├── install.sh
├── install-easymosdns.sh
├── install-ospf.sh
├── README.md
├── install-ospf-clash_tun.sh
├── install-ospf-clash_tproxy.sh
└── easymosdnsconfig.yaml


/install.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | while true; do
 3 |     echo "-------------------"
 4 |     echo "请选择要执行的操作:"
 5 |     echo "-------------------"
 6 |     echo ""
 7 |     echo "1. OSPF + Clash TUN"
 8 |     echo ""
 9 |     echo "2. OSPF + Clash TProxy"
10 |     echo ""
11 |     echo "3. EasyMosDNS"
12 |     echo ""
13 |     echo "4. 仅OSPF"
14 |     echo ""
15 |     echo "5. 退出"
16 |     echo ""
17 |     read -p "请输入操作编号： " option
18 | 
19 |     case "$option" in
20 |         1)  wget https://raw.githubusercontent.com/Hamster-Prime/ospf-clash/main/install-ospf-clash_tun.sh && chmod +x install-ospf-clash_tun.sh && ./install-ospf-clash_tun.sh
21 |             ;;
22 |         2)  wget https://raw.githubusercontent.com/Hamster-Prime/ospf-clash/main/install-ospf-clash_tproxy.sh && chmod +x install-ospf-clash_tproxy.sh && ./install-ospf-clash_tproxy.sh
23 |             ;;
24 |         3)  wget https://raw.githubusercontent.com/Hamster-Prime/ospf-clash/main/install-easymosdns.sh && chmod +x install-easymosdns.sh && ./install-easymosdns.sh
25 |             ;;
26 |         4)  wget https://raw.githubusercontent.com/Hamster-Prime/ospf-clash/main/install-ospf.sh && chmod +x install-ospf.sh && ./install-ospf.sh
27 |             exit 0
28 |             ;;
29 |         5)  echo "退出脚本"
30 |             exit 0
31 |             ;;
32 |         *)  echo "无效选项，请重新选择"
33 |             continue
34 |             ;;
35 |     esac
36 | done
37 | 


--------------------------------------------------------------------------------
/install-easymosdns.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | apt update
 3 | echo "软件库升级完成"
 4 | 
 5 | # 安装所需软件
 6 | apt install unzip wget curl redis-server vim -y
 7 | 
 8 | #获取架构类型
 9 | architecture=$(uname -m)
10 | 
11 | #安装mosdns
12 | if [ "$architecture" == "x86_64" ]; then
13 |     file_url="https://github.com/Hamster-Prime/ospf-clash/releases/download/1.0.0/mosdns-linux-amd64.zip"
14 | elif [ "$architecture" == "aarch64" ]; then
15 |     file_url="https://github.com/Hamster-Prime/ospf-clash/releases/download/1.0.0/mosdns-linux-arm64.zip"
16 | else
17 |     echo "不支持您的系统架构 目前只支持x86_64与arm64 当前架构为: $architecture"
18 |     exit 1
19 | fi
20 | wget "$file_url" || {
21 |     echo "文件下载失败"
22 |     exit 1
23 | }
24 | for file in mosdns*; do
25 |     if [ -f "$file" ]; then
26 |         unzip "$file" "mosdns" -d /usr/local/bin
27 |     fi
28 | done
29 | wget https://github.com/Hamster-Prime/ospf-clash/releases/download/1.0.0/easymosdns.zip
30 | chmod +x /usr/local/bin/mosdns
31 | unzip easymosdns.zip
32 | mv easymosdns-k-main /etc/mosdns
33 | mkdir -p /etc/systemd/resolved.conf.d
34 | tee /etc/systemd/resolved.conf.d/dns.conf <<EOF
35 | [Resolve]
36 | DNS=127.0.0.1
37 | DNSStubListener=no
38 | EOF
39 | mv /etc/resolv.conf /etc/resolv.conf.backup
40 | ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
41 | systemctl reload-or-restart systemd-resolved
42 | mosdns service install -d /etc/mosdns -c config.yaml
43 | mosdns service start
44 | mv /etc/mosdns/config.yaml /etc/mosdns/config.yaml.orig
45 | touch /etc/mosdns/config.yaml
46 | wget -O /etc/mosdns/config.yaml https://raw.githubusercontent.com/Hamster-Prime/ospf-clash/main/easymosdnsconfig.yaml
47 | mosdns service restart
48 | 
49 | #完成
50 | echo "安装完成"
51 | echo "请执行 crontab -e 并在末尾添加 0 5 * * * truncate -s 0 /etc/mosdns/mosdns.log && /etc/mosdns/rules/update-cdn"
52 | 


--------------------------------------------------------------------------------
/install-ospf.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | #升级并安装依赖
 4 | apt update
 5 | apt install bird git make curl wget sudo -y
 6 | 
 7 | # 检测eth0的IP
 8 | ip_address=$(ip addr show eth0 | grep -oP 'inet \K[\d.]+')
 9 | 
10 | #配置bird服务
11 | mv /etc/bird/bird.conf /etc/bird/bird.conf.orig
12 | mv /etc/bird/bird6.conf /etc/bird/bird6.conf.orig
13 | 
14 | #IPv4
15 | tee /etc/bird/bird.conf <<EOF
16 | router id $ip_address;
17 | 
18 | # The Kernel protocol is not a real routing protocol. Instead of communicating
19 | # with other routers in the network, it performs synchronization of BIRD's
20 | # routing tables with the OS kernel.
