A rule-based tunnel in Go.
- Local HTTP/HTTPS/SOCKS server with authentication support
- Shadowsocks(R), VMess, Trojan, Snell, SOCKS5, HTTP(S) outbound support
- Built-in fake-ip DNS server that aims to minimize DNS pollution attack impact. DoH/DoT upstream supported.
- Rules based off domains, GEOIP, IP-CIDR or process names to route packets to different destinations
- Proxy groups allow users to implement powerful rules. Supports automatic fallback, load balancing or auto select proxy based off latency
- Remote providers, allowing users to get proxy lists remotely instead of hardcoding in config
- Transparent proxy: Redirect TCP and TProxy TCP/UDP with automatic route table/rule management
- Hot-reload via the comprehensive HTTP RESTful API controller
Premium core is proprietary. You can find their release notes and pre-built binaries here.
- gvisor/system stack TUN device on macOS, Linux and Windows (ref)
- Policy routing with Scripts
- Load your rules with Rule Providers
- Monitor Clash usage with a built-in profiling engine. (Dreamacro/clash-tracing)
Documentations are available at GitHub Wiki.
If you want to build a Go application that uses Clash as a library, check out the GitHub Wiki.
This software is released under the GPL-3.0 license.