在访问外网或使用 Cursor、ChatGPT、Claude Code 等工具时,因地域限制导致服务不可用的情况十分常见需要借助代理工具进行网络加速。不少用户即使已经开启代理,也会发生真实 IP 泄漏,导致账号风控、封禁或隐私暴露。
本文将围绕 Clash Verge 展开,系统讲解:
- WebRTC 泄漏、DNS 泄漏的真实成因
- 如何通过 扩展脚本 + DNS 策略 彻底修复 IP 泄漏
- 如何实现 不同网站走不同节点的精准分流配置
适合有一定基础、希望进一步提升安全性与可控性的用户。
![图片[1]-Clash Verge 进阶配置教程:彻底解决 WebRTC / DNS IP 泄漏 + 精准分流规则详解-微生之最](https://cos.swszz.cn/2025/11/20251111195031267-1024x326.png)
一、核心痛点:什么是 WebRTC / DNS 泄漏?
WebRTC 泄漏原理
WebRTC(Web Real-Time Communication)是浏览器内置的实时通信技术,其底层使用 STUN 协议 进行 NAT 穿透。
系统开启代理:
- 浏览器仍可能 绕过代理
- 直接向公网 STUN 服务器发送探测请求
- 从而暴露 真实公网 IP 或局域网 IP
常见于 Chrome / Edge / Chromium 内核浏览器。
DNS 泄漏原理(更隐蔽)
DNS 泄漏通常发生在:
- 系统 DNS 未被代理接管
- 查询请求直接发往本地运营商 DNS(如 114、223)
结果是:
即使代理 IP 显示正常,仍存在隐私风险
访问域名记录被明文解析
真实出口 IP 被 DNS 服务器记录
二、IP 泄漏快速检测方法(实测有效)
建议在 开启代理前 / 后各测试一次:
- DNS 泄漏检测:
https://ipleak.net - 综合检测(WebRTC / DNS):
https://browserleaks.com/dns
安全状态判断标准:
- 显示 IP 为代理节点 IP
- DNS 服务器归属与代理地区一致
- 无本地运营商 DNS 出现
三、Clash Verge 基础资源准备
官方下载地址
https://github.com/clash-verge-rev/clash-verge-rev/releases
支持 Windows / macOS / Linux。
基础入门教程
https://clashverge.net/tutorial/
新手建议先熟悉:启动、订阅导入、代理模式切换。
四、(一)自定义分流规则:不同网站走不同线路
这是 Clash Verge 最核心、也是最实用的能力。
![图片[2]-Clash Verge 进阶配置教程:彻底解决 WebRTC / DNS IP 泄漏 + 精准分流规则详解-微生之最](https://cos.swszz.cn/2025/11/20251111195149481-1024x871.png)
典型需求示例
- YouTube → 美国节点
- ChatGPT / Claude → 澳大利亚、新加坡节点
- 国内网站 → DIRECT
操作步骤
创建自定义代理组
- 进入「配置」→ 编辑当前配置
- 在「代理组」中新增分组
- 如:
YouTube 专属、GPT 专属 - 勾选对应节点
添加分流规则
- 进入「规则」模块 → 新增规则
- 类型选择:
DOMAIN-SUFFIX - 示例:
youtube.com→ YouTube 专属chat.openai.com→ GPT 专属
保存后立即生效。
四、(二)扩展脚本 + DNS 策略:彻底修复 IP 泄漏(重点)
![图片[3]-Clash Verge 进阶配置教程:彻底解决 WebRTC / DNS IP 泄漏 + 精准分流规则详解-微生之最](https://cos.swszz.cn/2025/11/20251111195243400-1024x752.png)
仅靠分流规则 无法解决 IP 泄漏问题,必须从 DNS 和协议层入手。
启用扩展脚本
- 进入配置编辑页面
- 找到「扩展脚本」模块
- 导入适配 Clash Verge 的优化脚本
脚本:
// 国内DNS服务器
const domesticNameservers = [
"https://223.5.5.5/dns-query", // 阿里DoH
"https://doh.pub/dns-query" // 腾讯DoH
];
// 国外DNS服务器
const foreignNameservers = [
"https://208.67.222.222/dns-query", // OpenDNS
"https://77.88.8.8/dns-query", //YandexDNS
"https://1.1.1.1/dns-query", // CloudflareDNS
"https://8.8.4.4/dns-query", // GoogleDNS
];
// DNS配置
const dnsConfig = {
"enable": true,
"listen": "0.0.0.0:1053",
"ipv6": false,
"prefer-h3": false,
"respect-rules": true,
"use-system-hosts": false,
"cache-algorithm": "arc",
"enhanced-mode": "fake-ip",
"fake-ip-range": "198.18.0.1/16",
"fake-ip-filter": [
// 本地主机/设备
"+.lan",
"+.local",
// // Windows网络出现小地球图标
"+.msftconnecttest.com",
"+.msftncsi.com",
// QQ快速登录检测失败
"localhost.ptlogin2.qq.com",
"localhost.sec.qq.com",
// 追加以下条目
