diff --git a/luci-app-passwall2/Makefile b/luci-app-passwall2/Makefile
index 32c5404da..62d0a7b90 100644
--- a/luci-app-passwall2/Makefile
+++ b/luci-app-passwall2/Makefile
@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-passwall2
-PKG_VERSION:=1.20-10
+PKG_VERSION:=1.20-11
 PKG_RELEASE:=
 
 PKG_CONFIG_DEPENDS:= \
diff --git a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/hysteria.lua b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/hysteria2.lua
similarity index 67%
rename from luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/hysteria.lua
rename to luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/hysteria2.lua
index 4f28e3ba7..a8fc17d66 100644
--- a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/hysteria.lua
+++ b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/hysteria2.lua
@@ -6,22 +6,20 @@ if not api.finded_com("hysteria") then
 	return
 end
 
-local type_name = "Hysteria"
+local type_name = "Hysteria2"
 
-local option_prefix = "hysteria_"
+local option_prefix = "hysteria2_"
 
 local function option_name(name)
 	return option_prefix .. name
 end
 
--- [[ Hysteria ]]
+-- [[ Hysteria2 ]]
 
-s.fields["type"]:value(type_name, translate("Hysteria"))
+s.fields["type"]:value(type_name, "Hysteria2")
 
 o = s:option(ListValue, option_name("protocol"), translate("Protocol"))
 o:value("udp", "UDP")
-o:value("faketcp", "faketcp")
-o:value("wechat-video", "wechat-video")
 
 o = s:option(Value, option_name("address"), translate("Address (Support Domain Name)"))
 
@@ -34,19 +32,8 @@ o.rewrite_option = o.option
 o = s:option(Value, option_name("obfs"), translate("Obfs Password"))
 o.rewrite_option = o.option
 
-o = s:option(ListValue, option_name("auth_type"), translate("Auth Type"))
-o:value("disable", translate("Disable"))
-o:value("string", translate("STRING"))
-o:value("base64", translate("BASE64"))
-o.rewrite_option = o.option
-
 o = s:option(Value, option_name("auth_password"), translate("Auth Password"))
 o.password = true
-o:depends({ [option_name("auth_type")] = "string"})
-o:depends({ [option_name("auth_type")] = "base64"})
-o.rewrite_option = o.option
-
-o = s:option(Value, option_name("alpn"), translate("QUIC TLS ALPN"))
 o.rewrite_option = o.option
 
 o = s:option(Flag, option_name("fast_open"), translate("Fast Open"))
@@ -58,11 +45,14 @@ o = s:option(Flag, option_name("tls_allowInsecure"), translate("allowInsecure"),
 o.default = "0"
 
 o = s:option(Value, option_name("up_mbps"), translate("Max upload Mbps"))
-o.default = "10"
+o.default = "100"
 o.rewrite_option = o.option
 
 o = s:option(Value, option_name("down_mbps"), translate("Max download Mbps"))
-o.default = "50"
+o.default = "100"
+o.rewrite_option = o.option
+
+o = s:option(Value, option_name("hop_interval"), translate("Hop Interval"))
 o.rewrite_option = o.option
 
 o = s:option(Value, option_name("recv_window_conn"), translate("QUIC stream receive window"))
@@ -71,19 +61,11 @@ o.rewrite_option = o.option
 o = s:option(Value, option_name("recv_window"), translate("QUIC connection receive window"))
 o.rewrite_option = o.option
 
-o = s:option(Value, option_name("handshake_timeout"), translate("Handshake Timeout"))
-o.rewrite_option = o.option
-
 o = s:option(Value, option_name("idle_timeout"), translate("Idle Timeout"))
 o.rewrite_option = o.option
 
-o = s:option(Value, option_name("hop_interval"), translate("Hop Interval"))
-o.rewrite_option = o.option
-
 o = s:option(Flag, option_name("disable_mtu_discovery"), translate("Disable MTU detection"))
-o.rewrite_option = o.option
-
-o = s:option(Flag, option_name("lazy_start"), translate("Lazy Start"))
+o.default = "0"
 o.rewrite_option = o.option
 
 api.luci_types(arg[1], m, s, type_name, option_prefix)
diff --git a/luci-app-passwall2/luasrc/model/cbi/passwall2/server/type/hysteria.lua b/luci-app-passwall2/luasrc/model/cbi/passwall2/server/type/hysteria2.lua
similarity index 52%
rename from luci-app-passwall2/luasrc/model/cbi/passwall2/server/type/hysteria.lua
rename to luci-app-passwall2/luasrc/model/cbi/passwall2/server/type/hysteria2.lua
index ced902a29..ea4556a71 100644
--- a/luci-app-passwall2/luasrc/model/cbi/passwall2/server/type/hysteria.lua
+++ b/luci-app-passwall2/luasrc/model/cbi/passwall2/server/type/hysteria2.lua
@@ -6,40 +6,26 @@ if not api.finded_com("hysteria") then
 	return
 end
 
-local type_name = "Hysteria"
+local type_name = "Hysteria2"
 
-local option_prefix = "hysteria_"
+local option_prefix = "hysteria2_"
 
 local function option_name(name)
 	return option_prefix .. name
 end
 
--- [[ Hysteria ]]
+-- [[ Hysteria2 ]]
 
-s.fields["type"]:value(type_name, translate("Hysteria"))
+s.fields["type"]:value(type_name, "Hysteria2")
 
 o = s:option(Value, option_name("port"), translate("Listen Port"))
 o.datatype = "port"
 
-o = s:option(ListValue, option_name("protocol"), translate("Protocol"))
-o:value("udp", "UDP")
-o:value("faketcp", "faketcp")
-o:value("wechat-video", "wechat-video")
-
 o = s:option(Value, option_name("obfs"), translate("Obfs Password"))
 o.rewrite_option = o.option
 
-o = s:option(ListValue, option_name("auth_type"), translate("Auth Type"))
-o:value("disable", translate("Disable"))
-o:value("string", translate("STRING"))
-o.rewrite_option = o.option
-
 o = s:option(Value, option_name("auth_password"), translate("Auth Password"))
 o.password = true
-o:depends({ [option_name("auth_type")] = "string" })
-o.rewrite_option = o.option
-
-o = s:option(Value, option_name("alpn"), translate("QUIC TLS ALPN"))
 o.rewrite_option = o.option
 
 o = s:option(Flag, option_name("udp"), translate("UDP"))
@@ -47,40 +33,19 @@ o.default = "1"
 o.rewrite_option = o.option
 
 o = s:option(Value, option_name("up_mbps"), translate("Max upload Mbps"))
-o.default = "10"
+o.default = "100"
 o.rewrite_option = o.option
 
 o = s:option(Value, option_name("down_mbps"), translate("Max download Mbps"))
-o.default = "50"
+o.default = "100"
 o.rewrite_option = o.option
 
-o = s:option(Value, option_name("recv_window_conn"), translate("QUIC stream receive window"))
+o = s:option(Flag, option_name("ignoreClientBandwidth"), translate("ignoreClientBandwidth"))
+o.default = "0"
 o.rewrite_option = o.option
 
-o = s:option(Value, option_name("recv_window"), translate("QUIC connection receive window"))
-o.rewrite_option = o.option
-
-o = s:option(Flag, option_name("disable_mtu_discovery"), translate("Disable MTU detection"))
-o.rewrite_option = o.option
-
-o = s:option(Flag, option_name("tls"), translate("TLS"))
-o.default = 0
-o.validate = function(self, value, t)
-	if value then
-		if value == "1" then
-			local ca = s.fields[option_name("tls_certificateFile")]:formvalue(t) or ""
-			local key = s.fields[option_name("tls_keyFile")]:formvalue(t) or ""
-			if ca == "" or key == "" then
-				return nil, translate("Public key and Private key path can not be empty!")
-			end
-		end
-		return value
-	end
-end
-
 o = s:option(FileUpload, option_name("tls_certificateFile"), translate("Public key absolute path"), translate("as:") .. "/etc/ssl/fullchain.pem")
 o.default = m:get(s.section, "tls_certificateFile") or "/etc/config/ssl/" .. arg[1] .. ".pem"
-o:depends({ [option_name("tls")] = true })
 o.validate = function(self, value, t)
 	if value and value ~= "" then
 		if not nixio.fs.access(value) then
@@ -94,7 +59,6 @@ end
 
 o = s:option(FileUpload, option_name("tls_keyFile"), translate("Private key absolute path"), translate("as:") .. "/etc/ssl/private.key")
 o.default = m:get(s.section, "tls_keyFile") or "/etc/config/ssl/" .. arg[1] .. ".key"
-o:depends({ [option_name("tls")] = true })
 o.validate = function(self, value, t)
 	if value and value ~= "" then
 		if not nixio.fs.access(value) then
diff --git a/luci-app-passwall2/luasrc/passwall2/api.lua b/luci-app-passwall2/luasrc/passwall2/api.lua
index f74f6770d..b5af55ac4 100644
--- a/luci-app-passwall2/luasrc/passwall2/api.lua
+++ b/luci-app-passwall2/luasrc/passwall2/api.lua
@@ -719,6 +719,9 @@ function to_check(arch, app_name)
 	end
 
 	local remote_version = json.tag_name
+	if com[app_name].remote_version_str_replace then
+		remote_version = remote_version:gsub(com[app_name].remote_version_str_replace, "")
+	end
 	local has_update = compare_versions(local_version:match("[^v]+"), "<", remote_version:match("[^v]+"))
 
