1 Symptoms that masquerade as routing or “dead nodes”
Firewall misconfiguration rarely prints a banner that says “blocked by Windows Defender.” Instead you get the same vague pain as a broken upstream: pages that never finish loading, applications that claim they are offline, DNS timeouts, or split behavior where one browser works while another does not. TUN mode amplifies the confusion because it changes how packets leave the machine. Users often assume the tunnel interface is up—therefore Clash must be routing—when in reality the OS packet filter is dropping or restricting flows before your policy groups ever see them.
A practical discriminator is whether the failure appears immediately after enabling TUN or after a Windows update, security suite install, or network change (for example, reconnecting Wi‑Fi and landing on a Public profile). If toggling TUN off restores basic connectivity while system proxy still works, treat firewall and adapter permissions as first-class suspects alongside YAML and subscription health. If nothing works even with Clash stopped, the problem is outside this article—start with physical connectivity and DNS.
If you have not installed the client yet, use our Clash Verge Rev Windows install guide first, then return here when TUN is enabled but the OS still feels “locked down.”
2 Why Windows Defender Firewall intersects Clash and TUN
Windows Defender Firewall is a stateful host firewall. It associates rules with executables, services, and network profiles. Clash distributions such as Clash Verge Rev ship a user interface process, a core that may run elevated, and—when you enable TUN mode—kernel-level components that present a virtual interface and participate in the routing table. Each of those layers can trigger a separate prompt or silently default to “block” depending on how the binary was first launched and which profile Windows assigned to your active network.
Many “it worked yesterday” reports trace back to a profile flip: coffee-shop Wi‑Fi marks the connection Public, which applies stricter defaults than a trusted Private home LAN. The same allow rule created for Private does not automatically cover Public. Likewise, if you allowed verge-mihomo.exe but the running core is a differently named binary after an update, the old rule no longer matches. The firewall is literal: wrong executable path, wrong profile, wrong direction (inbound vs outbound)—and traffic stalls.
TUN also interacts with split routing and corporate VPN clients in ways that resemble firewall blocks. If you use a company VPN, read our split-tunnel route guide in parallel; firewall fixes will not replace conflicting interface metrics from enterprise software.
3 Set the network to Private before you chase YAML
Open Settings → Network & internet → Wi‑Fi or Ethernet → your connection → Network profile type. For a home or lab machine where you intentionally run Clash with TUN, choose Private. Public networks apply more restrictive defaults and are the right choice on untrusted hotspots—but they are also the fastest way to make an allow rule you created “for Private only” irrelevant while you are sitting in an airport lounge wondering why the tunnel broke.
After switching profiles, disconnect and reconnect once, then reopen Clash and re-enable TUN. Confirm Windows still shows the expected profile; some enterprise MDM policies force Public regardless of UI choices. If policy locks the profile, you must duplicate firewall rules for Public or ask IT for an exception—there is no magic flag inside Clash that overrides domain-wide security baselines.
Advanced users can inspect the current category in PowerShell (output varies by edition; treat this as a hint, not a compliance tool):
Get-NetConnectionProfile | Select-Object Name, InterfaceAlias, NetworkCategory4 Allow Clash executables through the firewall (GUI path)
Open Windows Security → Firewall & network protection → Allow an app through firewall. Click Change settings (administrator required) and then Allow another app…. Browse to the Clash Verge Rev install directory and add the main UI executable. Repeat for the Mihomo core binary actually shown in Task Manager when TUN is active—after updates, names or paths can shift, so prefer what you observe on disk over forum screenshots from last year.
Ensure both Private and, if you need hotspot use, Public checkboxes are selected for each entry you rely on. If you only tick Private, you will reproduce the “works at home, dies on travel” pattern. Conversely, avoid enabling Public on shared PCs unless you understand the exposure: you are explicitly telling Windows to permit those binaries to talk on untrusted networks.
If a prompt appeared the first time you launched TUN and you clicked “Cancel” or “Block,” Windows may have created a deny-biased state. Removing and re-adding the application entries clears stale associations faster than guessing which hidden rule misfired. After changes, restart Clash as administrator if your workflow requires service-mode TUN (see §6).
AppData vs Program Files each need their own entries if you actually run them.
5 When to add an inbound rule (and when not to)
Most client-only browsing workflows are satisfied with outbound allowances: the PC initiates connections to your proxy endpoints, and return traffic is accepted as part of established flows. Certain scenarios—local API dashboards, LAN sharing, experimental listeners, or tools that open reverse channels—may require explicit inbound rules. If Clash’s external controller or a sidecar panel listens on a LAN address, Windows Defender may block incoming SYN packets unless you define a scoped inbound permit.