"+.in-addr.arpa",
"+.ip6.arpa",
"time.*.com",
"time.*.gov",
"pool.ntp.org",
// 微信快速登录检测失败
"localhost.work.weixin.qq.com"
],
"default-nameserver": ["223.5.5.5","1.2.4.8"],//可修改成自己ISP的DNS
"nameserver": [...foreignNameservers],
"proxy-server-nameserver":[...domesticNameservers],
"direct-nameserver":[...domesticNameservers],
"nameserver-policy": {
"geosite:private,cn": domesticNameservers
}
};
// 规则集通用配置
const ruleProviderCommon = {
"type": "http",
"format": "yaml",
"interval": 86400
};
// 规则集配置
const ruleProviders = {
"reject": {
...ruleProviderCommon,
"behavior": "domain",
"url": "https://fastly.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt",
"path": "./ruleset/loyalsoldier/reject.yaml"
},
"icloud": {
...ruleProviderCommon,
"behavior": "domain",
"url": "https://fastly.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt",
"path": "./ruleset/loyalsoldier/icloud.yaml"
},
"apple": {
...ruleProviderCommon,
"behavior": "domain",
"url": "https://fastly.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt",
"path": "./ruleset/loyalsoldier/apple.yaml"
},
"google": {
...ruleProviderCommon,
"behavior": "domain",
"url": "https://fastly.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt",
"path": "./ruleset/loyalsoldier/google.yaml"
},
"proxy": {
...ruleProviderCommon,
"behavior": "domain",
"url": "https://fastly.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt",
"path": "./ruleset/loyalsoldier/proxy.yaml"
},
"direct": {
...ruleProviderCommon,
"behavior": "domain",
"url": "https://fastly.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt",
"path": "./ruleset/loyalsoldier/direct.yaml"
},
"private": {
...ruleProviderCommon,
"behavior": "domain",
"url": "https://fastly.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt",
"path": "./ruleset/loyalsoldier/private.yaml"
},
"gfw": {
...ruleProviderCommon,
"behavior": "domain",
"url": "https://fastly.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt",
"path": "./ruleset/loyalsoldier/gfw.yaml"
},
"tld-not-cn": {
...ruleProviderCommon,
"behavior": "domain",
"url": "https://fastly.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt",
"path": "./ruleset/loyalsoldier/tld-not-cn.yaml"
},
"telegramcidr": {
...ruleProviderCommon,
"behavior": "ipcidr",
"url": "https://fastly.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt",
"path": "./ruleset/loyalsoldier/telegramcidr.yaml"
},
"cncidr": {
...ruleProviderCommon,
"behavior": "ipcidr",
"url": "https://fastly.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt",
"path": "./ruleset/loyalsoldier/cncidr.yaml"
},
"lancidr": {
