Clash FAQ

Clash is a rule-based, cross-platform network proxy tool written in Go, licensed under GPL-3.0. It defines proxy nodes, routing rules, and outbound policy groups through YAML configuration files to achieve granular control over network traffic.

The most active core version currently is Mihomo (formerly Clash.Meta), which adds extensive modern proxy protocol support and functional enhancements on top of the original, making it the community's top choice.

The Clash core (Mihomo) and all major graphical clients are completely free and open-source, and will never charge for usage:

• Clash Verge Rev — Free & Open Source (MIT License)
• FlClash — Free & Open Source (GPL-3.0 License)
• ClashMeta for Android — Free & Open Source (GPL-3.0 License)
• Mihomo Core — Free & Open Source (GPL-3.0 License)

Note: Proxy node services (providers) are independent third-party services that usually charge based on data usage or monthly fees, and are unrelated to the Clash software itself.

• VPN: Forwards all traffic through an encrypted tunnel to the VPN server. Both domestic and international traffic go through the proxy, which can slow down access to local websites and lacks flexible control.
• Clash: Granular routing based on rules. Domestic traffic connects directly (high speed), while international traffic goes through a proxy. Supports 20+ protocols with traffic control down to the process level.

For users who need flexible network management, Clash's rule-based routing capabilities far exceed traditional VPNs and are highly recommended.

Mihomo (formerly Clash.Meta) is a feature-enhanced community fork of Clash and is currently the most active and feature-complete core version. Major enhancements include:

• Native support for Hysteria2, TUIC v5, VLESS, WireGuard, and other new protocols
• Modern security features like Reality transport layer and ECH
• Better TUN mode and Rule-Set support
• Proxy Provider subscription management and MixedPort support

Most graphical clients today (Clash Verge Rev, FlClash) use the Mihomo core by default; you can use them directly.

• Windows 10/11: Clash Verge Rev, Clash Nyanpasu, FlClash
• macOS 11+: Clash Verge Rev, FlClash, ClashX Meta (Supports both Intel & Apple Silicon)
• Linux: Clash Verge Rev, FlClash (Supports major distributions)
• Android 7.0+: ClashMeta for Android
• iOS / iPadOS: Stash, Shadowrocket (Requires App Store purchase)

Visit the Download Center to get the latest versions for each platform.

Go to the Download Center and choose the corresponding client for your operating system. Recommended clients for each platform:

• Windows / macOS / Linux: Download Clash Verge Rev, run the installer, and follow the prompts
• Android: Download the ClashMeta for Android APK and install it after enabling "Allow installation from unknown sources"
• iOS: Search for Shadowrocket or Stash in the App Store to purchase and install

Using Clash Verge Rev as an example (similar for other clients):

• Open the software and click the "Profiles" menu on the left
• Click the "+" icon in the top right → Select "Remote"
• Paste the Clash subscription link provided by your airport in the "URL" field and add a descriptive name
• Click "Download," and once complete, click the checkmark to set it as the current configuration

It is recommended to enable Auto Update (e.g., every 24 hours) so the node list stays up to date automatically.

The Clash configuration file is in YAML format (config.yaml) and contains the following main sections:

• proxies: Node list, defines proxy server information
• proxy-groups: Policy groups, such as URL-Test auto-selection or Select manual selection
• rules: Routing rules, matched from top to bottom
• dns: DNS configuration, specifies upstream DNS and resolution mode

You can modify it with any text editor. VS Code with the YAML extension is recommended for automatic indentation error detection. Changes take effect after reloading the config in the client.

Most major clients have built-in auto-start switches:

• Clash Verge Rev: Settings → System Settings → Startup; you can also enable "Start minimized" to avoid pop-ups
• FlClash: App Settings → Auto-start
• ClashMeta for Android: Settings → Auto-start; requires enabling auto-start in system permissions

It is also recommended to enable Auto-enable system proxy so Clash automatically takes over system traffic on every boot.

Config file storage paths:

• Windows: %APPDATA%\clash-verge
• macOS: ~/Library/Application Support/clash-verge
• Linux: ~/.config/clash-verge

Copy the entire directory to the corresponding location on the new device. After reinstalling the client, all configurations will be restored. If you only use subscription links, re-importing the links on the new device is the simplest method.

• Rule Mode: Matches traffic against the rules in the configuration file to decide whether it should be proxied or direct. Recommended for daily use, as both domestic and international connections will be fast.
• Global Mode: All traffic is forced through the proxy node, bypassing rule matching. Suitable for temporary testing, but domestic websites will slow down.
• Direct Mode: All traffic connects directly, equivalent to turning off the proxy. Suitable for temporary network troubleshooting.

On the client's "Proxies" or "Nodes" page, click the speed test button (lightning bolt icon) to initiate a latency test for all nodes. Results appear next to node names. Click a node name within a policy group to switch immediately without restarting.

Using the URL-Test policy group, Clash automatically selects the node with the lowest latency, requiring no manual intervention. Reference values: Under 100ms is excellent, 100–200ms is normal, and above 200ms may result in lag.

