Skip to content

Instantly share code, notes, and snippets.

@AuruTus

AuruTus/WSL2_clash_proxy_setting.md

Last active March 10, 2026 10:08
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save AuruTus/a821681412e8b30e6fa255ef25e71d44 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save AuruTus/a821681412e8b30e6fa255ef25e71d44 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
WSL2_clash_proxy_setting.md

WSL2 Proxy Guide For Non-mirrored Network

NOTE: This guide is only for non-mirrored network. For mirrored network, see Microsoft Guide

With the default WSL2 distro setting, WSL2 will have a net interface within private network (, and you can check it with ifconfig). And the Windows Host also has a virtual net interface called vEthernet (WSL), which allows WSL2 to comunicate with it and other networks (, see the routetrack with tracepath or traceroute).

This private net can be used as a LAN proxy tunnel. What we do is just to get the Win host ip and set LAN proxy for WSL2.

Table of Contents

BEFORE YOU START

Turn on the Allow LAN of clash, the proxy will go through our WSL LAN.

WSL SHELL ENV SETTINGS

The Windows host DNS config is in /etc/resolv.conf (, a symlink to /mnt/wsl/resolv.conf), which is auto-generated by WSL, so we can get the host ip with shell script, and set the LAN proxy.

NOTE: If you close the generateResolvConf in /etc/wsl.conf, you should turn it on, or you cannot get the dynamically assigned host ip in the WSL private network.

Add this into the env config files like .bashrc

export hostip=$(cat /etc/resolv.conf |grep -oP '(?<=nameserver\ ).*')
export https_proxy="http://${hostip}:7890"
export http_proxy="http://${hostip}:7890"

Ref: https://zhuanlan.zhihu.com/p/153124468

or you can directly use the Win host's domain name: "$(hostname).mshome.net"

export host_domain="$(hostname).mshome.net"
export https_proxy="http://${host_domain}:7890"
export http_proxy="http://${host_domain}:7890"

WINDOWS FIREWALL RULES

Update windows firewall and reset sockets using PowerShell.

New-NetFirewallRule -DisplayName "WSL" -Direction Inbound  -InterfaceAlias "vEthernet (WSL)"  -Action Allow
netsh winsock reset

NOTE: the firewall inbound-rules for clash-win64 should also be allowed (especially the public profile) to let inbound traffic goes to clash-win64!

注:windows防火墙的入站规则中,clash-win64 也需要设置为允许 (特别是公用网络)

Ref: https://halc.top/p/6088c65c

UBUNTU SUDO ENV INHERITENCE

By using sudo visudo, add those following lines into the config files,

Defaults  env_keep += "http_proxy"
Defaults  env_keep += "https_proxy"
Defaults  env_keep += "HTTP_PROXY"
Defaults  env_keep += "HTTPS_PROXY"

so that the sudo can inherit the current user's http proxy settings.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment