Why TUN mode exists

Most newcomers start Clash with system proxy because it feels familiar: you toggle a switch, browsers work, and daily tools pick up the settings automatically. That path is legitimate and often sufficient. The limitation is philosophical as much as technical—system proxy is a polite hint. Applications that never read WinINet settings, ignore environment variables, spawn raw sockets, or ship their own QUIC and UDP stacks can still sprint straight to the Internet while Clash sits idle.

TUN mode closes that gap by presenting the operating system with a virtual Layer 3 interface. Traffic destined outside local subnets is handed to Mihomo (the community successor engine formerly discussed under the Clash Meta umbrella) before it reaches your physical NIC. Once packets enter userspace, the same YAML policies you already trust—domain suffix lists, GEOIP buckets, IPCIDR carve-outs—decide whether to forward through an outbound tunnel or release the flow direct.

This guide stays practical: how capture differs from SOCKS hooks, how DNS collisions trigger confusing symptoms, how to enable TUN safely on Windows and macOS using mainstream Mihomo GUIs, what Android’s VPN permission implies, and how to troubleshoot elevation prompts, overlapping VPNs, and “everything feels proxied” surprises when Global mode meets full capture.

You must comply with local law and provider acceptable-use policies. The write-up describes mechanics only; credentials remain sensitive and leaked subscription URLs should be rotated immediately.

Throughout this article “Clash” refers to YAML-compatible stacks powered by Mihomo. Graphical shells differ, but the underlying capture semantics remain consistent.

System proxy versus TUN in plain language

Think of system proxy as posting instructions on a bulletin board near your office entrance. Almost every courteous visitor reads it and reroutes accordingly. Think of TUN as rebuilding the hallway so every suitcase rolls through a single customs checkpoint—even visitors who dislike signs.

HTTP CONNECT and classic SOCKS proxies intercept at the session layer once a client chooses to cooperate. TUN interception happens after the kernel routes a packet but before it hits hardware queues. That difference matters for Electron apps with custom network stacks, legacy Win32 binaries, container runtimes that bypass inherited proxy env vars, many multiplayer games with UDP-heavy discovery phases, and developer utilities that spawn subprocesses without forwarding proxy configuration.

Neither approach magically improves upstream congestion. If every remote relay measures eight hundred milliseconds of latency, polishing capture will not shave milliseconds away—you still need healthier nodes or better peering from your provider.

Concern System proxy TUN mode
Setup friction Usually none beyond toggling UI switches Often requires administrator or helper approval once
Apps covered Applications honoring OS proxy APIs Broad TCP and UDP capture when routing tables aim default traffic at the tunnel
Conflicts Rare outside duplicate PAC files Can clash with other VPN kernel drivers occupying the same route slot
DNS visibility Browser may send queries through proxy depending on flags DNS must be deliberately steered or faked per profile to avoid leaks

How packets travel inside TUN capture

After enabling TUN, the OS installs a logical adapter with its own subnet. Routing policies push non-local prefixes toward that adapter’s gateway address owned by Mihomo. Instead of handing packets to Ethernet immediately, the kernel copies frames into userspace buffers where Mihomo reassembles flows.

For TCP connections Mihomo terminates or relays depending on outbound type—Shadowsocks, VMess, VLESS Reality-inspired transports, Hysteria2, TUIC, or plain DIRECT policy routes all reuse the same pipeline once packets decode into flows. UDP datagrams follow parallel logic, which is why VoIP, some games, and QUIC benefit from TUN even when HTTP proxy configurations ignore them.

When a rule says DIRECT, Mihomo forwards the reconstructed packet back through the operating system toward the original interface. Users sometimes misread latency charts after enabling capture: a few extra hops inside localhost should add negligible milliseconds compared with continental routing decisions.

Capture breadth depends on routing tables your profile constructs. Keep intranet carve-outs (IP-CIDR private ranges, corporate gateways) marked DIRECT so printers and NAS shares stay reachable.

