ytflow / maple Goto Github PK

View Code? Open in Web Editor NEW

1.2K 17.0 121.0 1.11 MB

A lightweight Universal Windows proxy app based on https://github.com/eycorsican/leaf

License: Apache License 2.0

C++ 96.65% C 2.83% HTML 0.51%

maple's Introduction

Maple

A lightweight Universal Windows proxy app based on https://github.com/eycorsican/leaf

Features

Comes with Leaf core:
- Domain name resolution with built-in DNS processor
- tun/shadowsocks/socks/trojan/ws chainable inbounds
- direct/drop/tls/ws/h2/shadowsocks/obfs/vmess/trojan/socks chainable outbounds
- failover/tryall/static composed outbounds
- amux multiplexing
- Rule system based on IP, GeoIP and domain name
- External rules from GeoIP database and V2Ray Domain List Community
Configuration management
Monaco-based conf editor with IntelliSence support
Outbound network adapter selection
UWP VPN Platform as TUN provider

Screenshots

Getting Started

Maple as a UWP app is distributed for sideloading only. When installed, it acts as a VPN provider which you will find in the VPN Settings. Use Maple app for configuration management, as well as adding external databases.

Install

Grab the latest package from Release page.
Extract everything from the package.
Right click the certificate (named Maple.App_x.y.z.0_x64.cer) and select Install Certificate.
On the Certificate Import Wizard, select Local Machine. Administrator privileges may be required to proceed.
Import the certificate to the Trusted Root Certification Authorities folder. Note: failure to import the certificate or choosing a wrong certificate store will prevent you from installing the app.
Open the AppxBundle (named Maple.App_x.y.z.0_x64.appxbundle) and follow the instructions until Maple is successfully installed on your computer.

Set up

Launch Maple from the Start menu.
Edit configuration. Refer to https://github.com/eycorsican/leaf/blob/master/README.zh.md for further explanation.
Save the configuration file.
If any EXTERNAL or GEOIP directive is used, drag external database files into Config area. V2Ray Domain List Community database can be fetched at https://github.com/v2ray/domain-list-community/releases/latest/download/dlc.dat . For GeoIP database, please go to MaxMind Developer Portal and sign up for free download.
Rename these databases accordingly (if applicable). By default, GeoIP database is geo.mmdb and V2Ray Domain List Community database is site.dat.
Go to Setting page in Maple. Choose your network adapter such as Ethernet or WLAN.
Launch Windows Settings app.
Add a VPN connection.
- For VPN provider, choose Maple.
- In the Connection name box, enter Maple.
- In the Server name or address box, enter https://github.com/YtFlow/Maple .
- Select Save.
If any Proxy Server has a loopback address (127.0.0.1 or ::1), make sure Loopback Exemption is enabled for Maple. See https://docs.microsoft.com/en-us/previous-versions/windows/apps/hh770532(v=win.10) .

Connect

Simply click the toggle button on the title bar, or
In Windows 11, select the battery, network, or volume icon to open the Quick Settings panel. Find Maple in VPN panel and connect, or
In Windows 10, select the Network icon on the taskbar, and click Maple. In Windows Settings app, select Maple, and then Connect.

~~Note: Modifying the current configuration file while VPN is connected will take effect immediately.~~ Hot reloading may be removed in a future release.

TODO

VPN lifecycle management on Maple UI
Better editing experience
external entries
Custom configuration folder location
Log collection (currently logs are sent to Visual Studio Output window for debugging only)
Unsandboxed Leaf core (#29)
VPN On Demand
Configurable routing entries
IPv6 support

Build

To build Leaf and Maple, you will need:

a Rust nightly-x86_64-pc-windows-msvc toolchain
Windows 10 SDK 10.0.22621
Visual Studio 2022 with C++ Development Workflow
- C++/WinRT Visual Studio extension must be installed to generate Windows Metadata.
Node.js 19.x or higher

Build steps:

Recursively clone this repository.
Open a PowerShell Prompt.
Change working directory to leaf.
cargo build -p leaf-ffi -Z build-std=std,panic_abort --target x86_64-uwp-windows-msvc.
For Release builds, use cargo build -p leaf-ffi -Z build-std=std,panic_abort --target x86_64-uwp-windows-msvc --release.
See also https://github.com/eycorsican/leaf#build .
Change working directory to Maple.App\MonacoEditor.
Build Monaco editor and language support: npm install && npm run build.
Open Maple.sln in Visual Studio.
Build Solution.

