开源 · 跨平台 · 值得信赖 Open Source · Cross-platform · Trusted

Clash —— 基于规则的跨平台网络代理工具

Clash —— Rule-based Cross-platform Proxy Core

支持多协议、智能分流、跨平台兼容的开源代理核心。为全球用户提供灵活可控的网络代理服务,让流量管理更加精准高效。

An open-source proxy core supporting multi-protocol compatibility, intelligent traffic routing, and cross-platform deployment. Empowering users worldwide with flexible and controllable network proxy services.

⚡ 立即下载 ⚡ 节点购买 📖 查看文档 📖 Documentation

核心特性

Core Features

六大核心能力,重新定义网络代理体验

Six core capabilities that redefine the proxy experience

🔌

多协议兼容

Multi-Protocol Support

支持 VMess、Trojan、Shadowsocks、Snell、SOCKS5 等多种主流代理协议,一份配置满足所有需求。

Supports VMess, Trojan, Shadowsocks, Snell, SOCKS5 and more — one config fits all proxy needs.

🧭

智能分流

Smart Routing

基于规则的路由引擎:支持动态脚本、域名、IP 地址、进程名称等维度,国内直连、国外代理,精准可控。

Rule-based routing engine with dynamic scripts, domain, IP, and process matching — direct or proxy, precisely controlled.

💻

跨平台支持

Cross-Platform

全面覆盖 Windows、macOS、Linux、Android、iOS、OpenWrt 等主流平台,一处配置,多端同步使用。

Full coverage of Windows, macOS, Linux, Android, iOS, and OpenWrt — one config, seamless multi-device usage.

🛡️

Fake-IP DNS

Fake-IP DNS

创新的 Fake-IP DNS 机制有效减少 DNS 污染影响,显著提升网络解析性能与访问速度。

Innovative Fake-IP DNS mechanism effectively reduces DNS pollution impact, boosting resolution performance and access speed.

⚙️

策略组管理

Policy Group Management

支持自动化可用性测试、负载均衡、延迟测试等高级策略组功能,智能选择最优节点,保障连接稳定性。

Advanced policy groups with auto health checks, load balancing, and latency testing — intelligently select the best node.

🔓

开源透明

Open Source & Transparent

基于 GPL-3.0 许可证开源,代码完全可审计,保障用户隐私与数据安全,社区驱动持续进化。

GPL-3.0 licensed open source, fully auditable codebase — ensuring user privacy and data security through community-driven development.

版本说明与对比

Version Comparison

了解 Clash 开源版与 Premium 版的差异,选择最适合您的版本

Understand the differences between Clash Open Source and Premium editions

功能 Feature 开源版 Open Source Premium
HTTP/HTTPS/SOCKS5 入站 HTTP/HTTPS/SOCKS5 Inbound
TUN 设备支持 TUN Device Support Premium
Shadowsocks(R)/VMess/Trojan 出站 SS(R)/VMess/Trojan Outbound
WireGuard 出站 WireGuard Outbound Premium
基于规则的路由 Rule-based Routing
Fake-IP DNS Fake-IP DNS
透明代理(Redirect/TProxy) Transparent Proxy Premium
策略组高级功能 Advanced Policy Groups 基础 Basic 完整 Full
远程 Providers Remote Providers
RESTful API RESTful API

📌 标注 Premium 的功能仅在 Premium 版本中提供。Premium 版保持免费且开源。

📌 Features marked Premium are only available in the Premium edition, which remains free and open source.

平台下载引导

Platform Downloads

选择您的操作系统,获取推荐的 Clash 客户端

Select your operating system to get the recommended Clash client

🪟

Windows

Clash Verge Rev Clash Verge Rev v2.0+ ⬇ 下载 Windows 版 ⬇ Download for Windows SHA256 验证 · 支持 Windows 10/11 SHA256 verified · Windows 10/11
🍎

macOS

ClashX Pro / Stash ClashX Pro / Stash 最新版 ⬇ 下载 macOS 版 ⬇ Download for macOS Intel / Apple Silicon 双架构 Intel & Apple Silicon supported
🤖

Android

Clash for Android Clash for Android v3.0+ ⬇ 下载 Android 版 ⬇ Download for Android SHA256 验证 · Android 8.0+ SHA256 verified · Android 8.0+
📱

iOS

Stash(原 Clash for iOS) Stash (formerly Clash for iOS) App Store ⬇ App Store 下载 ⬇ Download from App Store 官方商店安全下载 Official App Store download
🐧

Linux

Clash Verge Rev Clash Verge Rev Tauri 2 + Rust ⬇ 下载 Linux 版 ⬇ Download for Linux AppImage / deb / rpm 格式 AppImage / deb / rpm formats
📡

OpenWrt

OpenClash OpenClash 路由器端 ⬇ 下载 OpenWrt 版 ⬇ Download for OpenWrt 路由器端部署方案 Router-level deployment

快速上手指南

Quick Start Guide

只需四步,3 分钟内完成首次配置

Just four steps to complete your first setup in under 3 minutes

1

下载安装

Download & Install

选择对应系统版本下载并安装客户端,优先使用官方 GitHub Releases 等可信来源获取安装包。

Download and install the client for your OS, preferably from official GitHub Releases or trusted sources.