TUN is not Global mode

A recurring misconception bundles “full tunnel” with “Global routing.” They intersect but answer different questions.

  • TUN answers “how packets reach Mihomo.”
  • Global versus Rule versus Direct answers “what Mihomo does after possession.”

You should combine TUN + Rule for everyday browsing when curated lists already distinguish domestic hosts from offshore destinations. Domestic streaming CDNs and banking portals remain DIRECT while overseas SaaS traverses remote nodes—only now compliant binaries cannot dodge participation by ignoring proxy variables.

Reserve TUN + Global for controlled experiments—reachability audits, validating a freshly purchased node, or isolating suspected DNS hijacks. Constant Global capture drags latency-sensitive domestic services through remote egress even if bandwidth is plentiful, and it amplifies outage impact when an upstream pops offline.

DNS under full capture

DNS is the silent half of routing. Applications frequently resolve names before Mihomo sees TCP SYN packets. If queries shortcut to ISP resolvers while flows bounce through offshore relays, observability dashboards show schizophrenic paths—domains resolved locally yet TCP exiting internationally—or worse, unintentional leakage because sensitive lookups never touched policy logic.

Mihomo exposes multiple DNS handling strategies via YAML—listening DNS servers, hijacking modes, fake-ip mappings, fallback servers, and policy-aware routing for DNS traffic itself. Exact knob names drift across releases, which is why GUIs hide complexity behind presets.

Operational guidance stays consistent: after enabling TUN, run controlled tests—query a domain you know should be proxied via an external checker, inspect client logs for the lookup path, and confirm responses align with Rule intent. When something resolves “too locally,” revisit whether application DNS-over-HTTPS is bypassing system resolvers.

Treat DNS policy changes as security relevant. Misconfigured hijack rules can silently send enterprise hostnames through untrusted exits; always maintain explicit DIRECT entries for internal zones.

What the profile usually declares

Graphical clients generate tun sections automatically, yet reading YAML helps debug stubborn failures. A minimal illustration (field names illustrative; always match your core version docs) might resemble:

tun:
  enable: true
  stack: system
  auto-route: true
  strict-route: false
  dns-hijack:
    - any:53

auto-route asks Mihomo to push host routes so traffic actually reaches the virtual adapter. strict-route tightens ordering to reduce edge-case loops on multi-homed laptops hopping between Wi-Fi and Ethernet. DNS hijack arrays ensure plaintext resolver attempts get pulled into Mihomo instead of slipping past capture.

Never paste random snippets from forum threads without reconciling version notes—flags valid in one minor release occasionally rename or invert defaults in the next.

Windows: elevation, drivers, and service patterns

Windows separates standard user capability from kernel driver installation. First-time TUN activation triggers User Account Control because the lightweight WinTun-style driver must register interfaces. Accept the prompt or configure a signed service that launches elevated on boot if your GUI documents that workflow.

Corporate Device Guard or old anti-cheat kernels occasionally block third-party adapters. Symptoms include stuck “connecting” spinners or instant adapter teardown. Collect client logs, temporarily disable conflicting security sandboxes in a test VM, or ask IT for exceptions if policy allows.

Firewall prompts matter twice: Mihomo needs permission to bind diagnostics ports (depending on remote-controller settings) and Windows Defender must allow the tunnel executable outbound access. Approving “private networks only” keeps exposure constrained on café Wi-Fi.

  1. Quit other VPN apps that manipulate default gateways.
  2. Open your Mihomo GUI—examples include Clash Verge Rev—and confirm an active profile.
  3. Set routing mode to Rule unless debugging demands Global.
  4. Navigate to Settings → TUN (wording varies) and toggle enable.
  5. Approve UAC; reboot if the adapter refuses to attach until kernel caches flush.
  6. Open PowerShell and verify route print tables show prefixes aligned with documentation snippets.

macOS: helpers and privacy prompts

macOS wraps kernel extensions behind System Extension approvals or Apple-signed Network Extensions depending on packaging. First launches surface Privacy & Security dialogs instructing you to open Settings manually—follow them patiently instead of hammering reinstall buttons.

