lala.im:sing-box TUN+REALITY（iOS/Windows客户端配置示例）

原文地址：https://lala.im/8616.html，請支持原作者！該處僅作轉載。

最近sing-box又出了一个新的ios客户端：sfi。
sfi目前使用起来还不太方便，配置只能手搓，不过这都小问题，主要是目前想在ios上用reality的话就只有这个客户端支持，小火箭啥的估计没个把月不会更新。。
更多关于sfi的介绍可看这里：https://sing-box.sagernet.org/installation/clients/sfi/
reality服务端的配置可看我之前的这篇文章：https://lala.im/8610.html
有一个需要注意的点是新版本的sing-box现在vless入站也要填写flow了：

"flow": "xtls-rprx-vision"

其他的没有变化，下面是我自己根据文档搓的2份客户端配置文件，一个ios的，一个windows的。
ios：

{
  "log": {
    "level": "info",
    "timestamp": true
  },
  "dns": {
    "servers": [
      {
        "tag": "cloudflare",
        "address": "https://1.1.1.1/dns-query"
      },
      {
        "tag": "dnspod",
        "address": "https://1.12.12.12/dns-query",
        "detour": "direct"
      },
      {
        "tag": "block",
        "address": "rcode://success"
      }
    ],
    "rules": [
      {
        "geosite": "cn",
        "server": "dnspod"
      },
      {
        "geosite": "category-ads-all",
        "server": "block",
        "disable_cache": true
      }
    ]
  },
  "inbounds": [
    {
      "type": "tun",
      "tag": "tun-in",
      "interface_name": "tun0",
      "inet4_address": "172.19.0.1/30",
      "auto_route": true,
      "strict_route": true,
      "stack": "gvisor",
      "sniff": true
    }
  ],
  "outbounds": [
    {
      "type": "vless",
      "tag": "vless-out",
      "server": "1.2.3.4",
      "server_port": 443,
      "uuid": "8497c213-e47c-4df3-beb0-2f3db1605062",
      "flow": "xtls-rprx-vision",
      "network": "tcp",
      "tls": {
        "enabled": true,
        "server_name": "www.docker.com",
        "utls": {
            "enabled": true,
            "fingerprint": "safari"
         },
        "reality": {
            "enabled": true,
            "public_key": "o60BMlDgf_k_hAryojHWGrDkqjR8SvcYK5asrOoU1hA",
            "short_id": "5d2e3ed92cf8a73b"
        }
      }
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "type": "dns",
      "tag": "dns"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns"
      },
      {
        "geosite": "cn",
        "geoip": [
          "cn",
          "private"
        ],
        "outbound": "direct"
      },
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      }
    ]
  }
}

windows：

{
  "log": {
    "level": "info",
    "timestamp": true
  },
  "dns": {
    "servers": [
      {
        "tag": "cloudflare",
        "address": "https://1.1.1.1/dns-query"
      },
      {
        "tag": "dnspod",
        "address": "https://1.12.12.12/dns-query",
        "detour": "direct"
      },
      {
        "tag": "block",
        "address": "rcode://success"
      }
    ],
    "rules": [
      {
        "geosite": "cn",
        "server": "dnspod"
      },
      {
        "geosite": "category-ads-all",
        "server": "block",
        "disable_cache": true
      }
    ]
  },
  "inbounds": [
    {
      "type": "tun",
      "tag": "tun-in",
      "interface_name": "singbox-tun",
      "inet4_address": "172.20.0.1/30",
      "auto_route": true,
      "strict_route": true,
      "stack": "system",
      "sniff": true
    }
  ],
  "outbounds": [
    {
      "type": "vless",
      "tag": "vless-out",
      "server": "1.2.3.4",
      "server_port": 443,
      "uuid": "8497c213-e47c-4df3-beb0-2f3db1605062",
      "flow": "xtls-rprx-vision",
      "network": "tcp",
      "tls": {
        "enabled": true,
        "server_name": "www.docker.com",
        "utls": {
            "enabled": true,
            "fingerprint": "chrome"
         },
        "reality": {
            "enabled": true,
            "public_key": "o60BMlDgf_k_hAryojHWGrDkqjR8SvcYK5asrOoU1hA",
            "short_id": "5d2e3ed92cf8a73b"
        }
      }
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "type": "dns",
      "tag": "dns"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns"
      },
      {
        "geosite": "cn",
        "geoip": [
          "cn",
          "private"
        ],
        "outbound": "direct"
      },
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      }
    ],
    "auto_detect_interface": true
  }
}

2个平台配置的时候都有一些需要注意的点。

ios：sfi不支持system stack，所以配置里面用的是gvisor。

windows：开启strict_route可以防止dns泄漏。另外必须配置auto_detect_interface防止流量环回。

无论是ios还是windows使用tun模式的时候，dns服务器不要把格式配置成system协议的。

ios的配置导入进去就能用了，下面我记录下windows的额外配置。

由于我这个win10里面有很多接口，我看了下有virtualbox、vmware、openvpn、网易uu游戏加速器等很多：
![範例](https://dontalk.org/usr/uploads/2023/03/lala.im_2023-03-07_19-20-33.png

windows默认对这些接口都会自动设置一个优先级，如果这些接口的优先级比你用来上网的那个接口优先级高（一般用来上网的接口叫“以太网”。）那么sing-box就会把优先级最高的那个接口当作默认接口，这样就会导致最后sing-box是不能正常用的。

要解决的话也很简单，笨办法，把不用的接口都禁用掉，只留下用来上网的“以太网”。一开始我就是这样配置的，但是想了下这也太不方便了。后来仔细研究了下，发现是可以手动设置优先级的，下面说下方法。

首先用管理员身份打开powershell，执行下面的命令查看接口信息：

Get-NetIPInterface

主要看接口InterfaceMetric下面的值，值越低说明优先级越高：

可以看到我用来上网的“以太网”接口的值是100，而virtualbox、vmware等接口的值是25、35，都比“以太网”的值低。现在要做的就是修改这些接口的值，执行如下命令修改：

Set-NetIPInterface -InterfaceIndex 3 -InterfaceMetric 110
Set-NetIPInterface -InterfaceIndex 13 -InterfaceMetric 120
Set-NetIPInterface -InterfaceIndex 4 -InterfaceMetric 130
Set-NetIPInterface -InterfaceIndex 16 -InterfaceMetric 130

再看下，确认修改完成：

参考：

https://sing-box.sagernet.org/configuration/inbound/tun/
https://sing-box.sagernet.org/examples/tun/
https://sing-box.sagernet.org/examples/dns-hijack/
https://www.windowscentral.com/how-change-priority-order-network-adapters-windows-10