Routing Switch
Documentation Navigation
This page is scenario-first (operational workflows, real run order, and troubleshooting). For the full autogenerated command/flag catalog, use the CLI Reference.
File Information
| Property | Value |
|---|---|
| Binary Name | routing-switch |
| Version | 9.0.1 |
| Build Date | 2026-03-23T08:25:56.094935497Z |
| Rust Version | 1.70.0 |
| File Size | 7.9MB |
| Author | Warith Al Maawali |
| License | Proprietary |
| Category | Network & Routing |
| Description | System-wide traffic routing through various proxy protocols |
| JSON Data | View Raw JSON |
SHA256 Checksum
Key Features
Multi-Protocol Support
| Protocol Type | Description |
|---|---|
| Traditional VPNs | OpenVPN and WireGuard with native kernel routing |
| Tor Integration | Routes through Tor using redsocks transparent proxy |
| SOCKS5 Proxies | Dante for generic SOCKS5 proxy support |
| Shadowsocks | High-performance encrypted proxy |
| V2Ray | Advanced proxy with multiple transport protocols |
| Xray Variants | VLESS, VLESS-Reality, Trojan, VMess protocols |
| Mieru/Mita | Censorship-resistant proxy protocol |
| Hysteria2 | QUIC-based proxy for unreliable networks |
| Auto-Selection | Intelligently chooses best protocol based on availability |
Why Routing Switch is Essential
| Feature | Description |
|---|---|
| System-Wide Protection | Routes ALL traffic, not just browser |
| Protocol Flexibility | Switch between protocols based on needs |
| Authentication Required | Works with online-auth for secure access |
| Zero Configuration | Protocols are pre-configured from authentication cards |
TL;DR - Essential Commands
Important: Requires authentication via online-auth before use. Use sudo for connection commands.
# Auto-select and connect to best protocol (requires auth)
sudo routing-switch auto-select
# Connect to specific protocol examples
sudo routing-switch connect openvpn
sudo routing-switch connect wireguard
sudo routing-switch connect tor
sudo routing-switch connect dante
sudo routing-switch connect shadowsocks
sudo routing-switch connect v2ray
sudo routing-switch connect xray-vless
sudo routing-switch connect xray-vless-reality
sudo routing-switch connect xray-trojan
sudo routing-switch connect xray-vmess
sudo routing-switch connect mita
sudo routing-switch connect hysteria2
# Check connection status
routing-switch status
# Disconnect current connection
sudo routing-switch disconnect
# List available protocols
routing-switch list-protocols
Understanding Protocol Support
How Routing Works
Routing Switch requires authentication through online-auth to access server configurations. The routing-switch automatically fetches your "card" containing all server details:
# Step 1: Authenticate first (required)
sudo online-auth authenticate
# Step 2: Connect using routing-switch (automatically fetches card)
sudo routing-switch auto-select
Available Protocols
# List all available protocols with scores
routing-switch list-protocols
# List protocols sorted by speed (fastest first)
routing-switch list-protocols --sort-by-speed
# List protocols sorted by reliability
routing-switch list-protocols --sort-by-security
# Test specific protocol connectivity
routing-switch test-protocol openvpn
routing-switch test-protocol wireguard
# Benchmark all protocols
routing-switch benchmark
Protocol Categories:
| Category | Protocols | Description |
|---|---|---|
| Native Routing | OpenVPN, WireGuard | Direct kernel-level routing |
| Redsocks Proxy | Tor | Transparent SOCKS proxy redirection |
| SOCKS5 Proxies | Dante | Generic SOCKS5 proxy support |
| Tun2socks | Shadowsocks, V2Ray, Xray-VLESS, Xray-VLESS-Reality, Xray-Trojan, Xray-VMess, Mieru/Mita, Hysteria2 | TUN interface proxy routing |
Connection Management
# Connect to best available protocol
sudo routing-switch auto-select
# Connect to specific protocol
sudo routing-switch connect openvpn
sudo routing-switch connect wireguard
sudo routing-switch connect shadowsocks
sudo routing-switch connect v2ray
sudo routing-switch connect xray-vmess
# Check current status
routing-switch status
# Check DNS and resolver endpoints used by active route
routing-switch dns-info
routing-switch dns-info --json
# Optional: verify no DNS leaks with the dedicated tester
dns-leak test --json
# Disconnect current connection
sudo routing-switch disconnect
# Reset all routing to defaults
sudo routing-switch reset
DNS Information:
The dns-info command shows DNS and resolver endpoint details for the active routing profile. Use it to verify where DNS traffic is being sent after protocol switches.