21 | protocol kernel {
22 | 	scan time 60;
23 | 	import none;
24 | #	export all;   # Actually insert routes into the kernel routing table
25 | }
26 | 
27 | # The Device protocol is not a real routing protocol. It doesn't generate any
28 | # routes and it only serves as a module for getting information about network
29 | # interfaces from the kernel. 
30 | protocol device {
31 | 	scan time 60;
32 | }
33 | 
34 | protocol static {
35 |     include "routes4.conf";
36 | }
37 | 
38 | protocol ospf {
39 |     export all;
40 | 
41 |     area 0.0.0.0 {
42 |         interface "eth0" {
43 |         };
44 |     };
45 | }
46 | EOF
47 | 
48 | #IPv6
49 | tee /etc/bird/bird6.conf <<EOF
50 | router id $ip_address;
51 | 
52 | # The Kernel protocol is not a real routing protocol. Instead of communicating
53 | # with other routers in the network, it performs synchronization of BIRD's
54 | # routing tables with the OS kernel.
55 | protocol kernel {
56 | 	scan time 60;
57 | 	import none;
58 | #	export all;   # Actually insert routes into the kernel routing table
59 | }
60 | 
61 | # The Device protocol is not a real routing protocol. It doesn't generate any
62 | # routes and it only serves as a module for getting information about network
63 | # interfaces from the kernel. 
64 | protocol device {
65 | 	scan time 60;
66 | }
67 | 
68 | protocol static {
69 |     include "routes6.conf";
70 | }
71 | 
72 | protocol ospf {
73 |     export all;
74 | 
75 |     area 0.0.0.0 {
76 |         interface "eth0" {
77 |         };
78 |     };
79 | }
80 | EOF
81 | 
82 | #拉取路由表
83 | git clone https://github.com/Hamster-Prime/nchnroutes.git
84 | make -C /root/nchnroutes
85 | 
86 | #完成安装
87 | echo "安装完成"
88 | echo "请执行 crontab -e 在末尾添加 0 5 * * * make -C /root/nchnroutes"
89 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # 这是一个基于OSPF路由协议的RouterOS分流方案 ( 支持 IPv6 )
 2 | ### 特别感谢
 3 | > [孔昊天的折腾日记](https://www.youtube.com/@user-ek1qg7ti5r)  
 4 | > [allanchen2019](https://github.com/allanchen2019)  
 5 | > [dndx](https://github.com/dndx)  
 6 | > [Nathan](https://nathanyu.me/author/nathanyu/)
 7 | ### 本文相关知识引用自
 8 | > [haotianlPM/rosrbgprouter](https://github.com/haotianlPM/rosrbgprouter)  
 9 | > [allanchen2019/ospf-over-wireguard](https://github.com/allanchen2019/ospf-over-wireguard)  
10 | > [dndx/nchnroutes](https://github.com/dndx/nchnroutes)  
11 | > [使用Clash在Debian系统上用TProxy模式搭建透明代理](https://nathanyu.me/clash-transparent-proxy-on-debian/)
12 | ---
13 | # LXC 容器配置部分 ( N1 推荐系统为Armbian-bullseye-5.x内核 )
14 | ### 1. 模板下载
15 | **https://github.com/Hamster-Prime/ospf-clash/releases/download/1.0.0/ubuntu-22.04.tar.zst**
16 | ### 2. 容器创建
17 | 取消"无特权容器"勾选
18 | ### 3. 容器完善
19 | 容器创建完成后，先不要开机，点击你创建的LXC容器-选项-功能，勾选以下选项
20 | - 嵌套
21 | - nfs
22 | - smb
23 | - fuse
24 | ### 4. 容器配置文件
25 | 进入PVE控制台，输入 `nano /etc/pve/lxc/"容器ID".conf` 修改配置文件，添加以下内容
26 | ```
27 | lxc.apparmor.profile: unconfined
28 | lxc.cgroup.devices.allow: a
29 | lxc.cap.drop: 
30 | lxc.cgroup2.devices.allow: c 10:200 rwm
31 | lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file
32 | ```
33 | 启动容器并进入控制台
34 | ### 5. 安装 Clash 与 OSPF 服务
35 | #### 选择喜欢的方式并根据脚本提示完成设置
36 | ```
37 | wget https://raw.githubusercontent.com/Hamster-Prime/ospf-clash/main/install.sh && chmod +x install.sh && ./install.sh
38 | ```
39 | # RouterOS 配置部分
40 | ### 1. 创建 Routing Table
41 | ```
42 | /routing table add name=Clash_VPN fib
43 | ```
44 | ### 2. OSPF 设置
45 | ```
46 | /routing ospf instance add name=Clash router-id="RouterOS的IPv4地址" routing-table=Clash_VPN
47 | /routing ospf area add instance=Clash name=OSPF-Area-Clash
48 | /routing ospf interface-template add area=OSPF-Area-Clash hello-interval=10s cost=10 priority=1 interfaces="LAN网桥名字或者网卡名字" type=broadcast
49 | ```
50 | ### 3. Firewall Mangle 设置
51 | ```