...ruleProviderCommon,
"behavior": "ipcidr",
"url": "https://fastly.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt",
"path": "./ruleset/loyalsoldier/lancidr.yaml"
},
"applications": {
...ruleProviderCommon,
"behavior": "classical",
"url": "https://fastly.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt",
"path": "./ruleset/loyalsoldier/applications.yaml"
},
"bahamut": {
...ruleProviderCommon,
"behavior": "classical",
"url": "https://fastly.jsdelivr.net/gh/xiaolin-007/clash@main/rule/Bahamut.txt",
"path": "./ruleset/xiaolin-007/bahamut.yaml"
},
"YouTube": {
...ruleProviderCommon,
"behavior": "classical",
"url": "https://fastly.jsdelivr.net/gh/xiaolin-007/clash@main/rule/YouTube.txt",
"path": "./ruleset/xiaolin-007/YouTube.yaml"
},
"Netflix": {
...ruleProviderCommon,
"behavior": "classical",
"url": "https://fastly.jsdelivr.net/gh/xiaolin-007/clash@main/rule/Netflix.txt",
"path": "./ruleset/xiaolin-007/Netflix.yaml"
},
"Spotify": {
...ruleProviderCommon,
"behavior": "classical",
"url": "https://fastly.jsdelivr.net/gh/xiaolin-007/clash@main/rule/Spotify.txt",
"path": "./ruleset/xiaolin-007/Spotify.yaml"
},
"BilibiliHMT": {
...ruleProviderCommon,
"behavior": "classical",
"url": "https://fastly.jsdelivr.net/gh/xiaolin-007/clash@main/rule/BilibiliHMT.txt",
"path": "./ruleset/xiaolin-007/BilibiliHMT.yaml"
},
"AI": {
...ruleProviderCommon,
"behavior": "classical",
"url": "https://fastly.jsdelivr.net/gh/xiaolin-007/clash@main/rule/AI.txt",
"path": "./ruleset/xiaolin-007/AI.yaml"
},
"TikTok": {
...ruleProviderCommon,
"behavior": "classical",
"url": "https://fastly.jsdelivr.net/gh/xiaolin-007/clash@main/rule/TikTok.txt",
"path": "./ruleset/xiaolin-007/TikTok.yaml"
},
};
// 规则
const rules = [
// 自定义规则
"DOMAIN-SUFFIX,googleapis.cn,节点选择", // Google服务
"DOMAIN-SUFFIX,gstatic.com,节点选择", // Google静态资源
"DOMAIN-SUFFIX,xn--ngstr-lra8j.com,节点选择", // Google Play下载服务
"DOMAIN-SUFFIX,github.io,节点选择", // Github Pages
"DOMAIN,v2rayse.com,节点选择", // V2rayse节点工具
// Loyalsoldier 规则集
"RULE-SET,applications,全局直连",
"RULE-SET,private,全局直连",
"RULE-SET,reject,广告过滤",
"RULE-SET,icloud,微软服务",
"RULE-SET,apple,苹果服务",
"RULE-SET,YouTube,YouTube",
"RULE-SET,Netflix,Netflix",
"RULE-SET,bahamut,动画疯",
"RULE-SET,Spotify,Spotify",
"RULE-SET,BilibiliHMT,哔哩哔哩港澳台",
"RULE-SET,AI,AI",
"RULE-SET,TikTok,TikTok",
"RULE-SET,google,谷歌服务",
"RULE-SET,proxy,节点选择",
"RULE-SET,gfw,节点选择",
"RULE-SET,tld-not-cn,节点选择",
"RULE-SET,direct,全局直连",
"RULE-SET,lancidr,全局直连,no-resolve",
"RULE-SET,cncidr,全局直连,no-resolve",
"RULE-SET,telegramcidr,电报消息,no-resolve",
// 其他规则
"GEOSITE,CN,全局直连",