Apple Silicon devices behave identically to Intel builds aside from architecture-specific binaries; mismatched downloads simply refuse to launch with clearer Gatekeeper messaging than Windows SmartScreen noise.

If split tunneling feels inverted after sleep/wake cycles, toggle airplane mode briefly or recycle TUN off/on—race conditions occasionally appear when Wi-Fi reconnects before Mihomo rebuilds routes.

Linux notes and Android parity

Headless Mihomo deployments on Linux often pair systemd units with tun permissions via capabilities or rootful service accounts. Desktop users may prefer the same graphical clients as Windows if maintainers ship AppImage or deb packages.

Android bundles the concept differently: granting VPN permission allocates a single user-space tunnel. Applications like FlClash request that slot, effectively reproducing desktop TUN semantics without exposing a separate toggle. Because Android forbids concurrent full VPNs per profile, chaining requires vendor-specific orchestration—plan accordingly.

Verification habits that save hours

Adopt lightweight rituals after any change affecting capture:

  • Check the client dashboard for simultaneous “TUN active” and expected outbound selection.
  • Run a CLI tool previously known to ignore proxy settings; confirm rule counters increment.
  • Hit a well-known GEOIP echo service to ensure exit geography matches chosen node—not to evade restrictions but to validate policy.
  • Disable TUN temporarily and reproduce the issue under system proxy only; differences isolate whether routing or upstream nodes fail.

Troubleshooting playbook

Elevation loops on Windows

If UAC appears every launch, enable the client’s helper service or run the documented scheduled task pattern so drivers load without interactive approval.

No Internet after enabling TUN

Inspect overlapping default routes, stale Wi-Fi captive portals, and manual static gateways. Disconnect secondary VPNs, flush DNS caches, and ensure Rule mode includes a final MATCH or equivalent catch-all policy.

Specific apps still leak

Some hardened binaries embed certificate pinning that conflicts with MITM-style inspection—Clash is not TLS interception by default, but verify you did not merge experimental plugins. Also confirm those apps do not use hardcoded IPv6 addresses that bypass DNS-driven rules.

Corporate split tunnel fights

When Always-On VPN pushes higher-priority routes, Mihomo may lose custody of packets. Either pause corporate VPN during personal testing or request IT policy exceptions—there is rarely a magical double-tunnel fairy.

FAQ highlights

Will TUN accelerate downloads? Only indirectly. Capture reduces policy bypassing; throughput still depends on node quality and last-mile ISP shaping.

Does TUN replace subscription hygiene? No. Dead nodes, exhausted bandwidth buckets, or expired URLs fail regardless of capture mode.

Should Linux servers enable TUN? Usually only when the workload demands application-agnostic egress steering. Simple HTTP daemons often prefer explicit proxy environment variables.

Choosing a maintained client stack

TUN shines when the engine stays current. Outdated forks may ship broken drivers for the latest Windows builds, omit Apple notarization fixes, or lag DNS refactors present in modern Mihomo releases. Meanwhile, opaque repackaged installers sometimes bundle telemetry that undermines the privacy goals that motivated proxy adoption in the first place.

By contrast, actively maintained distributions pair fresh cores with predictable release notes, readable open-source trees, and UI toggles that expose TUN without forcing newcomers to hand-edit sixty-line YAML fragments on day one.

Clash’s design—declarative rules, provider updates, expressive outbound groups—already reduces the operational burden of steering complex traffic. Adding TUN simply ensures the steering actually applies to every process that touches the network stack, not only the polite ones.

If you want versioned installers and architecture-specific builds assembled in one place so you spend minutes downloading instead of chasing expired mirror links, start from our downloads page and pick the bundle aligned with your CPU, then return to this guide for capture tuning.

Download Clash free for your platform →