maple's People

Contributors

Stargazers

Watchers

Forkers

eycorsican bannedbook noraye chasejsun zsx-jojo josh-chan test-base cindymao56 ai2hub solitaryender og-c chowzenki littleserendipity stonestonestone realdream1900 han-hongyuan ponychang qnyblog sqzxcv superben2010 thkerlee jmichaelkane heremk neorainer living1069 lk26 mikexxma okyangzihong3558 milbk sf6472 tinyluck nopcall tenbagger imatrixme zsxdcvv88 jovidong ytldsimage esmivn highnoon8x chmarp snow2flying wheelcomplex huangjiaju dporter419 go8go netfly-vpn jaakko0625 hafsky contestjia chenchen90845 davidx-331 jvmkit simonhulu bolabola acovering backups-archives jeffry38 qiopgh gn73679 v8lab arkatsuki crackercat sp1ke47 trader7z eamon-cai rb191195 break-conner hinego karenking112 wb1t kiterepo waterwei wcpddd caiyishu vvhh2002 pins-rightnow xuxingfan gogcwy 2856571872 blog2i2j opoet7 rosario9527 xyzbubu lixuhao lianguooo abinchy sbh96 gg-big-org stricklandf backup-group lzb960827 yomaser newrain7803 youyeyuki mozayyanifar lee-sh827 babytall miladdictator liqianjie shieldgold

maple's Issues

GUI的Config页面的【更多】按钮

这个按钮的弹出选项位置不对，目前无法看到也无法点击
v0.6.0版本

可以做到开机启动并且自动应用吗

在Issues里逛了一圈没人问这个问题，我就来问了

Maple编译的leaf版本有什么特殊改动吗？

在windows平台使用相同的conf，Maple可以成功代理，原仓库编译的leaf开启代理不生效，leaf 0.9.3 和 0.8.2 两个版本都试过

[General]
loglevel = trace
dns-server = 223.5.5.5, 114.114.114.114
tun = auto

[Proxy]
VMESS0 = vmess, xxx.xxx.xxx.xxx, xxxx, username=xxx
DIRECT = direct
REJECT = reject

[Rule]
FINAL, VMESS0

PS D:\leaf\target\debug> .\leaf -c conf.conf
start with options:
StartOptions {
    config: File(
        "conf.conf",
    ),
    auto_reload: false,
    runtime_opt: MultiThreadAuto(
        2097152,
    ),
}
[2023-07-14 10:10:25][DEBUG] default handler [VMESS0]
[2023-07-14 10:10:25][TRACE] add handler [VMESS0]
[2023-07-14 10:10:25][TRACE] add handler [DIRECT]
[2023-07-14 10:10:25][TRACE] add handler [REJECT]
[2023-07-14 10:10:25][TRACE] added runtime 0

Fallback 连接报错 handler not found

升级到0.5.0，已经无法正常使用VMessWSS，测试过0.4.0也不行，之前一直正常使用0.3.0（现在证书过期也装不上去了）
问题如下：

直连正常
需要通过代理的全部被断开，VS跟踪结果附在最后

配置文件如下：

[General]
# Log are for debug only
loglevel = trace
# Do not remove tun-fd option
tun-fd = 233
dns-server = 223.5.5.5, 114.114.114.114

[Proxy]
Direct = direct
Reject = reject

VMessWSS = vmess, ..., 443, username=..., ws=true, tls=true, ws-path=/...

[Proxy Group]
Fallback = fallback, VMessWSS, interval=600, timeout=5

[Rule]

EXTERNAL, site:category-ads-all, Reject

IP-CIDR, 8.8.8.8/32, Fallback
DOMAIN, www.google.com, Fallback
DOMAIN-SUFFIX, google.com, Fallback
DOMAIN-KEYWORD, google, Fallback

# 等效于 EXTERNAL, mmdb:us, Fallback
GEOIP, us, Fallback

EXTERNAL, site:geolocation-!cn, Fallback

FINAL, Direct

VS调试输出（Fallback部分）：

[2021-09-06 15:55:02][DEBUG] www.google.com matches domain [www.google.com]
[2021-09-06 15:55:02][DEBUG] picked route [Fallback] for 192.168.3.1:52243 -> www.google.com:443
[2021-09-06 15:55:02][DEBUG] handler not found
[2021-09-06 15:55:02][TRACE] netstack tcp shutdown 192.168.3.1:52243
[2021-09-06 15:55:02][TRACE] netstack tcp drop 192.168.3.1:52243
[2021-09-06 15:55:02][TRACE] netstack tcp new 192.168.3.1:50704
[2021-09-06 15:55:02][DEBUG] www.google.com matches domain [www.google.com]
[2021-09-06 15:55:02][DEBUG] picked route [Fallback] for 192.168.3.1:50704 -> www.google.com:443
[2021-09-06 15:55:02][DEBUG] handler not found
[2021-09-06 15:55:02][TRACE] netstack tcp shutdown 192.168.3.1:50704
[2021-09-06 15:55:02][TRACE] netstack tcp drop 192.168.3.1:50704
[2021-09-06 15:55:02][TRACE] netstack tcp new 192.168.3.1:60754
[2021-09-06 15:55:02][DEBUG] www.google.com matches domain [www.google.com]
[2021-09-06 15:55:02][DEBUG] picked route [Fallback] for 192.168.3.1:60754 -> www.google.com:443
[2021-09-06 15:55:02][DEBUG] handler not found
[2021-09-06 15:55:02][TRACE] netstack tcp shutdown 192.168.3.1:60754
[2021-09-06 15:55:02][TRACE] netstack tcp drop 192.168.3.1:60754
[2021-09-06 15:55:02][TRACE] netstack tcp new 192.168.3.1:60596
[2021-09-06 15:55:02][TRACE] netstack tcp new 192.168.3.1:58264
[2021-09-06 15:55:02][DEBUG] [www.gstatic.com] matches domain suffix [gstatic.com]
[2021-09-06 15:55:02][DEBUG] picked route [Fallback] for 192.168.3.1:58264 -> www.gstatic.com:443
[2021-09-06 15:55:02][DEBUG] handler not found