 	if not has_update then
diff --git a/luci-app-passwall2/luasrc/passwall2/com.lua b/luci-app-passwall2/luasrc/passwall2/com.lua
index 61366cc38..e12b6ab00 100644
--- a/luci-app-passwall2/luasrc/passwall2/com.lua
+++ b/luci-app-passwall2/luasrc/passwall2/com.lua
@@ -23,7 +23,8 @@ _M.hysteria = {
 	name = "Hysteria",
 	repo = "HyNetwork/hysteria",
 	get_url = gh_release_url,
-	cmd_version = "-v | awk '{print $3}'",
+	cmd_version = "version | awk '/^Version:/ {print $2}'",
+	remote_version_str_replace = "app/",
 	zipped = false,
 	default_path = "/usr/bin/hysteria",
 	match_fmt_str = "linux%%-%s$",
diff --git a/luci-app-passwall2/luasrc/passwall2/server_app.lua b/luci-app-passwall2/luasrc/passwall2/server_app.lua
index 476cb1bad..d77a65d7a 100644
--- a/luci-app-passwall2/luasrc/passwall2/server_app.lua
+++ b/luci-app-passwall2/luasrc/passwall2/server_app.lua
@@ -159,8 +159,8 @@ local function start()
 					brook_path_arg = " --path " .. brook_path
 				end
 				bin = ln_run(api.get_app_path("brook"), "brook_" .. id, string.format("--debug %s -l :%s -p %s%s", brook_protocol, port, brook_password, brook_path_arg), log_path)
-			elseif type == "Hysteria" then
-				config = require(require_dir .. "util_hysteria").gen_config_server(user)
+			elseif type == "Hysteria2" then
+				config = require(require_dir .. "util_hysteria2").gen_config_server(user)
 				bin = ln_run(api.get_app_path("hysteria"), "hysteria", "-c " .. config_file .. " server", log_path)
 			end
 