2

导入配置

Import Config

通过订阅链接或本地 YAML 文件导入节点配置信息,按需启用相应的规则集以实现智能分流。

Import node configuration via subscription link or local YAML file, enabling rule sets for smart routing as needed.

3

启用代理

Enable Proxy

开启系统代理或服务模式,选择一个可用节点,检查分流规则是否按预期生效并正常连接网络。

Turn on system proxy or service mode, select an available node, and verify routing rules are working as expected.

4

验证生效

Verify Connection

访问测试网站确认代理是否正常工作,检查 IP 归属地变化与延迟表现,确保配置完全生效。

Visit test websites to confirm the proxy is working, check IP location changes and latency to ensure full functionality.

常见问题 FAQ

Frequently Asked Questions

六大类别,全面解答您的疑惑

Six categories covering all your questions

产品认知 Product Clash 是什么?它有哪些核心特点? What is Clash? What are its core features?
  1. 理解产品本质:Clash 是一个跨平台的开源网络代理工具,在网络层和应用层运行,已被全球互联网用户广泛采用。它不是一个简单的VPN,而是一个功能完整的代理核心。
  2. 认识核心能力:Clash 支持多种主流代理协议,包括 VMess、Trojan、Shadowsocks、SOCKS5 等,用户可以根据需求灵活选择和组合使用。
  3. 了解分流机制:其最大的特色是基于规则的路由系统,可以对不同域名、IP 地址、应用程序分别指定不同的代理策略,实现精准的流量管理。
  4. 明确开源生态:Clash 基于 GPL-3.0 许可证开源,代码完全公开可审计,社区活跃,衍生项目丰富,保障了长期的可持续发展。
  5. 选择合适版本:用户可根据需求选择开源版或 Premium 版,后者提供 TUN 设备、WireGuard 出站等增强功能,且同样保持免费开源。
  1. Understand the Product: Clash is a cross-platform open-source proxy tool operating at the network and application layer, widely adopted by global internet users. It is a full-featured proxy core, not just a simple VPN.
  2. Core Capabilities: Clash supports multiple mainstream proxy protocols including VMess, Trojan, Shadowsocks, and SOCKS5, allowing flexible selection and combination based on user needs.
  3. Routing Mechanism: Its standout feature is the rule-based routing system, enabling precise traffic management by assigning different proxy strategies to different domains, IPs, and applications.
  4. Open Source Ecosystem: Clash is GPL-3.0 licensed, with fully auditable open-source code, an active community, and rich derivative projects ensuring long-term sustainability.
  5. Version Selection: Users can choose between Open Source and Premium editions; the latter offers enhanced features like TUN device support and WireGuard outbound while remaining free and open source.
技术对比 Comparison Clash 与传统 VPN 有何本质区别? How does Clash differ from traditional VPNs?
  1. 分流与全局的差异:传统 VPN 通常采用全局隧道模式,所有流量都经过 VPN 服务器;而 Clash 采用"按规则分流"机制,只有匹配规则的流量才会走代理,国内网站直连、国外网站代理,更加灵活高效。
  2. 流量控制粒度:Clash 可以精确到域名、IP 段、应用程序进程名称级别进行流量调度,传统 VPN 往往只能做全局开关,无法实现如此精细化的管理。
  3. 多节点策略组:Clash 支持策略组管理,可配置多个节点并设置自动故障转移、负载均衡、延迟优选等高级策略,传统 VPN 通常只支持单一服务器连接。
  4. 性能与资源占用:由于采用分流机制,Clash 在处理国内流量时几乎无额外开销,整体性能表现优于全局代理的传统 VPN 方案,尤其适合需要长时间保持连接的用户。
  1. Split Routing vs. Full Tunnel: Traditional VPNs use a global tunnel mode where all traffic passes through the VPN server; Clash uses rule-based split routing, where only matched traffic goes through the proxy — direct for domestic sites, proxy for international ones, making it more efficient.
  2. Traffic Control Granularity: Clash can schedule traffic at the domain, IP range, and application process name level, while traditional VPNs typically only offer a global on/off switch without such fine-grained management.
  3. Multi-Node Policy Groups: Clash supports policy group management with multiple nodes and advanced strategies like auto failover, load balancing, and latency-based selection — traditional VPNs usually only support a single server connection.
  4. Performance & Resource Usage: Due to split routing, Clash incurs almost no overhead for domestic traffic, delivering better overall performance than global-proxy VPN solutions, especially for users needing long-duration connections.