看起来是没有找到Fallback，不知道为啥

请问一下 : 配置文件中的tun-fd 233是不变的吗？

是不是 leaf 对于windows来说没有tun模式？

I have vless config but I don't know how to apply it and use it in Maple

Hi my config is something like this in apps like v2rayN:

and its like this in Netch (same config):

can someone help me apply it? Netch is crashing after Starting and connecting and annoying and V2rayN is not effecting whole system (can't be used for Gaming) thats why I need Maple, something that can effect whole system like Netch but I can't config it

This is the Config it self:
vless://********-****-****-****-************@callofduty.gamer2sky.com:****?encryption=none&security=none&type=ws&host=callofduty.gamer2sky.com&path=%2F#%40vanenshii-23apr

geoip 无效

配置中geoip 不起作用

[Rule]
GEOIP, cn, Direct
GEOIP, private, Direct

FINAL, Proxy

chrome 中全部代理

Add IPv6 outbound support

Currently Maple does not support IPv6 address, please add IPv6 support, which is very useful in CERNET.

目前Maple不支持IPv6地址，请添加对IPv6的支持，这在教育网中很有用。

可否可以支持在任意路径创建配置文件，或者软链到任意路径？

我用git同步所有的dotfiles，这往往意味着我需要app支持指定目录的配置，否则我就要把文件软链到app的配置目录中。目前测试下来，Maple对两者都不太支持。在~\AppData\Local\Packages\56263bdbai.Maple_gv14dyc9zj8pj\LocalState\config中创建的symlink不能被识别为配置文件。

这是由于UWP的目录访问权限限制吗？

Package Installation Certificate

Importing unknown certificate into local machine trusted root authority is not acceptable for security reasons and in any way means opening door for MITM attack.

[Feature Request] 'Hot reloading' after configuration saved

I don't know if it's possible, but if it is, it will be better just hot reloading the new configuration after a saving action happened.

For now, Maple just won't respect the new configuration, which requires reconnecting to the vpn to make the new configuration take effect.

It could be like:

User edit and save configuration;
If configuration is valid, hot reloading to make the new configuration take effect immediately;
If not valid, alert user to take further action to correct the configuration;
If not valid, switching to another configuration will alert user the current draft configuration won't be saved;
If not valid, close Maple will alert user Maple will drop the draft configuration, which means all editing will be lost;

支持非tun运行吗？

想用普通的进程方式运行，既监听 socks 和 http，
但是没有合适的 Windows GUI 程序。

签名CA证书过期导致无法安装app

有效期只到2021.8.25

[Feature Request]Support EXTERNAL rules

See this issue for the context.

In a nutshell, Maple could ask the user for the *.dat/*.site files, and make Leaf be able to find them by modifying the ASSET_LOCATION env var.

VMessAEAD问题

尝试用Maple的vmess协议连接节点出现问题，查看节点的log显示如下信息

2023/02/24 22:22:49 ****(ip)**** rejected  common/drain: common/drain: drained connection > proxy/vmess/encoding: invalid user: VMessAEAD is enforced and a non VMessAEAD connection is received. You can still disable this security feature with environment variable v2ray.vmess.aead.forced = false . You will not be able to enable legacy header workaround in the future.

原因应该是较新的vmess由于“禁用对于 MD5 认证信息的兼容”要将AlterId设为0，但是似乎没有办法在Maple中进行这样的设置，可以添加对新版本vmess协议的支持吗

如何能支持ipv6功能，我的网络是支持ipv6的，但vpn链接这里无法获取

how to create a config file with trojan please explain

Maple的日志文件目录在哪?

uwp应用无法连接网络

开启之后，uwp应用无法连接网络

Is it possible to add Hysteria client support ?

Is it possible to add Hysteria client support or rewrite a new gui client?

https://github.com/HyNetwork/hysteria

Thanks!

Maple crashes when I connect from Maple GUI

When I use the top bar toggle switch to connect maple disappears instantly, is this normal?
I also can't connect to my V2ray server using Maple and was wondering this crash on connect could be a hint.
here is my v2ray json config:

{
  "log": {
    "level": "warning"
  },
  "dns": {
    "servers": [
      "1.1.1.1",
      "8.8.8.8"
    ],
    "hosts": {
      "example.com": [
        "192.168.0.1",
        "192.168.0.2"
      ],
      "server.com": [
        "192.168.0.3"
      ]
    }
  },
  "inbounds": [
    {
      "address": "127.0.0.1",
      "port": 1087,
      "protocol": "http"
    },
    {
      "address": "127.0.0.1",
      "port": 1086,
      "protocol": "socks"
    },
    {
      "protocol": "tun",
      "settings": {
        "name": "utun8",
        "address": "10.10.0.2",
        "netmask": "255.255.255.0",
        "gateway": "10.10.0.1",
        "mtu": 1500,
        "fakeDnsInclude": [
          "google"
        ]
      },
      "tag": "tun_in"
    }
  ],
  "outbounds": [
    {
      "protocol": "failover",
      "settings": {
        "actors": [
          "vmess_out",
          "trojan_out"
        ]
      },
      "tag": "failover_out"
    },
    {
      "protocol": "chain",
      "settings": {
        "actors": [
          "vmess_tls",
          "vmess_ws",
          "vmess"
        ]
      },
      "tag": "vmess_out"
    },
    {
      "protocol": "tls",
      "tag": "vmess_tls"
    },
    {
      "protocol": "ws",
      "settings": {
        "path": "/websocket/"
      },
      "tag": "vmess_ws"
    },
    {
      "protocol": "vmess",
      "settings": {
        "address": "myserver",
        "port": 8080,
        "uuid": "myuuid"
      },
      "tag": "vmess"
    },
    {
      "protocol": "chain",
      "settings": {
        "actors": [
          "trojan_tls",
          "trojan"
        ]
      },
      "tag": "trojan_out"
    },
    {
      "protocol": "tls",
      "tag": "trojan_tls"
    },
    {
      "protocol": "direct",
      "tag": "direct_out"
    },
    {
      "protocol": "drop",
      "tag": "drop_out"
    }
  ],
  "rules": [
    {
      "ip": [
        "8.8.8.8",
        "8.8.4.4"
      ],
      "target": "failover_out"
    },
    {
      "domain": [
        "www.google.com"
      ],
      "target": "failover_out"
    },
    {
      "domainSuffix": [
        "google.com"
      ],
      "target": "failover_out"
    },
    {
      "domainKeyword": [
        "google"
      ],
      "target": "failover_out"
    },
    {
      "external": [
        "site:cn"
      ],
      "target": "direct_out"
    },
    {
      "external": [
        "mmdb:cn"
      ],
      "target": "direct_out"
    }
  ]
}

DNS leaks

The way Leaf deals with DNS poisoning issues is the use of a combination of FakeDNS and DomainSniffing features.

For FakeDNS to function as expected, plain text UDP DNS traffic from the host must be routed through the TUN interface, consequently handled by Leaf to make a fake DNS response. But on Windows, DNS queries could easily bypass the TUN interface, thus disabling FakeDNS.

It's unclear to me what's the difference between UWP VPN plugin and a third-party TUN/TAP driver such as tap-windows6, I don't observe a change in the routing table when starting Maple, but FakeDNS is not working when some of my network adapters have DNS servers pointed to the default gateway, DNS queries are bypassing FakeDNS.

As a note, here's how Mellow deals with this kind of issues, and the code.

Configuration editor improvements

Currently the editor is somehow hard to use because of these reasons:

BUG - Paste(ctrl+v) action often outputs duplicate content;
BUG - Selection not accurate sometimes if symbols in selection area;
BUG(?) - Copied content from the editor, but then not able to paste in other app like SublimeText;
Improvements - Context menu not useful and sometimes anoying;
Improvements - Feels glitch when editing;

Can not provide my windows version for now but if it's helpful I'll post it later after work.

Socks代理如何指定用户名和密码

Build leaf error

error[E0599]: no method named raw found for struct Handle in the current scope
--> C:\Users\zenlayer.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\std\src\sys\windows\fs.rs:360:29
|
360 | self.handle.raw(),
| ^^^ method not found in Handle
|
::: C:\Users\zenlayer.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\std\src\sys\windows\handle.rs:17:1
|
17 | pub struct Handle(OwnedHandle);
| ------------------------------- method raw not found for this

error[E0599]: no method named raw found for struct Handle in the current scope
--> C:\Users\zenlayer.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\std\src\sys\windows\fs.rs:388:29
|
388 | self.handle.raw(),
| ^^^ method not found in Handle
|
::: C:\Users\zenlayer.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\std\src\sys\windows\handle.rs:17:1
|
17 | pub struct Handle(OwnedHandle);
| ------------------------------- method raw not found for this

error[E0599]: no function or associated item named new found for struct Handle in the current scope
--> C:\Users\zenlayer.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\std\src\sys\windows\stdio_uwp.rs:28:26
|
28 | let handle = Handle::new(handle);
| ^^^ function or associated item not found in Handle
|
::: C:\Users\zenlayer.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\std\src\sys\windows\handle.rs:17:1
|
17 | pub struct Handle(OwnedHandle);
| ------------------------------- function or associated item new not found for this

error[E0599]: no method named write found for struct ManuallyDrop<_> in the current scope
--> C:\Users\zenlayer.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\std\src\sys\windows\stdio_uwp.rs:29:31
|
29 | ManuallyDrop::new(handle).write(data)
| ^^^^^ method not found in ManuallyDrop<_>
|
= note: ManuallyDrop::new(handle) is a function, perhaps you wish to call it
= help: items from traits can only be used if the trait is implemented and in scope
note: io::Write defines an item write, perhaps you need to implement it
--> C:\Users\zenlayer.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\std\src\io\mod.rs:1368:1
|
1368 | pub trait Write {
| ^^^^^^^^^^^^^^^

error[E0599]: no function or associated item named new found for struct Handle in the current scope
--> C:\Users\zenlayer.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\std\src\sys\windows\stdio_uwp.rs:41:30
|
41 | let handle = Handle::new(handle);
| ^^^ function or associated item not found in Handle
|
::: C:\Users\zenlayer.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\std\src\sys\windows\handle.rs:17:1
|
17 | pub struct Handle(OwnedHandle);
| ------------------------------- function or associated item new not found for this