"GEOIP,LAN,全局直连,no-resolve",
"GEOIP,CN,全局直连,no-resolve",
"MATCH,漏网之鱼"
];
// 代理组通用配置
const groupBaseOption = {
"interval": 300,
"timeout": 3000,
"url": "https://www.google.com/generate_204",
"lazy": true,
"max-failed-times": 3,
"hidden": false
};
// 程序入口
function main(config) {
const proxyCount = config?.proxies?.length ?? 0;
const proxyProviderCount =
typeof config?.["proxy-providers"] === "object" ? Object.keys(config["proxy-providers"]).length : 0;
if (proxyCount === 0 && proxyProviderCount === 0) {
throw new Error("配置文件中未找到任何代理");
}
// 覆盖原配置中DNS配置
config["dns"] = dnsConfig;
// 覆盖原配置中的代理组
config["proxy-groups"] = [
{
...groupBaseOption,
"name": "节点选择",
"type": "select",
"include-all": true,
"filter": "^(?!.*(官网|套餐|流量|异常|剩余)).*$",
"icon": "https://fastly.jsdelivr.net/gh/clash-verge-rev/clash-verge-rev.github.io@main/docs/assets/icons/adjust.svg"
},
{
...groupBaseOption,
"name": "谷歌服务",
"type": "select",
"proxies": ["节点选择","全局直连"],
"include-all": true,
"icon": "https://fastly.jsdelivr.net/gh/clash-verge-rev/clash-verge-rev.github.io@main/docs/assets/icons/google.svg"
},
{
...groupBaseOption,
"name": "YouTube",
"type": "select",
"proxies": ["节点选择","全局直连"],
"include-all": true,
"icon": "https://fastly.jsdelivr.net/gh/clash-verge-rev/clash-verge-rev.github.io@main/docs/assets/icons/youtube.svg"
},
{
...groupBaseOption,
"name": "Netflix",
"type": "select",
"proxies": ["节点选择","全局直连"],
"include-all": true,
"icon": "https://fastly.jsdelivr.net/gh/xiaolin-007/clash@main/icon/netflix.svg"
},
{
...groupBaseOption,
"name": "电报消息",
"type": "select",
"proxies": ["节点选择","全局直连"],
"include-all": true,
"icon": "https://fastly.jsdelivr.net/gh/clash-verge-rev/clash-verge-rev.github.io@main/docs/assets/icons/telegram.svg"
},
{
...groupBaseOption,
"name": "AI",
"type": "select",
"include-all": true,
"proxies": ["节点选择"],
"icon": "https://fastly.jsdelivr.net/gh/clash-verge-rev/clash-verge-rev.github.io@main/docs/assets/icons/chatgpt.svg"
},
{
...groupBaseOption,
"name": "TikTok",
"type": "select",
"include-all": true,
"proxies": ["节点选择"],
"icon": "https://fastly.jsdelivr.net/gh/xiaolin-007/clash@main/icon/tiktok.svg"
},
{
...groupBaseOption,
"name": "微软服务",
"type": "select",
"proxies": ["全局直连","节点选择"],
"include-all": true,
"icon": "https://fastly.jsdelivr.net/gh/clash-verge-rev/clash-verge-rev.github.io@main/docs/assets/icons/microsoft.svg"
},
{
...groupBaseOption,
"name": "苹果服务",
"type": "select",
"proxies": ["节点选择","全局直连"],
"include-all": true,
"icon": "https://fastly.jsdelivr.net/gh/clash-verge-rev/clash-verge-rev.github.io@main/docs/assets/icons/apple.svg"
},
{
