diff --git a/podkop/files/usr/lib/sing_box_config_facade.sh b/podkop/files/usr/lib/sing_box_config_facade.sh
index ffbe854..71d2858 100644
--- a/podkop/files/usr/lib/sing_box_config_facade.sh
+++ b/podkop/files/usr/lib/sing_box_config_facade.sh
@@ -64,7 +64,8 @@ sing_box_cf_add_proxy_outbound() {
     url=$(url_decode "$url")
     url=$(url_strip_fragment "$url")
 
-    local scheme="${url%%://*}"
+    local scheme
+    scheme="$(url_get_scheme "$url")"
     case "$scheme" in
     socks4 | socks4a | socks5)
         local tag host port version userinfo username password udp_over_tcp
@@ -146,6 +147,21 @@ sing_box_cf_add_proxy_outbound() {
         config=$(_add_outbound_security "$config" "$tag" "$url")
         config=$(_add_outbound_transport "$config" "$tag" "$url")
         ;;
+    hysteria2 | hy2)
+        local tag host port password obfuscator_type obfuscator_password upload_mbps download_mbps
+        tag=$(get_outbound_tag_by_section "$section")
+        host=$(url_get_host "$url")
+        port="$(url_get_port "$url")"
+        password=$(url_get_userinfo "$url")
+        obfuscator_type=$(url_get_query_param "$url" "obfs")
+        obfuscator_password=$(url_get_query_param "$url" "obfs-password")
+        upload_mbps=$(url_get_query_param "$url" "upmbps")
+        download_mbps=$(url_get_query_param "$url" "downmbps")
+
+        config=$(sing_box_cm_add_hysteria2_outbound "$config" "$tag" "$host" "$port" "$password" "$obfuscator_type" \
+            "$obfuscator_password" "$upload_mbps" "$download_mbps")
+        config=$(_add_outbound_security "$config" "$tag" "$url")
+        ;;
     *)
         log "Unsupported proxy $scheme type. Aborted." "fatal"
         exit 1
@@ -160,13 +176,20 @@ _add_outbound_security() {
     local outbound_tag="$2"
     local url="$3"
 
-    local security
+    local security scheme
     security=$(url_get_query_param "$url" "security")
+    if [ -z "$security" ]; then
+        scheme="$(url_get_scheme "$url")"
+        if [ "$scheme" = "hysteria2" ] || [ "$scheme" = "hy2" ]; then
+            security="tls"
+        fi
+    fi
+
     case "$security" in
     tls | reality)
         local sni insecure alpn fingerprint public_key short_id
         sni=$(url_get_query_param "$url" "sni")
-        insecure=$(url_get_query_param "$url" "allowInsecure")
+        insecure=$(_get_insecure_query_param_from_url "$url")
         alpn=$(comma_string_to_json_array "$(url_get_query_param "$url" "alpn")")
         fingerprint=$(url_get_query_param "$url" "fp")
         public_key=$(url_get_query_param "$url" "pbk")
@@ -193,6 +216,18 @@ _add_outbound_security() {
     echo "$config"
 }
 
+_get_insecure_query_param_from_url() {
+    local url="$1"
+
+    local insecure
+    insecure=$(url_get_query_param "$url" "allowInsecure")
+    if [ -z "$insecure" ]; then
+        insecure=$(url_get_query_param "$url" "insecure")
+    fi
+
+    echo "$insecure"
+}
+
 _add_outbound_transport() {
     local config="$1"
     local outbound_tag="$2"
diff --git a/podkop/files/usr/lib/sing_box_config_manager.sh b/podkop/files/usr/lib/sing_box_config_manager.sh
index c6d8ef3..9a0af62 100644
--- a/podkop/files/usr/lib/sing_box_config_manager.sh
+++ b/podkop/files/usr/lib/sing_box_config_manager.sh
@@ -661,6 +661,67 @@ sing_box_cm_add_trojan_outbound() {
     )]'
 }
 
+#######################################
+# Add a Hysteria2 outbound to the outbounds section of a sing-box JSON configuration.
+# Arguments:
+#   config: string (JSON), sing-box configuration to modify
+#   tag: string, identifier for the outbound
+#   server_address: string, IP address or hostname of the Hysteria2 server
+#   server_port: integer, port of the Hysteria2 server
+#   password: string, password for authentication
+#   obfuscator_type: string, obfuscation type (optional)
+#   obfuscator_password: string, obfuscation password (optional)
+#   upload_mbps: integer, upload bandwidth limit in Mbps (optional)
+#   download_mbps: integer, download bandwidth limit in Mbps (optional)
+#   network: string, network type (e.g., "udp") (optional)
+# Outputs:
+#   Writes updated JSON configuration to stdout
+# Example:
+#   CONFIG=$(sing_box_cm_add_hysteria2_outbound "$CONFIG" "hysteria2-out" "example.com" 443 "supersecret" \
+#       "salamander" "obfs-pass" "50" "200" "udp")
+#######################################
+sing_box_cm_add_hysteria2_outbound() {
+    local config="$1"
+    local tag="$2"
+    local server_address="$3"
+    local server_port="$4"
+    local password="$5"
+    local obfuscator_type="$6"
+    local obfuscator_password="$7"
+    local upload_mbps="$8"
+    local download_mbps="$9"
+    local network="${10}"
+
+    echo "$config" | jq \
+        --arg tag "$tag" \
+        --arg server_address "$server_address" \
+        --arg server_port "$server_port" \
+        --arg password "$password" \
+        --arg obfuscator_type "$obfuscator_type" \
+        --arg obfuscator_password "$obfuscator_password" \
+        --arg upload_mbps "$upload_mbps" \
+        --arg download_mbps "$download_mbps" \
+        --arg network "$network" \
+        '.outbounds += [(
+        {
+          type: "hysteria2",
+          tag: $tag,
+          server: $server_address,
+          server_port: ($server_port | tonumber),
+          password: $password
+        }
+        + (if $obfuscator_type != "" and $obfuscator_password != "" then {
+            obfs: {
+                type: $obfuscator_type,
+                password: $obfuscator_password
+            }
+        } else {} end)
+        + (if $upload_mbps != "" then {up_mbps: ($upload_mbps | tonumber)} else {} end)
+        + (if $download_mbps != "" then {down_mbps: ($download_mbps | tonumber)} else {} end)
+        + (if $network != "" then {network: $network} else {} end)
+    )]'
+}
+
 #######################################
 # Set gRPC transport settings for an outbound in a sing-box JSON configuration.
 # Arguments: