Openwrt旁路由下openclash adguard home配置

前言

每次重装或者新装Openwrt，都有一堆的设置搞不定，特别是Openclash+adguard Home的配置各种不行，此贴文用于配置存档

Adguar Home配置

配置

http:
  pprof:
    port: 6060
    enabled: false
  address: 0.0.0.0:3000
  session_ttl: 720h
users:
  - name: ****
    password: ****
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
theme: auto
dns:
  bind_hosts:
    - 0.0.0.0
  port: 5353
  anonymize_client_ip: false
  ratelimit: 20
  ratelimit_subnet_len_ipv4: 24
  ratelimit_subnet_len_ipv6: 56
  ratelimit_whitelist: []
  refuse_any: true
  upstream_dns:
    - 127.0.0.1:7874
  upstream_dns_file: ""
  bootstrap_dns:
    - 114.114.114.114
    - 9.9.9.10
    - 149.112.112.10
    - 2620:fe::10
    - 2620:fe::fe:10
  fallback_dns: []
  upstream_mode: parallel
  fastest_timeout: 1s
  allowed_clients: []
  disallowed_clients: []
  blocked_hosts:
    - version.bind
    - id.server
    - hostname.bind
  trusted_proxies:
    - 127.0.0.0/8
    - ::1/128
  cache_size: 4194304
  cache_ttl_min: 600
  cache_ttl_max: 3600
  cache_optimistic: true
  bogus_nxdomain: []
  aaaa_disabled: false
  enable_dnssec: false
  edns_client_subnet:
    custom_ip: ""
    enabled: false
    use_custom: false
  max_goroutines: 300
  handle_ddr: true
  ipset: []
  ipset_file: ""
  bootstrap_prefer_ipv6: false
  upstream_timeout: 10s
  private_networks: []
  use_private_ptr_resolvers: false
  local_ptr_upstreams: []
  use_dns64: false
  dns64_prefixes: []
  serve_http3: false
  use_http3_upstreams: false
  serve_plain_dns: true
  hostsfile_enabled: true
tls:
  enabled: false
  server_name: ""
  force_https: false
  port_https: 443
  port_dns_over_tls: 853
  port_dns_over_quic: 853
  port_dnscrypt: 0
  dnscrypt_config_file: ""
  allow_unencrypted_doh: false
  certificate_chain: ""
  private_key: ""
  certificate_path: ""
  private_key_path: ""
  strict_sni_check: false
querylog:
  dir_path: ""
  ignored: []
  interval: 1h
  size_memory: 1000
  enabled: true
  file_enabled: true
statistics:
  dir_path: ""
  ignored: []
  interval: 24h
  enabled: true
filters:
  - enabled: true
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
    name: AdGuard DNS filter
    id: 1
  - enabled: true
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
    name: AdAway Default Blocklist
    id: 2
  - enabled: true
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_29.txt
    name: 'CHN: AdRules DNS List'
    id: 1732535300
  - enabled: true
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_21.txt
    name: 'CHN: anti-AD'
    id: 1732535301
  - enabled: true
    url: https://raw.githubusercontent.com/217heidai/adblockfilters/main/rules/adblockdns.txt
    name: 217heidai
    id: 1732535302
  - enabled: true
    url: https://raw.githubusercontent.com/8680/GOODBYEADS/master/data/rules/dns.txt
    name: GOODBYEADS
    id: 1732535303
  - enabled: true
    url: https://raw.githubusercontent.com/8680/GOODBYEADS/master/data/rules/adblock.txt
    name: GOODBYEADS1
    id: 1732535304
  - enabled: true
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_59.txt
    name: AdGuard DNS Popup Hosts filter
    id: 1732535305
  - enabled: false
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_50.txt
    name: uBlock₀ filters – Badware risks
    id: 1732535306
  - enabled: false
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_49.txt
    name: HaGeZi's Ultimate Blocklist
    id: 1732535307
  - enabled: false
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_60.txt
    name: HaGeZi's Xiaomi Tracker Blocklist
    id: 1732535308
  - enabled: false
    url: https://malware-filter.gitlab.io/malware-filter/urlhaus-filter-agh.txt
    name: malware-filter
    id: 1732535309
  - enabled: false
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_27.txt
    name: OISD Blocklist Big
    id: 1732535310
  - enabled: false
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_39.txt
    name: Dandelion Sprout's Anti Push Notifications
    id: 1732535311
  - enabled: false
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_33.txt