diff --git a/luci-app-passwall2/luasrc/passwall2/util_hysteria.lua b/luci-app-passwall2/luasrc/passwall2/util_hysteria.lua
deleted file mode 100644
index e55586427..000000000
--- a/luci-app-passwall2/luasrc/passwall2/util_hysteria.lua
+++ /dev/null
@@ -1,104 +0,0 @@
-module("luci.passwall2.util_hysteria", package.seeall)
-local api = require "luci.passwall2.api"
-local uci = api.uci
-local jsonc = api.jsonc
-
-function gen_config_server(node)
-	local config = {
-		listen = ":" .. node.port,
-		protocol = node.protocol or "udp",
-		obfs = node.hysteria_obfs,
-		cert = node.tls_certificateFile,
-		key = node.tls_keyFile,
-		auth = (node.hysteria_auth_type == "string") and {
-			mode = "password",
-			config = {
-				password = node.hysteria_auth_password
-			}
-		} or nil,
-		disable_udp = (node.hysteria_udp == "0") and true or false,
-		alpn = node.hysteria_alpn or nil,
-		up_mbps = tonumber(node.hysteria_up_mbps) or 10,
-		down_mbps = tonumber(node.hysteria_down_mbps) or 50,
-		recv_window_conn = (node.hysteria_recv_window_conn) and tonumber(node.hysteria_recv_window_conn) or nil,
-		recv_window = (node.hysteria_recv_window) and tonumber(node.hysteria_recv_window) or nil,
-		disable_mtu_discovery = (node.hysteria_disable_mtu_discovery) and true or false
-	}
-	return config
-end
-
-function gen_config(var)
-	local node_id = var["-node"]
-	if not node_id then
-		print("-node 不能为空")
-		return
-	end
-	local node = uci:get_all("passwall2", node_id)
-	local local_socks_address = var["-local_socks_address"] or "0.0.0.0"
-	local local_socks_port = var["-local_socks_port"]
-	local local_socks_username = var["-local_socks_username"]
-	local local_socks_password = var["-local_socks_password"]
-	local local_http_address = var["-local_http_address"] or "0.0.0.0"
-	local local_http_port = var["-local_http_port"]
-	local local_http_username = var["-local_http_username"]
-	local local_http_password = var["-local_http_password"]
-	local server_host = var["-server_host"] or node.address
-	local server_port = var["-server_port"] or node.port
-
-	if api.is_ipv6(server_host) then
-		server_host = api.get_ipv6_full(server_host)
-	end
-	local server = server_host .. ":" .. server_port
-
-	if (node.hysteria_hop) then
-		server = server .. "," .. node.hysteria_hop
-	end
-
-	local config = {
-		server = server,
-		protocol = node.protocol or "udp",
-		obfs = node.hysteria_obfs,
-		auth = (node.hysteria_auth_type == "base64") and node.hysteria_auth_password or nil,
-		auth_str = (node.hysteria_auth_type == "string") and node.hysteria_auth_password or nil,
-		alpn = node.hysteria_alpn or nil,
-		server_name = node.tls_serverName,
-		insecure = (node.tls_allowInsecure == "1") and true or false,
-		up_mbps = tonumber(node.hysteria_up_mbps) or 10,
-		down_mbps = tonumber(node.hysteria_down_mbps) or 50,
-		retry = -1,
-		retry_interval = 5,
-		recv_window_conn = (node.hysteria_recv_window_conn) and tonumber(node.hysteria_recv_window_conn) or nil,
-		recv_window = (node.hysteria_recv_window) and tonumber(node.hysteria_recv_window) or nil,
-		handshake_timeout = (node.hysteria_handshake_timeout) and tonumber(node.hysteria_handshake_timeout) or nil,
-		idle_timeout = (node.hysteria_idle_timeout) and tonumber(node.hysteria_idle_timeout) or nil,
-		hop_interval = (node.hysteria_hop_interval) and tonumber(node.hysteria_hop_interval) or nil,
-		disable_mtu_discovery = (node.hysteria_disable_mtu_discovery) and true or false,
-		fast_open = (node.fast_open == "1") and true or false,
-		lazy_start = (node.hysteria_lazy_start) and true or false,
-		socks5 = (local_socks_address and local_socks_port) and {
-			listen = local_socks_address .. ":" .. local_socks_port,
-			timeout = 300,
-			disable_udp = false,
-			user = (local_socks_username and local_socks_password) and local_socks_username,
-			password = (local_socks_username and local_socks_password) and local_socks_password,
-		} or nil,
-		http = (local_http_address and local_http_port) and {
-			listen = local_http_address .. ":" .. local_http_port,
-			timeout = 300,
-			disable_udp = false,
-			user = (local_http_username and local_http_password) and local_http_username,
-			password = (local_http_username and local_http_password) and local_http_password,
-		} or nil
-	}
-
-	return jsonc.stringify(config, 1)
-end
-
-_G.gen_config = gen_config
-
-if arg[1] then
-	local func =_G[arg[1]]
-	if func then
-		print(func(api.get_function_args(arg)))
-	end
-end
diff --git a/luci-app-passwall2/luasrc/passwall2/util_hysteria2.lua b/luci-app-passwall2/luasrc/passwall2/util_hysteria2.lua
new file mode 100644
index 000000000..8ae9b25f8
--- /dev/null
+++ b/luci-app-passwall2/luasrc/passwall2/util_hysteria2.lua
@@ -0,0 +1,115 @@
+module("luci.passwall2.util_hysteria2", package.seeall)
+local api = require "luci.passwall2.api"
+local uci = api.uci
+local jsonc = api.jsonc
+
+function gen_config_server(node)
+	local config = {
+		listen = ":" .. node.port,
+		tls = {
+			cert = node.tls_certificateFile,
+			key = node.tls_keyFile,
+		},
+		obfs = {
+			type = "salamander",
+			salamander = {
+				password = node.hysteria2_obfs
+			}
+		},
+		auth = {
+			type = "password",
+			password = node.hysteria2_auth_password
+		},
+		bandwidth = {
+			up = node.hysteria2_up_mbps and node.hysteria2_up_mbps .. " mbps" or "1 gbps",
+			down = node.hysteria2_down_mbps and node.hysteria2_down_mbps .. " mbps" or "1 gbps",
+		},
+		ignoreClientBandwidth = (node.hysteria2_ignoreClientBandwidth == "1") and true or false,
+		disable_udp = (node.hysteria2_udp == "0") and true or false,
+	}
+	return config
+end
+
+function gen_config(var)
+	local node_id = var["-node"]
+	if not node_id then
+		print("-node 不能为空")
+		return
+	end
+	local node = uci:get_all("passwall2", node_id)
+	local local_socks_address = var["-local_socks_address"] or "0.0.0.0"
+	local local_socks_port = var["-local_socks_port"]
+	local local_socks_username = var["-local_socks_username"]
+	local local_socks_password = var["-local_socks_password"]
+	local local_http_address = var["-local_http_address"] or "0.0.0.0"
+	local local_http_port = var["-local_http_port"]
+	local local_http_username = var["-local_http_username"]
+	local local_http_password = var["-local_http_password"]
+	local server_host = var["-server_host"] or node.address
+	local server_port = var["-server_port"] or node.port
+
+	if api.is_ipv6(server_host) then
+		server_host = api.get_ipv6_full(server_host)
+	end
+	local server = server_host .. ":" .. server_port
+
+	if (node.hysteria2_hop) then
+		server = server .. "," .. node.hysteria2_hop
+	end
+
+	local config = {
+		server = server,
+		transport = {
+			type = node.protocol or "udp",
+			udp = {
+				hopInterval = node.hysteria2_hop_interval and node.hysteria2_hop_interval .. "s" or "30s"
+			}
+		},
+		obfs = {
+			type = "salamander",
+			salamander = {
+				password = node.hysteria2_obfs
+			}
+		},
+		auth = node.hysteria2_auth_password,
+		tls = {
+			sni = node.tls_serverName,
+			insecure = (node.tls_allowInsecure == "1") and true or false
+		},
+		quic = {
+			initStreamReceiveWindow = (node.hysteria2_recv_window) and tonumber(node.hysteria2_recv_window) or nil,
+			initConnReceiveWindow = (node.hysteria2_recv_window_conn) and tonumber(node.hysteria2_recv_window_conn) or nil,
+			maxIdleTimeout = (node.hysteria2_idle_timeout) and tonumber(node.hysteria2_idle_timeout) or nil,
+			disablePathMTUDiscovery = (node.hysteria2_disable_mtu_discovery) and true or false,
+		},
+		bandwidth = {
+			up = node.hysteria2_up_mbps and node.hysteria2_up_mbps .. " mbps" or "100 mbps",
+			down = node.hysteria2_down_mbps and node.hysteria2_down_mbps .. " mbps" or "100 mbps"
+		},
+		fast_open = (node.fast_open == "1") and true or false,
+		lazy = true,
+		socks5 = (local_socks_address and local_socks_port) and {
+			listen = local_socks_address .. ":" .. local_socks_port,
+			username = (local_socks_username and local_socks_password) and local_socks_username or nil,
+			password = (local_socks_username and local_socks_password) and local_socks_password or nil,
+			disable_udp = false,
+		} or nil,
+		http = (local_http_address and local_http_port) and {
+			listen = local_http_address .. ":" .. local_http_port,
+			username = (local_http_username and local_http_password) and local_http_username or nil,
+			password = (local_http_username and local_http_password) and local_http_password or nil,
+			disable_udp = false,
+		} or nil
+	}
+
+	return jsonc.stringify(config, 1)
+end
+
+_G.gen_config = gen_config
+
+if arg[1] then
+	local func =_G[arg[1]]
+	if func then
+		print(func(api.get_function_args(arg)))
+	end
+end
diff --git a/luci-app-passwall2/luasrc/passwall2/util_sing-box.lua b/luci-app-passwall2/luasrc/passwall2/util_sing-box.lua
index 808b0e0b0..bb775ec39 100644
--- a/luci-app-passwall2/luasrc/passwall2/util_sing-box.lua
+++ b/luci-app-passwall2/luasrc/passwall2/util_sing-box.lua
@@ -150,7 +150,7 @@ function gen_outbound(flag, node, tag, proxy_table)
 		if node.transport == "grpc" then
 			v2ray_transport = {
 				type = "grpc",
-				serviceName = node.grpc_serviceName,
+				service_name = node.grpc_serviceName,
 				idle_timeout = tonumber(node.grpc_idle_timeout) or nil,
 				ping_timeout = tonumber(node.grpc_health_check_timeout) or nil,
 				permit_without_stream = (node.grpc_permit_without_stream == "1") and true or nil,
@@ -676,14 +676,17 @@ function gen_config(var)
 	local local_http_username = var["-local_http_username"]
 	local local_http_password = var["-local_http_password"]
 	local dns_listen_port = var["-dns_listen_port"]
-	local direct_dns_port = var["-direct_dns_port"]
 	local direct_dns_udp_server = var["-direct_dns_udp_server"]
+	local direct_dns_udp_port = var["-direct_dns_udp_port"]
 	local direct_dns_query_strategy = var["-direct_dns_query_strategy"]
-	local remote_dns_port = var["-remote_dns_port"]
 	local remote_dns_udp_server = var["-remote_dns_udp_server"]
+	local remote_dns_udp_port = var["-remote_dns_udp_port"]
 	local remote_dns_tcp_server = var["-remote_dns_tcp_server"]
+	local remote_dns_tcp_port = var["-remote_dns_tcp_port"]
 	local remote_dns_doh_url = var["-remote_dns_doh_url"]
 	local remote_dns_doh_host = var["-remote_dns_doh_host"]
+	local remote_dns_doh_ip = var["-remote_dns_doh_ip"]
+	local remote_dns_doh_port = var["-remote_dns_doh_port"]
 	local remote_dns_query_strategy = var["-remote_dns_query_strategy"]
 	local remote_dns_fake = var["-remote_dns_fake"]
 	local dns_cache = var["-dns_cache"]
@@ -1088,109 +1091,105 @@ function gen_config(var)
 			reverse_mapping = true, --在响应 DNS 查询后存储 IP 地址的反向映射以为路由目的提供域名。
 			fakeip = nil,
 		}
-	
-		if true then
-			local dns_tag = "remote"
-	
-			local domain = {}
-			local domain_suffix = {}
-			local domain_keyword = {}
-			local domain_regex = {}
-			local geosite = {}
-			for index, value in ipairs(dns_remote_domains) do
-				if value:find("geosite:") == 1 then
-					table.insert(geosite, value:sub(1 + #"geosite:"))
-				elseif value:find("regexp:") == 1 then
-					table.insert(domain_regex, value:sub(1 + #"regexp:"))
-				elseif value:find("full:") == 1 then
-					table.insert(domain, value:sub(1 + #"full:"))
-				elseif value:find("domain:") == 1 then
-					table.insert(domain_keyword, value:sub(1 + #"domain:"))
-				else
-					table.insert(domain, value)
-				end
+
+		local dns_tag = "remote"
+
+		local domain = {}
+		local domain_suffix = {}
+		local domain_keyword = {}
+		local domain_regex = {}
+		local geosite = {}
+		for index, value in ipairs(dns_remote_domains) do
+			if value:find("geosite:") == 1 then
+				table.insert(geosite, value:sub(1 + #"geosite:"))
+			elseif value:find("regexp:") == 1 then
+				table.insert(domain_regex, value:sub(1 + #"regexp:"))
+			elseif value:find("full:") == 1 then
+				table.insert(domain, value:sub(1 + #"full:"))
+			elseif value:find("domain:") == 1 then
+				table.insert(domain_keyword, value:sub(1 + #"domain:"))
+			else
+				table.insert(domain, value)
 			end
-			local remote_rule = {
-				server = dns_tag,
-				domain = #domain > 0 and domain or nil,
-				domain_suffix = #domain_suffix > 0 and domain_suffix or nil,
-				domain_keyword = #domain_keyword > 0 and domain_keyword or nil,
-				domain_regex = #domain_regex > 0 and domain_regex or nil,
-				geosite = #geosite > 0 and geosite or nil,
-				disable_cache = true,
+		end
+		local remote_rule = {
+			server = dns_tag,
+			domain = #domain > 0 and domain or nil,
+			domain_suffix = #domain_suffix > 0 and domain_suffix or nil,
+			domain_keyword = #domain_keyword > 0 and domain_keyword or nil,
+			domain_regex = #domain_regex > 0 and domain_regex or nil,
+			geosite = #geosite > 0 and geosite or nil,
+			disable_cache = true,
+		}
+
+		local remote_strategy = "prefer_ipv6"
+		if remote_dns_query_strategy == "UseIPv4" then
+			remote_strategy = "ipv4_only"
+		elseif remote_dns_query_strategy == "UseIPv6" then
+			remote_strategy = "ipv6_only"
+		end
+
+		local server = {
+			tag = dns_tag,
+			address_strategy = "prefer_ipv4",
+			strategy = remote_strategy,
+			address_resolver = "direct",
+			detour = dns_outTag,
+		}
+
+		if remote_dns_udp_server then
+			local server_port = tonumber(remote_dns_udp_port) or 53
+			server.address = "udp://" .. remote_dns_udp_server .. ":" .. server_port
+		end
+
+		if remote_dns_tcp_server then
+			local server_port = tonumber(remote_dns_tcp_port) or 53
+			server.address = "tcp://" .. remote_dns_tcp_server .. ":" .. server_port
+		end
+
+		if remote_dns_doh_url then
+			server.address = remote_dns_doh_url
+		end
+
+		if server.address then
+			table.insert(dns.servers, server)
+		end
+
+		local fakedns_tag = dns_tag .. "_fakeip"
+		if remote_dns_fake then
+			dns.fakeip = {
+				enabled = true,
+				inet4_range = "198.18.0.0/16",
+				inet6_range = "fc00::/18",
 			}
-	
-			local remote_strategy = "prefer_ipv6"
-			if remote_dns_query_strategy == "UseIPv4" then
-				remote_strategy = "ipv4_only"
-			elseif remote_dns_query_strategy == "UseIPv6" then
-				remote_strategy = "ipv6_only"
-			end
-	
-			local server = {
-				tag = dns_tag,
-				address_strategy = "prefer_ipv4",
+
+			table.insert(dns.servers, {
+				tag = fakedns_tag,
+				address = "fakeip",
 				strategy = remote_strategy,
-				address_resolver = "direct",
-				detour = dns_outTag,
-			}
-	
-			local rule_server = dns_tag
-	
-			if remote_dns_udp_server then
-				local server_port = tonumber(remote_dns_port) or 53
-				server.address = "udp://" .. remote_dns_udp_server .. ":" .. server_port
-			end
-	
-			if remote_dns_tcp_server then
-				server.address = remote_dns_tcp_server
-			end
-	
-			if remote_dns_doh_url and remote_dns_doh_host then
-				server.address = remote_dns_doh_url
-			end
-	
-			if server.address then
-				table.insert(dns.servers, server)
-			end
-	
-			if remote_dns_fake then
-				dns.fakeip = {
-					enabled = true,
-					inet4_range = "198.18.0.0/16",
-					inet6_range = "fc00::/18",
+			})
+
+			if tags and tags:find("with_clash_api") then
+				if not experimental then
+					experimental = {}
+				end
+				experimental.clash_api = {
+					store_fakeip = true,
+					cache_file = "/tmp/singbox_passwall2_" .. flag .. ".db"
 				}
-
-				local fakedns_tag = dns_tag .. "_fakeip"
-
-				if not server.address then
-					fakedns_tag = dns_tag
-				end
-
-				table.insert(dns.servers, {
-					tag = fakedns_tag,
-					address = "fakeip",
-					strategy = remote_strategy,
-				})
-	
-				rule_server = fakedns_tag
-
-				if tags and tags:find("with_clash_api") then
-					if not experimental then
-						experimental = {}
-					end
-					experimental.clash_api = {
-						store_fakeip = true,
-						cache_file = "/tmp/singbox_passwall2_" .. flag .. ".db"
-					}
-				end
 			end
-	
-			if remote_rule.domain or remote_rule.domain_suffix or remote_rule.domain_keyword or remote_rule.domain_regex or remote_rule.geosite then
-				local rule = api.clone(remote_rule)
-				rule.server = rule_server
-				table.insert(dns.rules, rule)
+		end
+
+		if remote_rule.domain or remote_rule.domain_suffix or remote_rule.domain_keyword or remote_rule.domain_regex or remote_rule.geosite then
+			local rule = api.clone(remote_rule)
+			rule.server = dns_tag
+			if remote_dns_fake then
+				rule.query_type = {
+					"A", "AAAA"
+				}
+				rule.server = fakedns_tag
 			end
+			table.insert(dns.rules, rule)
 		end
 	
 		if direct_dns_udp_server then
@@ -1221,14 +1220,16 @@ function gen_config(var)
 			end
 			local direct_rule = {
 				server = dns_tag,
-				domain = domain,
+				domain = #domain > 0 and domain or nil,
 				domain_suffix = #domain_suffix > 0 and domain_suffix or nil,
 				domain_keyword = #domain_keyword > 0 and domain_keyword or nil,
 				domain_regex = #domain_regex > 0 and domain_regex or nil,
 				geosite = #geosite > 0 and geosite or nil,
 				disable_cache = false,
 			}
-			table.insert(dns.rules, direct_rule)
+			if direct_rule.domain or direct_rule.domain_suffix or direct_rule.domain_keyword or direct_rule.domain_regex or direct_rule.geosite then
+				table.insert(dns.rules, direct_rule)
+			end
 	
 			local direct_strategy = "prefer_ipv6"
 			if direct_dns_query_strategy == "UseIPv4" then
@@ -1237,7 +1238,7 @@ function gen_config(var)
 				direct_strategy = "ipv6_only"
 			end
 	