52 | /ip firewall mangle add action=accept chain=prerouting src-address="安装Clash服务器的IPv4地址"
53 | /ip firewall mangle add action=mark-routing new-routing-mark=Clash_VPN dst-address-type=!local chain=prerouting src-address-list=!No_Proxy
54 | ```
55 | ### 4. 跳过代理
56 | ```
57 | /ip firewall address-list add address="不想代理的主机IP地址" list=No_Proxy
58 | ```
59 | ### 5. IPv6 设置 ( 可选 )
60 | ```
61 | /routing rule add src-address=::/0 action=lookup-only-in-table table=main
62 | ```
63 | ```
64 | /routing ospf instance add name=Clash_IPv6 version=3 router-id="RouterOS的IPv4地址" routing-table=Clash_VPN
65 | /routing ospf area add instance=Clash_IPv6 name=OSPF-Area-Clash_IPv6
66 | /routing ospf interface-template add area=OSPF-Area-Clash_IPv6 hello-interval=10s cost=10 priority=1 interfaces="LAN网桥名字或者网卡名字" type=broadcast
67 | ```
68 | ```
69 | /ipv6 firewall mangle add action=accept chain=prerouting src-address="安装Clash服务器的本地IPv6地址"
70 | /ipv6 firewall mangle add action=mark-routing new-routing-mark=Clash_VPN dst-address-type=!local chain=prerouting src-address-list=!No_Proxy
71 | ```
72 | ```
73 | /ipv6 firewall address-list add address="不想代理的主机IP地址" list=No_Proxy
74 | ```
75 | 


--------------------------------------------------------------------------------
/install-ospf-clash_tun.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | apt update
  3 | apt install bird unzip git nftables make curl wget gzip redis-server vim sudo -y
  4 | 
  5 | #获取架构类型
  6 | architecture=$(uname -m)
  7 | 
  8 | # 检测eth0的IP
  9 | ip_address=$(ip addr show eth0 | grep -oP 'inet \K[\d.]+')
 10 | 
 11 | #获取订阅链接地址
 12 | echo "请输入机场订阅地址"
 13 | read proxyurl
 14 | 
 15 | #获取DNS地址
 16 | echo "请输入内网DNS服务器地址(无内网dns请输入网关地址)"
 17 | read dnsip
 18 | 
 19 | #安装clash
 20 | if [ "$architecture" == "x86_64" ]; then
 21 |     file_url="https://github.com/Hamster-Prime/ospf-clash/releases/download/1.0.0/mihomo-linux-amd64-compatible-alpha.gz"
 22 | elif [ "$architecture" == "aarch64" ]; then
 23 |     file_url="https://github.com/Hamster-Prime/ospf-clash/releases/download/1.0.0/mihomo-linux-arm64-alpha.gz"
 24 | else
 25 |     echo "不支持您的系统架构 目前只支持x86_64与arm64 当前架构为: $architecture"
 26 |     exit 1
 27 | fi
 28 | wget "$file_url" || {
 29 |     echo "文件下载失败"
 30 |     exit 1
 31 | }
 32 | echo "开始解压"
 33 | for file in mihomo*; do
 34 |     if [ -f "$file" ]; then
 35 |         echo "解压 $file ..."
 36 |         gunzip "$file"
 37 |     fi
 38 | done
 39 | for file in mihomo*; do
 40 |     if [ -f "$file" ]; then
 41 |         echo "重命名 $file 为 clash ..."
 42 |         mv "$file" clash
 43 |     fi
 44 | done
 45 | chmod u+x clash
 46 | mkdir /etc/clash
 47 | cp clash /usr/local/bin
 48 | echo 'net.ipv4.ip_forward = 1' | tee -a /etc/sysctl.conf
 49 | tee /etc/systemd/system/clash.service > /dev/null <<EOF
 50 | [Unit]
 51 | Description=Clash daemon, A rule-based proxy in Go.
 52 | After=network.target
 53 | 
 54 | [Service]
 55 | Type=simple
 56 | Restart=always
 57 | ExecStart=/usr/local/bin/clash -d /etc/clash
 58 | 
 59 | [Install]
 60 | WantedBy=multi-user.target
 61 | EOF
 62 | 
 63 | #配置bird服务
 64 | mv /etc/bird/bird.conf /etc/bird/bird.conf.orig
 65 | tee /etc/bird/bird.conf <<EOF
 66 | router id $ip_address;
 67 | 
 68 | # The Kernel protocol is not a real routing protocol. Instead of communicating
 69 | # with other routers in the network, it performs synchronization of BIRD's
 70 | # routing tables with the OS kernel.
 71 | protocol kernel {
 72 | 	scan time 60;
 73 | 	import none;
 74 | #	export all;   # Actually insert routes into the kernel routing table
 75 | }
 76 | 
 77 | # The Device protocol is not a real routing protocol. It doesn't generate any
 78 | # routes and it only serves as a module for getting information about network
 79 | # interfaces from the kernel. 