Microsocks SOCKS5 Server
Turn your Kodachi machine into a SOCKS5 proxy server so other devices on your network can route their traffic through your active routing-switch connection:
# Step 1: Connect routing-switch to any service first
sudo routing-switch connect wireguard
# or any other protocol: v2ray, shadowsocks, hysteria2, etc.
# Step 2: Enable microsocks server (auto port detection)
sudo routing-switch microsocks-enable -u USERNAME -p PASSWORD
# Enable with specific port (30050-30054 range)
sudo routing-switch microsocks-enable -u USERNAME -p PASSWORD --port 30051
# Check server status
routing-switch microsocks-status
routing-switch microsocks-status --json
# Disable microsocks server
sudo routing-switch microsocks-disable
Microsocks Features:
| Feature | Description |
|---|---|
| Port Range | Auto-selects from 30050-30054 or specify manually |
| Authentication | Username and password required |
| Process Management | PID tracking and graceful shutdown |
| Status Monitoring | Real-time status with uptime tracking |
| Network Interfaces | Listens on all interfaces (0.0.0.0) |
Workflow Example:
| Step | Action | Description |
|---|---|---|
| 1 | sudo routing-switch connect wireguard |
Connect to your VPN/proxy service |
| 2 | sudo routing-switch microsocks-enable -u microkodachi -p 'SecurePass123' |
Start SOCKS5 server |
| 3 | Connect other devices | Use socks5://microkodachi:SecurePass123@YOUR_IP:30050 |
Security Notes:
| Practice | Description |
|---|---|
| Strong Credentials | Use complex username and password |
| Network Security | Only enable on trusted networks |
| Connection First | Always connect routing-switch before enabling microsocks |
| Port Management | Microsocks uses dedicated 30050-30054 range |
Configuration Export
# Export all protocol configurations
routing-switch export-config
# Export specific protocol configuration
sudo routing-switch export-config wireguard
sudo routing-switch export-config shadowsocks
sudo routing-switch export-config v2ray
# Show configuration for current protocol
routing-switch showconfig
# Show configuration as URL
routing-switch showconfigurl
# Show configuration as QR code
routing-switch showconfigqr
# Generate QR code files for mobile import
routing-switch showconfigqr shadowsocks
routing-switch showconfigqr v2ray
routing-switch showconfigqr xray-vmess
QR Code Export:
The showconfigqr command exports protocol configurations as QR codes that mobile clients can scan directly:
- Generates protocol-specific QR payloads
- Works with WireGuard, Shadowsocks, V2Ray, and Xray variants
Mobile Device Integration
Connect your mobile devices using QR codes generated by routing-switch. Different protocols work with different mobile apps:
WireGuard (Official App)
Scan with: WireGuard official app (iOS/Android)Shadowsocks, V2Ray, and Xray Protocols
# Generate QR codes for various protocols
routing-switch showconfigqr shadowsocks
routing-switch showconfigqr v2ray
routing-switch showconfigqr xray-vmess
routing-switch showconfigqr xray-trojan
routing-switch showconfigqr xray-vless
Recommended Mobile Apps:
| Platform | App Name | Supported Protocols |
|---|---|---|
| Android | V2RayNG | V2Ray, Xray (all variants), Shadowsocks |
| Android | Matsuri | V2Ray, Xray, Shadowsocks, Trojan |
| Android | Clash for Android | Multi-protocol support with rule-based routing |
| Android | Surfboard | Shadowsocks, V2Ray, Trojan |