error[E0599]: no method named read found for struct ManuallyDrop<_> in the current scope
--> C:\Users\zenlayer.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\std\src\sys\windows\stdio_uwp.rs:42:35
|
42 | ManuallyDrop::new(handle).read(buf)
| ^^^^ method not found in ManuallyDrop<_>
|
= note: ManuallyDrop::new(handle) is a function, perhaps you wish to call it
= help: items from traits can only be used if the trait is implemented and in scope
note: io::Read defines an item read, perhaps you need to implement it
--> C:\Users\zenlayer.rustup\toolchains\nightly-x86_64-pc-windows-msvc\lib\rustlib\src\rust\library\std\src\io\mod.rs:520:1
|
520 | pub trait Read {
| ^^^^^^^^^^^^^^

For more information about this error, try rustc --explain E0599.
error: could not compile std due to 6 previous errors

很抱歉打扰，一点疑问，希望解惑

请问UWP提供的tun时，客户端和服务端建立TCP/UDP链接时是否无视 UWP VPN设定的路由规则
例如0.0.0.0/1 128.0.0.1/1
还是类似安卓的vpnservice 需要protect一下fd

https://docs.microsoft.com/en-us/uwp/api/windows.networking.vpn.vpnchannel.associatetransport?view=winrt-22000

另外这个API的作用是？

在windows下vpn配置会影响到hyper-v虚拟机

我hyper-v虚拟机上跑了个xray做中转，用maple ss连接虚拟机上的xray，结果把虚拟机也代理了，绕起来了，怎么解。
虚拟机网卡是桥接物理网卡，和宿主共享一个物理网卡

使用wintun参照vpn的方式使用leaf

您好, 我尝试使用wintun,将packet通过netstack_send发送至leaf, 并且设定了OUTBOUND_INTERFACE为物理网卡ip,但似乎leaf的socket无法联通外网.建立tcp时,会报无效参数. 向大神请教一下是什么原因呢?

Using maple over Vmess

I am trying to use maple for connecting to a V2ray server. I really can't understand how to setup the config file from the documentations.
Can you tell me what should I use as a config file if my v2ray config looks like this?
Should I delete the default values for protocols I'm not using or not? When I open the app I encountered a huge config file and I had no Idea what to set It's really confusing.

{
    "dns": {
        "hosts": {
            "domain:googleapis.cn": "googleapis.com"
        },
        "servers": [
            "1.1.1.1"
        ]
    },
    "inbounds": [
        {
            "listen": "127.0.0.1",
            "port": 10808,
            "protocol": "socks",
            "settings": {
                "auth": "noauth",
                "udp": true,
                "userLevel": 8
            },
            "sniffing": {
                "destOverride": [
                    "http",
                    "tls"
                ],
                "enabled": true
            },
            "tag": "socks"
        },
        {
            "listen": "127.0.0.1",
            "port": 10809,
            "protocol": "http",
            "settings": {
                "userLevel": 8
            },
            "tag": "http"
        }
    ],
    "log": {
        "loglevel": "warning"
    },
    "outbounds": [
        {
            "mux": {
                "concurrency": 8,
                "enabled": false
            },
            "protocol": "vmess",
            "settings": {
                "vnext": [
                    {
                        "address": "my_server_ip",
                        "port": my_server_port,
                        "users": [
                            {
                                "alterId": 0,
                                "encryption": "",
                                "flow": "",
                                "id": "my-uuid",
                                "level": 8,
                                "security": "auto"
                            }
                        ]
                    }
                ]
            },
            "streamSettings": {
                "network": "ws",
                "security": "",
                "wsSettings": {
                    "headers": {
                        "Host": ""
                    },
                    "path": "/websocket/"
                }
            },
            "tag": "proxy"
        },
        {
            "protocol": "freedom",
            "settings": {
            },
            "tag": "direct"
        },
        {
            "protocol": "blackhole",
            "settings": {
                "response": {
                    "type": "http"
                }
            },
            "tag": "block"
        }
    ],
    "routing": {
        "domainMatcher": "mph",
        "domainStrategy": "IPIfNonMatch",
        "rules": [
            {
                "ip": [
                    "1.1.1.1"
                ],
                "outboundTag": "proxy",
                "port": "53",
                "type": "field"
            }
        ]
    }
}

【配置文件书写】用 v2ray 客户端做代理

我目前在用一个 v2ray 客户端 v2rayN，但是 v2rayN 不支持全局透明代理，于是我尝试使用 Maple 实现全局透明代理，我应该怎样配置 Maple 才能让全局的流量都走 v2ray 代理呢？说得更具体一点，我想做到 mellow-io/mellow#283 所说的事情，不同之处是我用的代理客户端是 v2rayN 而那里用的代理客户端是 Clash，我应该如何配置 Maple？

leaf 的配置文档我没看明白，不知道如何修改配置，也没搜到 Maple 配置相关的教程，在此恳请方家赐教。我想知道用 Maple 能不能达到我想要的效果，如果能，请给出一个 working example。

