sing-box TUN+REALITY（iOS/Windows客户端配置示例）

最近sing-box又出了一个新的IOS客户端：sfi。

sfi目前使用起来还不太方便，配置只能手搓，不过这都小问题，主要是目前想在IOS上用reality的话就只有这个客户端支持，小火箭啥的估计没个把月不会更新。。

更多关于sfi的介绍可看这里：https://sing-box.sagernet.org/installation/clients/sfi/

reality服务端的配置可看我之前的这篇文章：https://lala.im/8610.html

有一个需要注意的点是新版本的sing-box现在vless入站也要填写flow了：

"flow": "xtls-rprx-vision"

其他的没有变化，下面是我自己根据文档搓的2份客户端配置文件，一个IOS的，一个windows的。

IOS：

{    "log": {      "level": "info",      "timestamp": true    },    "dns": {      "servers": [        {          "tag": "cloudflare",          "address": "https://1.1.1.1/dns-query"        },        {          "tag": "dnspod",          "address": "https://1.12.12.12/dns-query",          "detour": "direct"        },        {          "tag": "block",          "address": "rcode://success"        }      ],      "rules": [        {          "geosite": "cn",          "server": "dnspod"        },        {          "geosite": "category-ads-all",          "server": "block",          "disable_cache": true        }      ]    },    "inbounds": [      {        "type": "tun",        "tag": "tun-in",        "interface_name": "tun0",        "inet4_address": "172.19.0.1/30",        "auto_route": true,        "strict_route": true,        "stack": "gvisor",        "sniff": true      }    ],    "outbounds": [      {        "type": "vless",        "tag": "vless-out",        "server": "1.2.3.4",        "server_port": 443,        "uuid": "8497c213-e47c-4df3-beb0-2f3db1605062",        "flow": "xtls-rprx-vision",        "network": "tcp",        "tls": {          "enabled": true,          "server_name": "www.docker.com",          "utls": {        	  "enabled": true,        	  "fingerprint": "safari"           },          "reality": {        	  "enabled": true,        	  "public_key": "o60BMlDgf_k_hAryojHWGrDkqjR8SvcYK5asrOoU1hA",        	  "short_id": "5d2e3ed92cf8a73b"          }        }      },      {        "type": "direct",        "tag": "direct"      },      {        "type": "block",        "tag": "block"      },      {        "type": "dns",        "tag": "dns"      }    ],    "route": {      "rules": [        {          "protocol": "dns",          "outbound": "dns"        },        {          "geosite": "cn",          "geoip": [            "cn",            "private"          ],          "outbound": "direct"        },        {          "geosite": "category-ads-all",          "outbound": "block"        }      ]    }  }

windows：

{    "log": {      "level": "info",      "timestamp": true    },    "dns": {      "servers": [        {          "tag": "cloudflare",          "address": "https://1.1.1.1/dns-query"        },        {          "tag": "dnspod",          "address": "https://1.12.12.12/dns-query",          "detour": "direct"        },        {          "tag": "block",          "address": "rcode://success"        }      ],      "rules": [        {          "geosite": "cn",          "server": "dnspod"        },        {          "geosite": "category-ads-all",          "server": "block",          "disable_cache": true        }      ]    },    "inbounds": [      {        "type": "tun",        "tag": "tun-in",        "interface_name": "singbox-tun",        "inet4_address": "172.20.0.1/30",        "auto_route": true,        "strict_route": true,        "stack": "system",        "sniff": true      }    ],    "outbounds": [      {        "type": "vless",        "tag": "vless-out",        "server": "1.2.3.4",        "server_port": 443,        "uuid": "8497c213-e47c-4df3-beb0-2f3db1605062",        "flow": "xtls-rprx-vision",        "network": "tcp",        "tls": {          "enabled": true,          "server_name": "www.docker.com",          "utls": {        	  "enabled": true,        	  "fingerprint": "chrome"           },          "reality": {        	  "enabled": true,        	  "public_key": "o60BMlDgf_k_hAryojHWGrDkqjR8SvcYK5asrOoU1hA",        	  "short_id": "5d2e3ed92cf8a73b"          }        }      },      {        "type": "direct",        "tag": "direct"      },      {        "type": "block",        "tag": "block"      },      {        "type": "dns",        "tag": "dns"      }    ],    "route": {      "rules": [        {          "protocol": "dns",          "outbound": "dns"        },        {          "geosite": "cn",          "geoip": [            "cn",            "private"          ],          "outbound": "direct"        },        {          "geosite": "category-ads-all",          "outbound": "block"        }      ],      "auto_detect_interface": true    }  }

2个平台配置的时候都有一些需要注意的点。

IOS：sfi不支持system stack，所以配置里面用的是gvisor。

windows：开启strict_route可以防止dns泄漏。另外必须配置auto_detect_interface防止流量环回。

无论是IOS还是windows使用tun模式的时候，dns服务器不要把格式配置成system协议的。

IOS的配置导入进去就能用了，下面我记录下windows的额外配置。

由于我这个win10里面有很多接口，我看了下有virtualbox、vmware、openvpn、网易uu游戏加速器等很多：

windows默认对这些接口都会自动设置一个优先级，如果这些接口的优先级比你用来上网的那个接口优先级高（一般用来上网的接口叫“以太网”。）那么sing-box就会把优先级最高的那个接口当作默认接口，这样就会导致最后sing-box是不能正常用的。

要解决的话也很简单，笨办法，把不用的接口都禁用掉，只留下用来上网的“以太网”。一开始我就是这样配置的，但是想了下这也太不方便了。后来仔细研究了下，发现是可以手动设置优先级的，下面说下方法。

首先用管理员身份打开powershell，执行下面的命令查看接口信息：

Get-NetIPInterface

主要看接口InterfaceMetric下面的值，值越低说明优先级越高：

可以看到我用来上网的“以太网”接口的值是100，而virtualbox、vmware等接口的值是25、35，都比“以太网”的值低。现在要做的就是修改这些接口的值，执行如下命令修改：

Set-NetIPInterface -InterfaceIndex 3 -InterfaceMetric 110  Set-NetIPInterface -InterfaceIndex 13 -InterfaceMetric 120  Set-NetIPInterface -InterfaceIndex 4 -InterfaceMetric 130  Set-NetIPInterface -InterfaceIndex 16 -InterfaceMetric 130

再看下，确认修改完成：

参考：

https://sing-box.sagernet.org/configuration/inbound/tun/
https://sing-box.sagernet.org/examples/tun/
https://sing-box.sagernet.org/examples/dns-hijack/
https://www.windowscentral.com/how-change-priority-order-network-adapters-windows-10