MantorpLasse
commented
1 year ago Hi pouyaSamie] could you send the guide , I have a vps that I set up for my friend and she cant use it anylonger. I'm keen on to fix it for her.
Open linehman opened 1 year ago
MantorpLasse
commented
1 year ago Hi pouyaSamie] could you send the guide , I have a vps that I set up for my friend and she cant use it anylonger. I'm keen on to fix it for her.
pouyaSamie
commented
1 year ago Hi pouyaSamie] could you send the guide , I have a vps that I set up for my friend and she cant use it anylonger. I'm keen on to fix it for her.
Hi, I have written a full detailed tutorial. for that. please check it on my GitHub page. It will use vmess+ Nginx + CDN through SLL
Roham0010
commented
1 year ago @pouyaSamie Are you sure that the Nginx is really needed? We can just add the domain name and the TLS certificates to the configuration of the v2ray we are creating by enabling the tls option and there is no need to install Nginx in this case. Is there any difference between adding the fake domain and certificate to the v2ray config or installing the Nginx and doing all that? I followed this tutorial btw: https://privacymelon.com/how-to-setup-v2ray-ws-tls-cdn/
pouyaSamie
commented
1 year ago Yea it is needed because you need to keep websocket alive and also you need to he aboe redirect your request from port 443 to your vmess port… if you run your vmess on port 443 cdn wont allow that to pass and it will fail. At least from what i tried ... but if you could do it with proxy on the CDN i think you should be good to go
Roham0010
commented
1 year ago @pouyaSamie I already have a vmess on port 443 and it's working. There are sometimes tls handshake timeouts but I don't think it has anything to do with the configuration :thinking: (My DNS proxy status is also enabled)
pouyaSamie
commented
1 year ago @pouyaSamie
I already have a vmess on port 443 and it's working.
There are sometimes tls handshake timeouts but I don't think it has anything to do with the configuration :thinking:
(My DNS proxy status is also enabled)
Thats good. I tried it with ArvanCloud cdn and it didnt work but with Nginx in fron it works perfectly
SasukeFreestyle
commented
1 year ago @pouyaSamie
Hi!
I've made a repo containing a guide using Nginx fallback for anti probe detection.
https://github.com/SasukeFreestyle/XTLS-Iran-TLS
This also works with CDN but you need to configure it in nginx
I do not recommend using X-UI because it does not contain an outbound CIDR block for Iranian IP's or websites. X-UI also runs with root user and from a security perspective I don't recommend this.
If your server does not have this CIDR block, every Iranian app or users will proxy connection from your server back to Iran, and with many users this looks very suspicious from a firewall/DPI perspective. This is because you are hosting a "website" and a website does normally not initiate (first) connection back to another IP/website in Iran.
Check my config here https://github.com/SasukeFreestyle/XTLS-Iran-TLS/blob/main/config.json
Your solution also uses websockets which are somewhat outdated. You should use XTLS-RPRX-Vision and a uTLS fingerprint in V2rayN
Also you are missing certbot renew script for your xray. when certbot renews its certificates your xray server will stop working because it has loaded old certificates, and you need to then manually restart xray.
If you use my renewal script it will automatically stop xray, renew certificates and start xray with new certificates.
pouyaSamie
commented
1 year ago @pouyaSamie
Hi!
I've made a repo containing a guide using Nginx fallback for anti probe detection.
https://github.com/SasukeFreestyle/XTLS-Iran-TLS
This also works with CDN but you need to configure it in nginx
I do not recommend using X-UI because it does not contain an outbound CIDR block for Iranian IP's or websites.
X-UI also runs with root user and from a security perspective I don't recommend this.
If your server does not have this CIDR block, every Iranian app or users will proxy connection from your server back to Iran, and with many users this looks very suspicious from a firewall/DPI perspective. This is because you are hosting a "website" and a website does normally not initiate (first) connection back to another IP/website in Iran.
Check my config here
https://github.com/SasukeFreestyle/XTLS-Iran-TLS/blob/main/config.json
Your solution also uses websockets which are somewhat outdated. You should use XTLS-RPRX-Vision and a uTLS fingerprint in V2rayN
Also you are missing certbot renew script for your xray. when certbot renews its certificates your xray server will stop working because it has loaded old certificates, and you need to then manually restart xray.
If you use my renewal script it will automatically stop xray, renew certificates and start xray with new certificates.