-			local port = tonumber(direct_dns_port) or 53
+			local port = tonumber(direct_dns_udp_port) or 53
 	
 			table.insert(dns.servers, {
 				tag = dns_tag,
@@ -1252,6 +1253,18 @@ function gen_config(var)
 			tag = "block",
 			address = "rcode://refused",
 		})
+
+		local default_dns_flag = "remote"
+		if node_id and redir_port then
+			local node = uci:get_all(appname, node_id)
+			if node.protocol == "_shunt" then
+				if node.default_node == "_direct" then
+					default_dns_flag = "direct"
+				end
+			end
+		else default_dns_flag = "direct"
+		end
+		dns.final = default_dns_flag
 	
 		table.insert(inbounds, {
 			type = "direct",
@@ -1271,18 +1284,6 @@ function gen_config(var)
 			},
 			outbound = "dns-out"
 		})
-	
-		local default_dns_flag = "remote"
-		if node_id and redir_port then
-			local node = uci:get_all(appname, node_id)
-			if node.protocol == "_shunt" then
-				if node.default_node == "_direct" then
-					default_dns_flag = "direct"
-				end
-			end
-		else default_dns_flag = "direct"
-		end
-		dns.final = default_dns_flag
 	end
 	
 	if inbounds or outbounds then
@@ -1408,22 +1409,24 @@ function gen_dns_config(var)
 	local dns_listen_port = var["-dns_listen_port"]
 	local dns_query_strategy = var["-dns_query_strategy"]
 	local dns_out_tag = var["-dns_out_tag"]
-	local dns_client_ip = var["-dns_client_ip"]
-	local direct_dns_server = var["-direct_dns_server"]
-	local direct_dns_port = var["-direct_dns_port"]
 	local direct_dns_udp_server = var["-direct_dns_udp_server"]
+	local direct_dns_udp_port = var["-direct_dns_udp_port"]
 	local direct_dns_tcp_server = var["-direct_dns_tcp_server"]
+	local direct_dns_tcp_port = var["-direct_dns_tcp_port"]
 	local direct_dns_doh_url = var["-direct_dns_doh_url"]
 	local direct_dns_doh_host = var["-direct_dns_doh_host"]
-	local remote_dns_server = var["-remote_dns_server"]
-	local remote_dns_port = var["-remote_dns_port"]
+	local direct_dns_doh_ip = var["-direct_dns_doh_ip"]
+	local direct_dns_doh_port = var["-direct_dns_doh_port"]
 	local remote_dns_udp_server = var["-remote_dns_udp_server"]
+	local remote_dns_udp_port = var["-remote_dns_udp_port"]
 	local remote_dns_tcp_server = var["-remote_dns_tcp_server"]
+	local remote_dns_tcp_port = var["-remote_dns_tcp_port"]
 	local remote_dns_doh_url = var["-remote_dns_doh_url"]
 	local remote_dns_doh_host = var["-remote_dns_doh_host"]
+	local remote_dns_doh_ip = var["-remote_dns_doh_ip"]
+	local remote_dns_doh_port = var["-remote_dns_doh_port"]
 	local remote_dns_outbound_socks_address = var["-remote_dns_outbound_socks_address"]
 	local remote_dns_outbound_socks_port = var["-remote_dns_outbound_socks_port"]
-	local remote_dns_fake = var["-remote_dns_fake"]
 	local dns_cache = var["-dns_cache"]
 	local log = var["-log"] or "0"
 	local loglevel = var["-loglevel"] or "warn"
@@ -1446,7 +1449,6 @@ function gen_dns_config(var)
 			disable_expire = false, --禁用 DNS 缓存过期。
 			independent_cache = false, --使每个 DNS 服务器的缓存独立，以满足特殊目的。如果启用，将轻微降低性能。
 			reverse_mapping = true, --在响应 DNS 查询后存储 IP 地址的反向映射以为路由目的提供域名。
-			fakeip = nil,
 		}
 	
 		if dns_out_tag == "remote" then
@@ -1456,26 +1458,18 @@ function gen_dns_config(var)
 				strategy = (dns_query_strategy and dns_query_strategy ~= "UseIP") and "ipv4_only" or "prefer_ipv6",
 				detour = "remote-out",
 			}
-
-			if remote_dns_fake then
-				server.address = "fakeip"
-				dns.fakeip = {
-					enabled = true,
-					inet4_range = "198.18.0.0/16",
-					inet6_range = "fc00::/18",
-				}
-			end
 	
 			if remote_dns_udp_server then
-				local server_port = tonumber(remote_dns_port) or 53
+				local server_port = tonumber(remote_dns_udp_port) or 53
 				server.address = "udp://" .. remote_dns_udp_server .. ":" .. server_port
 			end
 	
 			if remote_dns_tcp_server then
-				server.address = remote_dns_tcp_server
+				local server_port = tonumber(remote_dns_tcp_port) or 53
+				server.address = "tcp://" .. remote_dns_tcp_server .. ":" .. server_port
 			end
 	
-			if remote_dns_doh_url and remote_dns_doh_host then
+			if remote_dns_doh_url then
 				server.address = remote_dns_doh_url
 			end
 	
@@ -1488,10 +1482,8 @@ function gen_dns_config(var)
 				server_port = tonumber(remote_dns_outbound_socks_port),
 			})
 
-			table.insert(route.rules, {
-				network = {"tcp", "udp"},
-				outbound = "remote-out"
-			})
+			route.final = "remote-out"
+
 		elseif dns_out_tag == "direct" then
 			local server = {
 				tag = dns_out_tag,
@@ -1501,17 +1493,16 @@ function gen_dns_config(var)
 			}
 	
 			if direct_dns_udp_server then
-				local server_port = tonumber(direct_dns_port) or 53
+				local server_port = tonumber(direct_dns_udp_port) or 53
 				server.address = "udp://" .. direct_dns_udp_server .. ":" .. server_port
 			end
 	
 			if direct_dns_tcp_server then
-				local server_port = tonumber(direct_dns_port) or 53
-				server.address = direct_dns_tcp_server .. ":" .. server_port
+				local server_port = tonumber(direct_dns_tcp_port) or 53
+				server.address = "tcp://" .. direct_dns_tcp_server .. ":" .. server_port
 			end
 	
-			if direct_dns_doh_url and direct_dns_doh_host then
-				local server_port = tonumber(direct_dns_port) or 443
+			if direct_dns_doh_url then
 				server.address = direct_dns_doh_url
 			end
 	
diff --git a/luci-app-passwall2/luasrc/passwall2/util_xray.lua b/luci-app-passwall2/luasrc/passwall2/util_xray.lua
index e8e8e6a51..dafe89290 100644
--- a/luci-app-passwall2/luasrc/passwall2/util_xray.lua
+++ b/luci-app-passwall2/luasrc/passwall2/util_xray.lua
@@ -521,10 +521,10 @@ function gen_config(var)
 	local local_http_password = var["-local_http_password"]
 	local dns_listen_port = var["-dns_listen_port"]
 	local dns_query_strategy = var["-dns_query_strategy"]
-	local direct_dns_port = var["-direct_dns_port"]
 	local direct_dns_udp_server = var["-direct_dns_udp_server"]
-	local remote_dns_port = var["-remote_dns_port"]
+	local direct_dns_udp_port = var["-direct_dns_udp_port"]
 	local remote_dns_udp_server = var["-remote_dns_udp_server"]
+	local remote_dns_udp_port = var["-remote_dns_udp_port"]
 	local remote_dns_fake = var["-remote_dns_fake"]
 	local remote_dns_fake_strategy = var["-remote_dns_fake_strategy"]
 	local dns_cache = var["-dns_cache"]
@@ -1034,56 +1034,54 @@ function gen_config(var)
 			end)
 		end
 	
-		if true then
-			if remote_dns_udp_server then
-				local _remote_dns = {
-					_flag = "remote",
-					address = remote_dns_udp_server,
-					port = tonumber(remote_dns_port) or 53
-				}
-				if not remote_dns_fake then
-					_remote_dns.domains = #dns_remote_domains > 0 and dns_remote_domains or nil
-					--_remote_dns.expectIPs = #dns_remote_expectIPs > 0 and dns_remote_expectIPs or nil
-				end
-				_remote_dns_proto = "udp"
-				table.insert(dns.servers, _remote_dns)
-	
-				table.insert(routing.rules, 1, {
-					type = "field",
-					ip = {
-						remote_dns_udp_server
-					},
-					port = tonumber(remote_dns_port) or 53,
-					network = "udp",
-					outboundTag = "direct"
-				})
+		if remote_dns_udp_server then
+			local _remote_dns = {
+				_flag = "remote",
+				address = remote_dns_udp_server,
+				port = tonumber(remote_dns_udp_port) or 53
+			}
+			if not remote_dns_fake then
+				_remote_dns.domains = #dns_remote_domains > 0 and dns_remote_domains or nil
+				--_remote_dns.expectIPs = #dns_remote_expectIPs > 0 and dns_remote_expectIPs or nil
 			end
-			if remote_dns_fake then
-				fakedns = {}
-				local fakedns4 = {
-					ipPool = "198.18.0.0/16",
-					poolSize = 65535
-				}
-				local fakedns6 = {
-					ipPool = "fc00::/18",
-					poolSize = 65535
-				}
-				if remote_dns_fake_strategy == "UseIP" then
-					table.insert(fakedns, fakedns4)
-					table.insert(fakedns, fakedns6)
-				elseif remote_dns_fake_strategy == "UseIPv4" then
-					table.insert(fakedns, fakedns4)
-				elseif remote_dns_fake_strategy == "UseIPv6" then
-					table.insert(fakedns, fakedns6)
-				end
-				local _remote_dns = {
-					_flag = "remote_fakedns",
-					address = "fakedns",
-					domains = #dns_remote_domains > 0 and dns_remote_domains or nil
-					--expectIPs = #dns_remote_expectIPs > 0 and dns_remote_expectIPs or nil
-				}
-				table.insert(dns.servers, _remote_dns)
+			_remote_dns_proto = "udp"
+			table.insert(dns.servers, _remote_dns)
+
+			table.insert(routing.rules, 1, {
+				type = "field",
+				ip = {
+					remote_dns_udp_server
+				},
+				port = tonumber(remote_dns_udp_port) or 53,
+				network = "udp",
+				outboundTag = "direct"
+			})
+		end
+		if remote_dns_fake then
+			fakedns = {}
+			local fakedns4 = {
+				ipPool = "198.18.0.0/16",
+				poolSize = 65535
+			}
+			local fakedns6 = {
+				ipPool = "fc00::/18",
+				poolSize = 65535
+			}
+			if remote_dns_fake_strategy == "UseIP" then
+				table.insert(fakedns, fakedns4)
+				table.insert(fakedns, fakedns6)
+			elseif remote_dns_fake_strategy == "UseIPv4" then
+				table.insert(fakedns, fakedns4)
+			elseif remote_dns_fake_strategy == "UseIPv6" then
+				table.insert(fakedns, fakedns6)
 			end
+			local _remote_dns = {
+				_flag = "remote_fakedns",
+				address = "fakedns",
+				domains = #dns_remote_domains > 0 and dns_remote_domains or nil
+				--expectIPs = #dns_remote_expectIPs > 0 and dns_remote_expectIPs or nil
+			}
+			table.insert(dns.servers, _remote_dns)
 		end
 	