安装部署 Installation 如何在不同平台上下载安装 Clash? How to download and install Clash on different platforms?
  1. 确认操作系统版本:首先明确您使用的操作系统及架构(如 Windows 10/11、macOS Intel 或 Apple Silicon、Android 版本等),这决定了您需要下载哪个安装包。
  2. 访问官方下载渠道:推荐通过 GitHub 官方 Releases 页面获取安装包,Windows 推荐 Clash Verge Rev,macOS 推荐 ClashX Pro,Android 推荐 Clash for Android,iOS 通过 App Store 下载 Stash。
  3. 验证文件完整性:下载完成后,建议使用 SHA256 校验工具验证安装包的哈希值是否与官方公布的一致,确保文件未被篡改或携带恶意代码。
  4. 完成安装过程:按照各平台的标准安装流程进行操作,Windows 双击安装包、macOS 拖入应用程序文件夹、Android 允许安装未知来源应用(如通过 APK 安装)。
  5. 进行初始设置:安装完成后首次启动客户端,根据界面引导完成基本设置,包括语言选择、主题偏好、开机自启等选项的配置。
  6. 验证安装成功:打开客户端主界面,确认程序正常运行无报错,即可进入下一步的节点配置与订阅导入环节。
  1. Confirm Your OS Version: First, identify your operating system and architecture (e.g., Windows 10/11, macOS Intel or Apple Silicon, Android version) to determine which package to download.
  2. Visit Official Download Channels: It is recommended to obtain installation packages from official GitHub Releases — Clash Verge Rev for Windows, ClashX Pro for macOS, Clash for Android for Android, and Stash via App Store for iOS.
  3. Verify File Integrity: After downloading, use SHA256 verification tools to check the package hash against the official value, ensuring the file has not been tampered with or contains malicious code.
  4. Complete Installation: Follow standard installation procedures for each platform — double-click the installer on Windows, drag to the Applications folder on macOS, and enable "install unknown apps" on Android if using APK.
  5. Initial Setup: After installation, launch the client and follow the onboarding guide to configure basic settings including language, theme preference, and auto-start options.
  6. Verify Successful Installation: Open the main client interface and confirm the program runs without errors, then proceed to node configuration and subscription import.
配置使用 Configuration 如何通过订阅链接配置 Clash? How to configure Clash via a subscription link?
  1. 获取订阅链接:从您的节点服务提供商处获取 Clash 兼容的订阅链接(通常以 URL 形式提供),这是自动更新节点列表与规则的关键凭证。
  2. 打开配置界面:启动 Clash 客户端后,进入 "Profiles"(配置)或"订阅"管理页面,找到添加新订阅的入口选项。
  3. 粘贴订阅链接:点击"新增订阅"或"添加配置",将复制的订阅链接粘贴到 URL 输入框中,可根据需要为订阅命名以便区分管理。
  4. 更新获取节点:保存订阅后点击"更新"按钮,客户端将自动从远程服务器拉取最新的节点列表和分流规则配置信息。
  5. 选择节点并启用:更新完成后,在节点列表中选择一个可用的节点,然后开启系统代理开关,即可开始使用 Clash 进行安全上网。
  1. Obtain the Subscription Link: Get a Clash-compatible subscription link (usually provided as a URL) from your node service provider — this is the key credential for auto-updating node lists and rules.
  2. Open Configuration Interface: After launching the Clash client, navigate to the "Profiles" or "Subscription" management page and find the option to add a new subscription.
  3. Paste the Subscription Link: Click "Add Subscription" or "Add Config," paste the copied subscription link into the URL input field, and optionally give it a name for easy management.
  4. Update to Fetch Nodes: After saving, click the "Update" button — the client will automatically pull the latest node list and routing rule configuration from the remote server.
  5. Select Node and Enable: Once updated, select an available node from the list, then toggle the system proxy switch to start using Clash for secure browsing.
高级功能 Advanced 什么是分流规则和策略组?如何实际应用? What are routing rules and policy groups? How to use them?
  1. 理解分流规则的本质:分流规则是一组匹配条件,用于判断特定流量应该走代理还是直连。规则可以基于域名关键字、域名后缀、IP CIDR、GeoIP 数据库等多种维度进行匹配。
