Add OpenVPN, TrustTunnel, Sudoku, inbound managers. Fixes

2026-06-07 19:54:56 +03:00 · 2026-06-04 01:47:50 +03:00
parent 9b3da79c32
commit 195a33379d
164 changed files with 16665 additions and 1332 deletions
--- a/examples/admin_panel-manager-node/manager.json
+++ b/examples/admin_panel-manager-node/manager.json
@@ -64,6 +64,8 @@
      "listen_port": 7000,
      "manager": "my-manager",
      "api_key": "change-me-secret",
+      "keep_alive": "10s",
+      "keep_alive_timeout": "5s",
      // Enable TLS for production deployments (the node connects via gRPC over h2):
      // "tls": { // https://sing-box.sagernet.org/configuration/shared/tls/#inbound
      //   "enabled": true,
--- a/examples/amnezia/client.json
+++ b/examples/amnezia/client.json
@@ -23,8 +23,7 @@
          "address": "example.com",
          "port": 10001,
          "public_key": "3nk7jdnkcL95Fc/z+GCiH7jOovEKhFkLIGPT+U/uLEQ=",
-          "allowed_ips": ["0.0.0.0/0"],
-          "reserved": "AAAA"
+          "allowed_ips": ["0.0.0.0/0"]
        }
      ],
      "udp_timeout": "5m0s",
--- a/examples/masque/client.json
+++ b/examples/masque/client.json
@@ -29,7 +29,6 @@
      "use_ipv6": false,
      "profile": {
        "detour": "direct",
-        // For getting existing MASQUE device profile, else sing-box will create new profile
        "id": "",
        "auth_token": ""
      },
@@ -37,14 +36,15 @@
      "udp_keepalive_period": "30s",
      "udp_initial_packet_size": 0,
      "reconnect_delay": "5s",
-      // TLS fields for HTTP2
-      "insecure": false,
-      "cipher_suites": [],
-      "curve_preferences": [],
-      "fragment": false,
-      "record_fragment": false,
-      "kernel_tx": false,
-      "kernel_rx": false
+      "tls": {
+        "insecure": false,
+        "cipher_suites": [],
+        "curve_preferences": [],
+        "fragment": false,
+        "record_fragment": false,
+        "kernel_tx": false,
+        "kernel_rx": false
+      }
      // Dial Fields
    }
  ],
@@ -53,4 +53,4 @@
    "default_domain_resolver": "default",
    "auto_detect_interface": true
  }
-}
+}
--- a/examples/openvpn/auth-user-pass.json
+++ b/examples/openvpn/auth-user-pass.json
@@ -0,0 +1,46 @@
+{
+  "log": {
+    "level": "info"
+  },
+  "inbounds": [
+    {
+      "type": "mixed",
+      "tag": "mixed-in",
+      "listen_port": 7897
+    }
+  ],
+  "outbounds": [
+    {
+      "type": "openvpn",
+      "tag": "openvpn-out",
+      "servers": [
+        {
+          "server": "vpn.example.com",
+          "server_port": 1194
+        }
+      ],
+      "proto": "udp", // udp, tcp
+      "username": "myuser",
+      "password": "mypassword",
+      "tls_crypt": "-----BEGIN OpenVPN Static key V1-----\n...\n-----END OpenVPN Static key V1-----",
+      // or: "tls_crypt_path": "/path/to/ta.key",
+      "tls": {
+        "ca": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
+        // or: "ca_path": "/path/to/ca.crt",
+        "cipher_suites": [],
+        "verify_x509_name": "",
+        "verify_x509_name_mode": "", // name-prefix, name-suffix, exact (default)
+        "fragment": false,
+        "fragment_fallback_delay": "300ms",
+        "record_fragment": false,
+        "kernel_tx": false,
+        "kernel_rx": false
+      }
+      // Dial Fields
+    }
+  ],
+  "route": {
+    "final": "openvpn-out",
+    "auto_detect_interface": true
+  }
+}
--- a/examples/openvpn/tls-auth.json
+++ b/examples/openvpn/tls-auth.json
@@ -0,0 +1,51 @@
+{
+  "log": {
+    "level": "info"