 		if true then
@@ -1100,13 +1098,13 @@ function gen_config(var)
 	
 			if direct_dns_udp_server then
 				_direct_dns.address = direct_dns_udp_server
-				_direct_dns.port = tonumber(direct_dns_port) or 53
+				_direct_dns.port = tonumber(direct_dns_udp_port) or 53
 				table.insert(routing.rules, 1, {
 					type = "field",
 					ip = {
 						direct_dns_udp_server
 					},
-					port = tonumber(direct_dns_port) or 53,
+					port = tonumber(direct_dns_udp_port) or 53,
 					network = "udp",
 					outboundTag = "direct"
 				})
@@ -1130,8 +1128,9 @@ function gen_config(var)
 			local direct_type_dns = {
 				settings = {
 					address = direct_dns_udp_server,
-					port = tonumber(direct_dns_port) or 53,
-					network = "udp"
+					port = tonumber(direct_dns_udp_port) or 53,
+					network = "udp",
+					nonIPQuery = "skip"
 				},
 				proxySettings = {
 					tag = "direct"
@@ -1140,20 +1139,14 @@ function gen_config(var)
 			local remote_type_dns = {
 				settings = {
 					address = remote_dns_udp_server,
-					port = tonumber(remote_dns_port) or 53,
-					network = _remote_dns_proto or "tcp"
+					port = tonumber(remote_dns_udp_port) or 53,
+					network = _remote_dns_proto or "tcp",
+					nonIPQuery = "skip"
 				},
 				proxySettings = {
 					tag = "direct"
 				}
 			}
-			local custom_type_dns = {
-				settings = {
-					address = "1.1.1.1",
-					port = 53,
-					network = "tcp",
-				}
-			}
 			local type_dns = remote_type_dns
 			table.insert(outbounds, {
 				tag = "dns-out",
@@ -1400,28 +1393,30 @@ function gen_dns_config(var)
 	local dns_query_strategy = var["-dns_query_strategy"]
 	local dns_out_tag = var["-dns_out_tag"]
 	local dns_client_ip = var["-dns_client_ip"]
-	local direct_dns_server = var["-direct_dns_server"]
-	local direct_dns_port = var["-direct_dns_port"]
 	local direct_dns_udp_server = var["-direct_dns_udp_server"]
+	local direct_dns_udp_port = var["-direct_dns_udp_port"]
 	local direct_dns_tcp_server = var["-direct_dns_tcp_server"]
+	local direct_dns_tcp_port = var["-direct_dns_tcp_port"]
 	local direct_dns_doh_url = var["-direct_dns_doh_url"]
 	local direct_dns_doh_host = var["-direct_dns_doh_host"]
-	local remote_dns_server = var["-remote_dns_server"]
-	local remote_dns_port = var["-remote_dns_port"]
+	local direct_dns_doh_ip = var["-direct_dns_doh_ip"]
+	local direct_dns_doh_port = var["-direct_dns_doh_port"]
 	local remote_dns_udp_server = var["-remote_dns_udp_server"]
+	local remote_dns_udp_port = var["-remote_dns_udp_port"]
 	local remote_dns_tcp_server = var["-remote_dns_tcp_server"]
+	local remote_dns_tcp_port = var["-remote_dns_tcp_port"]
 	local remote_dns_doh_url = var["-remote_dns_doh_url"]
 	local remote_dns_doh_host = var["-remote_dns_doh_host"]
+	local remote_dns_doh_ip = var["-remote_dns_doh_ip"]
+	local remote_dns_doh_port = var["-remote_dns_doh_port"]
 	local remote_dns_outbound_socks_address = var["-remote_dns_outbound_socks_address"]
 	local remote_dns_outbound_socks_port = var["-remote_dns_outbound_socks_port"]
-	local remote_dns_fake = var["-remote_dns_fake"]
 	local dns_cache = var["-dns_cache"]
 	local loglevel = var["-loglevel"] or "warning"
 	
 	local inbounds = {}
 	local outbounds = {}
 	local dns = nil
-	local fakedns = nil
 	local routing = nil
 
 	if dns_listen_port then
@@ -1447,46 +1442,31 @@ function gen_dns_config(var)
 			local _remote_dns = {
 				_flag = "remote"
 			}
-
-			if remote_dns_fake then
-				remote_dns_server = "1.1.1.1"
-				fakedns = {}
-				fakedns[#fakedns + 1] = {
-					ipPool = "198.18.0.0/16",
-					poolSize = 65535
-				}
-				if dns_query_strategy == "UseIP" then
-					fakedns[#fakedns + 1] = {
-						ipPool = "fc00::/18",
-						poolSize = 65535
-					}
-				end
-				_remote_dns.address = "fakedns"
-			end
-
-			other_type_dns_port = tonumber(remote_dns_port) or 53
-			other_type_dns_server = remote_dns_server
 	
 			if remote_dns_udp_server then
 				_remote_dns.address = remote_dns_udp_server
-				_remote_dns.port = tonumber(remote_dns_port) or 53
+				_remote_dns.port = tonumber(remote_dns_udp_port) or 53
+				
 				other_type_dns_proto = "udp"
+				other_type_dns_server = remote_dns_udp_server
+				other_type_dns_port = _remote_dns.port
 			end
 	
 			if remote_dns_tcp_server then
-				_remote_dns.address = remote_dns_tcp_server
-				_remote_dns.port = tonumber(remote_dns_port) or 53
+				_remote_dns.address = "tcp://" .. remote_dns_tcp_server
+				_remote_dns.port = tonumber(remote_dns_tcp_port) or 53
+				
 				other_type_dns_proto = "tcp"
+				other_type_dns_server = remote_dns_tcp_server
+				other_type_dns_port = _remote_dns.port
 			end
 	
 			if remote_dns_doh_url and remote_dns_doh_host then
-				if remote_dns_server and remote_dns_doh_host ~= remote_dns_server and not api.is_ip(remote_dns_doh_host) then
-					dns.hosts[remote_dns_doh_host] = remote_dns_server
+				if remote_dns_doh_ip and remote_dns_doh_host ~= remote_dns_doh_ip and not api.is_ip(remote_dns_doh_host) then
+					dns.hosts[remote_dns_doh_host] = remote_dns_doh_ip
 				end
 				_remote_dns.address = remote_dns_doh_url
-				_remote_dns.port = tonumber(remote_dns_port) or 443
-				other_type_dns_proto = "tcp"
-				other_type_dns_port = 53
+				_remote_dns.port = tonumber(remote_dns_doh_port) or 443
 			end
 	
 			table.insert(dns.servers, _remote_dns)
@@ -1510,44 +1490,40 @@ function gen_dns_config(var)
 			local _direct_dns = {
 				_flag = "direct"
 			}
-
-			other_type_dns_proto = tonumber(direct_dns_port) or 53
-			other_type_dns_server = direct_dns_server
 	
 			if direct_dns_udp_server then
 				_direct_dns.address = direct_dns_udp_server
-				_direct_dns.port = tonumber(direct_dns_port) or 53
+				_direct_dns.port = tonumber(direct_dns_udp_port) or 53
 				table.insert(routing.rules, 1, {
 					type = "field",
 					ip = {
 						direct_dns_udp_server
 					},
-					port = tonumber(direct_dns_port) or 53,
+					port = tonumber(direct_dns_udp_port) or 53,
 					network = "udp",
 					outboundTag = "direct"
 				})
-			end
 
-			if direct_dns_udp_server then
-				_direct_dns.address = direct_dns_udp_server
-				_direct_dns.port = tonumber(direct_dns_port) or 53
 				other_type_dns_proto = "udp"
+				other_type_dns_server = direct_dns_udp_server
+				other_type_dns_port = _direct_dns.port
 			end
 	
 			if direct_dns_tcp_server then
-				_direct_dns.address = direct_dns_tcp_server:gsub("tcp://", "tcp+local://")
-				_direct_dns.port = tonumber(direct_dns_port) or 53
+				_direct_dns.address = "tcp+local://" .. direct_dns_tcp_server
+				_direct_dns.port = tonumber(direct_dns_tcp_port) or 53
+				
 				other_type_dns_proto = "tcp"
+				other_type_dns_server = direct_dns_tcp_server
+				other_type_dns_port = _direct_dns.port
 			end
 	
 			if direct_dns_doh_url and direct_dns_doh_host then
-				if direct_dns_server and direct_dns_doh_host ~= direct_dns_server and not api.is_ip(direct_dns_doh_host) then
-					dns.hosts[direct_dns_doh_host] = direct_dns_server
+				if direct_dns_doh_ip and direct_dns_doh_host ~= direct_dns_doh_ip and not api.is_ip(direct_dns_doh_host) then
+					dns.hosts[direct_dns_doh_host] = direct_dns_doh_ip
 				end
 				_direct_dns.address = direct_dns_doh_url:gsub("https://", "https+local://")
-				_direct_dns.port = tonumber(direct_dns_port) or 443
-				other_type_dns_proto = "tcp"
-				other_type_dns_port = 53
+				_direct_dns.port = tonumber(direct_dns_doh_port) or 443
 			end
 	
 			table.insert(dns.servers, _direct_dns)
@@ -1597,6 +1573,7 @@ function gen_dns_config(var)
 				address = other_type_dns_server or "1.1.1.1",
 				port = other_type_dns_port or 53,
 				network = other_type_dns_proto or "tcp",
+				nonIPQuery = "skip"
 			}
 		})
 	