 80 | protocol device {
 81 | 	scan time 60;
 82 | }
 83 | 
 84 | protocol static {
 85 |     include "routes4.conf";
 86 | }
 87 | 
 88 | protocol ospf {
 89 |     export all;
 90 | 
 91 |     area 0.0.0.0 {
 92 |         interface "eth0" {
 93 |         };
 94 |     };
 95 | }
 96 | EOF
 97 | 
 98 | #写入clash配置文件
 99 | tee /etc/clash/config.yaml <<EOF
100 | mode: rule
101 | ipv6: false
102 | log-level: info
103 | allow-lan: true
104 | mixed-port: 7890
105 | unified-delay: false
106 | tcp-concurrent: true
107 | external-controller: 0.0.0.0:9090
108 | external-ui: /etc/clash/ui/metacubexd
109 | geodata-mode: true
110 | geox-url:
111 |   geoip: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.dat"
112 |   geosite: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geosite.dat"
113 |   mmdb: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/country.mmdb"
114 | profile:
115 |   store-selected: true
116 |   store-fake-ip: true
117 |   tracing: true
118 | sniffer:
119 |   enable: true
120 |   sniff:
121 |     TLS:
122 |       ports: [443, 8443]
123 |     HTTP:
124 |       ports: [80, 8080-8880]
125 |       override-destination: true
126 | interface-name: eth0
127 | tun:
128 |   device: utun
129 |   enable: true
130 |   stack: system
131 |   auto-route: true
132 |   auto-detect-interface: false
133 | dns:
134 |   enable: true
135 |   listen: :1053
136 |   ipv6: false
137 |   enhanced-mode: redir-host
138 |   fake-ip-range: 28.0.0.1/8
139 |   fake-ip-filter:
140 |     - '*'
141 |     - '+.lan'
142 |     - '+.local'
143 |   default-nameserver:
144 |     - ${dnsip}
145 | proxies:
146 | proxy-providers:
147 |   机场:
148 |    type: http
149 |    path: /etc/clash/proxies/jijicloud.yaml
150 |    url: ${proxyurl}
151 |    interval: 3600 
152 |    filter: ''
153 |    health-check:
154 |      enable: true
155 |      url: https://www.gstatic.com/generate_204
156 |      interval: 300
157 | proxy-groups:  
158 |   - name: PROXY
159 |     type: select
160 |     use:
161 |       - 机场
162 |     proxies:
163 |       - 自动选择
164 |       - 故障自动转移
165 |       - DIRECT
166 |   - name: 自动选择
167 |     type: url-test
168 |     proxies:
169 |       - 机场
170 |     url: "https://www.gstatic.com/generate_204"
171 |     interval: 10
172 |   - name: 故障自动转移
173 |     type: fallback
174 |     proxies:
175 |       - 机场
176 |     url: "https://www.gstatic.com/generate_204"
177 |     interval: 10
178 |   - name: 机场
179 |     type: fallback
180 |     use:
181 |       - 机场
182 |     proxies:
183 |     url: "https://www.gstatic.com/generate_204"
184 |     interval: 10
185 | rules:
186 |   - MATCH,PROXY
187 | EOF
188 | 
189 | #安装metacubexd面板
190 | wget https://github.com/MetaCubeX/metacubexd/releases/download/v1.138.1/compressed-dist.tgz
191 | mkdir -p /etc/clash/ui/metacubexd
192 | tar -xzvf compressed-dist.tgz -C /etc/clash/ui/metacubexd
193 | rm compressed-dist.tgz
194 | 
195 | #重启clash
196 | systemctl restart clash
197 | 
198 | #拉取路由表
199 | git clone https://github.com/Hamster-Prime/nchnroutes.git
200 | make -C /root/nchnroutes
201 | 
202 | #clash设置开机自启
203 | systemctl enable clash
204 | 
205 | #完成安装
206 | echo "安装完成"
207 | echo "请执行 crontab -e 在末尾添加 0 5 * * * cd make -C /root/nchnroutes"
208 | echo "请访问 http://$ip_address:9090/ui 进入管理面板后填入 http://$ip_address:9090"
209 | 


--------------------------------------------------------------------------------
/install-ospf-clash_tproxy.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | apt update
  3 | apt install bird unzip git nftables make curl wget gzip redis-server vim sudo -y
  4 | 
  5 | #获取架构类型
  6 | architecture=$(uname -m)
  7 | 
  8 | # 检测eth0的IP
  9 | ip_address=$(ip addr show eth0 | grep -oP 'inet \K[\d.]+')
 10 | 
 11 | #获取机场订阅地址
 12 | echo "请输入机场订阅地址"
 13 | read proxyurl
 14 | 
 15 | #安装clash
 16 | if [ "$architecture" == "x86_64" ]; then
 17 |     file_url="https://github.com/Hamster-Prime/ospf-clash/releases/download/1.0.0/mihomo-linux-amd64-compatible-alpha.gz"
 18 | elif [ "$architecture" == "aarch64" ]; then
 19 |     file_url="https://github.com/Hamster-Prime/ospf-clash/releases/download/1.0.0/mihomo-linux-arm64-alpha.gz"
 20 | else
 21 |     echo "不支持您的系统架构 目前只支持x86_64与arm64 当前架构为: $architecture"
 22 |     exit 1
 23 | fi
 24 | wget "$file_url" || {
 25 |     echo "文件下载失败"
 26 |     exit 1
 27 | }
 28 | for file in mihomo*; do
 29 |     if [ -f "$file" ]; then
 30 |         gunzip "$file"
 31 |     fi
 32 | done
 33 | for file in mihomo*; do
 34 |     if [ -f "$file" ]; then
 35 |         mv "$file" clash
 36 |     fi
 37 | done
 38 | chmod u+x clash
 39 | mkdir /etc/clash
 40 | cp clash /usr/local/bin
 41 | echo 'net.ipv4.ip_forward = 1' | tee -a /etc/sysctl.conf
 42 | tee /etc/systemd/system/clash.service > /dev/null <<EOF
 43 | [Unit]
 44 | Description=Clash daemon, A rule-based proxy in Go.
 45 | After=network.target
 46 | 
 47 | [Service]
 48 | Type=simple
 49 | Restart=always
 50 | ExecStart=/usr/local/bin/clash -d /etc/clash
 51 | 
 52 | [Install]
 53 | WantedBy=multi-user.target
 54 | EOF
 55 | 
 56 | #配置bird服务
 57 | mv /etc/bird/bird.conf /etc/bird/bird.conf.orig
 58 | mv /etc/bird/bird6.conf /etc/bird/bird6.conf.orig
 59 | 
 60 | #IPv4
 61 | tee /etc/bird/bird.conf <<EOF
 62 | router id $ip_address;
 63 | 
 64 | # The Kernel protocol is not a real routing protocol. Instead of communicating
 65 | # with other routers in the network, it performs synchronization of BIRD's
 66 | # routing tables with the OS kernel.