    name: Steven Black's List
    id: 1732535312
  - enabled: true
    url: https://raw.githubusercontent.com/TG-Twilight/AWAvenue-Ads-Rule/main/AWAvenue-Ads-Rule.txt
    name: AWAvenue
    id: 1732535313
  - enabled: true
    url: https://raw.githubusercontent.com/BlueSkyXN/AdGuardHomeRules/master/all.txt
    name: BlueSkyXN
    id: 1732535314
  - enabled: true
    url: https://raw.githubusercontent.com/5whys-adblock/AdGuardHome-rules/main/rules/output_full.txt
    name: 5whys
    id: 1732535315
  - enabled: true
    url: https://raw.githubusercontent.com/cjx82630/cjxlist/master/cjx-annoyance.txt
    name: cjxlist
    id: 1732535316
  - enabled: true
    url: https://raw.githubusercontent.com/BlueSkyXN/AdGuardHomeRules/master/skyrules.txt
    name: BlueSkyXN2
    id: 1732535317
  - enabled: false
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_51.txt
    name: HaGeZi's Pro++ Blocklist
    id: 1732535319
  - enabled: false
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_6.txt
    name: Dandelion Sprout's Game Console Adblock List
    id: 1732535320
  - enabled: false
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_46.txt
    name: HaGeZi's Anti-Piracy Blocklist
    id: 1732535322
  - enabled: false
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_23.txt
    name: WindowsSpyBlocker - Hosts spy rules
    id: 1732535323
  - enabled: false
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_47.txt
    name: HaGeZi's Gambling Blocklist
    id: 1732535324
  - enabled: false
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_30.txt
    name: Phishing URL Blocklist (PhishTank and OpenPhish)
    id: 1732535325
  - enabled: false
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_54.txt
    name: HaGeZi's DynDNS Blocklist
    id: 1732535327
  - enabled: false
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_12.txt
    name: Dandelion Sprout's Anti-Malware List
    id: 1732535328
  - enabled: false
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_56.txt
    name: HaGeZi's The World's Most Abused TLDs
    id: 1732535329
  - enabled: false
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_8.txt
    name: NoCoin Filter List
    id: 1732535330
whitelist_filters:
  - enabled: true
    url: https://raw.githubusercontent.com/BlueSkyXN/AdGuardHomeRules/master/ok.txt
    name: BlueSkyXN
    id: 1732535318
user_rules:
  - '@@||open.e.189.cn^$important'
  - '||api.translate.zvo.cn^$important'
  - '@@||logi.im^$important'
  - '@@||sms-activate.guru^$important'
  - '@@||doh.pub^$important'
  - '@@||vzan.com^$important'
  - ""
dhcp:
  enabled: false
  interface_name: ""
  local_domain_name: lan
  dhcpv4:
    gateway_ip: ""
    subnet_mask: ""
    range_start: ""
    range_end: ""
    lease_duration: 86400
    icmp_timeout_msec: 1000
    options: []
  dhcpv6:
    range_start: ""
    lease_duration: 86400
    ra_slaac_only: false
    ra_allow_slaac: false
filtering:
  blocking_ipv4: ""
  blocking_ipv6: ""
  blocked_services:
    schedule:
      time_zone: UTC
    ids: []
  protection_disabled_until: null
  safe_search:
    enabled: false
    bing: true
    duckduckgo: true
    ecosia: true
    google: true
    pixabay: true
    yandex: true
    youtube: true
  blocking_mode: default
  parental_block_host: family-block.dns.adguard.com
  safebrowsing_block_host: standard-block.dns.adguard.com
  rewrites: []
  safe_fs_patterns:
    - /etc/AdGuardHome/userfilters/*
  safebrowsing_cache_size: 1048576
  safesearch_cache_size: 1048576
  parental_cache_size: 1048576
  cache_time: 30
  filters_update_interval: 24
  blocked_response_ttl: 10
  filtering_enabled: true
  parental_enabled: false
  safebrowsing_enabled: false
  protection_enabled: true
clients:
  runtime_sources:
    whois: true
    arp: true
    rdns: true
    dhcp: true
    hosts: true
  persistent: []
log:
  enabled: true
  file: ""
  max_backups: 0
  max_size: 100
  max_age: 3
  compress: false
  local_time: false
  verbose: false
os:
  group: ""
  user: ""
  rlimit_nofile: 0
schema_version: 29

