: chrome
, firefox
, safari
, iOS
, android
, edge
, 360
, qq
, random
If random
is selected, a modern browser fingerprint will be generated based on Cloudflare Radar data.
GEO Data Mode¶
Change the geoip usage file, mmdb
or dat
,true
is dat
, with a default value of false
.
GEO File Loading Mode¶
Optional loading modes are as follows:
standard
: Standard loadermemconservative
: Loader optimized for memory-limited (small memory) devices (default)
Auto Update GEO¶
Update interval, unit is hours
Custom GEO Download Address¶
Custom Global UA¶
Custom UA used when downloading external resources, default is clash.meta.