Jump to content

Mihomo: Difference between revisions

From NixOS Wiki
← Older edit
VisualWikitext
Oluceps (talk | contribs)
22 edits
No edit summary
Klinger (talk | contribs)
trusted
882 edits
 
(5 intermediate revisions by one other user not shown)
Line 1: Line 1:
<languages/>
<translate>
<!--T:1-->
'''[https://github.com/MetaCubeX/mihomo/tree/Alpha mihomo]''' (formerly known as clash-meta), is a widely-used anti-censorship proxy application.


'''[https://github.com/MetaCubeX/mihomo/tree/Alpha mihomo]''' <span lang="en" dir="ltr">(formerly known as clash-meta), is a widely-used anti-censorship proxy application.</span>
<!--T:4-->
 
Enable mihomo service on NixOS:
<span lang="en" dir="ltr">Enable mihomo service on NixOS:</span>


<!--T:5-->
<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
services.mihomo = {
services.mihomo = {
Line 12: Line 16:
</syntaxhighlight>
</syntaxhighlight>


=== <span lang="en" dir="ltr">TUN Mode</span> ===
=== TUN Mode === <!--T:6-->
<span lang="en" dir="ltr">NOTICE: The [https://search.nixos.org/options?channel=unstable&show=services.mihomo.tunMode&from=0&size=50&sort=relevance&type=packages&query=mihomo tunMode option] in NixOS module only grants necessary permissions for the service. To actually enable TUN, you need to edit the '''configFile'''. See [https://wiki.metacubex.one/config/inbound/listeners/tun/?h=tun official documentation].</span>
 
<!--T:2-->
NOTICE: The [https://search.nixos.org/options?channel=unstable&show=services.mihomo.tunMode&from=0&size=50&sort=relevance&type=packages&query=mihomo tunMode option] in NixOS module only grants necessary permissions for the service. To actually enable TUN, you need to edit the '''configFile'''. See [https://wiki.metacubex.one/config/inbound/listeners/tun/?h=tun official documentation].
 
=== Troubleshooting === <!--T:3-->
 
<!--T:7-->
If encountering issues with transparent proxy:
* Check kernel logs with <code>dmesg</code>
* If seeing massive "refuse" messages for specific network devices:
** NixOS enables firewall by default, try disabling firewall
** If problem is solved, try sequentially:
*** Add tun device to <code>trustedInterfaces</code>
*** Disable <code>checkReversePath</code>
* If seeing massive "refuse" messages for specific ports:
** Try allow the tproxy port in firewall if you're trying tproxy transparent proxy.
 
== See also == <!--T:8-->


=== <span lang="en" dir="ltr">Troubleshooting</span> ===
<!--T:9-->
<span lang="en" dir="ltr">If encountering issues with transparent proxy:</span>
* [https://blog.nyaw.xyz/nixos-inwall-install NixOS installation and usage under a censored network (zh-cn)]
* <span lang="en" dir="ltr">Check kernel logs with <code>dmesg</code></span>
* <span lang="en" dir="ltr">If seeing massive "refuse" messages for specific network devices:</span>
** <span lang="en" dir="ltr">NixOS enables firewall by default, try disabling firewall</span>
** <span lang="en" dir="ltr">If problem is solved, try sequentially:</span>
*** <span lang="en" dir="ltr">Add tun device to <code>trustedInterfaces</code></span>
*** <span lang="en" dir="ltr">Disable <code>checkReversePath</code></span>
* <span lang="en" dir="ltr">If seeing massive "refuse" messages for specific ports:</span>
** <span lang="en" dir="ltr">Try allow the tproxy port in firewall if you're trying tproxy transparent proxy.</span>


== <span lang="en" dir="ltr">See also</span> ==
</translate>
* [https://blog.nyaw.xyz/nixos-inwall-install <span lang="en" dir="ltr">NixOS installation and usage under a censored network (zh-cn)</span>]
[[Category:Applications]]
[[Category:Networking]]

Latest revision as of 16:22, 4 March 2025

Other languages:

mihomo (formerly known as clash-meta), is a widely-used anti-censorship proxy application.

Enable mihomo service on NixOS: 

services.mihomo = {
  enable = true;
  configFile = "/path/to/config.yaml";
  #...
};

TUN Mode

NOTICE: The tunMode option in NixOS module only grants necessary permissions for the service. To actually enable TUN, you need to edit the configFile. See official documentation.

Troubleshooting

If encountering issues with transparent proxy:

  • Check kernel logs with dmesg
  • If seeing massive "refuse" messages for specific network devices:
    • NixOS enables firewall by default, try disabling firewall
    • If problem is solved, try sequentially:
      • Add tun device to trustedInterfaces
      • Disable checkReversePath
  • If seeing massive "refuse" messages for specific ports:
    • Try allow the tproxy port in firewall if you're trying tproxy transparent proxy.

See also

Retrieved from "https://wiki.nixos.org/w/index.php?title=Mihomo&oldid=20468"