 67 | protocol kernel {
 68 | 	scan time 60;
 69 | 	import none;
 70 | #	export all;   # Actually insert routes into the kernel routing table
 71 | }
 72 | 
 73 | # The Device protocol is not a real routing protocol. It doesn't generate any
 74 | # routes and it only serves as a module for getting information about network
 75 | # interfaces from the kernel. 
 76 | protocol device {
 77 | 	scan time 60;
 78 | }
 79 | 
 80 | protocol static {
 81 |     include "routes4.conf";
 82 | }
 83 | 
 84 | protocol ospf {
 85 |     export all;
 86 | 
 87 |     area 0.0.0.0 {
 88 |         interface "eth0" {
 89 |         };
 90 |     };
 91 | }
 92 | EOF
 93 | 
 94 | #IPv6
 95 | tee /etc/bird/bird6.conf <<EOF
 96 | router id $ip_address;
 97 | 
 98 | # The Kernel protocol is not a real routing protocol. Instead of communicating
 99 | # with other routers in the network, it performs synchronization of BIRD's
100 | # routing tables with the OS kernel.
101 | protocol kernel {
102 | 	scan time 60;
103 | 	import none;
104 | #	export all;   # Actually insert routes into the kernel routing table
105 | }
106 | 
107 | # The Device protocol is not a real routing protocol. It doesn't generate any
108 | # routes and it only serves as a module for getting information about network
109 | # interfaces from the kernel. 
110 | protocol device {
111 | 	scan time 60;
112 | }
113 | 
114 | protocol static {
115 |     include "routes6.conf";
116 | }
117 | 
118 | protocol ospf {
119 |     export all;
120 | 
121 |     area 0.0.0.0 {
122 |         interface "eth0" {
123 |         };
124 |     };
125 | }
126 | EOF
127 | 
128 | #写入clash配置文件
129 | tee /etc/clash/config.yaml <<EOF
130 | mode: rule
131 | ipv6: true
132 | log-level: silent
133 | allow-lan: true
134 | tproxy-port: 7899
135 | unified-delay: true
136 | tcp-concurrent: true
137 | find-process-mode: off
138 | global-client-fingerprint: chrome
139 | external-controller: 0.0.0.0:9090
140 | external-ui: /etc/clash/ui/metacubexd
141 | interface-name: eth0
142 | profile:
143 |   store-selected: true
144 | proxy-providers:
145 |   机场:
146 |    type: http
147 |    path: /etc/clash/proxies/jijicloud.yaml
148 |    url: ${proxyurl}
149 |    interval: 3600 
150 |    filter: ''
151 |    health-check:
152 |      enable: true
153 |      url: https://www.gstatic.com/generate_204
154 |      interval: 300
155 | proxy-groups:  
156 |   - name: PROXY
157 |     type: select
158 |     use:
159 |       - 机场
160 |     proxies:
161 |       - 自动选择
162 |       - 故障自动转移
163 |       - DIRECT
164 |   - name: 自动选择
165 |     type: url-test
166 |     proxies:
167 |       - 机场
168 |     url: "https://www.gstatic.com/generate_204"
169 |     interval: 10
170 |   - name: 故障自动转移
171 |     type: fallback
172 |     proxies:
173 |       - 机场
174 |     url: "https://www.gstatic.com/generate_204"
175 |     interval: 10
176 |   - name: 机场
177 |     type: fallback
178 |     use:
179 |       - 机场
180 |     proxies:
181 |     url: "https://www.gstatic.com/generate_204"
182 |     interval: 10
183 | rules:
184 |   - MATCH,PROXY
185 | EOF
186 | 
187 | #写入nftables配置文件
188 | echo "table inet clash {
189 | 	set local_ipv4 {
190 | 		type ipv4_addr
191 | 		flags interval
192 | 		elements = {
193 | 			10.0.0.0/8,
194 | 			127.0.0.0/8,
195 | 			169.254.0.0/16,
196 | 			172.16.0.0/12,
197 | 			192.168.0.0/16,
198 | 			240.0.0.0/4
199 | 		}
200 | 	}
201 | 
202 | 	set local_ipv6 {
203 | 		type ipv6_addr
204 | 		flags interval
205 | 		elements = {
206 | 			::ffff:0.0.0.0/96,
207 | 			64:ff9b::/96,
208 | 			100::/64,
209 | 			2001::/32,
210 | 			2001:10::/28,
211 | 			2001:20::/28,
212 | 			2001:db8::/32,
213 | 			2002::/16,
214 | 			fc00::/7,
215 | 			fe80::/10
216 | 		}
217 | 	}
218 | 
219 | 	chain clash-tproxy {
220 | 		fib daddr type { unspec, local, anycast, multicast } return
221 | 		ip daddr @local_ipv4 return
222 | 		ip6 daddr @local_ipv6 return
223 | 		udp dport { 123 } return
224 | 		meta l4proto { tcp, udp } meta mark set 1 tproxy to :7899 accept
225 | 	}
226 | 
227 | 	chain clash-mark {
228 | 		fib daddr type { unspec, local, anycast, multicast } return
229 | 		ip daddr @local_ipv4 return
230 | 		ip6 daddr @local_ipv6 return
231 | 		udp dport { 123 } return
232 | 		meta mark set 1
233 | 	}
234 | 
235 | 	chain mangle-output {
236 | 		type route hook output priority mangle; policy accept;
237 | 		meta l4proto { tcp, udp } skgid != 997 ct direction original jump clash-mark
238 | 	}
239 | 