下面是我的 v2ray 配置

{
  "log": {
    "access": "D:\\v2rayN-Core-315\\Vaccess.log",
    "error": "D:\\v2rayN-Core-315\\Verror.log",
    "loglevel": "warning"
  },
  "inbounds": [
    {
      "tag": "socks",
      "port": 10808,
      "listen": "127.0.0.1",
      "protocol": "socks",
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ]
      },
      "settings": {
        "auth": "noauth",
        "udp": true,
        "allowTransparent": false
      }
    },
    {
      "tag": "http",
      "port": 10809,
      "listen": "127.0.0.1",
      "protocol": "http",
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls"
        ]
      },
      "settings": {
        "udp": false,
        "allowTransparent": false
      }
    }
  ],
  "outbounds": [
    {
      "tag": "proxy",
      "protocol": "vmess",
      "settings": {
        "vnext": [
          {
            "address": "blah.blah",
            "port": 26012,
            "users": [
              {
                "id": "blah-blah-blah",
                "alterId": 1,
                "email": "[email protected]",
                "security": "auto"
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "wsSettings": {
          "path": "/v2ray",
          "headers": {
            "Host": "www.bing.com"
          }
        }
      },
      "mux": {
        "enabled": true,
        "concurrency": 8
      }
    },
    {
      "tag": "direct",
      "protocol": "freedom",
      "settings": {}
    },
    {
      "tag": "block",
      "protocol": "blackhole",
      "settings": {
        "response": {
          "type": "http"
        }
      }
    }
  ],
  "routing": {
    "domainStrategy": "IPIfNonMatch",
    "rules": [
      {
        "type": "field",
        "inboundTag": [
          "api"
        ],
        "outboundTag": "api"
      },
      {
        "type": "field",
        "outboundTag": "proxy",
        "domain": [
          "geosite:google",
          "scratch.mit.edu",
          "bintray.com",
          "cloudfront.net",
          "discord.com",
          "discordapp.net"
        ]
      },
      {
        "type": "field",
        "outboundTag": "proxy",
        "ip": [
          "31.13.86.16"
        ]
      },
      {
        "type": "field",
        "outboundTag": "direct",
        "domain": [
          "geosite:cn",
          "codeforces.com",
          "workflowy.com",
          "live.com",
          "office365.com",
          "office.com",
          "onedrive.com"
        ]
      },
      {
        "type": "field",
        "outboundTag": "direct",
        "ip": [
          "geoip:private",
          "geoip:cn"
        ]
      },
      {
        "type": "field",
        "outboundTag": "block",
        "domain": [
          "geosite:category-ads-all"
        ]
      }
    ]
  }
}

Syntax "PROCESS-NAME" in configuration file

Hi,

I am using Mellow previously and was used to use syntax PROCESS-NAME like

PROCESS-NAME, trojan.exe, Direct
PROCESS-NAME, putty.exe, Direct

Just want to confirm whether it is supported in Maple as well.

Thanks

Unable to establish UDP connections

Steps to reproduce:

Start Maple VPN
Try to join a Minecraft: Bedrock Edition server (all servers listed in the "Featured servers" section result exact same behavior)
Attempt failed, got error: "Unable to connect to world"

Configuration:

[General]
loglevel = error
tun-fd = 233
dns-server = 1.0.0.1, 1.1.1.1

[Proxy]
Direct = direct
Reject = reject

Shadowsocks = ss, 1.2.3.4, 1234, encrypt-method=chacha20-ietf-poly1305, password=Pa55vv0rd1234

[Proxy Group]
Default = fallback, Shadowsocks

[Rule]
IP-CIDR, 10.0.0.0/8, Direct
IP-CIDR, 172.16.0.0/12, Direct
IP-CIDR, 192.168.0.0/16, Direct

FINAL, Default

Additional context:

NatTypeTester reports "UdpBlocked" as the NAT type
With the same proxy server, it's possible to join these MCBE servers on Android using SagerNet

Struggling to get it to work

Never mind, Issue closed.

leaf的json在哪里配置

leaf的json在哪里配置？写在conf里面吗

可以有详细一点的配置方法嘛

可以有详细一点的配置方法嘛？目前的对我来说还是有点困难，不知道从哪里开始怎么弄

Win10 安装后运行闪退

Microsoft Windows [版本 10.0.18363.1316]

访问如下网站,leaf内存无法释放

https://whoer.net/zh

Does Maple support http proxy as the outbounds？

I didn't find the configuration of http proxy. While I using http as the type of proxy, it seems doesn't work.

"Proxy Group" is not working in version 0.3.0

The following config is working:

[General]
# Log are for debug only
loglevel = error
# Do not remove tun-fd option
tun-fd = 233
dns-server = 223.5.5.5, 114.114.114.114

[Proxy]
VMess = vmess, 1xx.xx.xx.xx0, xx4, username=blahblah-blahblah-blah

[Proxy Group]
Fallback = VMess, interval=600, timeout=5

[Rule]
FINAL, Fallback

But the following not:

[General]
# Log are for debug only
loglevel = error
# Do not remove tun-fd option
tun-fd = 233
dns-server = 223.5.5.5, 114.114.114.114

[Proxy]
SS = ss, 107.173.xx.xx, xx, encrypt-method=aes-256-gcm, password=xxxxxxx
VMess = vmess, 107.173.xx.xx, xx, username=xxxxxxxxxxxxx

[Proxy Group]
Fallback = VMess, interval=600, timeout=5

[Rule]
FINAL, Fallback

Note that in the second configuration, SS is an invalid configuration. In version 0.2.0, using the second configuration is working, but now it's not.

