github.com/igoogolx/clash@v1.19.8/docs/advanced-usages/wireguard.md

github.com/igoogolx/clash@v1.19.8/docs/advanced-usages/wireguard.md (about)

     1  ---
     2  sidebarTitle: Rule-based Wireguard
     3  sidebarOrder: 1
     4  ---
     5  
     6  # Rule-based Wireguard
     7  
     8  Suppose your kernel supports Wireguard and you have it enabled. The `Table` option stops _wg-quick_ from overriding default routes.
     9  
    10  Example `wg0.conf`:
    11  
    12  ```ini
    13  [Interface]
    14  PrivateKey = ...
    15  Address = 172.16.0.1/32
    16  MTU = ...
    17  Table = off
    18  PostUp = ip rule add from 172.16.0.1/32 table 6666
    19  
    20  [Peer]
    21  AllowedIPs = 0.0.0.0/0
    22  AllowedIPs = ::/0
    23  PublicKey = ...
    24  Endpoint = ...
    25  ```
    26  
    27  Then in Clash you would only need to have a DIRECT proxy group that has a specific outbound interface:
    28  
    29  ```yaml
    30  proxy-groups:
    31    - name: Wireguard
    32      type: select
    33      interface-name: wg0
    34      proxies:
    35        - DIRECT
    36  rules:
    37    - DOMAIN,google.com,Wireguard
    38  ```
    39  
    40  This should perform better than whereas if Clash implemented its own userspace Wireguard client. Wireguard is supported in the kernel.