| iOS | Shadowrocket | Shadowsocks, V2Ray, Trojan, VMess, VLESS |
| iOS | Quantumult X | Advanced proxy client with multiple protocol support |
| iOS | Surge | Professional networking tool supporting various protocols |
| iOS | Stash | Clash-compatible client for iOS |
How to Connect:
| Step | Action |
|---|---|
| 1 | Generate the QR code for your desired protocol |
| 2 | Open your chosen mobile app |
| 3 | Scan the QR code using the app's import feature |
| 4 | The app will automatically configure the connection |
| 5 | Enable the VPN/proxy in the app to connect |
Recovery and Cleanup
# Clean up orphaned processes
sudo routing-switch cleanup
# Recover from partial failure
sudo routing-switch recover
# Reset all routing tables
sudo routing-switch reset
Network Prerequisites
Check and manage network prerequisites for VPN connections:
# Recover networking state and dependencies after failures
sudo routing-switch recover
# Clean orphaned processes and stale routes
sudo routing-switch cleanup
# Verify resulting state in JSON format
routing-switch status --json
Use recover first when routing setup fails, then cleanup to remove stale resources before reconnecting.
For advanced users who need access to all available commands and options, please refer to the auto-generated command reference which includes:
| Feature | Description |
|---|---|
| Protocol Testing | Protocol testing and benchmarking |
| Configuration Management | Configuration export and import |
| Mobile Integration | QR code generation for mobile |
| Custom Config | Custom configuration files |
| Recovery Tools | Recovery and cleanup operations |
| CLI Reference | All command-line flags and parameters |
Security Notes
Important Security Practices:
| Practice | Description |
|---|---|
| Authentication | Always authenticate with online-auth first |
| Verification | Verify connection status after connecting |
| DNS Security | Test for DNS leaks after connection |
| Auto-Selection | Use auto-select for optimal security |
| Proper Disconnection | Disconnect properly to restore routing |
| Monitoring | Monitor connection status regularly |
Performance
| Metric | Value | Description |
|---|---|---|
| Connection Time | 2-10 seconds | Depending on protocol |
| Memory Usage (VPN) | ~40MB | For VPN protocols |
| Memory Usage (Proxy) | ~60MB | For proxy protocols |
| CPU Usage (VPN) | < 10% | For VPN protocols |
| CPU Usage (Proxy) | < 15% | For proxy protocols |
| WireGuard Speed | 90-95% | Of line speed |
| OpenVPN Speed | 70-80% | Of line speed |
| Tor Speed | 1-10 Mbps | Typical speeds |
Support
| Resource | Link |
|---|---|
| Website | digi77.com |
| Anonymity Verifier | kodachi.cloud |
| Discord Support | discord.gg/KEFErEx |
| GitHub | github.com/WMAL |
Scenario 1: Auto-Select Best Protocol with Authentication
Use auto-select to connect to the best available protocol after authentication.
# Step 1: Authenticate first
sudo online-auth authenticate
# Step 2: Auto-select best protocol
sudo routing-switch auto-select
# Expected: Selected WireGuard (best overall score)
# Step 3: Verify connection status
sudo routing-switch status
# Expected: Protocol: wireguard, Status: Connected
# Step 4: Check IP changed
ip-fetch
# Expected: VPN IP address displayed
# Step 5: Verify no DNS leaks
dns-leak test
Cross-binary workflow: online-auth + routing-switch + ip-fetch + dns-leak
When to run: First time setup or when you need the fastest/most secure protocol available.
