Best VPN protocol setup for a VPS

[Msadr471]

Hi, I am from Iran and recently bought a VPS on Hetzner, last night tried to set up a wireguard but it was so confusing that I used this source to set it up and it did not work I mean I know I did something wrong but don't know in which part! the most confusing part was that every site had its own different setup! so the question is wireguard good? do you have any sources that help me? or should I choose a different protocol cause I'm living in Iran and wireguard won't work? I'm not an IT or network Engineer, for example: When I was setting up wireguard last night:

[Interface]
PrivateKey = base64_encoded_peer_private_key_goes_here
Address = 10.8.0.2/24
Address = fd0d:86fa:c3bc::2/64

[Peer]
PublicKey = ****************************************
AllowedIPs = 10.8.0.0/24, fd0d:86fa:c3bc::/64
Endpoint = 203.0.113.1:51820

I didn't know what I should choose for my Address or Endpoint or AllowedIPs OR in the server config itself! which IP? I've seen this repo too and I get nothing, does OpenVPN work in Iran? or does the government only block those servers that were providing VPNs like Nord or ProtonVPN? if I have access to my server so any kind of setup must work, right??? I don't know you tell me. here @arandomgstring says:

There exists many one-click scripts that setup v2ray on server without need of python, https://github.com/reeceyng/v2ray-agent , https://github.com/wulabing/Xray_onekey , https://github.com/proxysu/ProxySU to name a few.

so WHAT THE HELL IS THIS? I barely understand and write English!

注意事项
修改Cloudflare->SSL/TLS->Overview->Full
Cloudflare ---> A记录解析的云朵必须为灰色【如非灰色，会影响到定时任务自动续签证书】
如用CDN又同时使用直连，关闭云朵+自选IP，自选IP参考上方的[Cloudflare 优化方案](https://github.com/reeceyng/v2ray-agent/blob/master/documents/optimize_V2Ray.md)
使用纯净系统安装，如使用其他脚本安装过并且自己无法修改错误，请重新安装系统后再次尝试安装
wget: command not found [这里需要自己手动安装下wget] ，如未使用过Linux，[点击查看](https://github.com/reeceyng/v2ray-agent/tree/master/documents/install_tools.md)安装教程
不支持非root账户
如发现Nginx相关问题，请卸载掉自编译的nginx或者重新安装系统
为了节约时间，反馈请带上详细截图或者按照模版规范，无截图或者不按照规范的issue会被直接关闭
不推荐GCP用户使用
不推荐使用Centos以及低版本的系统，如果Centos安装失败，请切换至Debian10重新尝试，脚本不再支持Centos6、Ubuntu 16.x
[如有使用不明白的地方请先查看脚本使用指南](https://github.com/reeceyng/v2ray-agent/blob/master/documents/how_to_use.md)
Oracle Cloud有一个额外的防火墙，需要手动设置
Oracle Cloud仅支持Ubuntu
如果使用gRPC通过cloudflare转发,需要在cloudflare设置允许gRPC，路径：cloudflare Network->gRPC
gRPC目前处于测试阶段，可能对你使用的客户端不兼容，如不能使用请忽略
低版本脚本升级高版本时无法启动问题，[请点击此链接查看解决方案](https://github.com/reeceyng/v2ray-agent/blob/master/documents/how_to_use.md#4%E4%BD%8E%E7%89%88%E6%9C%AC%E5%8D%87%E7%BA%A7%E9%AB%98%E7%89%88%E6%9C%AC%E5%90%8E%E6%97%A0%E6%B3%95%E5%90%AF%E5%8A%A8%E6%A0%B8%E5%BF%83)

BUT found this and also @arandomgstring says:

and I am pretty sure it's not the only one.

so I'm all ears, is there any script for me that knows nothing to build or set up a VPN? easy script for setting up VPNs on my VPS.

thanks and sorry for my English.

[free-the-internet]

So, I told a friend and he helped me, now my VPS works on all ISPs, including Irancell. Solution: Irancell (obviously) limited its connection to the outside of Iran so instead of trying to communicate to the world that is limited by Irancell I routed my traffic through the "Arvan Cloud" and then the Hatzener server. for now, the only thing that Irancell sees is "Arvan Cloud" not Hatzener. also now my VPS has an SSL certification and a domain. In the end, my speed now is super fast:

WiFi: ![Screenshot_2022-12-25-00-22-28-503_org zwanoo android speedtest] [image] (https://user-images.githubusercontent.com/49529241/209450997-77a7eb30-2b4e-4d51-9bbd-32ffa61949d4.jpg)

Irancell: ![Screenshot_2022-12-25-00-30-34-404_org zwanoo android speedtest] [image] (https://user-images.githubusercontent.com/49529241/209451024-eac8f092-45cb-4cc5-802f-4c6359abf41d.jpg)

I really discourage the use of any local VPS, unless there is a emergency when there is a shutdown. IMHO, I consider this falling into so called "layered internet" (layered in terms of the population) by your own hand, as for getting a VPS ,they need your identity. So, what would happen is this: The Internet access for the ordinary people would be cut, and those who have the services like you have, could be identified.

[Msadr471]

but it's better to keep your fingers off Arvan Cloud. They are under European Union sanctions.

