Mihomo
mihomo (formerly known as clash-meta), is a widely-used anti-censorship proxy application.
Enable mihomo service on NixOS:
(原名clash-meta)是广泛使用的反审查代理工具。
在NixOS上启用mihomo服务:
services.mihomo = {
enable = true;
configFile = "/path/to/config.yaml";
#...
};
TUN Mode
NOTICE: The tunMode option in NixOS module only grants necessary permissions for the service. To actually enable TUN, you need to edit the configFile. See official documentation.
Troubleshooting
If encountering issues with transparent proxy:
- Check kernel logs with
dmesg - If seeing massive "refuse" messages for specific network devices:
- NixOS enables firewall by default, try disabling firewall
- If problem is solved, try sequentially:
- Add tun device to
trustedInterfaces - Disable
checkReversePath
- Add tun device to
- If seeing massive "refuse" messages for specific ports:
- Try allow the tproxy port in firewall if you're trying tproxy transparent proxy.
TUN模式
注意:NixOS模块中的tunMode选项仅会为服务授予必要权限,实际启用TUN需编辑configFile配置文件。参见官方文档。
常见问题
如果使用代理软件透明代理遇到问题,请先:
- 查看dmesg有无异常
- 出现大量refuse某一网络设备的消息 nixos 默认开启防火墙,关掉防火墙再尝试 如关掉防火墙后问题解决,依次尝试:将tun device添加到 trustedInterfaces,关掉 checkReversePath。