Hi thanx for your update
To be honest for now im totally happy with my config this is my result now with Hamrah aval using vpn
By the way X-UI has an update with newest changes.
adelmrk
commented
1 year ago Now what? from 1 march 2023 XRAY-CORE down with TCI-ISP I can get ping and tracert with my personal server but cant login with SSH. need to change better protocol for me. what is your offers? (need to be tested with TCI ISP)
hack3rcon
commented
4 months ago Hello,
A friend in Iran has a problem with the V2Ray and Shodowsocks. He got the following error and can't connect to his V2Ray server:
2024/02/25 14:08:13 [Debug] app/log: Logger started 2024/02/25 14:08:13 [Debug] app/proxyman/inbound: creating stream worker on 0.0.0.0:9090 2024/02/25 14:08:13 [Info] transport/internet/tcp: listening TCP on 0.0.0.0:9090 2024/02/25 14:08:13 [Warning] V2Ray 5.12.1 started 2024/02/25 14:08:55 [Info] [959473960] proxy/shadowsocks: tunnelling request to tcp:9.9.9.9:853 2024/02/25 14:08:55 [Warning] [959473960] app/dispatcher: default route for tcp:9.9.9.9:853 2024/02/25 14:08:55 [Info] [959473960] proxy/freedom: opening connection to tcp:9.9.9.9:853 2024/02/25 14:08:55 [Info] [959473960] transport/internet/tcp: dialing TCP to tcp:9.9.9.9:853 2024/02/25 14:08:55 [Info] [3719334211] proxy/shadowsocks: tunnelling request to tcp:IP:5222 2024/02/25 14:08:55 [Warning] [3719334211] app/dispatcher: default route for tcp:IP:5222 2024/02/25 14:08:55 [Info] [3719334211] proxy/freedom: opening connection to tcp:IP:5222 2024/02/25 14:08:55 [Info] [3719334211] transport/internet/tcp: dialing TCP to tcp:IP:5222 2024/02/25 14:08:56 [Info] [903413974] proxy/shadowsocks: tunnelling request to tcp:IP:443 2024/02/25 14:08:56 [Warning] [903413974] app/dispatcher: default route for tcp:IP:443 2024/02/25 14:08:56 [Info] [903413974] proxy/freedom: opening connection to tcp:IP:443 2024/02/25 14:08:56 [Info] [903413974] transport/internet/tcp: dialing TCP to tcp:IP:443 2024/02/25 14:09:07 [Info] [959473960] app/proxyman/inbound: connection ends > proxy/shadowsocks: connection ends > context canceled 2024/02/25 14:09:07 [Info] [959473960] app/proxyman/outbound: failed to process outbound traffic > proxy/freedom: connection ends > context canceled 2024/02/25 14:09:15 [Info] [4083135377] proxy/shadowsocks: tunnelling request to tcp:9.9.9.9:853 2024/02/25 14:09:15 [Warning] [4083135377] app/dispatcher: default route for tcp:9.9.9.9:853 2024/02/25 14:09:15 [Info] [4083135377] proxy/freedom: opening connection to tcp:9.9.9.9:853 2024/02/25 14:09:15 [Info] [4083135377] transport/internet/tcp: dialing TCP to tcp:9.9.9.9:853 2024/02/25 14:09:28 [Info] [4083135377] app/proxyman/inbound: connection ends > proxy/shadowsocks: connection ends > context canceled 2024/02/25 14:09:28 [Info] [4083135377] app/proxyman/outbound: failed to process outbound traffic > proxy/freedom: connection ends > context canceled 2024/02/25 14:09:36 [Info] [150780187] proxy/shadowsocks: tunnelling request to tcp:9.9.9.9:853 2024/02/25 14:09:36 [Warning] [150780187] app/dispatcher: default route for tcp:9.9.9.9:853 2024/02/25 14:09:36 [Info] [150780187] proxy/freedom: opening connection to tcp:9.9.9.9:853 2024/02/25 14:09:36 [Info] [150780187] transport/internet/tcp: dialing TCP to tcp:9.9.9.9:853 2024/02/25 14:09:37 [Info] [1434522752] proxy/shadowsocks: tunnelling request to tcp:9.9.9.9:853 2024/02/25 14:09:37 [Warning] [1434522752] app/dispatcher: default route for tcp:9.9.9.9:853 2024/02/25 14:09:37 [Info] [1434522752] proxy/freedom: opening connection to tcp:9.9.9.9:853 2024/02/25 14:09:37 [Info] [1434522752] transport/internet/tcp: dialing TCP to tcp:9.9.9.9:853 2024/02/25 14:09:37 [Info] [2544724651] proxy/shadowsocks: tunnelling request to tcp:android.googleapis.com:443 2024/02/25 14:09:37 [Warning] [2544724651] app/dispatcher: default route for tcp:android.googleapis.com:443 2024/02/25 14:09:37 [Info] [2544724651] proxy/freedom: opening connection to tcp:android.googleapis.com:443 2024/02/25 14:09:37 [Info] [2544724651] transport/internet/tcp: dialing TCP to tcp:android.googleapis.com:443 2024/02/25 14:09:37 [Info] [2469683110] proxy/shadowsocks: tunnelling request to tcp:mtalk.google.com:5228 2024/02/25 14:09:37 [Warning] [2469683110] app/dispatcher: default route for tcp:mtalk.google.com:5228
Any idea?
Some of my private v2ray ( vmess ws tls with no fake site + tcp tls ) and shadowsocks + cloak servers are getting limited in Iran. I was running all configs on the same servers so I'm not sure which one got exposed or maybe they limited them based on traffic or other things. interesting thing is they are limited on one or two isp but working on others right now.