Enabling TUN Mode for Clash Premium on a Server

Recently, fluctuating download speeds have been frustrating, and changing the source hasn’t resolved all issues. Consequently, I decided to install Clash on my server to achieve internet freedom.

Clash Dashboard

Optional installation, which I find not very useful

A web-based control panel, beginner-friendly, with clear and straightforward settings

Dashboard on GitHub

Download locally and build, then upload to /opt/clash/ui

The subsequent ‘secret’ setting will be used for logging in

Clash Control Panel

Clash Premium

Clash Premium edition, capable of TUN mode

引用站外链接

Clash Premium

Github

wget -O clash.gz https://github.com/Dreamacro/clash/releases/download/premium/clash-linux-amd64-2023.08.17.gz

gzip -dc clash.gz > /usr/local/bin/clash
chmod +x /usr/local/bin/clash

Country.mmdb

Improving the efficiency and quality of network routing

引用站外链接

GeoIP

Github

mkdir /etc/clash
wget -O /etc/clash/Country.mmdb https://github.com/Dreamacro/maxmind-geoip/releases/download/20230812/Country.mmdb

clash.service

Create a systemd script for clash to auto-start and run persistently

vim /etc/systemd/system/clash.service

[Unit]
Description=clash daemon
 
[Service]
Type=simple
User=root
ExecStart=/usr/local/bin/clash -d /etc/clash/
Restart=on-failure
 
[Install]
WantedBy=multi-user.target

Reload systemd

systemctl daemon-reload

config.yaml

Download based on the subscription link from your provider

wget -O /etc/clash/config.yaml https://XXXXX/config.yaml

Custom modifications

port: 7890
socks-port: 7891

allow-lan: true

mode: rule

external-controller: :9090
external-ui: /opt/clash/ui

secret: "******"

dns:
  enable: true
  listen: :53
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  fake-ip-filter:
    - '*.btwoa.com'
  nameserver:
    - 114.114.114.114 
    - 8.8.8.8 
    - tls://dns.rubyfish.cn:853 
    - https://1.1.1.1/dns-query 
    - dhcp://en0 
  fallback:
    - 8.8.8.8
tun:
  enable: true
  stack: system
  dns-hijack:
    - 8.8.8.8:53
    - tcp://8.8.8.8:53
    - any:53
    - tcp://any:53
  auto-route: true
  auto-detect-interface: true

.bashrc

vim ~/.bashrc

export http_proxy="127.0.0.1:7890"
export https_proxy="127.0.0.1:7891"
export all_proxy="socks5://127.0.0.1:7891"

Reload

source ~/.bashrc

TUN Mode

/etc/sysctl.conf

Enable forward

vim /etc/sysctl.conf

net.ipv4.ip_forward=1

Reload

sysctl -p

Running and Auto-Start

systemctl start clash
systemctl enable clash

Testing

启动Clash服务

Ping Google

Issues

TUN mode prevents Docker container services from accessing the external network

引用站外链接

TUN Mode Issue

Github

Looking forward to fix

The simplest solution is to turn off clash when accessing containers from the external network