240 | 	chain mangle-prerouting {
241 | 		type filter hook prerouting priority mangle; policy accept;
242 | 		iifname { lo, eth0 } meta l4proto { tcp, udp } ct direction original jump clash-tproxy
243 | 	}
244 | }" >> /etc/nftables.conf
245 | 
246 | #重启nftables
247 | nft -f /etc/nftables.conf
248 | systemctl enable nftables
249 | 
250 | #创建clash-route服务
251 | touch /etc/systemd/system/clash-route.service
252 | echo "[Unit]
253 | Description=Clash TProxy Rules
254 | After=network.target
255 | Wants=network.target
256 | 
257 | [Service]
258 | User=root
259 | Type=oneshot
260 | RemainAfterExit=yes
261 | # there must be spaces before and after semicolons
262 | ExecStart=/sbin/ip rule add fwmark 1 table 100 ; /sbin/ip route add local default dev lo table 100 ; /sbin/ip -6 rule add fwmark 1 table 101 ; /sbin/ip -6 route add local ::/0 dev lo table 101
263 | ExecStop=/sbin/ip rule del fwmark 1 table 100 ; /sbin/ip route del local default dev lo table 100 ; /sbin/ip -6 rule del fwmark 1 table 101 ; /sbin/ip -6 route del local ::/0 dev lo table 101
264 | 
265 | [Install]
266 | WantedBy=multi-user.target" >> /etc/systemd/system/clash-route.service
267 | 
268 | #重启clash-route服务
269 | systemctl enable clash-route
270 | 
271 | #安装metacubexd面板
272 | wget https://github.com/MetaCubeX/metacubexd/releases/download/v1.176.1/compressed-dist.tgz
273 | mkdir -p /etc/clash/ui/metacubexd
274 | tar -xzvf compressed-dist.tgz -C /etc/clash/ui/metacubexd
275 | rm compressed-dist.tgz
276 | 
277 | #重启clash
278 | systemctl restart clash
279 | 
280 | #拉取路由表
281 | git clone https://github.com/Hamster-Prime/nchnroutes.git
282 | make -C /root/nchnroutes
283 | 
284 | #clash设置开机自启
285 | systemctl enable clash
286 | 
287 | #完成安装
288 | echo "安装完成"
289 | echo "请执行 crontab -e 并在末尾添加 0 5 * * * make -C /root/nchnroutes"
290 | echo "请访问 http://$ip_address:9090/ui 进入管理面板后填入 http://$ip_address:9090"
291 | 


--------------------------------------------------------------------------------
/easymosdnsconfig.yaml:
--------------------------------------------------------------------------------
  1 | # EasyMosdns v3.0(Final Release)
  2 | # https://apad.pro/easymosdns
  3 | log:
  4 |     file: "./mosdns.log"
  5 |     level: error
  6 | 
  7 | data_providers:
  8 |   - tag: chinalist
  9 |     file: ./rules/china_domain_list.txt
 10 |     auto_reload: true
 11 |   - tag: gfwlist
 12 |     file: ./rules/gfw_domain_list.txt
 13 |     auto_reload: true
 14 |   - tag: cdncn
 15 |     file: ./rules/cdn_domain_list.txt
 16 |     auto_reload: true
 17 |   - tag: chinaip
 18 |     file: ./rules/china_ip_list.txt
 19 |     auto_reload: true
 20 |   - tag: gfwip
 21 |     file: ./rules/gfw_ip_list.txt
 22 |     auto_reload: true
 23 |   - tag: adlist
 24 |     file: ./rules/ad_domain_list.txt
 25 |     auto_reload: true
 26 |   - tag: ecscn
 27 |     file: ./ecs_cn_domain.txt
 28 |     auto_reload: true
 29 |   - tag: ecsnoncn
 30 |     file: ./ecs_noncn_domain.txt
 31 |     auto_reload: true
 32 |   - tag: hosts
 33 |     file: ./hosts.txt
 34 |     auto_reload: true
 35 | 
 36 | plugins:
 37 |   # 缓存的插件
 38 |   # [lan|wan]
 39 |   - tag: cache_lan
 40 |     type: cache
 41 |     args:
 42 |       size: 8192
 43 |       redis: "redis://127.0.0.1:6379/0"
 44 |       lazy_cache_ttl: 86400
 45 |       cache_everything: true
 46 |       lazy_cache_reply_ttl: 1
 47 |   - tag: cache_wan
 48 |     type: cache
 49 |     args:
 50 |       size: 131072
 51 |       compress_resp: true
 52 |       redis: "redis://127.0.0.1:6379/0"
 53 |       lazy_cache_ttl: 86400
 54 |       cache_everything: true
 55 |       lazy_cache_reply_ttl: 5
 56 | 
 57 |   # 统计插件
 58 |   - tag: met
 59 |     type: "metrics_collector" 
 60 |     
 61 |   # Hosts的插件
 62 |   - tag: hosts
 63 |     type: hosts
 64 |     args:
 65 |       hosts:
 66 |         - "provider:hosts"
 67 | 
 68 |   # 获取ECS的插件
 69 |   - tag: ecs_auto
 70 |     type: ecs
 71 |     args:
 72 |       auto: true
 73 |       force_overwrite: false
 74 |       
 75 |   # 指定ECS的插件
 76 |   - tag: ecs_global
 77 |     type: ecs
 78 |     args:
 79 |       auto: false
 80 |       ipv4: "168.95.1.0"
 81 |       ipv6: "2001:b000:168::"
 82 |       force_overwrite: false
 83 | 
 84 |   # 匹配ECS的插件
 85 |   - tag: ecs_is_lan
 86 |     type: query_matcher
 87 |     args:
 88 |       ecs: 
 89 |         - "0.0.0.0/8"
 90 |         - "10.0.0.0/8"
 91 |         - "100.64.0.0/10"
 92 |         - "127.0.0.0/8"
