Clash Tun in macOS

Clash Tun Experimental release

Clash Tun Config

fake-ip mode (not under test)

dns:
  enable: true
  listen: 0.0.0.0:53
  enhanced-mode: fake-ip
  nameserver:
    - 114.114.114.114

experimental:
  interface-name: en0 # your interface-name

tun:
  enable: true

real-ip mode (recommend)

dns:
  enable: true
  listen: 0.0.0.0:53
  ipv6: false
  enhanced-mode: redir-host
  nameserver:
    - https://doh.rixcloud.dev/dns-query
    - tls://dns.rubyfish.cn:853 # dns over tls
    - https://i.233py.com/dns-query
    - https://dns.google/dns-query
    - https://118.31.13.131/dns-query
    - https://120.25.25.166/dns-query
    - https://139.224.112.177/dns-query
    - https://47.108.56.233/dns-query
    - https://59.110.53.209/dns-query
    - 119.28.28.28

experimental:
  interface-name: en0 # your interface-name

tun:
  enable: true

DNS recommendations

use DoT/DoH.

• tls://dns.rubyfish.cn:853 # dns over tls
• https://dns.google/dns-query
• https://i.233py.com/dns-query
• https://doh.rixcloud.dev/dns-query
• https://118.31.13.131/dns-query
• https://120.25.25.166/dns-query
• https://139.224.112.177/dns-query
• https://47.108.56.233/dns-query
• https://59.110.53.209/dns-query

Update Config When Clash is Running

curl -v -X PUT -H "Accept: application/json" -H "Content-type: application/json"  -d '{"path":"/Users/xuhaoyang/clash/config.yaml"}' 127.0.0.1:9090/configs

Run clash with sudo

sudo ./clash -d .

System

macOS set global route (after tun start)

sudo route -n add -net 1 198.18.0.1
sudo route -n add -net 2/7 198.18.0.1
sudo route -n add -net 4/6 198.18.0.1
sudo route -n add -net 8/5 198.18.0.1
sudo route -n add -net 16/4 198.18.0.1
sudo route -n add -net 32/3 198.18.0.1
sudo route -n add -net 64/2 198.18.0.1
sudo route -n add -net 128.0/1 198.18.0.1
networksetup -setdnsservers Wi-Fi 127.0.0.1

Unset

sudo route -n delete -net 1 198.18.0.1
sudo route -n delete -net 2/7 198.18.0.1
sudo route -n delete -net 4/6 198.18.0.1
sudo route -n delete -net 8/5 198.18.0.1
sudo route -n delete -net 16/4 198.18.0.1
sudo route -n delete -net 32/3 198.18.0.1
sudo route -n delete -net 64/2 198.18.0.1
sudo route -n delete -net 128.0/1 198.18.0.1
networksetup -setdnsservers Wi-Fi

Or close clash

IP foward

# IPv4 的转发
$ sudo sysctl -w net.inet.ip.forwarding=1
net.inet.ip.forwarding: 0 -> 1

# IPv6 的转发
$ sudo sysctl -w net.inet6.ip6.forwarding=1
net.inet6.ip6.forwarding: 0 -> 1

sudo sysctl -a | grep forward

/etc/sysctl.conf 

Shell setting

fun setClashNetwork(){
  OLDIFS=$IFS
  IFS=$'\n'
  sudo route -n add -net 1 198.18.0.1
  sudo route -n add -net 2/7 198.18.0.1
  sudo route -n add -net 4/6 198.18.0.1
  sudo route -n add -net 8/5 198.18.0.1
  sudo route -n add -net 16/4 198.18.0.1
  sudo route -n add -net 32/3 198.18.0.1
  sudo route -n add -net 64/2 198.18.0.1
  sudo route -n add -net 128.0/1 198.18.0.1
  for line in $(networksetup -listallnetworkservices)
  do
    if [[ "$line" != *"An asterisk"* ]] 
    then
      echo "$line"
      networksetup -setdnsservers $line "127.0.0.1"
    fi
  done
  IFS=$OLDIFS
}

fun unsetClashNetwork(){
  OLDIFS=$IFS
  IFS=$'\n'
  sudo route delete -net 1 198.18.0.1
  sudo route delete -net 2/7 198.18.0.1
  sudo route delete -net 4/6 198.18.0.1
  sudo route delete -net 8/5 198.18.0.1
  sudo route delete -net 16/4 198.18.0.1
  sudo route delete -net 32/3 198.18.0.1
  sudo route delete -net 64/2 198.18.0.1
  sudo route delete -net 128.0/1 198.18.0.1
  for line in $(networksetup -listallnetworkservices)
  do
    if [[ "$line" != *"An asterisk"* ]] 
    then
      echo "$line"
      networksetup -setdnsservers $line
    fi
  done
  IFS=$OLDIFS
}

fun updateClashConfig(){
  curl -v -X PUT -H "Accept: application/json" -H "Content-type: application/json"  -d '{"path":"/Users/xuhaoyang/clash/config/config.yaml"}' 127.0.0.1:9090/configs
}