context: https://x.com/anqirocks27/status/2020136979816501521?s=20
┌────────────────────────────────────────────────────────────────────────────┐
│ Your Devices / LAN │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ Laptop/PC │ │ Phone │ │ Apple TV │ │
│ └──────┬───────┘ └──────┬───────┘ └──────┬───────┘ │
│ │ │ │ │
└──────────┼──────────────────┼──────────────────┼───────────────────────────┘
│ │ │
v v v
┌──────────────────────────────────────────────────────────────────────────────┐
│ Router: OpenWrt + OpenClash │
│ │
│ ┌─────────────────────────── OpenClash ────────────────────────────────┐ │
│ │ │ │
│ │ 1 Rule Engine: lhie1 (community rulesets) │ │
│ │ ┌───────────────────────────────────────────────────────────┐ │ │
│ │ │ Rule Sets (examples) │ │ │
│ │ │ - AI Suites => traffic for AI-related sites │ │ │
│ │ │ - Global TV => traffic for video / streaming │ │ │
│ │ │ - ...others... │ │ │
│ │ └───────────────────────────────────────────────────────────┘ │ │
│ │ │ │
│ │ 2 Proxy Profiles / Nodes (vmess etc.) │ │
│ │ ┌───────────────────────────────────────────────────────────┐ │ │
│ │ │ Nodes │ │ │
│ │ │ - vmess://host_foo:port_direct │ │ │
│ │ │ - vmess://host_foo:port_proxy_cheap │ │ │
│ │ └───────────────────────────────────────────────────────────┘ │ │
│ │ │ │
│ │ 3 Policy Routing (where traffic goes) │ │
│ │ ┌───────────────────────────────────────────────────────────┐ │ │
│ │ │ Default PROXY traffic ────┐ │ │ │
│ │ │ -> host_foo:port_direct │ │ │ │
│ │ │ (or "Auto" if multiple) │ │ │ │
│ │ │ │ │ │ │
│ │ │ AI Suites traffic ─────────┴──> host_foo:port_proxy_cheap│ │ │
│ │ └───────────────────────────────────────────────────────────┘ │ │
│ └──────────────────────────────────────────────────────────────────────┘ │
└──────────────────────────────────────────────────────────────────────────────┘
│
│ (vmess tunnels)
v
┌──────────────────────────────────────────────────────────────────────────────┐
│ host_foo │
│ │
│ ┌─────────────────────────────── v2ray server #1 ───────────────────────┐ │
│ │ listen: port_direct │ │
│ │ outbound: direct (default egress) │ │
│ └───────────────┬───────────────────────────────────────────────────────┘ │
│ │ │
│ │ (normal proxy egress) │
│ v │
│ ┌───────────────┐ │
│ │ Internet │ (direct route out) │
│ └───────────────┘ │
│ │
│ ┌─────────────────────────────── v2ray server #2 ───────────────────────┐ │
│ │ listen: port_proxy_cheap │ │
│ │ outbound: socks5 -> ProxyCheap │ │
│ └───────────────┬───────────────────────────────────────────────────────┘ │
│ │ │
│ v │
│ ┌───────────────────┐ ┌───────────────────┐ │
│ │ Socks5 Proxy │ ---> │ Internet │ │
│ │ (ProxyCheap) │ │(egress via rented)│ │
│ └───────────────────┘ └───────────────────┘ │
└──────────────────────────────────────────────────────────────────────────────┘
- What your LAN is doing
- All devices connect to your OpenWrt router.
- OpenClash runs on the router and becomes the "traffic dispatcher" for the whole LAN.
- Rules: "lhie1 规则"
- OpenClash loads the community ruleset lhie1 规则.
- That ruleset maintains multiple rule groups / site categories, for example:
- AI Suites: all AI-related traffic
- Global TV: video / streaming traffic
- plus other categories
- Nodes in OpenClash (protocols + endpoints)
In OpenClash you define proxy nodes (example: vmess) that target the same server but different ports:
- vmess -> host_foo:port_direct
- vmess -> host_foo:port_proxy_cheap
These two ports are intentionally mapped to two different egress behaviors on host_foo.
- host_foo: two v2ray servers, two egress paths
On host_foo you run two v2ray instances (or one instance with two inbounds), each with a different outbound:
- v2ray #1
- listens on: port_direct
- outbound: direct Internet
- purpose: default "proxy-but-direct-egress" path
- v2ray #2
- listens on: port_proxy_cheap
- outbound: SOCKS5 -> ProxyCheap
- purpose: force selected traffic (AI Suites) to exit via the rented proxy
- Policy routing in OpenClash (the key intent)
Set OpenClash policy like this:
- Default PROXY:
- route to host_foo:port_direct
- or use "Auto / URL-test" to pick the best node if you have multiple host_*
- AI Suites (rule group):
- force route to host_foo:port_proxy_cheap
Result:
- Most proxied traffic takes the normal route (host_foo direct egress).
- AI-related traffic takes the "cheaper proxy egress" route (host_foo -> socks5 ProxyCheap).
| Layer | Component | Responsibility |
|---|---|---|
| LAN | devices | generate traffic |
| Router | OpenWrt | gateway for LAN |
| Router | OpenClash | rule-based proxy dispatcher |
| Rules | lhie1 规则 | categorizes destinations (AI Suites, Global TV, …) |
| Nodes | vmess endpoints | provide two “doors” into host_foo |
| Server | host_foo v2ray #1 | direct outbound egress |
| Server | host_foo v2ray #2 | socks5 outbound via ProxyCheap: https://proxy-cheap.com |
/usr/local/etc/v2ray/config_proxy_cheap.json
Below is the example of your v2ray server side configuration, where
- its UUID is
72d4e5ae-BBBB-CCCC-1234-f8c527642dea, this is for auth, your password, change it - its listen port is
12345, theport_proxy_cheapmentioned above - your Porxy Cheap socks proxy is
2.3.4.5:23456with user:foo, password:bar
{
"inbounds": [
{
"port": 12345,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "72d4e5ae-BBBB-CCCC-1234-f8c527642dea",
"level": 0,
"alterId": 0
}
]
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {},
"tag": "default"
},
{
"protocol": "socks",
"settings": {
"servers": [
{
"address": "2.3.4.5",
"port": 23456,
"users": [
{
"user": "foo",
"pass": "bar"
}
]
}
]
},
"tag": "proxycheap"
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
],
"routing": {
"rules": [
{
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "blocked"
},
{
"type": "field",
"outboundTag": "proxycheap",
"domain": ["geosite:netflix", "geosite:google"]
},
{
"type": "field",
"outboundTag": "proxycheap",
"network": "udp,tcp"
}
]
}
}