Jump to content

Mihomo: Difference between revisions

From NixOS Wiki
Newer edit →
VisualWikitext
Oluceps (talk | contribs)
22 edits
Add mihomo
 
Oluceps (talk | contribs)
22 edits
zh-cn translate
Line 1: Line 1:


'''[https://github.com/MetaCubeX/mihomo/tree/Alpha mihomo]''' (formerly known as clash-meta), is a widely-used anti-censorship proxy application.
'''[https://github.com/MetaCubeX/mihomo/tree/Alpha mihomo]''' <span lang="en" dir="ltr">(formerly known as clash-meta), is a widely-used anti-censorship proxy application.</span>


Enable mihomo service on NixOS:
<span lang="en" dir="ltr">Enable mihomo service on NixOS:</span>


<syntaxhighlight lang="nix">
 
<span lang="zh" dir="ltr">(原名clash-meta)是广泛使用的反审查代理工具。</span>
 
<span lang="zh" dir="ltr">在NixOS上启用mihomo服务:</span><syntaxhighlight lang="nix">
services.mihomo = {
services.mihomo = {
   enable = true;
   enable = true;
Line 12: Line 15:
</syntaxhighlight>
</syntaxhighlight>


=== TUN Mode ===
=== <span lang="en" dir="ltr">TUN Mode</span> ===
NOTICE: The [https://search.nixos.org/options?channel=unstable&show=services.mihomo.tunMode&from=0&size=50&sort=relevance&type=packages&query=mihomo tunMode option] in NixOS module only grants necessary permissions for the service. To actually enable TUN, you need to edit the '''configFile'''. See [https://wiki.metacubex.one/config/inbound/listeners/tun/?h=tun official documentation].
<span lang="en" dir="ltr">NOTICE: The [https://search.nixos.org/options?channel=unstable&show=services.mihomo.tunMode&from=0&size=50&sort=relevance&type=packages&query=mihomo tunMode option] in NixOS module only grants necessary permissions for the service. To actually enable TUN, you need to edit the '''configFile'''. See [https://wiki.metacubex.one/config/inbound/listeners/tun/?h=tun official documentation].</span>
 
=== <span lang="en" dir="ltr">Troubleshooting</span> ===
<span lang="en" dir="ltr">If encountering issues with transparent proxy:</span>
* <span lang="en" dir="ltr">Check kernel logs with <code>dmesg</code></span>
* <span lang="en" dir="ltr">If seeing massive "refuse" messages for specific network devices:</span>
** <span lang="en" dir="ltr">NixOS enables firewall by default, try disabling firewall</span>
** <span lang="en" dir="ltr">If problem is solved, try sequentially:</span>
*** <span lang="en" dir="ltr">Add tun device to <code>trustedInterfaces</code></span>
*** <span lang="en" dir="ltr">Disable <code>checkReversePath</code></span>
* <span lang="en" dir="ltr">If seeing massive "refuse" messages for specific ports:</span>
** <span lang="en" dir="ltr">Try allow the tproxy port in firewall if you're trying tproxy transparent proxy.</span>
 
 
=== <span lang="zh" dir="ltr">TUN模式</span> ===
<span lang="zh" dir="ltr">注意:NixOS模块中的tunMode选项仅会为服务授予必要权限,实际启用TUN需编辑'''configFile'''配置文件。参见[https://wiki.metacubex.one/config/inbound/listeners/tun/?h=tun 官方文档]。</span>
 
=== <span lang="zh" dir="ltr">常见问题</span> ===
<span lang="zh" dir="ltr">如果使用代理软件透明代理遇到问题,请先:</span>
 
* <span lang="zh" dir="ltr">查看dmesg有无异常</span>
** <span lang="zh" dir="ltr">出现大量refuse某一网络设备的消息</span>  <span lang="zh" dir="ltr">nixos 默认开启防火墙,关掉防火墙再尝试 如关掉防火墙后问题解决,依次尝试:将tun device添加到 trustedInterfaces,关掉 checkReversePath。</span>
 
== <span lang="en" dir="ltr">See also</span> ==


=== Troubleshooting ===
* [https://blog.nyaw.xyz/nixos-inwall-install <span lang="en" dir="ltr">NixOS installation and usage under a censored network (zh-cn)</span>]
If encountering issues with transparent proxy:
* Check kernel logs with <code>dmesg</code>
* If seeing massive "refuse" messages for specific network devices:
** NixOS enables firewall by default, try disabling firewall
** If problem is solved, try sequentially:
*** Add tun device to <code>trustedInterfaces</code>
*** Disable <code>checkReversePath</code>
* If seeing massive "refuse" messages for specific ports:
** Try allow the tproxy port in firewall if you're trying tproxy transparent proxy.


== See also ==
== 更多参考 ==


* [https://blog.nyaw.xyz/nixos-inwall-install NixOS installation and usage under a censored network (zh-cn)]
* [https://blog.nyaw.xyz/nixos-inwall-install NixOS透明代理指南]

Revision as of 14:37, 28 February 2025

mihomo (formerly known as clash-meta), is a widely-used anti-censorship proxy application.

Enable mihomo service on NixOS:


(原名clash-meta)是广泛使用的反审查代理工具。

在NixOS上启用mihomo服务:

services.mihomo = {
  enable = true;
  configFile = "/path/to/config.yaml";
  #...
};

TUN Mode

NOTICE: The tunMode option in NixOS module only grants necessary permissions for the service. To actually enable TUN, you need to edit the configFile. See official documentation.

Troubleshooting

If encountering issues with transparent proxy:

  • Check kernel logs with dmesg
  • If seeing massive "refuse" messages for specific network devices:
    • NixOS enables firewall by default, try disabling firewall
    • If problem is solved, try sequentially:
      • Add tun device to trustedInterfaces
      • Disable checkReversePath
  • If seeing massive "refuse" messages for specific ports:
    • Try allow the tproxy port in firewall if you're trying tproxy transparent proxy.


TUN模式

注意:NixOS模块中的tunMode选项仅会为服务授予必要权限,实际启用TUN需编辑configFile配置文件。参见官方文档

常见问题

如果使用代理软件透明代理遇到问题,请先:

  • 查看dmesg有无异常
    • 出现大量refuse某一网络设备的消息 nixos 默认开启防火墙,关掉防火墙再尝试 如关掉防火墙后问题解决,依次尝试:将tun device添加到 trustedInterfaces,关掉 checkReversePath。

See also

更多参考

Retrieved from "https://wiki.nixos.org/w/index.php?title=Mihomo&oldid=20403"