black-internet-days-ahead/sing-box
1
0
Fork 0
mirror of https://github.com/SagerNet/sing-box.git synced 2024-09-20 10:37:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
sing-box/docs/configuration/inbound/tun.md
世界 67c7e9fd86
Refactor inbound documetation
2022-08-31 12:50:26 +08:00

3.2 KiB
Raw Blame History

!!! error ""

Only supported on Linux, Windows and macOS.

Structure

{
  "type": "tun",
  "tag": "tun-in",
  
  "interface_name": "tun0",
  "inet4_address": "172.19.0.1/30",
  "inet6_address": "fdfe:dcba:9876::1/128",
  "mtu": 1500,
  "auto_route": true,
  "strict_route": true,
  "endpoint_independent_nat": false,
  "stack": "gvisor",
  "include_uid": [
    0
  ],
  "include_uid_range": [
    "1000-99999"
  ],
  "exclude_uid": [
    1000
  ],
  "exclude_uid_range": [
    "1000-99999"
  ],
  "include_android_user": [
    0,
    10
  ],
  "include_package": [
    "com.android.chrome"
  ],
  "exclude_package": [
    "com.android.captiveportallogin"
  ],

  ... // Listen Fields
}

!!! note ""

You can ignore the JSON Array [] tag when the content is only one item

!!! warning ""

If tun is running in non-privileged mode, addresses and MTU will not be configured automatically, please make sure the settings are accurate.

Fields

interface_name

Virtual device name, automatically selected if empty.

inet4_address

==Required==

IPv4 prefix for the tun interface.

inet6_address

IPv6 prefix for the tun interface.

mtu

The maximum transmission unit.

auto_route

Set the default route to the Tun.

!!! error ""

To avoid traffic loopback, set `route.auto_detect_interface` or `route.default_interface` or `outbound.bind_interface`

strict_route

Enforce strict routing rules in Linux when auto_route is enabled:

  • Let unsupported network unreachable
  • Route all connections to tun

It prevents address leaks and makes DNS hijacking work on Android and Linux with systemd-resolved, but your device will not be accessible by others.

endpoint_independent_nat

Enable endpoint-independent NAT.

Performance may degrade slightly, so it is not recommended to enable on when it is not needed.

udp_timeout

UDP NAT expiration time in seconds, default is 300 (5 minutes).

stack

TCP/IP stack.

Stack Upstream Status
gVisor (default) google/gvisor recommended
LWIP eycorsican/go-tun2socks upstream archived

!!! warning ""

The LWIP stack is not included by default, see [Installation](/#installation).

include_uid

!!! error ""

UID rules are only supported on Linux and require auto_route.

Limit users in route. Not limited by default.

include_uid_range

Limit users in route, but in range.

exclude_uid

Exclude users in route.

exclude_uid_range

Exclude users in route, but in range.

include_android_user

!!! error ""

Android user and package rules are only supported on Android and require auto_route.

Limit android users in route.

Common user ID
Main 0
Work Profile 10

include_package

Limit android packages in route.

exclude_package

Exclude android packages in route.

Listen Fields

See Listen Fields for details.