 93 |         - "169.254.0.0/16"
 94 |         - "172.16.0.0/12"
 95 |         - "192.0.0.0/24"
 96 |         - "192.0.2.0/24"
 97 |         - "198.18.0.0/15"
 98 |         - "192.88.99.0/24"
 99 |         - "192.168.0.0/16"
100 |         - "198.51.100.0/24"
101 |         - "203.0.113.0/24"
102 |         - "224.0.0.0/3"
103 |         - "::1/128"
104 |         - "fc00::/7"
105 |         - "fe80::/10"
106 |   - tag: ecs_is_cn
107 |     type: query_matcher
108 |     args:
109 |       ecs: 
110 |         - "provider:chinaip"
111 | 
112 |   # 调整TTL的插件
113 |   # [1m|5m|1h]
114 |   - tag: ttl_1m
115 |     type: ttl
116 |     args:
117 |       minimal_ttl: 60
118 |       maximum_ttl: 3600
119 |   - tag: ttl_5m
120 |     type: ttl
121 |     args:
122 |       minimal_ttl: 300
123 |       maximum_ttl: 86400
124 |   - tag: ttl_1h
125 |     type: ttl
126 |     args:
127 |       minimal_ttl: 3600
128 |       maximum_ttl: 86400
129 | 
130 |   # 匹配TYPE12类型请求的插件
131 |   - tag: qtype12
132 |     type: query_matcher
133 |     args:
134 |       qtype: [12]
135 | 
136 |   # 匹配TYPE65类型请求的插件
137 |   - tag: qtype65
138 |     type: query_matcher
139 |     args:
140 |       qtype: [65]
141 | 
142 |   # 匹配TYPE255类型请求的插件
143 |   - tag: qtype255
144 |     type: query_matcher
145 |     args:
146 |       qtype: [255]
147 | 
148 |   # 匹配RCODE2的插件
149 |   - tag: response_server_failed
150 |     type: response_matcher
151 |     args:
152 |       rcode: [2]
153 | 
154 |   # 屏蔽请求的插件
155 |   - tag: black_hole
156 |     type: blackhole
157 |     args:
158 |       rcode: 0
159 |       ipv4: "0.0.0.0"
160 |       ipv6: "::"
161 | 
162 |   # 匹配无效域名的插件
163 |   - tag: query_is_non_domain
164 |     type: query_matcher
165 |     args:
166 |       domain:
167 |         - "keyword::"
168 | 
169 |   # 匹配本地域名的插件
170 |   - tag: query_is_local_domain
171 |     type: query_matcher
172 |     args:
173 |       domain:
174 |         - "provider:chinalist"
175 | 
176 |   # 匹配污染域名的插件
177 |   - tag: query_is_non_local_domain
178 |     type: query_matcher
179 |     args:
180 |       domain:
181 |         - "provider:gfwlist"
182 | 
183 |   # 匹配CDN域名的插件
184 |   - tag: query_is_cdn_cn_domain
185 |     type: query_matcher
186 |     args:
187 |       domain:
188 |         - "provider:cdncn"
189 | 
190 |   # 匹配广告域名的插件
191 |   - tag: query_is_ad_domain
192 |     type: query_matcher
193 |     args:
194 |       domain:
195 |         - "provider:adlist"
196 | 
197 |   # 匹配强制本地解析域名的插件
198 |   - tag: query_is_cn_domain
199 |     type: query_matcher
200 |     args:
201 |       domain:
202 |         - "provider:ecscn"
203 | 
204 |   # 匹配强制非本地解析域名的插件
205 |   - tag: query_is_noncn_domain
206 |     type: query_matcher
207 |     args:
208 |       domain:
209 |         - "provider:ecsnoncn"
210 | 
211 |   # 匹配本地IP的插件
212 |   - tag: response_has_local_ip
213 |     type: response_matcher
214 |     args:
215 |       ip:
216 |         - "provider:chinaip"
217 | 
218 |   # 匹配污染IP的插件
219 |   - tag: response_has_gfw_ip
220 |     type: response_matcher
221 |     args:
222 |       ip:
223 |         - "provider:gfwip"
224 | 
225 |   # 转发至本地服务器的插件
226 |   - tag: forward_local
227 |     type: fast_forward
228 |     args:
229 |       upstream:
230 |         - addr: "223.5.5.5"
231 |         - addr: "tls://120.53.53.53:853"
232 |           enable_pipeline: true
233 | 
234 |   # 转发至远程服务器的插件
235 |   - tag: forward_remote
236 |     type: fast_forward
237 |     args:
238 |       upstream:
239 |         - addr: "tcp://208.67.220.220:5353"
240 |           enable_pipeline: true
241 |           #socks5: "127.0.0.1:1080"
242 |         - addr: "tls://8.8.4.4"
243 |           enable_pipeline: true
244 |           #socks5: "127.0.0.1:1080"
245 | 
246 |   # 转发至分流服务器的插件
247 |   - tag: forward_easymosdns
248 |     type: fast_forward
249 |     args:
250 |       upstream:
251 |         - addr: "https://doh.apad.pro/dns-query"
252 |           bootstrap: "119.29.29.29"
253 |           #dial_addr: "ip:port"
254 |           #enable_http3: true
255 | 
256 |   # 主要的运行逻辑插件
257 |   # sequence 插件中调用的插件 tag 必须在 sequence 前定义
258 |   # 否则 sequence 找不到对应插件
259 |   - tag: main_sequence
260 |     type: sequence
261 |     args:
262 |       exec:
263 |         # met统计插件
264 |         - met
265 | 
266 |         # 详细记录显示插件
267 |         - _query_summary
268 |         
269 |         # 域名映射IP
270 |         - hosts
271 | 
272 |         # 屏蔽TYPE65与无效类型请求
273 |         - if: "[qtype65] || (query_is_non_domain)"