@@ -1625,7 +1602,6 @@ function gen_dns_config(var)
 			},
 			-- DNS
 			dns = dns,
-			fakedns = fakedns,
 			-- 传入连接
 			inbounds = inbounds,
 			-- 传出连接
diff --git a/luci-app-passwall2/luasrc/view/passwall2/global/faq.htm b/luci-app-passwall2/luasrc/view/passwall2/global/faq.htm
index da3e0290d..1c96859cd 100644
--- a/luci-app-passwall2/luasrc/view/passwall2/global/faq.htm
+++ b/luci-app-passwall2/luasrc/view/passwall2/global/faq.htm
@@ -1,15 +1,48 @@
 <%
 local api = require "luci.passwall2.api"
 -%>
-<div class="cbi-section cbi-tblsection">
-	<div id="dns_div">
-		<ul><b style="color:red"><%:About DNS issues:%></b>
-			<li style="color:red">1. <span><%:Some browsers may have built-in DNS, be sure to close. Example: Chrome. Settings - Security and Privacy - Security - Use secure DNS disabled.%></span></li>
-			<li style="color:red">2. <span><%:Sometimes after restart, you can not internet. At this time, close all browsers (important), Windows Client, please `ipconfig /flushdns`. Please close the WiFi on the phone, cut the flight mode and then cut back.%></span></li>
-			<li style="color:red">3. <span><%:The client DNS and the default gateway must point to this router.%></span></li>
+<style>
+    .dns-con {
+      padding: 1rem;
+    }
+    .faq-title {
+      color: var(--primary);
+      font-weight: bolder;
+      margin-bottom: 0.5rem;
+      display: inline-block;
+    }
+    .reset-title {
+     color: var(--primary)；
+     font-weight: bolder;
+     margin-bottom: 0.3rem;
+     display: inline-block;
+     margin-top: 1.2rem;
+     text-decoration: underline;
+    }
+    .dns-item {
+     margin-bottom: 0.8rem;
+     line-height:1.2rem;
+    }
+    .dns-list {
+		text-indent:1rem;
+		line-height: 1.2rem;
+}
+</style>
+<div class="cbi-section cbi-tblsection dns-con">
+	<div id="faq_dns">
+		<ul>
+            <b class="faq-title"><%:DNS related issues:%></b>
+			<li class="dns-item">1. <span><%:Certain browsers such as Chrome have built-in DNS service, which may affect DNS resolution settings. You can go to "Settings -> Privacy and security -> Use secure DNS" menu to turn it off.%></span></li>
+			<li class="dns-item">2. <span><%:If you are unable to access the internet after reboot, please try clearing the cache of your terminal devices (make sure to close all open browser application windows first, this step is especially important):%></span>
+			    <ul><li class="dns-list"> ◦ <span><%:For Windows systems, open Command Prompt and run the command "ipconfig /flushdns".%></span></li>
+			        <li class="dns-list"> ◦ <span><%:For Mac systems, open Terminal and run the command "sudo killall -HUP mDNSResponder".%></span></li>
+			        <li class="dns-list"> ◦ <span><%:For mobile devices, you can clear it by reconnecting to the network, such as toggling Airplane Mode and reconnecting to WiFi.%></span></li>
+			    </ul>
+			</li>
+			<li class="dns-item">3. <span><%:Please make sure your device's network settings point both the DNS server and default gateway to this router, to ensure DNS queries are properly routed.%></span></li>
 		</ul>
 	</div>
-	<div id="div2"></div>
+	<div id="faq_reset"></div>
 </div>
 
 <script>
@@ -30,12 +63,12 @@ local api = require "luci.passwall2.api"
 		}
 	}
 	
-	var dom = document.getElementById("div2");
-	if (dom) {
+	var dom = document.getElementById("faq_reset");
+    if (dom) {
 		var li = "";
-		li += "<%:Restore the default configuration method. Input example in the address bar:%>" + "<a href='#' onclick='reset()'>" + reset_url + "</a>" + "<br />";
-		li += "<%:Hide menu method, input example in the address bar:%>" + "<a href='#' onclick='hide()'>" + hide_url + "</a>" + "<br />";
-		li += "<%:After the hidden to the display, input example in the address bar:%>" + "<a href='#'>" + show_url + "</a>" + "<br />";
+		li += "<a href='#' class='reset-title' onclick='reset()'>" + "<%: Restore to default configuration:%>"+ "</a>" + "<br />" + " <%: Browser access: %>" + "<a href='#' onclick='reset()'>" + reset_url + "</a>" + "<br />";
+		li += "<a href='#' class='reset-title' onclick='hide()'>" + "<%: Hide in main menu:%>"+ "</a>" + "<br />" + "<%: Browser access: %>" + "<a href='#' onclick='hide()'>" + hide_url + "</a>" + "<br />";
+		li += "<a href='#' class='reset-title'>" + "<%: Show in main menu:%>"+ "</a>" + "<br />" +"<%: Browser access: %>" + "<a href='#'>" + show_url + "</a>" + "<br />";
 		dom.innerHTML = li;
 	}
-</script>
\ No newline at end of file
+</script>
diff --git a/luci-app-passwall2/luasrc/view/passwall2/node_list/link_share_man.htm b/luci-app-passwall2/luasrc/view/passwall2/node_list/link_share_man.htm
index a6224ddc8..2ca0dbf13 100644
--- a/luci-app-passwall2/luasrc/view/passwall2/node_list/link_share_man.htm
+++ b/luci-app-passwall2/luasrc/view/passwall2/node_list/link_share_man.htm
@@ -139,9 +139,9 @@ local api = require "luci.passwall2.api"
 		} else if (v_type === "Brook") {
 			dom_prefix = "brook_"
 			protocol = "brook"
-		} else if (v_type === "Hysteria") {
-			dom_prefix = "hysteria_"
-			protocol = "hysteria"
+		} else if (v_type === "Hysteria2") {
+			dom_prefix = "hysteria2_"
+			protocol = "hysteria2"
 		} else if (v_type === "Xray") {
 			dom_prefix = "xray_"
 		} else if (v_type === "sing-box") {
@@ -390,17 +390,14 @@ local api = require "luci.passwall2.api"
 			}
 			url += url_protocol;
 			url += params;
-		} else if (v_type === "Hysteria") {
+		} else if (v_type === "Hysteria2") {
 			var v_port = opt.get(dom_prefix + "port");
 			var params = "";
-			params += opt.query("protocol", dom_prefix + "protocol");
 			params += opt.query("auth", dom_prefix + "auth_password");
-			params += opt.query("peer", dom_prefix + "tls_serverName");
+			params += opt.query("sni", dom_prefix + "tls_serverName");
 			params += opt.query("insecure", dom_prefix + "tls_allowInsecure");
-			params += opt.query("upmbps", dom_prefix + "up_mbps", 1000);
-			params += opt.query("downmbps", dom_prefix + "down_mbps", 1000);
-			params += opt.query("alpn", dom_prefix + "alpn");
-			params += opt.query("obfsParam", dom_prefix + "obfs");
+			params += opt.query("obfs", "salamander");
+			params += opt.query("obfs-password", dom_prefix + "obfs");
 			var url =
 				_address + ":" +
 				v_port.value + "?" +
@@ -875,9 +872,9 @@ local api = require "luci.passwall2.api"
 				opt.set('remarks', decodeURI(m.hash.substr(1)));
 			}
 		}
-		if (ssu[0] === "hysteria") {
-			dom_prefix = "hysteria_"
-			var stype = "Hysteria";
+		if (ssu[0] === "hysteria2") {
+			dom_prefix = "hysteria2_"
+			var stype = "Hysteria2";
 			var m = parseNodeUrl(ssrurl);
 			var queryParam = {};
 			if (m.search.length > 1) {
@@ -893,17 +890,12 @@ local api = require "luci.passwall2.api"
 			opt.set('type', stype);
 			opt.set(dom_prefix + 'address', m.hostname);
 			opt.set(dom_prefix + 'port', m.port || "443");
-			opt.set(dom_prefix + 'protocol', queryParam.protocol);
-			opt.set(dom_prefix + 'obfs', queryParam.obfsParam);
-			opt.set(dom_prefix + 'auth_type', "string");
-			opt.set(dom_prefix + 'auth_password', queryParam.auth);
-			opt.set(dom_prefix + 'tls_serverName', queryParam.peer);
+			opt.set(dom_prefix + 'obfs', queryParam["obfs-password"]);
+			opt.set(dom_prefix + 'auth', queryParam.auth);
+			opt.set(dom_prefix + 'tls_serverName', queryParam.sni);
 			if (queryParam.insecure && queryParam.insecure == "1") {
 				opt.set(dom_prefix + 'tls_allowInsecure', true);
 			}
-			opt.set(dom_prefix + 'alpn', queryParam.alpn);
-			opt.set(dom_prefix + 'up_mbps', queryParam.upmbps);
-			opt.set(dom_prefix + 'down_mbps', queryParam.downmbps);
 			if (m.hash) {
 				opt.set('remarks', decodeURI(m.hash.substr(1)));
 			}
diff --git a/luci-app-passwall2/po/zh-cn/passwall2.po b/luci-app-passwall2/po/zh-cn/passwall2.po
index 4c21e2000..eb6713cf4 100644
--- a/luci-app-passwall2/po/zh-cn/passwall2.po
+++ b/luci-app-passwall2/po/zh-cn/passwall2.po
@@ -187,6 +187,39 @@ msgstr "你确定要恢复吗？"
 msgid "Are you sure to hide?"
 msgstr "你确定要隐藏吗？"
 
