Freedom (fragment, noises)
Freedom is an outbound protocol used to send (normal) TCP or UDP data to any network.
OutboundConfigurationObject
{
"domainStrategy": "AsIs",
"redirect": "127.0.0.1:3366",
"userLevel": 0,
"testpre": 3,
"preConKeep": "25s",
"fragment": {
"packets": "tlshello",
"length": "100-200",
"interval": "10-20", // Unit: ms
"maxSplit": "2-4"
},
"noises": [
{
"type": "base64",
"packet": "7nQBAAABAAAAAAAABnQtcmluZwZtc2VkZ2UDbmV0AAABAAE=",
"delay": "10-16",
"applyTo": "ip"
}
],
"proxyProtocol": 0
}2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
domainStrategy: "AsIs"
"UseIP" | "UseIPv6v4" | "UseIPv6" | "UseIPv4v6" | "UseIPv4"
"ForceIP" | "ForceIPv6v4" | "ForceIPv6" | "ForceIPv4v6" | "ForceIPv4"
Default value "AsIs".
The meanings of all parameters are roughly equivalent to domainStrategy in sockopt.
Only using "AsIs" here allows passing the domain name to the subsequent sockopt module. If set to non-"AsIs" here, causing the domain to be resolved to a specific IP, it will invalidate the subsequent sockopt.domainStrategy and its related happyEyeballs. (There is no negative impact if these two settings are not adjusted).
When sending UDP, Freedom ignores domainStrategy in sockopt for some reasons and forcibly prefers IPv4 by default.
targetStrategy: "AsIs"
"UseIP" | "UseIPv6v4" | "UseIPv6" | "UseIPv4v6" | "UseIPv4"
"ForceIP" | "ForceIPv6v4" | "ForceIPv6" | "ForceIPv4v6" | "ForceIPv4"
Same meaning as domainStrategy, but with higher priority. If targetStrategy is not set, it falls back to domainStrategy.
TCP Concurrent (Happy Eyeballs-like)
When Freedom is used for direct connections and the domain is resolved by the core (e.g. UseIP / UseIPv6v4 / Force*), the system Happy Eyeballs behavior is bypassed. You can enable tcpConcurrent in the OutboundObject to race multiple resolved IPs and pick the first successful connection. If the resolution strategy includes fallback (such as UseIPv6v4 / UseIPv4v6 and the corresponding Force variants), it races the preferred family first and falls back to the other family if none succeeds within the timeout.
tcpConcurrentTimeout is the race timeout in milliseconds. Default is 250.
Example:
{
"outbounds": [
{
"tag": "direct",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv6v4"
},
"tcpConcurrent": true,
"tcpConcurrentTimeout": 250
}
]
}2
3
4
5
6
7
8
9
10
11
12
13
redirect: address_port
Freedom will forcibly send all data to the specified address (instead of the address specified by the inbound).
The value is a string, e.g., "127.0.0.1:80", ":1234".
When the address is not specified, e.g., ":443", Freedom will not modify the original destination address. When the port is 0, e.g., "xray.com:0", Freedom will not modify the original port.
testpre: number
Pre-connect (pre-connect) pool size. When greater than 0, Freedom will try to pre-establish and cache testpre connections to the target to reduce connection setup latency.
WARNING
testpre only takes effect when redirect specifies a valid address and port; otherwise it will be skipped and fall back to normal dialing.
preConKeep: bool | number | string
TCP keepalive for pre-connected connections (only meaningful for pre-connect connections created by testpre, enabled by default with 25s).
true/0/"0": enable and use the default (25s)false/ negative numbers: disable- positive numbers: seconds (e.g.
30means 30 seconds) - duration strings: e.g.
"25s"/"1m"
userLevel: number
User level. Connections will use the Local Policy corresponding to this user level.
The value of userLevel corresponds to the value of level in policy. If not specified, it defaults to 0.
fragment: map
A set of key-value configuration items used to control outgoing TCP fragmentation. In some cases, it can deceive censorship systems, such as bypassing SNI blacklists.
"length" and "interval" are both Int32Range types.
"packets": Supports two fragmentation modes. "1-3" is TCP stream slicing, applied to the 1st through 3rd data writes by the client. "tlshello" is TLS handshake packet slicing.
"length": Fragment packet length (byte).
"interval": Fragment interval (ms).
"maxSplit": Maximum number of fragments (optional; only effective when "packets": "tlshello"). Type: Int32Range.
When interval is 0 and "packets": "tlshello" is set, the fragmented Client Hello will be sent in one TCP packet (provided its original size does not exceed MSS or MTU causing automatic system fragmentation).
noises: array
UDP noise, used to send some random data as "noise" before sending a UDP connection. Presence of this structure implies enablement. It might deceive sniffers, or it might disrupt normal connections. Use at your own risk. For this reason, it bypasses port 53 because that breaks DNS.
It is an array where multiple noise packets to be sent can be defined. A single element in the array is defined as follows:
"type": Noise packet type. Currently supports "rand" (random data), "str" (user-defined string), "hex" (hex encoded custom binary data), "base64" (base64 encoded custom binary data).
"packet": The content of the packet to be sent based on the preceding type.
- When
typeisrand, this specifies the length of the random data. It can be a fixed value"100"or a floating range"50-150". - When
typeisstr, this specifies the string to be sent. - When
typeishex, this specifies binary data in hex format. - When
typeisbase64, this specifies base64 encoded binary data.
"delay": Delay in milliseconds. After sending this noise packet, the core will wait for this time before sending the next noise packet or real data. Defaults to no wait. It is an Int32Range type.
"applyTo": Optional. Decide which IP families this noise applies to: "ip" (default, both IPv4/IPv6), "ipv4", "ipv6".
proxyProtocol: number
PROXY protocol is usually used with redirect to redirect traffic to Nginx or other backend services that have the PROXY protocol enabled. If the backend service does not support PROXY protocol, the connection will be disconnected.
The value of proxyProtocol is the PROXY protocol version number. Options are 1 or 2. If not specified, it defaults to 0 (disabled).