Overview
Outbound settings describe where Clash sends traffic after a rule has selected a policy. An outbound can be a direct connection, a reject action, a single proxy, or a proxy group that chooses from multiple proxies.
Proxy groups
Proxy groups make profiles usable. A select group lets the user choose manually, url-test chooses by latency, fallback switches after connection symptom, and load-balance distributes traffic across available nodes.
Providers
Many modern profiles use remote providers so proxy lists and rule sets can update without replacing the whole YAML file. Provider subscription update prompts usually mean the URL is invalid, expired, prompted, or returning an unsupported format.
Support Checks
If a policy group is empty, verify provider names, group filters and subscription status. If traffic always goes direct, inspect whether rules point to the intended group name.
Related pages
Reference examples
These examples mirror the corresponding Chinese documentation page so the English page carries the same configuration material.
| Family | Cipher methods |
|---|---|
| AEAD | aes-128-gcm, aes-192-gcm, aes-256-gcm, chacha20-ietf-poly1305, xchacha20-ietf-poly1305 |
| Stream | aes-128-cfb, aes-192-cfb, aes-256-cfb, rc4-md5, chacha20-ietf, xchacha20 |
| Block | aes-128-ctr, aes-192-ctr, aes-256-ctr |
- name: "ss1"
type: ss
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
# udp: true- name: "ss2"
type: ss
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
plugin: obfs
plugin-opts:
mode: tls # or http
# host: bing.com- name: "ss3"
type: ss
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
plugin: v2ray-plugin
plugin-opts:
mode: websocket # QUIC is not supported yet
# tls: true # wss
# skip-cert-verify: true
# host: bing.com
# path: "/"
# mux: true
# headers:
# custom: value| Family | Cipher methods |
|---|---|
| Stream | aes-128-cfb, aes-192-cfb, aes-256-cfb, rc4-md5, chacha20-ietf, xchacha20 |
- name: "ssr"
type: ssr
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
cipher: chacha20-ietf
password: "password"
obfs: tls1.2_ticket_auth
protocol: auth_sha1_v4
# obfs-param: domain.tld
# protocol-param: "#"
# udp: true- name: "vmess"
type: vmess
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
# udp: true
# tls: true
# skip-cert-verify: true
# servername: example.com # overrides WSS host
# network: ws
# ws-opts:
# path: /path
# headers:
# Host: v2ray.com
# max-early-data: 2048
# early-data-header-name: Sec-WebSocket-Protocol- name: "vmess-http"
type: vmess
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
# udp: true
# network: http
# http-opts:
# # method: "GET"
# # path:
# # - '/'
# # - '/video'
# # headers:
# # Connection:
# # - keep-alive- name: "vmess-h2"
type: vmess
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
network: h2
tls: true
h2-opts:
host:
- http.example.com
- http-alt.example.com
path: /- name: vmess-grpc
type: vmess
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
network: grpc
tls: true
servername: example.com
# skip-cert-verify: true
grpc-opts:
grpc-service-name: "example"- name: "socks"
type: socks5
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
# username: username
# password: password
# tls: true
# skip-cert-verify: true
# udp: true- name: "http"
type: http
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
# username: username
# password: password- name: "http"
type: http
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
# username: username
# password: password
tls: true
skip-cert-verify: true# UDP is not supported yet
- name: "snell"
type: snell
# interface-name: eth0
# routing-mark: 1234
server: server
port: 44046
psk: yourpsk
# version: 2
# obfs-opts:
# mode: http # or tls
# host: bing.com- name: "trojan"
type: trojan
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
password: yourpsk
# udp: true
# sni: example.com # aka server name
# alpn:
# - h2
# - http/1.1
# skip-cert-verify: true- name: trojan-grpc
type: trojan
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
password: "example"
network: grpc
sni: example.com
# skip-cert-verify: true
udp: true
grpc-opts:
grpc-service-name: "example"- name: trojan-ws
type: trojan
# interface-name: eth0
# routing-mark: 1234
server: server
port: 443
password: "example"
network: ws
sni: example.com
# skip-cert-verify: true
udp: true
# ws-opts:
# path: /path
# headers:
# Host: example.com- name: "My Wireguard Outbound"
type: select
interface-name: wg0
proxies: [ 'DIRECT' ]proxy-providers:
provider1:
type: http
url: "url"
interval: 3600
path: ./provider1.yaml
# filter: 'a|b' # golang regex regular expression
health-check:
enable: true
interval: 600
# lazy: true
url: http://www.gstatic.com/generate_204
test:
type: file
path: /test.yaml
health-check:
enable: true
interval: 36000
url: http://www.gstatic.com/generate_204proxies:
- name: "ss1"
type: ss
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
- name: "ss2"
type: ss
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
plugin: obfs
plugin-opts:
mode: tls