Early Data issue

[ParhamzXc]

?ed=2048 | outdated ?ed=2560 | 0-RTT - http3+tls1.3 - web3 connectivity support - .crypto top domain resolve for unstoppable domains - faster api connectivity + better handling for closing unsecure tcp connections while upgrading from 80 to encrypted 443 (Upgrade-Insecure-Requests). old 2048 had issue with closing video stream connections but this one is legit for user actions in streams.

I recommend you remove early data on your vless config path, its trash, disadvantages are a lot but the only advantage -100ms for responsing, not worthy at all. limits most of DoH-DNS to resolve themselves, the goal of setting early data is for reduce latency ONLY on first tcp connection, which can reduce ping like 100-200ms when opening an app or a site w/api support, but adds tons of errors and limitations... it also affects download speed when you downloading with an advance downloader like IDM which can split the file to 32 parts for parallel downloads, with early data it can't even handle 8 connections properly, hangs like crazy, dl rate & ping leaps a lot and jitter jitter jitter... this error also happens when you have a lot of open connections or multiple open tabs/apps. just use standard / for path and thank me later when you understand how early data works )

[bia-pain-bache]

That's correct, however i believe regarding this f...ked up network conditions and also overhead of Fragment, it worth having Early data still. As far as we tested configs so far, we saw about 10ms Jitter in tests by average (except some ISPs like TCI), i believe that's not the issue right now. Do you still insist?

[ParhamzXc]

Yes, set early data and check if link redirecting works in sites that use other CDNs ( except Cloudflare or Google, these are part of Xray core build code ) try a domain behind AWS or Facebook or Azure and you can see both packet GET and POST HTTP requests sometimes delivers with literally trash performance or sometimes fails... this shit also happens for third-party cookies too, almost all 3rdparty cookies are used to be delivered with CDN, its true that almost every site use Cloudflare as nearest edge location since they rebuild the whole CDN Planet in 2020, so big companies or platforms should use a CDN except Cloudflare for better privacy, inspect client user-interaction for debug or just personal ad delivery since they can't access Cloudflare. so set an exact length of early-data doesn't work other CDNs API usage documentation. Early-data always checks if API connectivity is available or not before sending first GET HTTP request for resolving dns records, if yes, you see that transport protocol for upgrading connections skips the TLS key exchange so HTTPS encryption becomes fast as HTTP, this method on Cloudflare networks aka 0-RTT and on Google aka QUIC ) BUT what happens if requests another CDN for cutting edge delivery?! It fails for sure for the first time but if you just refresh the page or app it may works well and seems to be fine but if you go deep into the rabbit whole like I did, you notice that your session-ID and session-ticket in HTTP headers are set as which means caching local in my device only instead of for both my local dnscache log and example site or app. That's why Instagram or Microsoft always kicked me out after some hours even if I didn't restart or reset upstream my VLess connection, I mean kept VPN connection continuous and IP uniquely static, The moment I found this was happening while I had static IP, I panicked that these VLess configs are not secure and someone somehow may can remotely manage my cookies or activities over these FREE stuffs, well I still may suspect that I'm not 100% private since these are FREE :)) But as I went deeper found that the problems relates HTTP headers, size of logger can be different for each OS, it resets automatically after reaching the maximum size of logger ( for my device Samsung-A50 Android11 was 8192Kb ) since it reset, the session-ID of device expires thus Instagram or any other platform which isn't using Cloudflare CDN can't authorize session-ticket so force to log me out. Since I just use / for my vless host path these free configs works perfectly well like a Tier-1 premium VPN company, caching god, download rate unlimited , I have more proofs to show it not necessary to set a early data length and disadvantages of using it are twice as advantages of it. You should've know that slash at the end of any HTTP URL means to redirect to HTTPS/2 by default. Still insist on early data? I have more proof if you'd care bout it

[ParhamzXc]

Hamrah aval 15MB/sec download mikardam az ye site kiri na host maroofi dasht ye kheyliam fasele location Argentina faqat download az avalesh ba 15Mb shuru nashod yeho ye 20sanie gozasht yeho raf bala, hamun moqe too speed.petiak.com gereftam bedune VPN 11MB/sec host Irani

vless://xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx@152.70.155.147:80?security=&type=ws&path=/&host=x.kron0s.workers.dev&encryption=none#LAX-CA%20%F0%9F%87%BA%F0%9F%87%B8

config intori, no flow, no ecoding, no fragment, no mux, no fakedns hichi hamintori vasl sho DoH-DNS ham harchi bezari resolve mikonem, hala khasti UID ham bt midam age mikhay vali vaght Early-data WebSocket bezari barash dg faqat mitune be yeseri DoH serveri k certificatash to khode source codaye core v2ray neveshte shode vasl she, masalan DoH web3 besh bedi filter ham nakarde bashanam nemitune resolve kone

[bia-pain-bache]

Your feedback means a lot to me buddy, you are accurate and spent a lot on this topic. I removed Early data for now and released. Let's see what are feedbacks.

[ParhamzXc]

I use to be a perfectionist for any stuff that I can able to customize. I'm not a specialist in network security or coding stuffs, these are just my experiment over connectivity time, consider them as my configuration, at this moment I'm satisfied with settings and personalization, I count you as my stylist on this, so later on if you ever wanted to judge me about early data, Do it with no hard feelings after.

[bia-pain-bache]

Actually at the time i was reading your feedback, I checked Jitter and tests approved your comment, however i shared config with some people and we tested on different ISPs. But the results were not approving! Even in many cases result was vice versa. Also I tried to find some similar cases to DOH or multiplexing issues but non found. would you please provide proofs for those claims? right now handshake ping reaches even 1200ms with fragment and without early data which is awful, and also sometimes first attempt to connect to proxy takes too long...

[ParhamzXc]

use a custom one or newly registered, not the public

[ParhamzXc]

https://github.com/curl/curl/wiki/DNS-over-HTTPS

[bia-pain-bache]

Temporarily activated it and set it to 2560 for more investigations. Apparently the issue you mentioned is more related to DNS itself because early data here is only used to communicate with worker, not involved in any dns queries and so on...

[ParhamzXc]

Bruh, you dumb? EarlyData = API Support http://x.y.pages.dev/ = Redirect to your worker host, this is a promise for always Upgrade-insecure-requests IT GOOD FOR BYPASSING FIREWALLS THAT STRICTLY REFUSE HTTP/1.1, CHINA ISPs for sure BUT IN IRAN WE ARE GETTING DNS HIJACKED EVERYMOMENT VIA HTTP API REQs ( CUZ ITS FAST, HUMAN READABLE PLAINTEXT, NO ENCRYPTION EZ TO SPY ON ) Use traceroot program in your OS TERMINAL or ur ROUTER CLI You see those private IPs? Those are Router Gateway IPs connected in local network ( LAN ) In general this method is used to add more firewall layers, make it more secure for PPPOE clients and it's a good thing, but Islamic Rules of IRAN reveals your private activity in plaintext for ur ISP instead of protection :DDD literally 0 privacy. Your Wide area Network ( WAN ) connects to a multiple local networks first to log our activity for spying! traceroot reveals your hops back to the server wanna connect. Those private IPs are like all seeing eye for your activity, a big observer hijacking your upstreams each moment via API. so now please tell me why are you trying to bypass http/1.1 rule?? while its already open and allowed in local private gateways globally for spying stuffs over clients.... Https makes it almost impossible for those telecommunication fuckos to snipe our upstreams or hijack our dns log :)

[ParhamzXc]

IDC my friend, keep copy/paste json scripts with no clue Goodluck