Maple启动时闪退

前面安装的过程正常，启动时闪退，没有警告或错误消息

[Feature Request] A BIG and noticeable start vpn button or clear guidence

Though Maple can not control vpn flow to connect or disconnect for now, I think it's really useful to make the Open VPN Settings button much much more noticeable when opening Maple, it should be in the main screen to tell people to do this.

Or it can be improved to make a clear guidence as How To Use in README.

I feel frustrate when I open Maple every time for 10 seconds and then I remembered that I should jump into the vpn settings to connect. And it's worse when I first use Maple, which I think I'm lucky to find how to use it.

pen mmdb file C:\Users\wintrue\AppData\Local\Packages\56263bdbai.Maple_gv14dyc9zj8pj\LocalState\config\geo.mmdb failed: IoError("Access is denied. (os error 5)")

pen mmdb file C:\Users\wintrue\AppData\Local\Packages\56263bdbai.Maple_gv14dyc9zj8pj\LocalState\config\geo.mmdb failed: IoError("Access is denied. (os error 5)")
确认这个文件是存在的，同时也使用了自定义配置文件夹，但都没读取。重装了也没解决，不知道为什么。

请问要如何配合本地clash使用呢?

我的配置文件如下:

[General]
# Log are for debug only
loglevel = error
# Do not remove tun option
tun = auto
dns-server = 199.85.126.30, 199.85.127.30, 223.5.5.5, 8.8.8.8, 4.4.4.4

[Proxy]
Direct = direct
Reject = reject

Clash = socks, 127.0.0.1, 7890

# Shadowsocks
# SS = ss, 1.2.3.4, 8485, encrypt-method=chacha20-ietf-poly1305, password=123456

# VMess
# VMess = vmess, my.domain.com, 8001, username=0eb5486e-e1b5-49c5-aa75-d15e54dfac9d

# VMess over WebSocket over TLS (TLS + WebSocket + VMess)
# VMessWSS = vmess, my.domain.com, 443, username=0eb5486e-e1b5-49c5-aa75-d15e54dfac9d, ws=true, tls=true, ws-path=/v2

# Trojan (with TLS)
# Trojan = trojan, 4.3.2.1, 443, password=123456, sni=www.domain.com

# Trojan over WebSocket over TLS (TLS + WebSocket + Trojan)
# TrojanWS = trojan, 4.3.2.1, 443, password=123456, sni=www.domain.com, ws=true, ws-path=/abc

# Trojan over amux streams which use WebSocket over TLS as the underlying connection (TLS + WebSocket + amux + Trojan)
# tls-ws-amux-trojan = trojan, www.domain.com, 443, password=112358, tls=true, ws=true, ws-path=/amux, amux=true
# tls-ws-amux-trojan2 = trojan, 1.0.0.1, 443, password=123456, sni=www.domain.com, ws=true, ws-path=/amux, ws-host=www.domain.com, amux=true, amux-max=16, amux-con=1

[Proxy Group]
# fallback 等效于 failover
# Fallback = fallback, Trojan, VMessWSS, SS, check-interval=600, fail-timeout=5

# url-test 等效于 failover=false 的 failover
# UrlTest = url-test, Trojan, VMessWSS, SS, check-interval=600, fail-timeout=5

# Failover = failover, Trojan, VMessWSS, SS, health-check=true, check-interval=600, fail-timeout=5, failover=true
# Tryall = tryall, Trojan, VMessWSS, delay-base=0
# Random = static, Trojan, VMessWSS

[Rule]
IP-CIDR, 224.0.0.0/8, Direct
IP-CIDR, 239.0.0.0/8, Direct
GEOIP, cn, Direct
DOMAIN-SUFFIX, cm.chassvideo.xyz, Direct
DOMAIN-KEYWORD, chassvideo.xyz, Direct
IP-CIDR, 111.2.178.85/32, Direct
FINAL, Clash
# # 执行文件目录当中必需有 `site.dat` 文件
# EXTERNAL, site:category-ads-all, Reject

# # Arbitrary file access is forbidden within an app container.
# # Make sure `geosite.dat` exists in the config folder.
# # 也可以指定 `dat` 文件所在路径
# EXTERNAL, site:geosite.dat:category-ads-all, Reject

# IP-CIDR, 8.8.8.8/32, Fallback
# DOMAIN, www.google.com, Fallback
# DOMAIN-SUFFIX, google.com, Fallback
# DOMAIN-KEYWORD, google, Fallback

# # 等效于 EXTERNAL, mmdb:us, Fallback
# GEOIP, us, Fallback

# EXTERNAL, site:geolocation-!cn, Fallback

# # 执行文件目录当中必需有 `geo.mmdb` 文件
# EXTERNAL, mmdb:us, Fallback

# FINAL, Direct

[Host]
# 对指定域名返回一个或多个静态 IP
# example.com = 192.168.0.1, 192.168.0.2

其中cm.chassvideo.xyz是代理服务器的地址, 但一旦挂上maple就会直接断网(似乎还是会死循环)