+  },
+  "inbounds": [
+    {
+      "type": "mixed",
+      "tag": "mixed-in",
+      "listen_port": 7897
+    }
+  ],
+  "outbounds": [
+    {
+      "type": "openvpn",
+      "tag": "openvpn-out",
+      "servers": [
+        {
+          "server": "vpn.example.com",
+          "server_port": 1194
+        }
+      ],
+      "proto": "udp", // udp, tcp
+      "cipher": "AES-256-CBC",
+      "auth": "SHA1",
+      "tls_auth": "-----BEGIN OpenVPN Static key V1-----\n...\n-----END OpenVPN Static key V1-----",
+      // or: "tls_auth_path": "/path/to/ta.key",
+      "key_direction": 1,
+      "tls": {
+        "certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
+        // or: "certificate_path": "/path/to/client.crt",
+        "key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----",
+        // or: "key_path": "/path/to/client.key",
+        "ca": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
+        // or: "ca_path": "/path/to/ca.crt",
+        "cipher_suites": [],
+        "verify_x509_name": "",
+        "verify_x509_name_mode": "", // name-prefix, name-suffix, exact (default)
+        "fragment": false,
+        "fragment_fallback_delay": "300ms",
+        "record_fragment": false,
+        "kernel_tx": false,
+        "kernel_rx": false
+      }
+      // Dial Fields
+    }
+  ],
+  "route": {
+    "final": "openvpn-out",
+    "auto_detect_interface": true
+  }
+}
--- a/examples/openvpn/tls-crypt-v2.json
+++ b/examples/openvpn/tls-crypt-v2.json
@@ -0,0 +1,49 @@
+{
+  "log": {
+    "level": "info"
+  },
+  "inbounds": [
+    {
+      "type": "mixed",
+      "tag": "mixed-in",
+      "listen_port": 7897
+    }
+  ],
+  "outbounds": [
+    {
+      "type": "openvpn",
+      "tag": "openvpn-out",
+      "servers": [
+        {
+          "server": "vpn.example.com",
+          "server_port": 1194
+        }
+      ],
+      "proto": "udp", // udp, tcp
+      "tls_crypt": "-----BEGIN OpenVPN tls-crypt-v2 client key-----\n...\n-----END OpenVPN tls-crypt-v2 client key-----",
+      // or: "tls_crypt_path": "/path/to/tls-crypt-v2.key",
+      "tls_crypt_v2": true,
+      "tls": {
+        "certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
+        // or: "certificate_path": "/path/to/client.crt",
+        "key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----",
+        // or: "key_path": "/path/to/client.key",
+        "ca": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
+        // or: "ca_path": "/path/to/ca.crt",
+        "cipher_suites": [],
+        "verify_x509_name": "",
+        "verify_x509_name_mode": "", // name-prefix, name-suffix, exact (default)
+        "fragment": false,
+        "fragment_fallback_delay": "300ms",
+        "record_fragment": false,
+        "kernel_tx": false,
+        "kernel_rx": false
+      }
+      // Dial Fields
+    }
+  ],
+  "route": {
+    "final": "openvpn-out",
+    "auto_detect_interface": true
+  }
+}
--- a/examples/openvpn/tls-crypt.json
+++ b/examples/openvpn/tls-crypt.json
@@ -0,0 +1,52 @@
+{
+  "log": {
+    "level": "info"
+  },
+  "inbounds": [
+    {
+      "type": "mixed",
+      "tag": "mixed-in",
+      "listen_port": 7897
+    }
+  ],
+  "outbounds": [
+    {
+      "type": "openvpn",
+      "tag": "openvpn-out",
+      "servers": [
+        {
+          "server": "vpn.example.com",
+          "server_port": 1194
+        }
+      ],
+      "proto": "udp", // udp, tcp
+      "cipher": "AES-256-GCM", // AES-128-GCM, AES-192-GCM, AES-256-GCM, AES-128-CBC, AES-192-CBC, AES-256-CBC, CHACHA20-POLY1305
