overtls + sing-box,分享一个比较完美的 sing-box 配置
overtls 的主要优点:翻墙协议不可能被 GFW 识别
sing-box 则是目前为止最强大的综合性翻墙工具
overtls 配合 sing-box,可能是目前最为优雅的翻墙方案
为了方便大家阅读,我把注释说明写在 sing-box json 配置文件里。json 文件本身不支持注释,VS Code 对此会提示语法错误,不过 sing-box 会跳过注释
sing-box config.json:
{
"log": {
"disabled": false,
// debug 用于调试,输出信息多。可改成 warn
"level": "debug",
// sing-box 命令行中指定工作目录,此处就可用相对路径
"output": "zz_/box.log",
"timestamp": true
},
"dns": {
"servers": [
{
// tx 指国内腾讯提供的 dns 服务
"tag": "dns_resolver-tx",
"address": "119.29.29.29",
"detour": "out-direct"
},
{
// direct 指直接用国内 dns,tx 为腾讯
"tag": "dns-direct-tx-doh",
"address": "https://120.53.53.53/dns-query",
"address_resolver": "dns_resolver-tx",
"detour": "out-direct"
},
{
// 走代理使用国外 dns
"tag": "dns-proxy-google",
"address": "https://dns.google/dns-query",
"address_resolver": "dns_resolver-tx",
"detour": "out-proxy"
},
{
// 走代理使用国外 dns,cf 指 cloudflare
// cf 不支持 EDNS Client Subnet (ECS) ,故本配置中用 google
"tag": "dns-proxy-cf-doh",
"address": "https://cloudflare-dns.com/dns-query",
"address_resolver": "dns_resolver-tx",
"detour": "out-proxy"
},
{
"tag": "dns-block",
"address": "rcode://refused"
}
],
"rules": [
{
"outbound": "any",
"server": "dns_resolver-tx"
},
{
// 来源网上的 rule_set 名以 geo 开头,其他为自定义 runle_set
// 这个规则里包含自己的翻墙服务器所用的域名
// 要定义在 clash_mode 的前面
"rule_set": "site-fanqiang-server",
"server": "dns-proxy-google"
},
{
// 使用兼容 clash 的控制面板,选择“直连”时用的 dns
"clash_mode": "direct",
"server": "dns-direct-tx-doh"
},
{
// 使用兼容 clash 的控制面板,选择“全局”时用的 dns
"clash_mode": "global",
"server": "dns-proxy-google"
},
{
// 自定义域名,用国内 dns
"rule_set": "site-direct",
"server": "dns-direct-tx-doh"
},
{
// 自定义域名,通过代理使用国外 dns
"rule_set": "site-proxy",
"server": "dns-proxy-google"
},
{
// geo 开头规则来自网上,site 表示内容是域名集。ads 表示要屏蔽 dns 的广告相关域名
"rule_set": "geosite-category-ads-all",
"server": "dns-block"
},
{
// 规则名不以 geo 开头,这是个自定义规则
// 内容是使用国内 dns 的进程名字
"rule_set": "process_name-direct",
"server": "dns-direct-tx-doh"
},
{
// 通过代理使用国外 dns 的进程名字
"rule_set": "process_name-proxy",
"server": "dns-proxy-google"
},
{
// 通过代理使用国外 dns 的包名
"rule_set": "package_name-proxy",
"server": "dns-proxy-google"
},
{
// 规则名以 geo 开头,这是来自网络的规则
// 里面包含被 GFW 屏蔽的域名集,当然要通过代理使用国外 dns
"rule_set":"geosite-gfw",
"server": "dns-proxy-google"
},
{
// 国外 AI 相关域名,通过代理使用国外 dns
"rule_set": "geosite-ai",
"server": "dns-proxy-google"
},
{
// 中国域名和位置在中国的域名,使用国内 dns
"rule_set": [
"geosite-cn",
"geosite-geolocation-cn"
],
"server": "dns-direct-tx-doh"
}
],
// 下面行,IP 地址改成你所在省或市的,可以在网上查找并复制一个
"client_subnet": "119.37.192.0",
"strategy": "ipv4_only",
// 以上规则之外的域名 dns 走代理
// 如果你访问国内域名较多,可以改成国内 dns,此时访问国外域名时可能会泄露国内 IP 地址
