To ensure that Clash does not redirect traffic to your Tailscale server's hostname and allows Tailscale to handle it, you can write a DOMAIN-SUFFIX rule in your Clash configuration file (config.yaml or any custom configuration file you are using). Here's how you can do it:
-
Open your Clash configuration file: Locate your
config.yamlfile or the configuration file you are using for Clash. It is typically found in~/.config/clash/or the directory specified during setup. -
Add a rule for your Tailscale hostname: Under the
rules:section, add a rule that bypasses traffic for the specific hostname.rules: - DOMAIN-SUFFIX,my_tailscale_server_hostname,DIRECT
Replace
my_tailscale_server_hostnamewith your actual Tailscale hostname. -
Ensure that Clash processes the rule properly: Make sure this rule is placed before any generic rules that might otherwise catch and redirect this traffic.
-
Restart Clash: After saving the configuration, restart your Clash service to apply the changes:
systemctl restart clash
DOMAIN-SUFFIX: Matches the hostname (or its suffix) you specify.my_tailscale_server_hostname: Your Tailscale server hostname (e.g.,myserver.example.com).DIRECT: Tells Clash to allow traffic to flow directly without interference.
-
If Tailscale uses an IP address rather than a hostname, you can use a rule like this:
rules: - IP-CIDR,100.64.0.0/10,DIRECT
This ensures that all traffic to Tailscale's private network range (
100.64.0.0/10) is not redirected. -
If your Tailscale hostname resolves dynamically or has multiple domains, you might need additional
DOMAIN-SUFFIXorDOMAINrules to cover all possibilities.
With this setup, Clash will bypass traffic intended for my_tailscale_server_hostname:9090, allowing Tailscale to handle it seamlessly.
The error occurs because Clash cannot resolve the domain xx-rocky to an IP address. This can happen if:
- The hostname
xx-rockyis not resolvable via DNS. - It relies on Tailscale's private DNS resolver, which Clash may not be configured to use.
Here’s how to resolve the issue:
Ensure Clash uses the Tailscale DNS resolver. Tailscale often sets up a private DNS resolver to resolve hostnames like xx-rocky.
-
Find the Tailscale DNS server: Run:
tailscale ip -4
This will give you the IPv4 address of your Tailscale server. Additionally, check the DNS settings from:
tailscale status
-
Add the Tailscale DNS server to Clash’s DNS configuration: Modify the
dns:section of yourconfig.yamlfile:dns: enable: true listen: 0.0.0.0:53 nameserver: - 100.100.100.100 # Replace with Tailscale DNS server if different - 8.8.8.8 # Backup: Google Public DNS - 1.1.1.1 # Backup: Cloudflare DNS fallback: - 8.8.8.8 - 1.1.1.1
-
Save the configuration and restart Clash:
systemctl restart clash
If the hostname xx-rocky resolves to a known static IP (or an IP in Tailscale's range), you can write a rule that bypasses based on the IP address instead:
-
Find the IP address of
xx-rocky: Run:tailscale ping xx-rocky tailscale ip -4
This will show the Tailscale-assigned IP for the hostname.
-
Add an
IP-CIDRrule to bypass traffic for that IP or subnet:rules: - IP-CIDR,100.64.0.0/10,DIRECT
-
Restart Clash:
systemctl restart clash
If the hostname is not resolvable via DNS, you can manually define it in Clash’s configuration:
-
Add a static mapping in the
hosts:section ofconfig.yaml:dns: enable: true listen: 0.0.0.0:53 hosts: "xx-rocky": 100.64.0.1 # Replace with the Tailscale IP of xx-rocky
-
Save the configuration and restart Clash:
systemctl restart clash
If you prefer to bypass Clash entirely for all Tailscale traffic:
-
Add Tailscale's subnet to Clash's
bypasslist inconfig.yaml:rules: - IP-CIDR,100.64.0.0/10,DIRECT
-
Restart Clash:
systemctl restart clash
By following these steps, you should resolve the issue and ensure that traffic to xx-rocky is properly routed through Tailscale.