Openclash配置

Clash 配置参考

mixed-port: 7890 # 局域网访问Port
bind-address: '*' #绑定IP地址
allow-lan: true # 允许局域网访问
mode: rule # 模式
log-level: warning # 日志等级
external-controller: 0.0.0.0:9090 # 网页端口
find-process-mode: strict   # 匹配所有进程
tcp-concurrent: true # tcp 并发模式
ipv6: false #软路由上不建议开启

# ui部分
# secret: ""
# external-ui: .\ui\public



keep-alive-interval: 15
# fakeip 本地存储，省略DNS查询
profile:
    store-selected: false      # 存储 select 选择记录
    store-fake-ip: true        # 持久化 fake-ip

# Tun 配置 Windows使用
# tun:
#     enable: false  #PC端开启 路由器不开启
#     stack: mixed # gvisor / lwip
#     dns-hijack:
#         - 0.0.0.0:53 # 需要劫持的 DNS
#     auto-route: true # 自动设置全局路由，可以自动将全局流量路由进入tun网卡。
#     auto-detect-interface: true # 自动识别出口网卡
#     endpoint-independent-nat: true
#     inet4-route-address: # 启用 auto-route 时使用自定义路由而不是默认路由
#         - 0.0.0.0/1
#         - 128.0.0.0/1
#  inet6-route-address: # 启用 auto-route 时使用自定义路由而不是默认路由
#    - "::/1"
#    - "8000::/1"

dns:
    enable: true # 关闭将使用系统 DNS
    prefer-h3: true # 开启 DoH 支持 HTTP/3，将并发尝试
    listen: ':53' # 开启 DNS 服务器监听
    default-nameserver:
        - 114.114.114.114
        - 8.8.8.8
        - tls://223.5.5.5:853
        - 192.168.68.1 # 如果是windows或安卓客户端可使用system，如果是软路由填写你的拨号光猫/路由器的IP地址