274 |           exec:
275 |             - black_hole
276 |             - ttl_1h
277 |             - _return
278 | 
279 |         # 优化PRT与ANY类型请求
280 |         - if: "[qtype12] || [qtype255]"
281 |           exec:
282 |             - _no_ecs
283 |             - forward_local
284 |             - ttl_1h
285 |             - _return
286 | 
287 |         # 缓存ECS
288 |         - ecs_auto
289 |         - _edns0_filter_ecs_only
290 |         - if: ecs_is_lan
291 |           exec:
292 |             - cache_lan
293 |             - _no_ecs
294 |           else_exec:
295 |             - cache_wan
296 | 
297 |         # 强制用本地服务器解析
298 |         - if: query_is_cn_domain
299 |           exec:
300 |             - forward_local
301 |             - ttl_5m
302 |             - _return
303 | 
304 |         # 强制用非本地服务器解析
305 |         - if: query_is_noncn_domain
306 |           exec:
307 |             # 优先返回ipv4结果
308 |             - _prefer_ipv4
309 |             - ecs_global
310 |             - primary:
311 |                 # 默认用分流服务器
312 |                 - forward_easymosdns
313 |               secondary:
314 |                 # 超时用远程服务器
315 |                 - forward_remote
316 |               fast_fallback: 2500
317 |               always_standby: false
318 |             - ttl_5m
319 |             - _return
320 | 
321 |         # 屏蔽广告域名
322 |         - if: query_is_ad_domain
323 |           exec:
324 |           - black_hole
325 |           - ttl_1h
326 |           - _return
327 | 
328 |         # 已知的本地域名或CDN域名用本地服务器解析
329 |         - if: "(query_is_local_domain) || (query_is_cdn_cn_domain)"
330 |           exec:
331 |             - primary:
332 |                 # 默认用本地服务器
333 |                 - forward_local
334 |                 - ttl_1m
335 |               secondary:
336 |                 # 超时用分流服务器
337 |                 - forward_easymosdns
338 |                 - ttl_5m
339 |               fast_fallback: 25
340 |               always_standby: false
341 |             # 预防已知的本地域名临时污染
342 |             - if: "(! response_has_gfw_ip)"
343 |               exec:
344 |                 - _return
345 | 
346 |         # 已知的污染域名用分流服务器或远程服务器解析
347 |         - if: query_is_non_local_domain
348 |           exec:
349 |             # 优先返回ipv4结果
350 |             - _prefer_ipv4
351 |             - ecs_global
352 |             - primary:
353 |                 # 默认用分流服务器
354 |                 - forward_easymosdns
355 |               secondary:
356 |                 # 超时用远程服务器
357 |                 - forward_remote
358 |               fast_fallback: 2500
359 |               always_standby: false
360 |             - ttl_5m
361 |             - _return
362 | 
363 |         # 剩下的未知域名用IP分流
364 |         # 优先返回ipv4结果
365 |         - _prefer_ipv4
366 |         - primary:
367 |             # 默认用分流服务器
368 |             - forward_easymosdns
369 |             - if: response_server_failed
370 |               exec:
371 |                 - forward_local
372 |                 - _return
373 |             - ecs_global
374 |             - if: "(! ecs_is_cn) && (! response_has_local_ip) && [_response_valid_answer]"
375 |               exec:
376 |                 - forward_easymosdns
377 |           secondary:
378 |             # 超时用本地分流器
379 |             - forward_remote
380 |             - if: response_has_local_ip
381 |               exec:
382 |                 - forward_local
383 |                 - _return
384 |             - ecs_global
385 |             - if: "(! ecs_is_cn) && [_response_valid_answer]"
386 |               exec:
387 |                 - forward_remote
388 |           fast_fallback: 2500
389 |           always_standby: false
390 |         - ttl_5m
391 | 
392 | servers:
393 |   - exec: main_sequence
394 |     timeout: 6
395 |     listeners:
396 |       - protocol: udp
397 |         addr: "0.0.0.0:53"
398 |       - protocol: tcp
399 |         addr: "0.0.0.0:53"
400 |       #- protocol: http
401 |       #  addr: "127.0.0.1:9053"
402 |       #  url_path: "/dns-query"
403 |       #  get_user_ip_from_header: "X-Forwarded-For"
404 |       #- protocol: tls             
405 |       #  addr: "0.0.0.0:853"
406 |       #  cert: "/etc/mosdns/yourdomain.cert"  # TLS 所需证书文件。
407 |       #  key: "/etc/mosdns/yourdomain.key"    # TLS 所需密钥文件。
408 | 
409 | api:
410 |     http: "127.0.0.1:9080"
411 | 


--------------------------------------------------------------------------------