To create a rule, open Windows Security → Firewall & network protection → Advanced settings to launch the snap-in. Choose Inbound Rules → New Rule…, select Program, point to the same binary you verified in Task Manager, allow the connection, and restrict profiles to Private unless you have a concrete reason to expose the port on Public networks. Tie the rule to TCP and the specific local port when possible; “allow everything inbound” is a troubleshooting shortcut, not a steady state.
If your symptom is purely “no outbound internet when TUN is on,” inbound rules are usually secondary. If your symptom is “my phone cannot reach the mixed port on this PC,” inbound is primary. Match the rule type to the failure mode so you do not weaken the host without benefit.
6 Service mode, elevation, and TUN helpers
Many Mihomo-class cores need elevated privileges to create the TUN adapter and inject routes. If you run the UI unelevated but enable TUN, Windows may spawn a helper that still touches filtered paths. When documentation tells you to enable service mode or launch once as administrator, that is not snobbery—it aligns DACL and firewall prompts with the identity that actually owns the tunnel.
After you change elevation patterns, revisit firewall allowances: the effective token may differ, and some security products treat services as separate subjects. A reliable pattern is (1) install or update Clash, (2) launch elevated once with TUN enabled so Windows can prompt cleanly, (3) confirm allow rules for the binaries that appear in Task Manager, (4) only then test everyday unelevated launches if your client supports that split.
For a deeper walkthrough of adapters, DNS, and logging with TUN, pair this firewall checklist with our Clash Verge Rev TUN mode guide—the two documents answer different layers of the same stack.
7 Verify: separate firewall blocks from DNS, rules, and loopback
Work in short, falsifiable steps. First, with TUN off, confirm baseline browsing through system proxy or direct connection. Second, enable TUN and immediately watch Clash logs while loading a single known site. If logs show no connection attempts, packets are not reaching the core—think adapter, elevation, or competing VPN. If logs show attempts but stalls mid-flight, think upstream, SNI, or DNS. Third, temporarily pause third-party firewall products; if behavior changes instantly, export their logs before re-enabling.
On Windows, the built-in tool Test-NetConnection can hint at TCP reachability to your proxy host (replace host and port):
Test-NetConnection -ComputerName your.proxy.host -Port 443Interpret results cautiously: a failure can be routing, DNS, or remote outage—not automatically local firewall. Combine network traces with Clash’s connection list to see whether flows are denied before or after policy selection. For DNS-specific rabbit holes, our DNS leak prevention article explains FakeIP and resolver alignment; mis-DNS often masquerades as a firewall issue when browsers fail name resolution outright.
If only Microsoft Store or other UWP apps fail while Win32 browsers succeed, loopback isolation is more likely than Defender blocking TUN. Use the dedicated UWP loopback guide instead of duplicating firewall rules blindly.
8 Third-party suites, MDM, and “security hardening” scripts
Many “internet protection” bundles insert kernel filters ahead of Windows Defender’s UI. They may respect the same allow list—or ignore it. If you run such a suite, open its firewall page and mirror the executable allowances you created in Windows. Pay attention to “stealth mode,” “anti-port-scan,” and “block all incoming” toggles that undo careful inbound exceptions.
Enterprise-managed machines may deploy baseline templates that strip user-created rules on reboot. Symptoms look like “I fixed it Friday and Monday it returned.” In that world, scripted exemptions or signed packaged rules from IT are the only durable fix. Document the Clash binary hashes and required ports to speed up approval—security teams respond faster to specifics than to “make VPN software work.”
Community “debloating” scripts sometimes reset firewall policies aggressively. If you ran one recently, verify that the firewall service is running and that default profiles have not been forced to block outbound traffic. Restoring sane defaults beats chasing imaginary Clash regressions.
9 Wrap-up
When TUN mode looks enabled yet Windows behaves like the cable is cut, Windows Defender Firewall deserves a disciplined look: confirm Private network where appropriate, allow the exact executables you run, add inbound rules only when listeners require them, and align elevation or service mode with how the tunnel is created. This playbook complements—not replaces—sound Clash policy: subscriptions, selectors, and DNS still matter, but they cannot compensate for packets filtered before they reach Mihomo.
Among desktop clients, Clash Verge Rev keeps logs and toggles readable enough that you can correlate firewall changes with connection attempts instead of trading nodes at random. Compared with opaque one-click tools, that transparency pays off the moment Windows security software updates silently move your network profile to Public.
Prefer our download hub for installers; keep upstream repositories for source, issues, and license text—not as the primary place to grab unfamiliar binaries when you are already debugging security software interactions.