+msgid "DNS related issues:"
+msgstr "DNS相关问题："
+
+msgid "Certain browsers such as Chrome have built-in DNS service, which may affect DNS resolution settings. You can go to "Settings -> Privacy and security -> Use secure DNS" menu to turn it off."
+msgstr "某些浏览器如Chrome等内置此功能,这会影响设置的DNS解析。您可以进入"设置->私隐和安全->使用安全DNS"菜单,将其关闭。"
+
+msgid "If you are unable to access the internet after reboot, please try clearing the cache of your terminal devices (make sure to close all open browser application windows first, this step is especially important):"
+msgstr "如果在重启后无法上网,请尝试清除终端设备的缓存（先关闭所有正在使用的浏览器应用程序，这一步尤其重要）："
+
+msgid "For Windows systems, open Command Prompt and run the command "ipconfig /flushdns"."
+msgstr "对于Windows系统,请在命令提示符中运行命令"ipconfig /flushdns"."
+
+msgid "For Mac systems, open Terminal and run the command "sudo killall -HUP mDNSResponder"."
+msgstr "对于Mac系统，在终端中运行命令"sudo killall -HUP mDNSResponder"."
+
+msgid "For mobile devices, you can clear it by reconnecting to the network, such as toggling Airplane Mode and reconnecting to WiFi."
+msgstr "对于移动设备,可通过重新接入网络的方式清除。比如开关一次飞行模式,重新连接WiFi。"
+
+msgid "Please make sure your device's network settings point both the DNS server and default gateway to this router, to ensure DNS queries are properly routed."
+msgstr "请确认您设备的网络设置,客户端DNS服务器和默认网关应均指向本路由器,以确保DNS查询正确路由。"
+
+msgid "Restore to default configuration:"
+msgstr "恢复默认配置："
+
+msgid "Browser access:"
+msgstr "浏览器访问："
+
+msgid "Hide in main menu:"
+msgstr "在主菜单中隐藏："
+
+msgid "Show in main menu:"
+msgstr "在主菜单中显示："
+
 msgid "DNS Export Of Multi WAN"
 msgstr "国内DNS指定解析出口"
 
@@ -445,6 +478,9 @@ msgstr "QUIC 并发双向流的最大数量"
 msgid "Disable MTU detection"
 msgstr "禁用 MTU 检测"
 
+msgid "ignoreClientBandwidth"
+msgstr "忽略客户端带宽设置"
+
 msgid "Lazy Start"
 msgstr "延迟启动"
 
diff --git a/luci-app-passwall2/root/usr/share/passwall2/app.sh b/luci-app-passwall2/root/usr/share/passwall2/app.sh
index 4a86eb4b8..3ecf40beb 100755
--- a/luci-app-passwall2/root/usr/share/passwall2/app.sh
+++ b/luci-app-passwall2/root/usr/share/passwall2/app.sh
@@ -31,7 +31,7 @@ UTIL_SINGBOX=$LUA_UTIL_PATH/util_sing-box.lua
 UTIL_SS=$LUA_UTIL_PATH/util_shadowsocks.lua
 UTIL_XRAY=$LUA_UTIL_PATH/util_xray.lua
 UTIL_NAIVE=$LUA_UTIL_PATH/util_naiveproxy.lua
-UTIL_HYSTERIA=$LUA_UTIL_PATH/util_hysteria.lua
+UTIL_HYSTERIA2=$LUA_UTIL_PATH/util_hysteria2.lua
 UTIL_TUIC=$LUA_UTIL_PATH/util_tuic.lua
 V2RAY_ARGS=""
 V2RAY_CONFIG=""
@@ -332,7 +332,7 @@ run_xray() {
 				local _dns=$(get_first_dns direct_dns_udp_server 53 | sed 's/#/:/g')
 				local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
 				local _dns_port=$(echo ${_dns} | awk -F ':' '{print $2}')
-				V2RAY_DNS_DIRECT_ARGS="${V2RAY_DNS_DIRECT_ARGS} -direct_dns_server ${_dns_address} -direct_dns_port ${_dns_port} -direct_dns_udp_server ${_dns_address}"
+				V2RAY_DNS_DIRECT_ARGS="${V2RAY_DNS_DIRECT_ARGS} -direct_dns_udp_port ${_dns_port} -direct_dns_udp_server ${_dns_address}"
 			;;
 		esac
 		[ -n "$direct_dns_query_strategy" ] && V2RAY_DNS_DIRECT_ARGS="${V2RAY_DNS_DIRECT_ARGS} -dns_query_strategy ${direct_dns_query_strategy}"
@@ -366,13 +366,13 @@ run_xray() {
 				local _dns=$(get_first_dns remote_dns_udp_server 53 | sed 's/#/:/g')
 				local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
 				local _dns_port=$(echo ${_dns} | awk -F ':' '{print $2}')
-				V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_server ${_dns_address} -remote_dns_port ${_dns_port} -remote_dns_udp_server ${_dns_address}"
+				V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_udp_port ${_dns_port} -remote_dns_udp_server ${_dns_address}"
 			;;
 			tcp)
 				local _dns=$(get_first_dns remote_dns_tcp_server 53 | sed 's/#/:/g')
 				local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
 				local _dns_port=$(echo ${_dns} | awk -F ':' '{print $2}')
-				V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_server ${_dns_address} -remote_dns_port ${_dns_port} -remote_dns_tcp_server tcp://${_dns}"
+				V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_tcp_port ${_dns_port} -remote_dns_tcp_server ${_dns_address}"
 			;;
 			doh)
 				local _doh_url=$(echo $remote_dns_doh | awk -F ',' '{print $1}')
@@ -384,8 +384,8 @@ run_xray() {
 				[ -z "${_doh_port}" ] && _doh_port=443
 				local _doh_bootstrap=$(echo $remote_dns_doh | cut -d ',' -sf 2-)
 				[ "${is_ip}" = "true" ] && _doh_bootstrap=${_doh_host}
-				[ -n "$_doh_bootstrap" ] && V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_server ${_doh_bootstrap}"
-				V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
+				[ -n "$_doh_bootstrap" ] && V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_doh_ip ${_doh_bootstrap}"
+				V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_doh_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
 			;;
 		esac
 
@@ -399,8 +399,8 @@ run_xray() {
 		[ -n "$dns_listen_port" ] && _extra_param="${_extra_param} -dns_listen_port ${dns_listen_port}"
 		[ -n "$dns_cache" ] && _extra_param="${_extra_param} -dns_cache ${dns_cache}"
 		_extra_param="${_extra_param} -dns_query_strategy UseIP"
-		_extra_param="${_extra_param} -direct_dns_port ${direct_dnsmasq_listen_port} -direct_dns_udp_server 127.0.0.1"
-		_extra_param="${_extra_param} -remote_dns_port ${dns_remote_listen_port} -remote_dns_udp_server 127.0.0.1"
+		_extra_param="${_extra_param} -direct_dns_udp_port ${direct_dnsmasq_listen_port} -direct_dns_udp_server 127.0.0.1"
+		_extra_param="${_extra_param} -remote_dns_udp_port ${dns_remote_listen_port} -remote_dns_udp_server 127.0.0.1"
 		[ "$remote_fakedns" = "1" ] && _extra_param="${_extra_param} -remote_dns_fake 1 -remote_dns_fake_strategy ${remote_dns_query_strategy}"
 	}
 
@@ -455,7 +455,7 @@ run_singbox() {
 				local _dns=$(get_first_dns direct_dns_udp_server 53 | sed 's/#/:/g')
 				local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
 				local _dns_port=$(echo ${_dns} | awk -F ':' '{print $2}')
-				V2RAY_DNS_DIRECT_ARGS="${V2RAY_DNS_DIRECT_ARGS} -direct_dns_server ${_dns_address} -direct_dns_port ${_dns_port} -direct_dns_udp_server ${_dns_address}"
+				V2RAY_DNS_DIRECT_ARGS="${V2RAY_DNS_DIRECT_ARGS} -direct_dns_udp_port ${_dns_port} -direct_dns_udp_server ${_dns_address}"
 			;;
 		esac
 		[ -n "$direct_dns_query_strategy" ] && V2RAY_DNS_DIRECT_ARGS="${V2RAY_DNS_DIRECT_ARGS} -dns_query_strategy ${direct_dns_query_strategy}"
@@ -478,7 +478,7 @@ run_singbox() {
 		fi
 		run_ipset_dnsmasq listen_port=${direct_dnsmasq_listen_port} server_dns=127.0.0.1#${dns_direct_listen_port} ipset="${direct_ipset}" nftset="${direct_nftset}" config_file=${direct_ipset_conf}
 		
-		_extra_param="${_extra_param} -direct_dns_port ${direct_dnsmasq_listen_port} -direct_dns_udp_server 127.0.0.1 -direct_dns_query_strategy ${direct_dns_query_strategy}"
+		_extra_param="${_extra_param} -direct_dns_udp_port ${direct_dnsmasq_listen_port} -direct_dns_udp_server 127.0.0.1 -direct_dns_query_strategy ${direct_dns_query_strategy}"
 
 :<<eof 
 		V2RAY_DNS_REMOTE_ARGS="-dns_out_tag remote"
@@ -492,13 +492,13 @@ run_singbox() {
 				local _dns=$(get_first_dns remote_dns_udp_server 53 | sed 's/#/:/g')
 				local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
 				local _dns_port=$(echo ${_dns} | awk -F ':' '{print $2}')
-				V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_server ${_dns_address} -remote_dns_port ${_dns_port} -remote_dns_udp_server ${_dns_address}"
+				V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_udp_port ${_dns_port} -remote_dns_udp_server ${_dns_address}"
 			;;
 			tcp)
 				local _dns=$(get_first_dns remote_dns_tcp_server 53 | sed 's/#/:/g')
 				local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
 				local _dns_port=$(echo ${_dns} | awk -F ':' '{print $2}')
-				V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_server ${_dns_address} -remote_dns_port ${_dns_port} -remote_dns_tcp_server tcp://${_dns}"
+				V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_tcp_port ${_dns_port} -remote_dns_tcp_server ${_dns_address}"
 			;;
 			doh)
 				local _doh_url=$(echo $remote_dns_doh | awk -F ',' '{print $1}')
@@ -510,8 +510,8 @@ run_singbox() {
 				[ -z "${_doh_port}" ] && _doh_port=443
 				local _doh_bootstrap=$(echo $remote_dns_doh | cut -d ',' -sf 2-)
 				[ "${is_ip}" = "true" ] && _doh_bootstrap=${_doh_host}
-				[ -n "$_doh_bootstrap" ] && V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_server ${_doh_bootstrap}"
-				V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
+				[ -n "$_doh_bootstrap" ] && V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_doh_ip ${_doh_bootstrap}"
+				V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_doh_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
 			;;
 		esac
 