...groupBaseOption,
"name": "动画疯",
"type": "select",
"proxies": ["节点选择"],
"include-all": true,
"filter": "(?i)台|tw|TW",
"icon": "https://fastly.jsdelivr.net/gh/xiaolin-007/clash@main/icon/Bahamut.svg"
},
{
...groupBaseOption,
"name": "哔哩哔哩港澳台",
"type": "select",
"proxies": ["全局直连","节点选择"],
"include-all": true,
"filter": "^(?!.*(官网|套餐|流量|异常|剩余)).*$",
"icon": "https://fastly.jsdelivr.net/gh/xiaolin-007/clash@main/icon/bilibili.svg"
},
{
...groupBaseOption,
"name": "Spotify",
"type": "select",
"proxies": ["节点选择","全局直连"],
"include-all": true,
"icon": "https://fastly.jsdelivr.net/gh/xiaolin-007/clash@main/icon/spotify.svg"
},
{
...groupBaseOption,
"name": "广告过滤",
"type": "select",
"proxies": ["REJECT", "DIRECT"],
"icon": "https://fastly.jsdelivr.net/gh/clash-verge-rev/clash-verge-rev.github.io@main/docs/assets/icons/bug.svg"
},
{
...groupBaseOption,
"name": "全局直连",
"type": "select",
"proxies": ["DIRECT","节点选择"],
"include-all": true,
"icon": "https://fastly.jsdelivr.net/gh/clash-verge-rev/clash-verge-rev.github.io@main/docs/assets/icons/link.svg"
},
{
...groupBaseOption,
"name": "全局拦截",
"type": "select",
"proxies": ["REJECT", "DIRECT"],
"icon": "https://fastly.jsdelivr.net/gh/clash-verge-rev/clash-verge-rev.github.io@main/docs/assets/icons/block.svg"
},
{
...groupBaseOption,
"name": "漏网之鱼",
"type": "select",
"proxies": ["节点选择","全局直连"],
"include-all": true,
"filter": "^(?!.*(官网|套餐|流量|异常|剩余)).*$",
"icon": "https://fastly.jsdelivr.net/gh/clash-verge-rev/clash-verge-rev.github.io@main/docs/assets/icons/fish.svg"
}
];
// 覆盖原配置中的规则
config["rule-providers"] = ruleProviders;
config["rules"] = rules;
// 添加判断
if(config["proxies"]) {
config["proxies"].forEach(proxy => {
// 为每个节点设置 udp = true
proxy.udp = true
})
}
// 返回修改后的配置
return config;
}
![图片[4]-Clash Verge 进阶配置教程:彻底解决 WebRTC / DNS IP 泄漏 + 精准分流规则详解-微生之最](https://cos.swszz.cn/2025/11/20251111195311740-1024x754.png)
扩展脚本核心作用
- 阻断 WebRTC 的 STUN 探测请求
- 强制 DNS 查询走代理通道
- 自动兼容 V2Ray / Trojan / Shadowsocks
DNS 建议配置(补充关键点)
在配置文件中建议使用:
enhanced-mode: fake-ip(优先推荐)- 启用
dns-hijack或tun模式(系统级接管)
这是防止 系统层 DNS 泄漏 的关键。
五、配置完成后的验证流程
- 重启 Clash Verge
- 清空浏览器缓存(必要)
- 打开检测网站再次测试
- 确认:
- IP 为代理节点 IP
- DNS 服务器不含本地运营商
- WebRTC 无真实 IP 暴露
六、常见误区补充(SEO 加分点)
- 仅关闭浏览器 WebRTC ≠ 无 IP 泄漏
- 分流规则 ≠ DNS 安全
- 扩展脚本 + DNS 接管 才是完整方案
总结
Clash Verge 不只是一个“能用的代理客户端”,通过 自定义分流规则 + 扩展脚本 + DNS 接管配置,可以在兼顾访问体验的同时,彻底解决 WebRTC 与 DNS IP 泄漏问题。
对于需要长期稳定使用外网服务、AI 工具或跨区资源的用户,这套进阶配置是非常有必要的。
© 版权声明
版权保护声明
尊重原创,保护知识产权
原创保护:本站所有原创内容均受著作权法保护,未经许可禁止转载或商业使用
转载规范:如需转载,请注明出处并保留原文链接,不得删改内容
免责声明:本站仅提供学习交流平台,内容观点不代表本站立场
侵权处理:如发现侵权内容,请及时联系我们,将在第一时间处理
THE END
暂无评论内容