Scenario 2: Double-Layer Setup (WireGuard + Tor Stacking)
Create a layered connection with WireGuard and Tor for maximum anonymity.
# Step 1: Connect to WireGuard
sudo routing-switch connect wireguard
# Step 2: Verify WireGuard connection
sudo routing-switch status
# Expected: Protocol: wireguard, Status: Connected
# Step 3: Layer Tor on top using --force
sudo routing-switch connect tor --force
# Expected: Traffic flows through BOTH protocols (double encryption)
# Step 4: Check Tor is active
ip-fetch check-tor
# Expected: Tor IP address confirmed
# Step 5: Verify routing
sudo routing-switch status
# Expected: Shows Tor routing with WireGuard still active
# Step 6: Test connectivity
sudo health-control net-check
Cross-binary workflow: routing-switch + tor-switch + ip-fetch
When to run: Maximum anonymity scenarios requiring double VPN protection. Automate this with workflow-manager.
Scenario 3: Corporate VPN with LAN Access and Failover
Connect to corporate VPN while maintaining LAN access and automatic failover.
# Step 1: Authenticate
sudo online-auth authenticate
# Step 2: Connect with metric routing + hybrid DNS + exclude private networks
sudo routing-switch connect wireguard --metric --dns-mode hybrid --exclude-private
# Expected: Using metric routing with local network access
# Step 3: Verify LAN access preserved
ping 192.168.1.1
# Expected: Local router responds
# Step 4: Check failover capability
sudo routing-switch status
# Expected: Metric routing mode active
# Step 5: Test VPN connection
sudo health-control net-check
# Step 6: Monitor connection
routing-switch status --json
Cross-binary workflow: online-auth + routing-switch + health-control
When to run: Corporate environments requiring VPN with LAN access and automatic failover if VPN drops.
Scenario 4: Censorship Resistance — Multi-Protocol Testing
Test multiple protocols to find which works in censored networks.
# Step 1: Authenticate
sudo online-auth authenticate
# Step 2: Test all available protocols
routing-switch test-protocol all
# Expected: Testing: Tor [OK], Shadowsocks [OK], V2Ray [FAIL]...
# Step 3: Benchmark working protocols
routing-switch benchmark --iterations 5
# Expected: Performance metrics for each protocol
# Step 4: List protocols sorted by reliability
routing-switch list-protocols --sort-by-security
# Step 5: Connect to most reliable censorship-resistant protocol
sudo routing-switch connect xray-vless-reality
# Expected: Successfully connected to Xray VLESS Reality server
# Step 6: Verify connection works
ip-fetch
Cross-binary workflow: online-auth + routing-switch + ip-fetch
When to run: In censored regions to find working protocols. Automate this with workflow-manager.
Scenario 5: Mobile SOCKS5 Proxy Server (Microsocks)
Turn Kodachi into a SOCKS5 proxy server for mobile devices.
# Step 1: Connect to any routing protocol
sudo routing-switch connect wireguard
# Step 2: Enable microsocks server with credentials
sudo routing-switch microsocks-enable -u microkodachi-8273 -p 'S@Cur9P@s@Wo-Ds'
# Expected: Microsocks server started on port 30050
# Step 3: Check server status
sudo routing-switch microsocks-status
# Expected: Status: Running, Port: 30050, PID: 12345
# Step 4: Get connection details
sudo routing-switch microsocks-status --json
# Expected: {"status":"running","port":30050,"pid":12345}
# Step 5: Connect mobile device using socks5://microkodachi-8273:S@Cur9P@s@Wo-Ds@YOUR_IP:30050
# Step 6: Stop server when done
sudo routing-switch microsocks-disable
Cross-binary workflow: routing-switch + health-control + logs-hook
When to run: When sharing VPN connection with mobile devices on your network.
Scenario 6: QR Code Generation for Mobile Config Import
Generate QR codes for easy mobile device configuration.
```bash
Step 1: Authenticate
sudo online-auth authenticate