"final": "dns-proxy-google"
},
"ntp": {
"enabled": true,
"server": "time.apple.com",
"server_port": 123,
"interval": "30m0s",
"detour": "out-direct"
},
"inbounds": [
{
"tag": "tun-in",
"type": "tun",
"interface_name": "singbox-tun",
"inet4_address": "172.19.0.1/30",
"mtu": 9000,
"stack": "mixed",
"auto_route": true,
"strict_route": true,
"sniff": true
},
{
"tag": "socks-in",
"type": "socks",
"listen": "::",
"listen_port": 5319
}
],
"outbounds": [
{
// tag 是名字,方便在其他地方引用
// outbounds 中的 tag 都以 out 开头
"tag": "out-dns",
"type": "dns"
},
{
"tag": "out-direct",
"type": "direct"
},
{
"tag": "out-block",
"type": "block"
},
{
"tag": "out-proxy",
"type": "selector",
"outbounds": [
"proxy-overtls"
],
"default": "proxy-overtls"
},
{
"type": "socks",
"tag": "proxy-overtls",
"server": "127.0.0.1",
// 本机 overtls 监听的端口,根据实际情况修改
"server_port": 765,
"version": "5",
"network": "tcp",
"udp_over_tcp": {
"enabled": false,
"version": 2
}
}
],
"route": {
"rules": [
{
"type": "logical",
"mode": "or",
"rules": [
{
"protocol": "dns"
},
{
"port": 53
}
],
"outbound": "out-dns"
},
{
// 翻墙用的服务器域名,流量走直连
// 要定义在 clash_mode 的前面
// 否则,启用 "clash_mode": "global" 即在 clash 兼容的控制面板里选择“全局”时流量会走代理
"rule_set": "site-fanqiang-server",
"outbound": "out-direct"
},
{
// 这个规则集的内容是走国内直连的 IP 地址
// 同样要定义在 clash_mode 的前面
"rule_set": "ip-direct",
"outbound": "out-direct"
},
{
// clash 兼容的控制面板,选择“直连”时,出站流量走“out-direct”
"clash_mode": "direct",
"outbound": "out-direct"
},
{
// clash 兼容的控制面板,选择“全局”时,出站流量走“out-proxy”,即走代理
"clash_mode": "global",
"outbound": "out-proxy"
},
{
// 规则集内容,出站流量走直连的域名
"rule_set": "site-direct",
"outbound": "out-direct"
},
{
// 出站流量走代理的域名
"rule_set": "site-proxy",
"outbound": "out-proxy"
},
{
// 出站流量走代理的进程名字
"rule_set": "process_name-proxy",
"outbound": "out-proxy"
},
{
// 出站流量走直连的进程名字
"rule_set": "process_name-direct",
"outbound": "out-direct"
},
{
// 出站流量走代理的包名
"rule_set": "package_name-proxy",
"outbound": "out-proxy"
},
{
// 国外 AI 相关域名,出站流量走代理
"rule_set": "geosite-ai",
"outbound": "out-proxy"
},
{
// 被 GFW 屏蔽的域名,出站流量走代理
"rule_set": "geosite-gfw",
"outbound": "out-proxy"
},
{
// 域名的地理位置不在中国,并且域名 IP 不在中国区,出站流量走代理
"type": "logical",
"mode": "and",
"rules": [
{
"rule_set": "geosite-geolocation-!cn"
},
{
"rule_set": "geoip-cn",
"invert": true
}
],
"outbound": "out-proxy"
},
{
"protocol": "quic",
"outbound": "out-block"
},
{
"inbound": "socks-in",
"outbound": "out-proxy"
},
{
// 中国域名,地理位置在中国的域名,IP 地址在中国,都直连
"rule_set": [
"geosite-cn",
"geosite-geolocation-cn",
"geoip-cn"
],
"outbound": "out-direct"
},
{
"ip_is_private": true,
"outbound": "out-direct"
}
],
"rule_set": [
{
// 规则集不以 goe 开头,这是自定义规则