TUN mode requires Administrator / root privileges to create a virtual network interface. Using Clash Verge Rev as an example:

• Go to the "Settings" → "System Proxy" section
• Toggle the "TUN Mode" switch
• When prompted for administrator permissions, click "Yes" to allow
• Wait for the driver installation to complete (takes about 10–30 seconds for the first time)

Once enabled, programs that do not support system proxy settings—such as game clients and command-line tools (curl, git)—will also be processed by Clash.

There are two ways:

• Rule-based (Recommended): Add a PROCESS-NAME rule at the top of the rules section in your config file, for example: - PROCESS-NAME,Discord.exe,DIRECT. All traffic from that process will connect directly.
• Client UI: Some clients (like Clash Verge Rev) offer a "Bypass List" feature in "Settings," allowing you to directly add process names or IP ranges through the interface.

Commonly bypassed applications: Local games (Steam, Steam, etc.), corporate intranet tools, and some banking apps.

• Clash Verge Rev: The "Connections" menu on the left displays target addresses, used nodes, and upload/download traffic for every active connection.
• Log Level: Set the log level to info or debug in the settings to view rule-matching details, which is helpful for troubleshooting routing issues.
• Web Dashboards: Use Yacd (http://localhost:9090/ui) or MetaCubeX dashboards for visual monitoring.

Logs are the best tool for troubleshooting "why this site isn't using the proxy." Always check the logs first when encountering issues.

• Fake-IP: When an app initiates a DNS query, Clash immediately returns a fake IP (198.18.x.x). Rule matching is based on the original domain, and the actual DNS query happens on the proxy side. This completely avoids DNS pollution and results in faster connection establishment. Recommended for most users.
• Redir-Host: Clash queries both domestic and international DNS simultaneously and decides the route based on the resolution results. Better compatibility, but carries a risk of DNS leaks and slightly higher initial connection latency.

A few applications that require real IPs (such as NAT detection in certain online games) may malfunction under Fake-IP. You can resolve this by adding the application's domain to the fake-ip-filter whitelist.

Recommended configuration combo to prevent DNS leaks:

• Enable Clash's built-in DNS module (dns: enable: true) instead of relying on system DNS
• Use encrypted DNS for international domains (DoH example: https://1.1.1.1/dns-query)
• Enable Fake-IP mode to avoid exposing requested domains to upstream DNS servers
• Enable TUN mode to ensure DNS requests are not sent bypassing Clash

After configuration, verify using dnsleaktest.com. The results should only show DNS servers from your proxy node's location.

The Mihomo core provides full IPv6 support, including DNS AAAA record resolution, IPv6 rule matching (IP-CIDR6, GEOIP), TUN device IPv6 routing, and proxy node IPv6 exit connections.

To enable: Add ipv6: true at the top of your config file and ensure AAAA queries are allowed in the DNS settings. If you encounter IPv6 connection issues, you can temporarily set ipv6: false to troubleshoot.

Set allow-lan: true in the config file to allow Clash to accept proxy requests from the local network. On other devices, configure an HTTP proxy in WiFi settings with the server address set to your Clash device's LAN IP (e.g., 192.168.1.100) and the port set to the mixed port (default 7890). This works for phones, tablets, and smart TVs.

Follow these steps to troubleshoot:

• Step 1: Close Clash and check if your network is normal without the proxy
• Step 2: Manually refresh your subscription to update the node list
• Step 3: Switch to other nodes, as some may be blocked
• Step 4: Check if a firewall is blocking Clash's outbound connections
• Step 5: Set the log level to debug to view specific connection error details

If all nodes timeout, it is likely an issue with your provider's server. Contact your provider to confirm node status.

• Select low-latency nodes: Run a speed test and choose nodes under 100ms, or use URL-Test to auto-select the fastest node.
• Check proxy mode: Ensure you are in "Rule Mode" rather than "Global Mode" to avoid unnecessary routing for local traffic.
• Use faster protocols: Hysteria2 or TUIC based on QUIC/UDP perform significantly better than TCP on high packet loss or high latency networks.
• Optimize DNS: Enable DoH / DoT to reduce DNS resolution latency.
• Contact provider: If all nodes are slow, the provider's bandwidth might be congested. Try during non-peak hours or upgrade your plan.

This usually happens when rules fail to set the website as "Direct," routing traffic through international nodes. Solutions:

• Confirm you are in "Rule Mode" rather than Global mode
• Manually add a direct rule at the top: - DOMAIN-SUFFIX,example.local,DIRECT
• Update GeoSite / GeoIP databases to the latest version (usually via an update button in client settings)
• Replace with a more comprehensive community rule set, such as Loyalsoldier Clash Rules

• Insufficient permissions: Run the client as an administrator (Right-click → Run as administrator)
• Driver conflicts: Disable other VPN software (WireGuard, OpenVPN, Cisco AnyConnect, etc.) and try again
• Windows driver issues: Go to Settings → Service Mode and reinstall the Service Mode driver
• Temporary fix: Disable TUN mode and switch to system proxy mode

If the problem persists, attach your log file to a GitHub Issue to seek community help.

This error means the port Clash wants to use (default 7890) is already being used by another program:

• Method 1 (Recommended): Change the mixed-port value in the config file (e.g., to 7891)
• Method 2: Identify and close the program using the port. Windows: netstat -ano | findstr 7890, find the PID, and end it in Task Manager. macOS / Linux: lsof -i :7890
• Method 3: If multiple Clash clients are installed, ensure only one is running