[General]
# Log are for debug only
loglevel = error
# Do not remove tun-fd option
tun-fd = 233
dns-server = 223.5.5.5, 114.114.114.114

[Proxy]
Direct = direct
Reject = reject

Sock_local_1080 = sock, 127.0.0.1, 1080

[Proxy Group]
# fallback 等效于 failover
Fallback = fallback, Sock_local_1080, interval=600, timeout=5

# url-test 等效于 failover=false 的 failover
UrlTest = url-test, Sock_local_1080, interval=600, timeout=5

Failover = failover, Sock_local_1080, health-check=true, check-interval=600, fail-timeout=5, failover=true
Tryall = tryall, Sock_local_1080, delay-base=0
Random = random, Sock_local_1080

[Rule]
# 代理服务器
DOMAIN-SUFFIX, my.proxy.server.domain, Direct
# 执行文件目录当中必需有 `site.dat` 文件
EXTERNAL, site:category-ads-all, Reject

# Arbitrary file access is forbidden within an app container.
# Make sure `geosite.dat` exists in the config folder.
# 也可以指定 `dat` 文件所在路径
EXTERNAL, site:geosite.dat:category-ads-all, Reject

IP-CIDR, 8.8.8.8/32, Fallback
DOMAIN, www.google.com, Fallback
DOMAIN-SUFFIX, google.com, Fallback
DOMAIN-KEYWORD, google, Fallback

# 等效于 EXTERNAL, mmdb:cn, Direct
GEOIP, cn, Direct

EXTERNAL, site:geolocation-cn, Direct

FINAL, Fallback

[Host]
# 对指定域名返回一个或多个静态 IP
example.com = 192.168.0.1, 192.168.0.2

也使用过json，但是似乎也无法使用。.json配置文件如下：

{
    "log": {
      "level": "error"
    },
    "dns": {
      "servers": [
        "223.5.5.5",
        "8.8.8.8",
        "8.8.4.4"
      ],
      "hosts": {
        "localhost": [
          "127.0.0.1"
        ]
      }
    },
    "inbounds": [
      {
        "protocol": "tun",
        "settings": {
          "name": "utun8",
          "address": "10.10.0.2",
          "netmask": "255.255.255.0",
          "gateway": "10.10.0.1",
          "mtu": 1500,
          "fakeDnsInclude": [
            "google"
          ]
        },
        "tag": "tun_in"
      }
    ],
    "outbounds": [
      {
        "protocol": "failover",
        "settings": {
          "actors": [
            "my.proxy.server.domain:12345_out",
            "localhost:1080_out"
          ],
          "failTimeout": 4,
          "healthCheck": true,
          "checkInterval": 300,
          "failover": true,
          "fallbackCache": false,
          "cacheSize": 256,
          "cacheTimeout": 60
        },
        "tag": "failover_out"
      },
      {
        "protocol": "chain",
        "settings": {
          "actors": [
            "ss_tls",
            "ss_ws",
            "my.proxy.server.domain:12345"
          ]
        },
        "tag": "my.proxy.server.domain:123456_out"
      },
      {
        "protocol": "tls",
        "tag": "ss_tls"
      },
      {
        "protocol": "ws",
        "settings": {
          "path": "/"
        },
        "tag": "ss_ws"
      },
      {
        "protocol": "shadowsocks",
        "settings": {
          "address": "my.proxy.server.domain",
          "method": "aes-128-gcm",
          "password": "passwd",
          "port": 12345
        },
        "tag": "my.proxy.server.domain:12345"
      },
      {
        "protocol": "socks",
        "settings": {
          "address": "127.0.0.1",
          "port": 1080
        },
        "tag": "localhost:1080_out"
      },
      {
        "protocol": "direct",
        "tag": "direct_out"
      },
      {
        "protocol": "drop",
        "tag": "drop_out"
      }
    ],
    "rules": [
      {
        "ip": [
          "8.8.8.8",
          "8.8.4.4"
        ],
        "target": "failover_out"
      },
      {
        "domain": [
          "www.google.com"
        ],
        "target": "failover_out"
      },
      {
        "domainSuffix": [
          "my.proxy.server.domain"
        ],
        "target": "direct_out"
      },
      {
        "domainSuffix": [
          "google.com",
          "goo.gl",
          "goo.gle",
          "cloudflare.com"
        ],
        "target": "failover_out"
      },
      {
        "domainKeyword": [
          "metax"
        ],
        "target": "direct_out"
      },
      {
        "domainKeyword": [
          "google",
          "github"
        ],
        "target": "failover_out"
      },
      {
        "geoip": [
          "cn"
        ],
        "target": "direct_out"
      },
      {
        "geoip": [
          "us",
          "jp"
        ],
        "target": "failover_out"
      },
      {
        "external": [
          "site:cn"
        ],
        "target": "direct_out"
      },
      {
        "external": [
          "site:us",
          "site:jp"
        ],
        "target": "failover_out"
      },
      {
        "external": [
          "mmdb:cn"
        ],
        "target": "direct_out"
      },
      {
        "external": [
          "mmdb:us"
        ],
        "target": "failover_out"
      }
    ]
  }