  2. 认识策略组的类型:策略组定义了匹配到某条规则后流量应如何被处理。常见类型包括直连(DIRECT)、拒绝(REJECT)、代理节点选择、自动故障转移(Fallback)、负载均衡(Load Balance)等。
  3. 了解规则匹配顺序:Clash 按照配置文件中规则的排列顺序从上到下进行匹配,一旦命中某条规则即停止继续匹配,因此需要将更精确的规则放在前面,通用规则放在末尾。
  4. 实际应用场景示例:例如设置国内域名(如 .cn、.com.cn)走直连策略,国外常用服务(如 Google、YouTube)走代理节点组,广告追踪域名直接拒绝连接,从而实现精细化的网络流量管理。
  1. Understand Routing Rules: Routing rules are a set of matching conditions that determine whether specific traffic should go through a proxy or directly. Rules can match based on domain keywords, domain suffixes, IP CIDR ranges, GeoIP databases, and more.
  2. Policy Group Types: Policy groups define how matched traffic should be handled. Common types include DIRECT (no proxy), REJECT (block), proxy node selection, automatic Fallback, and Load Balance with multiple nodes.
  3. Rule Matching Order: Clash matches rules from top to bottom in the config file order and stops at the first match — so place more specific rules at the top and general catch-all rules at the bottom.
  4. Practical Application Example: For instance, set domestic domains (e.g., .cn, .com.cn) to DIRECT, international services (e.g., Google, YouTube) to a proxy node group, and ad-tracking domains to REJECT — achieving fine-grained network traffic management.
安全隐私 Security Clash 如何保障用户隐私与数据安全? How does Clash protect user privacy and data security?
  1. 开源代码可审计:Clash 基于 GPL-3.0 许可证完全开源,任何人都可以审查源代码,确保不存在后门或恶意收集用户数据的行为,这是保障隐私安全的基石。
  2. 数据完全本地化:所有配置信息、节点列表、分流规则和连接日志均保存在用户本地设备上,不会上传到任何第三方服务器,用户对自己的数据拥有完全的控制权。
  3. 加密传输保障:Clash 支持 TLS 加密传输协议,节点间的通信经过高强度加密,有效防止中间人攻击和流量嗅探,确保数据传输过程的安全性。
  4. 安全使用建议:建议用户优先使用加密传输协议(如 Trojan + TLS、VMess + WebSocket + TLS),定期更新客户端版本以获取安全补丁,并从可信任的来源获取订阅链接。
  5. 定期维护与更新:保持客户端和规则集为最新版本,关注社区安全公告,及时应用安全更新,避免因使用过时版本而暴露于已知的安全漏洞风险中。
  1. Auditable Open Source Code: Clash is fully open source under the GPL-3.0 license, allowing anyone to review the source code and verify there are no backdoors or malicious data collection — the cornerstone of privacy protection.
  2. Fully Local Data Storage: All configuration, node lists, routing rules, and connection logs are stored locally on the user's device and never uploaded to third-party servers, giving users complete control over their data.
  3. Encrypted Transmission: Clash supports TLS-encrypted transport protocols, with high-strength encryption for inter-node communication, effectively preventing man-in-the-middle attacks and traffic sniffing.
  4. Security Best Practices: It is recommended to use encrypted protocols (e.g., Trojan + TLS, VMess + WebSocket + TLS), regularly update the client for security patches, and obtain subscription links only from trusted sources.
  5. Regular Maintenance: Keep the client and rule sets updated, monitor community security announcements, and promptly apply security updates to avoid exposure to known vulnerabilities from outdated versions.

社区与生态

Community & Ecosystem

加入全球开发者社区,共同推动 Clash 生态发展

Join the global developer community and help grow the Clash ecosystem

🐙 GitHub 📢 Telegram 💬 Discord 📚 Wiki 文档 🔀 Clash Meta

隐私安全声明

Privacy & Security Statement

我们高度重视您的隐私与数据安全

We take your privacy and data security seriously

🔍

开源透明

Open & Transparent

代码公开可审计,接受全球开发者监督

Publicly auditable code, monitored by global developers

💾

数据本地化

Local Data Storage

配置与日志仅存于本地设备

Config and logs stored only on local devices

🔐

加密传输

Encrypted Transfer

支持 TLS 加密,防止流量嗅探

TLS encryption support to prevent traffic sniffing

🔄

持续更新

Continuous Updates

定期发布安全补丁与版本更新

Regular security patches and version updates