+      "auth": "SHA256", // SHA1, SHA256, SHA384, SHA512 (ignored for AEAD ciphers)
+      "tls_crypt": "-----BEGIN OpenVPN Static key V1-----\n...\n-----END OpenVPN Static key V1-----",
+      // or: "tls_crypt_path": "/path/to/ta.key",
+      "ping_interval": "10s",
+      "reconnect_delay": "30s",
+      "tls": {
+        "certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
+        // or: "certificate_path": "/path/to/client.crt",
+        "key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----",
+        // or: "key_path": "/path/to/client.key",
+        "ca": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
+        // or: "ca_path": "/path/to/ca.crt",
+        "cipher_suites": [],
+        "verify_x509_name": "",
+        "verify_x509_name_mode": "", // name-prefix, name-suffix, exact (default)
+        "fragment": false,
+        "fragment_fallback_delay": "300ms",
+        "record_fragment": false,
+        "kernel_tx": false,
+        "kernel_rx": false
+      }
+      // Dial Fields
+    }
+  ],
+  "route": {
+    "final": "openvpn-out",
+    "auto_detect_interface": true
+  }
+}
--- a/examples/provider/local.json
+++ b/examples/provider/local.json
@@ -48,6 +48,8 @@
      //   - SIP008 (shadowsocks)
      //   - Raw shareable links (vless://, vmess://, ss://, trojan://, ...)
      "path": "subscriptions/my-sub.txt",
+      // Remove emoji flags from proxy names.
+      "remove_emojis": true,
      "health_check": {
        "enabled": true,
        "url": "https://www.gstatic.com/generate_204",
--- a/examples/provider/remote.json
+++ b/examples/provider/remote.json
@@ -56,6 +56,8 @@
      // "exclude" wins over "include" when both match.
      "exclude": "(?i)expire|流量|官网",
      "include": "(?i)hk|jp|sg|us",
+      // Remove emoji flags from proxy names.
+      "remove_emojis": true,
      "health_check": {
        "enabled": true,
        "url": "https://www.gstatic.com/generate_204",
--- a/examples/sudoku/client.json
+++ b/examples/sudoku/client.json
@@ -0,0 +1,17 @@
+{
+  "inbounds": [
+    {
+      "type": "mixed",
+      "listen": "127.0.0.1",
+      "listen_port": 1080
+    }
+  ],
+  "outbounds": [
+    {
+      "type": "sudoku",
+      "server": "your-server.com",
+      "server_port": 443,
+      "key": "your-secret-key"
+    }
+  ]
+}
--- a/examples/sudoku/client_tls.json
+++ b/examples/sudoku/client_tls.json
@@ -0,0 +1,29 @@
+{
+  "inbounds": [
+    {
+      "type": "mixed",
+      "listen": "127.0.0.1",
+      "listen_port": 1080
+    }
+  ],
+  "outbounds": [
+    {
+      "type": "sudoku",
+      "server": "your-server.com",
+      "server_port": 443,
+      "key": "your-secret-key",
+      "tls": {
+        "enabled": true,
+        "fragment": true,
+        "fragment_fallback_delay": "300ms"
+      },
+      "http_mask": {
+        "enabled": true,
+        "mode": "stream",
+        "host": "cdn.example.com",
+        "path_root": "secret",
+        "multiplex": "auto"
+      }
+    }
+  ]
+}
--- a/examples/sudoku/server.json
+++ b/examples/sudoku/server.json
@@ -0,0 +1,15 @@
+{
+  "inbounds": [
+    {
+      "type": "sudoku",
+      "listen": "::",
+      "listen_port": 443,
+      "key": "your-secret-key"
+    }
+  ],
+  "outbounds": [
+    {
+      "type": "direct"
+    }
+  ]
+}
--- a/examples/sudoku/server_advanced.json
+++ b/examples/sudoku/server_advanced.json
@@ -0,0 +1,22 @@
+{
+  "inbounds": [
+    {
+      "type": "sudoku",