I think that Europe and other countries are only talking and they don't keep their promises! If they really intend to help, they don't design and regulate the sanctions in a way that puts pressure on the people of Iran, instead they sanction the government, not the people! At the moment, Arvan's servers all have access to the Internet, so there is no embargo!

Is Arvan Cloud the only viable service provider in Iran? Are there any other companies that do the same business?

It doesn't really matter! Any other company that provides these services is still dependent on the government. They cannot violate the government in any way.

do you mean their CDN service?

Yes.

unless there is a emergency when there is a shutdown.

In fact, Arvan cloud is helpful when our access to the global Internet is completely cut off and allows us to use the server platform of this company to communicate with the outside world.

So, what would happen is this: The Internet access for the ordinary people would be cut, and those who have the services like you have, could be identified.

Well, in this case, I need your help, friends, and how can I get access (even though I can be identified and use my student identity for my right to use the Internet) but! Encrypt my traffic somehow. The way they know I'm using it, but they can't decipher it.

For example, the bridge that I have on my own server for the Tor network, I will pass its traffic through Arvan's CDN services and remain anonymous with the help of the Tor network! Is such a thing possible? But I think that if I want to communicate with Arvan, this communication itself should be encrypted, right?

[nonfdsaofd]

see this repo: https://github.com/reeceyng/v2ray-agent

oh, it's a maintained fork of mack-a script! His script looked very robust when I tried it (trojan option). I don't know why he suddenly removed his repo, I mean, did he find a security flaw and didn't want to spend time on it (so he removed it) or what?

most likely is that the author was get caught by goverment, like the author of original python version's shadowsocks: https://github.com/shadowsocks/shadowsocks. many authors who write censorship circumvention tools or scripts were get caught before in China.

[free-the-internet]

Guys in Iran, I need checks. Tor obfs4 bridges (of course with non-blocked IPs) are working in Iran? I had it 2 3 months ago, never worked; again I checked these days, it doesn't work with non-blocked private bridges. @arandomgstring and others ...

[arandomgstring]

@free-the-internet It has been a while since obfs4 bridges has stopped working. With exception of snowflake, other bridges apparently don't work.

[Msadr471]

Guys in Iran, I need checks. Tor obfs4 bridges (of course with non-blocked IPs) are working in Iran? I had it 2 3 months ago, never worked; again I checked these days, it doesn't work with non-blocked private bridges. @arandomgstring and others ...

It's working for me without bridges or snowflake! But my ISP isn't Irancell or MCI so I have to check that and let you know.

[free-the-internet]

@free-the-internet It has been a while since obfs4 bridges has stopped working. With exception of snowflake, other bridges apparently don't work.

Do you think it's because of the fingerprinting? How we can use meeklite in a tor client? or build a bridge with meeklite compatibility? @wkrp Could you help us please?

I've got the reports that VLESS + TCP or Trojan + TLS is connecting by not usable at all, specially on mobile operators.

[DevilHimSelf666]

i tried with 3 domain

1. xxx.nl
2. xxx.com
3. xxx.ir

with vmess+ tls and http as transport i used same server with 3 different domain all through Cloudflare the result was so weird with the nl domain my speed was awful (download : 1.13 Mbps ) with .com the speed was very good (download : 72.4 Mbps ) but unstable ( i could not watch youtube for more than 5 min ) with .ir the speed was ok (download : 21.4 Mbps ) but it was stable and i could watch youtube without stop

now im going to change my dns to Arvan Cloud i will let you know if there was any significant change

[wkrp]

It has been a while since obfs4 bridges has stopped working. With exception of snowflake, other bridges apparently don't work.

Do you think it's because of the fingerprinting? How we can use meeklite in a tor client? or build a bridge with meeklite compatibility? @wkrp Could you help us please?

If obfs4 bridges are indeed being blocked, there could be a variety of causes. It may be enumeration of the distribution system; it could be identification of high-entropy connections; it may have to do with connection lifetime or connection patterns; it could be blocking of specific foreign IP address ranges. It's hard to say.

There's really no such thing as "meek_lite". That label was originally referred to an independent implementation of the meek protocol in obfs4proxy; the "lite" was meant to indicate that it did not have any TLS camouflage. (The mainline meek implementation used a headless browser for TLS camouflage at the time.) Later, obfs4proxy's implementation started using uTLS for TLS camouflage, so the implementation was no longer really "lite". The mainline implementation also gained the ability to use uTLS, as an alternative to a headless browser. There's really no difference between meek and meek_lite.

The demand for the built-in meek-azure bridge is much larger than the supply. The bridge is self-throttled to about 5 MB/s (as you can see in the bandwidth graph) in order to control costs, because the bridge is so expensive to operate. In comparison, one of the Snowflake bridges currently averages around 240 MB/s.

It is possible to use meek with a personally operated meek-server, with or without a CDN in the middle. For example, you can use this bridge line:

Bridge meek 192.0.2.31:3 1922840D0D66CB82EACE4327F5001430227C0127 url=https://meek.bamsoftware.com/ utls=HelloChrome_auto

But without a CDN, blocking resistance depends on keeping the bridge URL secret. There is nothing to prevent a censor from blocking the above server. But if you set up your own server and keep it private, you can use the meek transport protocol with your own bridges.