dae/docs/en
/gray c091694b14
fix: auto_config_kernel_parameter sets net.ipv6.conf.all.forwarding=1 when binding lan interfaces (#499)
Co-authored-by: Sumire (菫) <151038614+sumire88@users.noreply.github.com>
Co-authored-by: dae-prow[bot] <136105375+dae-prow[bot]@users.noreply.github.com>
2024-04-15 08:17:14 +08:00
..
configuration docs: add guide to separate configuration files (#389) 2023-12-30 21:17:07 +08:00
development refactor(/docs): rework documentation structure layout (#179) 2023-07-09 17:31:47 +08:00
tutorials docs(tutorials): add dae-with-opnsense(en/zh) (#438) 2024-01-23 21:06:24 +08:00
user-guide fix: auto_config_kernel_parameter sets net.ipv6.conf.all.forwarding=1 when binding lan interfaces (#499) 2024-04-15 08:17:14 +08:00
how-it-works.md feat(bpf): implement stack bypass (#458) 2024-03-01 18:27:02 +08:00
proxy-protocols.md feat: add httpupgrade (#472) 2024-03-27 12:53:47 +08:00
README.md feat: support to maintain udp conn state (#493) 2024-04-08 22:23:55 +08:00
troubleshooting.md docs(troubleshooting.md): add firewalld related docs (#403) 2024-01-03 01:45:41 +08:00

Quick Start Guide

简体中文 | English

Linux Kernel Requirement

Kernel Version

Use uname -r to check the kernel version on your machine.

Note

If you find your kernel version is < 5.8, follow the Upgrade Guide to upgrade the kernel to the minimum required version.

Bind to LAN: >= 5.8

You need bind dae to LAN interface, if you want to provide network service for LAN as an intermediate device.

This feature requires the kernel version of machine on which dae install >= 5.8.

Note that if you bind dae to LAN only, dae only provide network service for traffic from LAN, and not impact local programs.

Bind to WAN: >= 5.15

You need bind dae to WAN interface, if you want dae to provide network service for local programs.

This feature requires kernel version of the machine >= 5.15.

Note that if you bind dae to WAN only, dae only provide network service for local programs and not impact traffic coming in from other interfaces.

Use trace command

If you want to use dae trace command to triage network connectivity issue, the kernel version is required to be >= 5.15.

Kernel Configurations

Usually, mainstream desktop distributions have these items turned on. But in order to reduce kernel size, some items are turned off by default on embedded device distributions like OpenWRT, Armbian, etc.

Use following command to show kernel configuration items on your machine.

zcat /proc/config.gz || cat /boot/{config,config-$(uname -r)}

dae needs:

CONFIG_BPF=y
CONFIG_BPF_SYSCALL=y
CONFIG_BPF_JIT=y
CONFIG_CGROUPS=y
CONFIG_KPROBES=y
CONFIG_NET_INGRESS=y
CONFIG_NET_EGRESS=y
CONFIG_NET_SCH_INGRESS=m
CONFIG_NET_CLS_BPF=m
CONFIG_NET_CLS_ACT=y
CONFIG_BPF_STREAM_PARSER=y
CONFIG_DEBUG_INFO=y
# CONFIG_DEBUG_INFO_REDUCED is not set
CONFIG_DEBUG_INFO_BTF=y
CONFIG_KPROBE_EVENTS=y
CONFIG_BPF_EVENTS=y

Check them using command like:

(zcat /proc/config.gz || cat /boot/{config,config-$(uname -r)}) | grep -E 'CONFIG_(DEBUG_INFO|DEBUG_INFO_BTF|KPROBES|KPROBE_EVENTS|BPF|BPF_SYSCALL|BPF_JIT|BPF_STREAM_PARSER|NET_CLS_ACT|NET_SCH_INGRESS|NET_INGRESS|NET_EGRESS|NET_CLS_BPF|BPF_EVENTS|CGROUPS)=|# CONFIG_DEBUG_INFO_REDUCED is not set'

Note

: Armbian users can follow the Upgrade Guide to upgrade the kernel to meet the kernel configuration requirement.

Installation

Arch Linux / Manjaro

dae has been released on AUR and archlinuxcn.

Install by AUR Helper

[yay/paru] -S dae

Install Manually

pacman -S --needed git base-devel
git clone https://aur.archlinux.org/dae.git
cd dae
makepkg -si

After installation, use systemctl to control it.

# start dae
sudo systemctl start dae

# auto start dae at boot
sudo systemctl enable dae

Gentoo Linux

dae has been released on gentoo-zh

use app-eselect/eselect-repository to enable this overlay:

eselect repository enable gentoo-zh
emaint sync -r gentoo-zh
emerge -a net-proxy/dae

Alpine

See run on alpine.

macOS

We provide a hacky way to run dae on your macOS. See run on macOS.

Docker

Pre-built image and related docs can be found at https://hub.docker.com/r/daeuniverse/dae.

Alternatively, you can use docker compose:

git clone --depth=1 https://github.com/daeuniverse/dae
docker compose up -d --build

Manual installation

Note

: This approach is ONLY recommended for advanced users. With this approach, users may have flexibility to test various versions of dae. Noted that newly introduced features are sometimes buggy, do it at your own risk.

dae can run as a daemon (systemd) service. See run-as-daemon

Installation Script

See daeuniverse/dae-installer (or mirror).

Build from scratch

See Build Guide.

Minimal Configuration

For minimal bootable config:

global{}
routing{}

However, this config leaves dae no-load state. If you want dae to be in working state, following is a best practice for small config:

global {
  # Bind to LAN and/or WAN as you want. Replace the interface name to your own.
  #lan_interface: docker0
  wan_interface: auto # Use "auto" to auto detect WAN interface.

  log_level: info
  allow_insecure: false
  auto_config_kernel_parameter: true
}

subscription {
  # Fill in your subscription links here.
}

# See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/dns.md for full examples.
dns {
  upstream {
    googledns: 'tcp+udp://dns.google.com:53'
    alidns: 'udp://dns.alidns.com:53'
  }
  routing {
    request {
      fallback: alidns
    }
    response {
      upstream(googledns) -> accept
      ip(geoip:private) && !qname(geosite:cn) -> googledns
      fallback: accept
    }
  }
}

group {
  proxy {
    #filter: name(keyword: HK, keyword: SG)
    policy: min_moving_avg
  }
}

# See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md for full examples.
routing {
  pname(NetworkManager) -> direct
  dip(224.0.0.0/3, 'ff00::/8') -> direct

  ### Write your rules below.

  # Disable h3 because it usually consumes too much cpu/mem resources.
  l4proto(udp) && dport(443) -> block
  dip(geoip:private) -> direct
  dip(geoip:cn) -> direct
  domain(geosite:cn) -> direct

  fallback: proxy
}

See more at example.dae.

If you use PVE, refer to #37.

Reload and suspend

When the configuration changes, it is convenient to use command to hot reload the configuration, and the existing connection will not be interrupted in the process. When you want to suspend dae, you can use command to pause.

See Reload and suspend.

Troubleshooting

See Troubleshooting.