欢迎光临
我们一直在努力
        找回密码
当前位置:拆东墙 科学上网 正文

sing-box TUN+REALITY(iOS/Windows客户端配置示例)

2024-10-11 分类:科学上网 阅读(29) 评论(0)

最近sing-box又出了一个新的ios客户端:sfi。

sfi目前使用起来还不太方便,配置只能手搓,不过这都小问题,主要是目前想在ios上用reality的话就只有这个客户端支持,小火箭啥的估计没个把月不会更新。。

更多关于sfi的介绍可看这里:https://sing-box.sagernet.org/installation/clients/sfi/

reality服务端的配置可看我之前的这篇文章:https://lala.im/8610.html

有一个需要注意的点是新版本的sing-box现在vless入站也要填写flow了:

"flow": "xtls-rprx-vision"

其他的没有变化,下面是我自己根据文档搓的2份客户端配置文件,一个ios的,一个windows的。

ios:

{
  "log": {
    "level": "info",
    "timestamp": true
  },
  "dns": {
    "servers": [
      {
        "tag": "cloudflare",
        "address": "https://1.1.1.1/dns-query"
      },
      {
        "tag": "dnspod",
        "address": "https://1.12.12.12/dns-query",
        "detour": "direct"
      },
      {
        "tag": "block",
        "address": "rcode://success"
      }
    ],
    "rules": [
      {
        "geosite": "cn",
        "server": "dnspod"
      },
      {
        "geosite": "category-ads-all",
        "server": "block",
        "disable_cache": true
      }
    ]
  },
  "inbounds": [
    {
      "type": "tun",
      "tag": "tun-in",
      "interface_name": "tun0",
      "inet4_address": "172.19.0.1/30",
      "auto_route": true,
      "strict_route": true,
      "stack": "gvisor",
      "sniff": true
    }
  ],
  "outbounds": [
    {
      "type": "vless",
      "tag": "vless-out",
      "server": "1.2.3.4",
      "server_port": 443,
      "uuid": "8497c213-e47c-4df3-beb0-2f3db1605062",
      "flow": "xtls-rprx-vision",
      "network": "tcp",
      "tls": {
        "enabled": true,
        "server_name": "www.docker.com",
        "utls": {
      	  "enabled": true,
      	  "fingerprint": "safari"
         },
        "reality": {
      	  "enabled": true,
      	  "public_key": "o60BMlDgf_k_hAryojHWGrDkqjR8SvcYK5asrOoU1hA",
      	  "short_id": "5d2e3ed92cf8a73b"
        }
      }
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "type": "dns",
      "tag": "dns"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns"
      },
      {
        "geosite": "cn",
        "geoip": [
          "cn",
          "private"
        ],
        "outbound": "direct"
      },
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      }
    ]
  }
}

windows:

{
  "log": {
    "level": "info",
    "timestamp": true
  },
  "dns": {
    "servers": [
      {
        "tag": "cloudflare",
        "address": "https://1.1.1.1/dns-query"
      },
      {
        "tag": "dnspod",
        "address": "https://1.12.12.12/dns-query",
        "detour": "direct"
      },
      {
        "tag": "block",
        "address": "rcode://success"
      }
    ],
    "rules": [
      {
        "geosite": "cn",
        "server": "dnspod"
      },
      {
        "geosite": "category-ads-all",
        "server": "block",
        "disable_cache": true
      }
    ]
  },
  "inbounds": [
    {
      "type": "tun",
      "tag": "tun-in",
      "interface_name": "singbox-tun",
      "inet4_address": "172.20.0.1/30",
      "auto_route": true,
      "strict_route": true,
      "stack": "system",
      "sniff": true
    }
  ],
  "outbounds": [
    {
      "type": "vless",
      "tag": "vless-out",
      "server": "1.2.3.4",
      "server_port": 443,
      "uuid": "8497c213-e47c-4df3-beb0-2f3db1605062",
      "flow": "xtls-rprx-vision",
      "network": "tcp",
      "tls": {
        "enabled": true,
        "server_name": "www.docker.com",
        "utls": {
      	  "enabled": true,
      	  "fingerprint": "chrome"
         },
        "reality": {
      	  "enabled": true,
      	  "public_key": "o60BMlDgf_k_hAryojHWGrDkqjR8SvcYK5asrOoU1hA",
      	  "short_id": "5d2e3ed92cf8a73b"
        }
      }
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "type": "dns",
      "tag": "dns"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns"
      },
      {
        "geosite": "cn",
        "geoip": [
          "cn",
          "private"
        ],
        "outbound": "direct"
      },
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      }
    ],
    "auto_detect_interface": true
  }
}

2个平台配置的时候都有一些需要注意的点。

ios:sfi不支持system stack,所以配置里面用的是gvisor。

windows:开启strict_route可以防止dns泄漏。另外必须配置auto_detect_interface防止流量环回。

无论是ios还是windows使用tun模式的时候,dns服务器不要把格式配置成system协议的。

ios的配置导入进去就能用了,下面我记录下windows的额外配置。

由于我这个win10里面有很多接口,我看了下有virtualbox、vmware、openvpn、网易uu游戏加速器等很多:

windows默认对这些接口都会自动设置一个优先级,如果这些接口的优先级比你用来上网的那个接口优先级高(一般用来上网的接口叫“以太网”。)那么sing-box就会把优先级最高的那个接口当作默认接口,这样就会导致最后sing-box是不能正常用的。

要解决的话也很简单,笨办法,把不用的接口都禁用掉,只留下用来上网的“以太网”。一开始我就是这样配置的,但是想了下这也太不方便了。后来仔细研究了下,发现是可以手动设置优先级的,下面说下方法。

首先用管理员身份打开powershell,执行下面的命令查看接口信息:

Get-NetIPInterface

主要看接口InterfaceMetric下面的值,值越低说明优先级越高:

可以看到我用来上网的“以太网”接口的值是100,而virtualbox、vmware等接口的值是25、35,都比“以太网”的值低。现在要做的就是修改这些接口的值,执行如下命令修改:

Set-NetIPInterface -InterfaceIndex 3 -InterfaceMetric 110
Set-NetIPInterface -InterfaceIndex 13 -InterfaceMetric 120
Set-NetIPInterface -InterfaceIndex 4 -InterfaceMetric 130
Set-NetIPInterface -InterfaceIndex 16 -InterfaceMetric 130

再看下,确认修改完成:

参考:

https://sing-box.sagernet.org/configuration/inbound/tun/
https://sing-box.sagernet.org/examples/tun/
https://sing-box.sagernet.org/examples/dns-hijack/
https://www.windowscentral.com/how-change-priority-order-network-adapters-windows-10

赞(0)
未经允许不得转载:拆东墙 » sing-box TUN+REALITY(iOS/Windows客户端配置示例)
分享到

相关推荐

评论 抢沙发

取消

热门文章

最新评论

登录

找回密码

注册