+      "listen": "::",
+      "listen_port": 443,
+      "key": "your-secret-key",
+      "aead_method": "aes-128-gcm",
+      "table_type": "prefer_entropy",
+      "padding_min": 10,
+      "padding_max": 50,
+      "http_mask_mode": "stream",
+      "path_root": "secret",
+      "fallback": "127.0.0.1:8080"
+    }
+  ],
+  "outbounds": [
+    {
+      "type": "direct"
+    }
+  ]
+}
--- a/examples/trusttunnel/client.json
+++ b/examples/trusttunnel/client.json
@@ -0,0 +1,78 @@
+{
+  "dns": {
+    "servers": [
+      {
+        "type": "local",
+        "tag": "default"
+      }
+    ]
+  },
+  "inbounds": [
+    {
+      "type": "mixed",
+      "tag": "mixed-in",
+      "listen_port": 7897
+    }
+  ],
+  "outbounds": [
+    {
+      "type": "direct",
+      "tag": "direct"
+    },
+    {
+      "type": "trusttunnel",
+      "tag": "trusttunnel-h2",
+      "server": "example.com",
+      "server_port": 443,
+      "username": "user1",
+      "password": "password1",
+      "network": ["tcp", "udp"],
+      "health_check": true,
+      "multiplex": {
+        "enabled": true,
+        "max_connections": 8,
+        "min_streams": 5
+      },
+      "tls": {
+        "enabled": true,
+        "server_name": "example.com"
+      }
+      // Dial Fields
+    },
+    {
+      "type": "trusttunnel",
+      "tag": "trusttunnel-quic",
+      "server": "example.com",
+      "server_port": 443,
+      "username": "user1",
+      "password": "password1",
+      "network": ["tcp", "udp"],
+      "health_check": true,
+      "quic": true,
+      "congestion_controller": "bbr", // bbr, bbr_standard, bbr2, bbr2_variant, cubic, reno
+      "bbr_profile": "standard", // standard, conservative, aggressive
+      "cwnd": 32,
+      "multiplex": {
+        "enabled": true,
+        "max_connections": 8,
+        "min_streams": 5
+      },
+      "tls": {
+        "enabled": true,
+        "server_name": "example.com"
+      }
+      // Dial Fields
+    },
+    {
+      "type": "selector",
+      "tag": "trusttunnel-selector",
+      "outbounds": ["trusttunnel-h2", "trusttunnel-quic"],
+      "default": "trusttunnel-h2"
+    }
+  ],
+  "route": {
+    "final": "trusttunnel-selector",
+    "default_domain_resolver": "default",
+    "auto_detect_interface": true
+  }
+}
--- a/examples/trusttunnel/server.json
+++ b/examples/trusttunnel/server.json
@@ -0,0 +1,32 @@
+{
+  "inbounds": [
+    {
+      "type": "trusttunnel",
+      "tag": "trusttunnel-in",
+      "listen": "::",
+      "listen_port": 443,
+      "network": ["tcp", "udp"],
+      "users": [
+        {
+          "name": "user1",
+          "password": "password1"
+        }
+      ],
+      "congestion_controller": "bbr", // bbr, bbr_standard, bbr2, bbr2_variant, cubic, reno
+      "bbr_profile": "standard", // standard, conservative, aggressive
+      "cwnd": 32,
+      "tls": {
+        "enabled": true,
+        "alpn": ["h2", "h3"],
+        "certificate_path": "/path/to/cert.pem",
+        "key_path": "/path/to/key.pem"
+      }
+    }
+  ],
+  "outbounds": [
+    {
+      "type": "direct",
+      "tag": "direct"
+    }
+  ]
+}
--- a/examples/wireguard/client.json
+++ b/examples/wireguard/client.json
@@ -23,8 +23,7 @@
          "address": "example.com",
          "port": 10001,
          "public_key": "3nk7jdnkcL95Fc/z+GCiH7jOovEKhFkLIGPT+U/uLEQ=",
-          "allowed_ips": ["0.0.0.0/0"],
-          "reserved": "AAAA"
+          "allowed_ips": ["0.0.0.0/0"]
        }
      ],
      "udp_timeout": "5m0s",