Skip to content
Yuhaiin Docs

TUN

[!NOTE] This document is partially generated by AI.

The TUN inbound allows yuhaiin to create a virtual network interface that captures all traffic from the operating system. It is commonly used for global proxying or VPN functionality. This is an inbound-only protocol.

Network Support

Section titled “Network Support”
  • TCP: Supported (Intercepted and proxied).
  • UDP: Supported (Intercepted and proxied).
    • NAT Type: Full-Cone NAT (when paired with a Full-Cone outbound). yuhaiin’s internal NAT table manages these mappings to allow bidirectional traffic.

Inbound Configuration

Section titled “Inbound Configuration”

The tun block configuration is detailed below:

Core Fields

Section titled “Core Fields”
  • name (string): The identifier for the TUN device (e.g., tun0, yhaiin0). On some systems, you can use fd://数字 to use an existing file descriptor.
  • mtu (int): Maximum Transmission Unit. The standard value for ethernet is 1500.
  • driver (enum): The underlying driver/stack used by the TUN device.
    • fdbased: Uses a raw file descriptor.
    • channel: Uses a channel-based communication.
    • system_gvisor: Recommended. Uses the gVisor network stack to handle packets.
  • portal (string): The gateway IPv4 address for the TUN interface (e.g., 10.0.0.1).
  • portal_v6 (string): The gateway IPv6 address for the TUN interface.

Routing Fields (route)

Section titled “Routing Fields (route)”
  • routes (string array): IP ranges that should be routed into the TUN interface (e.g., ["0.0.0.0/0"]).
  • excludes (string array): IP ranges that should explicitly bypass the TUN interface.

Advanced Features

Section titled “Advanced Features”
  • force_fakeip (bool): If enabled, forces all traffic passing through the TUN device to use Fake-IPs for DNS resolution.
  • skip_multicast (bool): Set to true to ignore multicast packets.
  • post_up (string array): Commands executed immediately after the TUN device is started.
  • post_down (string array): Commands executed before the TUN device is stopped.

Platform Specifics (platform)

Section titled “Platform Specifics (platform)”
  • darwin (network_service): (macOS only) The name of the network service to automatically configure for routing.

Example Configuration

Section titled “Example Configuration”
{
  "name": "Global-TUN",
  "enabled": true,
  "tun": {
    "name": "tun0",
    "mtu": 1500,
    "driver": "system_gvisor",
    "portal": "10.0.0.1",
    "route": {
      "routes": ["0.0.0.0/0"],
      "excludes": ["192.168.0.0/16"]
    }
  }
}

Developer Details

Section titled “Developer Details”

Implementation

Section titled “Implementation”

yuhaiin leverages the gVisor network stack (system_gvisor) to convert raw L3 packets from the TUN device into L4 streams. This allows it to process system-wide traffic transparently.

Package

Section titled “Package”

Implementation details can be found in pkg/net/proxy/tun.