    enhanced-mode: fake-ip
    fake-ip-range: 198.18.0.1/16
    fake-ip-filter:   #这里可以填写不使用fakeip的域名
        - '*.lan'
        - '*.battlenet.com.cn'
        - '*.battlenet.com'
        - '*.blzstatic.cn'
        - '*.battle.net'
        # === Linksys Wireless Router ===
        - '*.linksys.com'
        - '*.linksyssmartwifi.com'
        # === Apple Software Update Service ===
        - swscan.apple.com
        - mesu.apple.com
        # === Windows 10 Connnect Detection ===
        - '*.msftconnecttest.com'
        - '*.msftncsi.com'
        # === NTP Service ===
        - 'time.*.com'
        - 'time.*.gov'
        - 'time.*.edu.cn'
        - 'time.*.apple.com'
        - 'time1.*.com'
        - 'time2.*.com'
        - 'time3.*.com'
        - 'time4.*.com'
        - 'time5.*.com'
        - 'time6.*.com'
        - 'time7.*.com'
        - 'ntp.*.com'
        - 'ntp.*.com'
        - 'ntp1.*.com'
        - 'ntp2.*.com'
        - 'ntp3.*.com'
        - 'ntp4.*.com'
        - 'ntp5.*.com'
        - 'ntp6.*.com'
        - 'ntp7.*.com'
        - '*.time.edu.cn'
        - '*.ntp.org.cn'
        - '+.pool.ntp.org'
        - time1.cloud.tencent.com
        # === Music Service ===
        ## NetEase
        - '+.music.163.com'
        - '*.126.net'
        ## Baidu
        - musicapi.taihe.com
        - music.taihe.com
        ## Kugou
        - songsearch.kugou.com
        - trackercdn.kugou.com
        ## Kuwo
        - '*.kuwo.cn'
        ## JOOX
        - api-jooxtt.sanook.com
        - api.joox.com
        - joox.com
        ## QQ
        - '*.qq.com'
        - report.url.cn
        ## Xiami
        - '*.xiami.com'
        ## Migu
        - '+.music.migu.cn'
        # === Game Service ===
        ## Nintendo Switch
        - '+.srv.nintendo.net'
        ## Sony PlayStation
        - '+.playstation.net'
        - '+.playstation.com'
        - '+.stun.playstation.net'
        ## Microsoft Xbox
        - 'xbox.*.microsoft.com'
        - '+.xboxlive.com'
        # === Other ===
        ## QQ Quick Login
        - localhost.ptlogin2.qq.com
        ## Golang
        - proxy.golang.org
        ## STUN Server
        - 'stun.*.*'
        - 'stun.*.*.*'
        ## Bilibili CDN
        - '*.mcdn.bilivideo.cn'
        # === Other ===
        - '*.bilibili.com'
        - '*.1huizhan.com'
        - '*.3.cn'
        - '*.300hu.com'
        - '*.360buy.cn'
        - '*.360buy.com'
        - '*.360buy.com.cn'
        - '*.360buyimg.com'
        - '*.360buyinternational.com'
        - '*.360top.com'
        - '*.jd.com'
        # WiFi-Calling 如果你发现你的WiFi Calling不能发图片 大概率是节点UDP问题
        - t-mobile.com
        - crl.t-mobile.com
        - eas3.msg.t-mobile.com
        - mascns.t-mobile.com
        - ns.sipgeo.t-mobile.com
        - epdg.epc.mnc240.mcc310.pub.3gppnetwork.org
        - epdg.epc.mnc260.mcc310.pub.3gppnetwork.org
        - ss.epdg.epc.mnc260.mcc310.pub.3gppnetwork.org
        - ss.epdg.epc.geo.mnc260.mcc310.pub.3gppnetwork.org 
        # Hygege提供
        - services.googleapis.cn
        - xn--ngstr-lra8j.com
        
    
    nameserver:
        - 114.114.114.114 # default value
        - 8.8.8.8
        - tls://223.5.5.5:853 # DNS over TLS
        - https://doh.pub/dns-query
        - https://dns.alidns.com/dns-query#h3=true 
        - system
        
    nameserver-policy:
    "geosite:cn,private":
        - https://120.53.53.53/dns-query
        - https://223.5.5.5/dns-query
    "geosite:geolocation-!cn":
        - "https://dns.cloudflare.com/dns-query"
        - "https://dns.google/dns-query"

#节点存放地址
proxies:
    - name: yoson                                # 可以自定义节点名称
      type: ss
      server:                             # 解析的 IP / 域名
      port:                                         # 自定义端口
      cipher:                               # 自定义加密方式，详细请查阅 Clash Meta 文档
      password:                                # 自定义认证密码