"tag": "process_name-proxy",
"type": "remote",
"format": "source",
// 域名换成你自己的
"url": "https://your-domain.com/process_name-proxy.json",
"download_detour": "out-direct"
},
{
"tag": "process_name-direct",
"type": "remote",
"format": "source",
"url": "https://your-domain.com/process_name-direct.json",
"download_detour": "out-direct"
},
{
"tag": "package_name-proxy",
"type": "remote",
"format": "source",
"url": "https://your-domain.com/package_name-proxy.json",
"download_detour": "out-direct"
},
{
"tag": "site-fanqiang-server",
"type": "remote",
"format": "source",
"url": "https://your-domain.com/site-fanqiang-server.json",
"download_detour": "out-direct"
},
{
"tag": "site-proxy",
"type": "remote",
"format": "source",
"url": "https://your-domain.com/site-proxy.json",
"download_detour": "out-direct"
},
{
"tag": "site-direct",
"type": "remote",
"format": "source",
"url": "https://your-domain.com/site-direct.json",
"download_detour": "out-direct"
},
{
"tag": "ip-direct",
"type": "remote",
"format": "source",
"url": "https://your-domain.com/ip-direct.json",
"download_detour": "out-direct"
},
{
// sing-box 首次运行需能下载规则文件,github 在国内被阻
// 通过 https://ghp.ci/ 中转下载,如果此域名被墙,就需要更换
"tag": "geoip-cn",
"type": "remote",
"format": "binary",
"url": "https://ghp.ci/https://github.com/SagerNet/sing-geoip/raw/refs/heads/rule-set/geoip-cn.srs",
"update_interval": "10d",
"download_detour": "out-direct"
},
{
"tag": "geosite-geolocation-cn",
"type": "remote",
"format": "binary",
"url": "https://ghp.ci/https://github.com/SagerNet/sing-geosite/raw/refs/heads/rule-set/geosite-geolocation-cn.srs",
"update_interval": "10d",
"download_detour": "out-direct"
},
{
"tag": "geosite-geolocation-!cn",
"type": "remote",
"format": "binary",
"url": "https://ghp.ci/https://github.com/SagerNet/sing-geosite/raw/refs/heads/rule-set/geosite-geolocation-!cn.srs",
"update_interval": "10d",
"download_detour": "out-direct"
},
{
"tag": "geosite-gfw",
"type": "remote",
"format": "binary",
"url": "https://ghp.ci/https://github.com/Toperlock/sing-box-geosite/raw/refs/heads/main/rule/gfw.srs",
"update_interval": "10d",
"download_detour": "out-direct"
},
{
"tag": "geosite-cn",
"type": "remote",
"format": "binary",
"url": "https://ghp.ci/https://github.com/SagerNet/sing-geosite/raw/refs/heads/rule-set/geosite-cn.srs",
"update_interval": "10d",
"download_detour": "out-direct"
},
{
"tag": "geosite-ai",
"type": "remote",
"format": "binary",
"url": "https://ghp.ci/https://github.com/DustinWin/ruleset_geodata/raw/refs/heads/sing-box-ruleset-compatible/ai.srs",
"update_interval": "10d",
"download_detour": "out-direct"
},
{
"tag": "geosite-category-ads-all",
