Mihomo
Appearance
mihomo (formerly known as clash-meta), is a widely-used anti-censorship proxy application.
Enable mihomo service on NixOS:
services.mihomo = {
enable = true;
configFile = "/path/to/config.yaml";
#...
};
TUN Mode
NOTICE: The tunMode option in NixOS module only grants necessary permissions for the service. To actually enable TUN, you need to edit the configFile. See official documentation.
Troubleshooting
If encountering issues with transparent proxy:
- Check kernel logs with
dmesg
- If seeing massive "refuse" messages for specific network devices:
- NixOS enables firewall by default, try disabling firewall
- If problem is solved, try sequentially:
- Add tun device to
trustedInterfaces
- Disable
checkReversePath
- Add tun device to
- If seeing massive "refuse" messages for specific ports:
- Try allow the tproxy port in firewall if you're trying tproxy transparent proxy.