From 7ba06b4d97f18fcc8a36c530940921456d9809ea Mon Sep 17 00:00:00 2001
From: oruke <orukefeng@gmail.com>
Date: Tue, 5 May 2026 23:34:29 +0800
Subject: [PATCH] =?UTF-8?q?fix(clash):=20TUN=20=E6=8E=92=E9=99=A4=E5=B1=80?=
 =?UTF-8?q?=E5=9F=9F=E7=BD=91=EF=BC=8C=E4=BF=AE=E5=A4=8D=20LAN=20=E6=97=A0?=
 =?UTF-8?q?=E6=B3=95=E8=AE=BF=E9=97=AE=E6=9C=AC=E6=9C=BA=E6=9C=8D=E5=8A=A1?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Clash Verge 的 TUN + auto-route 注入 nftables 规则劫持所有流量，
导致外部设备(手机等)无法通过 LAN 访问本机服务(如 8080 端口)。
添加 route-exclude-address 排除:
- 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12 (所有 RFC1918 局域网)
- 100.64.0.0/10 (Tailscale CGNAT)
---
 clash/config.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clash/config.yaml b/clash/config.yaml
index 48fb6fa..e3a15b3 100644
--- a/clash/config.yaml
+++ b/clash/config.yaml
@@ -5,6 +5,19 @@ geodata-mode: true
 tcp-concurrent: true
 find-process-mode: always
 
+tun:
+  enable: true
+  stack: mixed
+  auto-route: true
+  strict-route: false
+  route-exclude-address:
+    # 局域网排除 — 让外部设备能直接访问本机服务
+    - 192.168.0.0/16
+    - 10.0.0.0/8
+    - 172.16.0.0/12
+    # Tailscale 网段 — 已通过 PROCESS-NAME,tailscaled 直连
+    - 100.64.0.0/10
+
 #自定义 geodata url
 geox-url:
   geoip: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.dat"