@@ -522,7 +522,7 @@ run_singbox() {
 		lua $UTIL_SINGBOX gen_dns_config ${V2RAY_DNS_REMOTE_ARGS} > $V2RAY_DNS_REMOTE_CONFIG
 		ln_run "$(first_type $(config_t_get global_app singbox_file) sing-box)" "sing-box" "/dev/null" run -c "$V2RAY_DNS_REMOTE_CONFIG"
 		
-		_extra_param="${_extra_param} -remote_dns_port ${dns_remote_listen_port} -remote_dns_udp_server 127.0.0.1"
+		_extra_param="${_extra_param} -remote_dns_udp_port ${dns_remote_listen_port} -remote_dns_udp_server 127.0.0.1"
 eof
 
 		case "$remote_dns_protocol" in
@@ -530,13 +530,13 @@ eof
 				local _dns=$(get_first_dns remote_dns_udp_server 53 | sed 's/#/:/g')
 				local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
 				local _dns_port=$(echo ${_dns} | awk -F ':' '{print $2}')
-				_extra_param="${_extra_param} -remote_dns_port ${_dns_port} -remote_dns_udp_server ${_dns_address}"
+				_extra_param="${_extra_param} -remote_dns_udp_port ${_dns_port} -remote_dns_udp_server ${_dns_address}"
 			;;
 			tcp)
 				local _dns=$(get_first_dns remote_dns_tcp_server 53 | sed 's/#/:/g')
 				local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
 				local _dns_port=$(echo ${_dns} | awk -F ':' '{print $2}')
-				_extra_param="${_extra_param} -remote_dns_server ${_dns_address} -remote_dns_port ${_dns_port} -remote_dns_tcp_server tcp://${_dns}"
+				_extra_param="${_extra_param} -remote_dns_tcp_port ${_dns_port} -remote_dns_tcp_server ${_dns_address}"
 			;;
 			doh)
 				local _doh_url=$(echo $remote_dns_doh | awk -F ',' '{print $1}')
@@ -548,8 +548,8 @@ eof
 				[ -z "${_doh_port}" ] && _doh_port=443
 				local _doh_bootstrap=$(echo $remote_dns_doh | cut -d ',' -sf 2-)
 				[ "${is_ip}" = "true" ] && _doh_bootstrap=${_doh_host}
-				[ -n "$_doh_bootstrap" ] && _extra_param="${_extra_param} -remote_dns_server ${_doh_bootstrap}"
-				_extra_param="${_extra_param} -remote_dns_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
+				[ -n "$_doh_bootstrap" ] && _extra_param="${_extra_param} -remote_dns_doh_ip ${_doh_bootstrap}"
+				_extra_param="${_extra_param} -remote_dns_doh_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
 			;;
 		esac
 
@@ -664,13 +664,13 @@ run_socks() {
 		lua $UTIL_SS gen_config -node $node -local_socks_port $socks_port -server_host $server_host -server_port $port ${_extra_param} > $config_file
 		ln_run "$(first_type sslocal)" "sslocal" $log_file -c "$config_file" -v
 	;;
-	hysteria)
+	hysteria2)
 		[ "$http_port" != "0" ] && {
 			http_flag=1
 			config_file=$(echo $config_file | sed "s/SOCKS/HTTP_SOCKS/g")
 			local _extra_param="-local_http_port $http_port"
 		}
-		lua $UTIL_HYSTERIA gen_config -node $node -local_socks_port $socks_port -server_host $server_host -server_port $port ${_extra_param} > $config_file
+		lua $UTIL_HYSTERIA2 gen_config -node $node -local_socks_port $socks_port -server_host $server_host -server_port $port ${_extra_param} > $config_file
 		ln_run "$(first_type $(config_t_get global_app hysteria_file))" "hysteria" $log_file -c "$config_file" client
 	;;
 	tuic)
diff --git a/luci-app-passwall2/root/usr/share/passwall2/iptables.sh b/luci-app-passwall2/root/usr/share/passwall2/iptables.sh
index d3bb5770b..855d073e2 100755
--- a/luci-app-passwall2/root/usr/share/passwall2/iptables.sh
+++ b/luci-app-passwall2/root/usr/share/passwall2/iptables.sh
@@ -249,8 +249,7 @@ load_acl() {
 							msg2="${msg2}(REDIRECT:${redir_port})代理"
 						fi
 
-						$ipt_n -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(dst $ipset_whitelist) ! -d $FAKE_IP -j RETURN
-						$ipt_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(dst $ipset_whitelist) ! -d $FAKE_IP -j RETURN
+						$ipt_tmp -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(dst $ipset_whitelist) ! -d $FAKE_IP -j RETURN
 
 						[ "$accept_icmp" = "1" ] && {
 							$ipt_n -A PSW2 $(comment "$remarks") -p icmp ${_ipt_source} -d $FAKE_IP $(REDIRECT)
@@ -278,7 +277,6 @@ load_acl() {
 							$ipt_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(REDIRECT $redir_port TPROXY)
 						fi
 						[ "$PROXY_IPV6" == "1" ] && {
-							$ip6t_n -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(dst $ipset_whitelist6) ! -d $FAKE_IP_6 -j RETURN
 							$ip6t_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(dst $ipset_whitelist6) ! -d $FAKE_IP_6 -j RETURN
 							$ip6t_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} -d $FAKE_IP_6 -j PSW2_RULE 2>/dev/null
 							$ip6t_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") -j PSW2_RULE 2>/dev/null
@@ -350,8 +348,7 @@ load_acl() {
 				[ "$TCP_NO_REDIR_PORTS" != "disable" ] && msg="${msg}除${TCP_NO_REDIR_PORTS}外的"
 				msg="${msg}所有端口"
 
-				$ipt_n -A PSW2 $(comment "默认") -p tcp $(dst $ipset_global_whitelist) ! -d $FAKE_IP -j RETURN
-				$ipt_m -A PSW2 $(comment "默认") -p tcp $(dst $ipset_global_whitelist) ! -d $FAKE_IP -j RETURN
+				$ipt_tmp -A PSW2 $(comment "默认") -p tcp $(dst $ipset_global_whitelist) ! -d $FAKE_IP -j RETURN
 
 				[ "$accept_icmp" = "1" ] && {
 					$ipt_n -A PSW2 $(comment "默认") -p icmp -d $FAKE_IP $(REDIRECT)
@@ -373,7 +370,6 @@ load_acl() {
 				fi
 
 				[ "$PROXY_IPV6" == "1" ] && {
-					$ip6t_n -A PSW2 $(comment "默认") -p tcp $(dst $ipset_global_whitelist6) ! -d $FAKE_IP_6 -j RETURN
 					$ip6t_m -A PSW2 $(comment "默认") -p tcp $(dst $ipset_global_whitelist6) ! -d $FAKE_IP_6 -j RETURN
 					$ip6t_m -A PSW2 $(comment "默认") -p tcp -d $FAKE_IP_6 -j PSW2_RULE
 					$ip6t_m -A PSW2 $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
diff --git a/luci-app-passwall2/root/usr/share/passwall2/nftables.sh b/luci-app-passwall2/root/usr/share/passwall2/nftables.sh
index c33091a2b..5e90951a5 100755
--- a/luci-app-passwall2/root/usr/share/passwall2/nftables.sh
+++ b/luci-app-passwall2/root/usr/share/passwall2/nftables.sh
@@ -271,8 +271,8 @@ load_acl() {
 							msg2="${msg2}(REDIRECT:${redir_port})代理"
 						fi
 
-						nft "add rule inet fw4 PSW2_NAT ip protocol tcp ${_ipt_source} ip daddr @$nftset_whitelist counter return comment \"$remarks\""
-						nft "add rule inet fw4 PSW2_MANGLE ip protocol tcp ${_ipt_source} ip daddr @$nftset_whitelist counter return comment \"$remarks\""
+						[ -z "${is_tproxy}" ] && nft "add rule inet fw4 PSW2_NAT ip protocol tcp ${_ipt_source} ip daddr @$nftset_whitelist counter return comment \"$remarks\""
+						[ -n "${is_tproxy}" ] && nft "add rule inet fw4 PSW2_MANGLE ip protocol tcp ${_ipt_source} ip daddr @$nftset_whitelist counter return comment \"$remarks\""
 
 						[ "$accept_icmp" = "1" ] && {
 							nft "add rule inet fw4 PSW2_ICMP_REDIRECT ip protocol icmp ${_ipt_source} ip daddr $FAKE_IP $(REDIRECT) comment \"$remarks\""
@@ -371,8 +371,8 @@ load_acl() {
 				[ "$TCP_NO_REDIR_PORTS" != "disable" ] && msg="${msg}除${TCP_NO_REDIR_PORTS}外的"
 				msg="${msg}所有端口"
 
-				nft "add rule inet fw4 PSW2_NAT ip protocol tcp ip daddr @$nftset_global_whitelist counter return comment \"$remarks\""
-				nft "add rule inet fw4 PSW2_MANGLE ip protocol tcp ip daddr @$nftset_global_whitelist counter return comment \"$remarks\""
+				[ -z "${is_tproxy}" ] && nft "add rule inet fw4 PSW2_NAT ip protocol tcp ip daddr @$nftset_global_whitelist counter return comment \"$remarks\""
+				[ -n "${is_tproxy}" ] && nft "add rule inet fw4 PSW2_MANGLE ip protocol tcp ip daddr @$nftset_global_whitelist counter return comment \"$remarks\""
 
 				[ "$accept_icmp" = "1" ] && {
 					nft "add rule inet fw4 PSW2_ICMP_REDIRECT ip protocol icmp ip daddr $FAKE_IP $(REDIRECT) comment \"默认\""