#代理组
proxy-groups:    
#自动选择
    - name: "Auto"
      type: url-test # 下面开启了自动测速
      proxies:
         - yoson
      use:
#          - subscribe_groups 
      url: "http://www.gstatic.com/generate_204"
      interval: 300   #自动测速周期，单位：秒  
#其他规则
    - name: "PROXY"
      type: select # 下面开启了自动测速
      proxies:
          - yoson
          - "Auto"
      use:
#          - subscribe_groups 
          
#代理集  如果是自建节点屏蔽这里  
# proxy-providers:
    #自定义机场名称subscribe_groups
#     subscribe_groups:
#         type: http # http 的 path 可空置,默认储存路径为 homedir的proxies文件夹,文件名为url的md5
#         url: "" #订阅链接存放在双引号内
#         interval: 86400 #机场订阅自动更新时间 单位：秒
#         path: ./hj_sub.yaml # 默认只允许存储在 clash 的 Home Dir，如果想存储到任意位置，添加环境变量 SKIP_SAFE_PATH_CHECK=1
#         health-check:
#             enable: true
#             interval: 165
#             # lazy: true
#             url: http://cp.cloudflare.com/generate_204
      
#规则集
rule-providers:     
    lancidr:
        type: http
        behavior: ipcidr
        interval: 86400
        path: ./ruleset/lancidr.yaml
        url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt"  
    private:
        type: http
        behavior: domain
        interval: 86400
        path: ./ruleset/private.yaml
        url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt"
    direct:
        type: http
        behavior: domain
        interval: 86400
        path: ./ruleset/direct.yaml
        url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt"      
    applications:
        type: http
        behavior: classical
        interval: 86400
        path: ./ruleset/applications.yaml
        url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt"
    icloud:
        type: http
        behavior: domain
        interval: 86400
        path: ./ruleset/icloud.yaml
        url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt"        
    apple:
        type: http
        behavior: domain
        interval: 86400
        path: ./ruleset/apple.yaml
        url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt"
    cncidr:
        type: http
        behavior: ipcidr
        interval: 86400
        path: ./ruleset/cncidr.yaml
        url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt"  
    gfw:
        type: http
        behavior: domain
        interval: 86400   
        path: ./ruleset/gfw.yaml        
        url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt"     
    reject:
        type: http
        behavior: domain
        url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt"
        path: ./ruleset/reject.yaml
        interval: 86400
    
rules:
    - RULE-SET,reject,REJECT
    - DOMAIN,events.data.microsoft.com,REJECT #拦截微软部分遥测
#域名规则
    - RULE-SET,applications,DIRECT
    - RULE-SET,private,DIRECT
    - RULE-SET,icloud,DIRECT
    - RULE-SET,apple,DIRECT

#在这里添加自定义直连规则
    - DOMAIN,xn--ngstr-lra8j.com,PROXY
    - DOMAIN,deeplx.doi9.top,DIRECT
    - DOMAIN,services.googleapis.cn,PROXY
    - DOMAIN,mtalk.google.com,PROXY
    - DOMAIN-SUFFIX,voidsec.com,PROXY   #voidsec 礼貌性添加所谓的dns泄露检测站
    - DOMAIN-SUFFIX,browserleaks.com,PROXY #browserleaks 礼貌性添加所谓的dns泄露检测站
    - DOMAIN-SUFFIX,ipleak.net,PROXY #ipleak 礼貌性添加所谓的dns泄露检测站
    - RULE-SET,gfw,PROXY
    - RULE-SET,direct,DIRECT
    - RULE-SET,lancidr,DIRECT
    - GEOSITE,cn,DIRECT  
#IP规则    
    - RULE-SET,cncidr,DIRECT
#最终匹配 白名单模式
    - MATCH,PROXY

#Openwrt #Openclash

Openwrt旁路由下openclash adguard home配置

http://example.com/2024/12/15/Openwrt旁路由下opencal-adguard-home配置/

作者

Justin

发布于

2024年12月15日

许可协议

Serv00 部署案例和常用命令上一篇

批量更新 OpenWRT 软件包下一篇