General configuration¶
Allow LAN¶
Allows other devices to access the internet through Clash proxy port.
Optional values: true/false
Binding address, only allows other devices to access through this address.
"*"
binds to all IP addresses."192.168.31.31"
binds to a single IPV4 address."[aaaa::a8aa:ff:fe09:57d8]"
binds to a single IPV6 address.
Allowed IP address ranges for connection, applicable only when allow-lan
is set to true
.
Default values are 0.0.0.0/0
and ::/0
.
Disallowed IP address ranges for connection. Blacklist takes precedence over whitelist, default is empty.
User Authentication¶
User authentication for http(s), socks, and mixed proxies.
Set the IP ranges allowed to skip authentication.
Operation Mode¶
rule
Rule-based matchingglobal
Global proxy (requires selecting proxy/strategy in GLOBAL proxy group)direct
Global direct connection
defaulting to rule
mode.
Log Level¶
Controls the logging level of Clash core, only output to console and control page.
silent
Silent, no output.error
Outputs logs of errors and unusable logs.warning
Outputs logs of errors that do not affect operations, and logs of error level.info
Outputs general operational logs, as well as logs of error and warning levels.debug
Outputs as much information as possible during runtime.
IPv6¶
Whether to allow the kernel to accept IPv6 traffic.
default is true
.
TCP Keep Alive Settings¶
Modify this item to reduce the power consumption issue on mobile devices
The interval for TCP Keep Alive packets, measured in seconds.
The maximum idle time for TCP Keep Alive.
Disable TCP Keep Alive; on Android, this is set to true by default.
Process Matching Mode¶
Controls whether Clash matches processes.
always
Enables, forces matching of all processes.strict
Default, Clash determines whether to enable.off
Does not match processes, recommended for use on routers.
External Control (API)¶
External controller, allows controlling your Clash kernel using RESTful API.
API listening address, you can change 127.0.0.1
to 0.0.0.0
to listen on all IPs.
API CORS Header Configuration
Unix socket API listening address
Accessing API endpoints via Unix socket does not verify secrets. If enabled, please ensure security measures are in place.
Windows Named Pipe API Listening Address
Accessing the API interface via Windows Named Pipe does not validate the secret. If enabled, please ensure your security.
HTTPS-API listening address, requires configuring the tls section for certificate and private key configuration, external-controller must also be filled in.
Access key for the API.
External User Interface¶
Allows running static webpage resources (such as Clash-dashboard) on Clash API, path is API address/ui.
Can be an absolute path or a relative path to the Clash working directory.
Custom External User Interface Name¶
Not mandatory, will be updated to the specified folder during updates, if not configured, it will be updated directly to the external-ui
directory.
Custom External User Interface Download URL¶
Cache¶
Unified Delay¶
When unified delay is enabled, two delay tests are conducted to eliminate latency differences caused by connection handshakes and other variations in different types of nodes.
TCP Concurrency¶
Outbound Interface¶
Clash's traffic outbound interface.
Routing Mark¶
Provides a default traffic mark for outbound connections on Linux.
TLS¶
Currently only used for https in API.
Global Client Fingerprint¶
Global TLS fingerprint, lower priority than client-fingerprint inside proxy.
Currently supports TCP/grpc/WS/HTTP transport with TLS, supported protocols are VLESS
, Vmess
, and trojan
.
Note
Options: chrome
, firefox
, safari
, iOS
, android
, edge
, 360
, qq
, random
If random
is selected, a modern browser fingerprint will be generated based on Cloudflare Radar data.
GEO Data Mode¶
Change the geoip usage file, mmdb
or dat
,true
is dat
, with a default value of false
.
GEO File Loading Mode¶
Optional loading modes are as follows:
standard
: Standard loadermemconservative
: Loader optimized for memory-limited (small memory) devices (default)
Auto Update GEO¶
Update interval, unit is hours
Custom GEO Download Address¶
Custom Global UA¶
Custom UA used when downloading external resources, default is clash.meta.
ETag Support¶
ETag support for external resource downloads is enabled by default.