"type": "remote",
"format": "binary",
"url": "https://ghp.ci/https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/sing/geo/geosite/category-ads-all.srs",
"update_interval": "10d",
"download_detour": "out-direct"
}
],
// 不在上面的规则中的流量,走代理
"final": "out-proxy",
"find_process": true,
"auto_detect_interface": true
},
"experimental": {
"cache_file": {
"enabled": true,
// 规则集的缓存文件,改成实际路径
"path": "zz_/cache.db",
"store_rdrc": true
},
// 使用与 clash 兼容的控制面板
"clash_api": {
// 浏览器中打开控制面板的地址
"external_controller": "127.0.0.1:9090",
// ui 文件夹的名字
"external_ui": "ui",
// 指定 sing-box 下载控制面板的网址
"external_ui_download_url": "https://github.com/MetaCubeX/Yacd-meta/archive/gh-pages.zip",
// sing-box 下载控制面板相关文件时,出站流量走代理
"external_ui_download_detour": "out-proxy",
// 控制面板中的默认的翻墙方式是本配置文件中定义的规则
"default_mode": "rule"
}
}
}
本配置文件中自定义规则的示例
ip-direct.json
{
"version": 1,
"rules": [
{
"ip_cidr": [
"98.76.54.32",
"10.98.76.54"
]
}
]
}
package_name-proxy.json
{
"version": 1,
"rules": [
{
"package_name": [
"com.google.android.youtube",
"com.android.vending",
"org.telegram.messenger",
"org.telegram.plus",
"com.google.android.googlequicksearchbox",
"app.rvx.android.youtube",
"com.mudvod.video",
"com.fox2code.mmm",
"com.twitter.android"
]
}
]
}
process_name-direct.json
例子中是 Windows 中可执行文件的名字
{
"version": 1,
"rules": [
{
"process_name": [
"MEGAsync.exe",
"claws-mail.exe",
"WeChat.exe",
"TencentMeeting.exe"
]
}
]
}
process_name-proxy.json
{
"version": 1,
"rules": [
{
"process_name": [
"Dropbox.exe",
"DropboxUpdate.exe"
]
}
]
}
site-direct.json
{
"version": 1,
"rules": [
{
"domain_suffix": [
"icloudnative.io"
]
}
]
}
site-fanqiang-server.json
{
"version": 1,
"rules": [
{
"domain_suffix": [
"your-fanqiang-domain.com",
"edcba.com"
]
}
]
}
site-proxy.json
{
"version": 1,
"rules": [
{
"domain_suffix": [
"mega.nz"
]
}
]
}
通过控制面板查看流量走向,切换翻墙方式
按照本文配置正常运行 sing-box 后,浏览器打开 127.0.0.1:9090 就可以打开兼容 clash 的控制面板
-
Overview 概况
可查看上传、下载使用的流量
-
Conns (Connections) 连接
可查看规则集的使用情况,调试时很有用
-
Config 配置
通常用于切换翻墙模式。切换方法:
-
选择
Mode(翻墙模式) -
Reload 重载
点击
Reload config file(重样载入配置文件)
-
启动 sing-box 时清空日志文件
日志level 选择 debug 时,日志文件会越来越大,有二种解决办法:
-
使用
"level": "warn" -
运行 sing-box 的脚本文件中加入清空日志的代码
指定日志文件大于 700 KB时就清空,Linux 风格的代码如下:
if [ $(stat --format=%s "zz_/box.log") -gt 716800 ]; then > zz_/box.log fi
相关内容
- 简单、高速、稳定的翻墙软件 overtls 安装、使用教程
- overtls + tun2proxy 实现全局翻墙,所有流量走代理
- overtls Android 手机翻墙上网教程
- 把 overtls、tun2proxy 设置成开机自动启动的系统服务
- overtls 搭配 sing-box 翻墙的方法
- sing-box 基础教程:sing-box 的配置方法和使用教程
- https://github.com/ShadowsocksR-Live/overtls
- https://github.com/softwaredownload/openwrt-fanqiang
2024-10-15