Home

Awesome

XTLS-Iran-Reality

Xray-core (V2ray) Server with Reality Protocol for bypassing internet censorship in Iran with TLS encryption.


Notes


This guide is written for Ubuntu 22.04 LTS but any Debian based distro should also work.

What you need before starting this guide. Prerequisites


First we need to do some kernel settings for performance and raise ulimits.

sudo nano /etc/sysctl.conf

Copy this at end of then file and save and close.

net.ipv4.tcp_keepalive_time = 90
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_fastopen = 3
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
fs.file-max = 65535000

Then run this command to edit limits.conf

sudo nano /etc/security/limits.conf

Copy this at end of the file and save and close.

* soft     nproc          655350
* hard     nproc          655350
* soft     nofile         655350
* hard     nofile         655350
root soft     nproc          655350
root hard     nproc          655350
root soft     nofile         655350
root hard     nofile         655350

Run this to apply settings.

sudo sysctl -p

Install Xray (XTLS)

Create a folder called xray in your username home folder. You should be in this folder when you log in.

mkdir xray

Update Ubuntu package list and install unzip.

sudo apt-get update
sudo apt-get install unzip

Change directory to the newly created xray folder.

cd xray/

Download the latest geoasset file for blocking Iranian websites.

wget https://github.com/bootmortis/iran-hosted-domains/releases/latest/download/iran.dat

Download the latest version of XTLS-Xray-Core.

Link to release page.

https://github.com/XTLS/Xray-core/releases

To download the Xray-linux-64.zip file, we can use the wget command. Then we will unzip the file.

wget https://github.com/XTLS/Xray-core/releases/download/v1.8.3/Xray-linux-64.zip
unzip Xray-linux-64.zip

Remove the Xray-linux-64.zip for easier future updates. See updates

rm Xray-linux-64.zip

Generate UUID for config.json save this for later. Replace Secret with any random text/string

./xray uuid -i Secret

It should look something like this.

92c96807-e627-5328-8d85-XXXXXXXXX

Generate Private and Public keys and save it for later

./xray x25519

It should look something like this.

Private key: qBvFzkSMcgrXXXXXJu2VSt3-0dCy-XX8IXXXXXXXXXX
Public key: rhrL9r_VGMWtwXXXXHO_eAi5e4CIn_XXXXXXXXXXXXX

Run this command to generate short IDs, You can have multiple short IDs or just one. Save it for later.

openssl rand -hex 8

It should look something like this.

d82fb387XXXXXXXX

Install xray to boot at startup (Systemd-Service) create file or copy paste xray.service file from this repository

Create service file.

sudo nano /etc/systemd/system/xray.service
[Unit]
Description=XTLS Xray-Core a VMESS/VLESS Server
After=network.target nss-lookup.target
[Service]
# Change to your username <---
User=USERNAME
Group=USERNAME
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
NoNewPrivileges=true
#                       --->  Change to your username  <---
ExecStart=/home/USERNAME/xray/xray run -config /home/USERNAME/xray/config.json
Restart=on-failure
RestartPreventExitStatus=23
StandardOutput=journal
LimitNPROC=100000
LimitNOFILE=1000000
[Install]
WantedBy=multi-user.target

Remember to edit this file to your own USERNAME! The parts to edit are.

User=USERNAME
Group=USERNAME
ExecStart=/home/USERNAME/xray/xray run -config /home/USERNAME/xray/config.json

Example

User=SasukeFreestyle
Group=SasukeFreestyle
ExecStart=/home/SasukeFreestyle/xray/xray run -config /home/SasukeFreestyle/xray/config.json

Reload services and enable auto-start.

sudo systemctl daemon-reload && sudo systemctl enable xray

Xray Configuration

Create a new file called config.json inside xray folder. Copy contents of config.json from this repository to the file.

nano /home/USERNAME/xray/config.json


The parts to edit are.

      {
         "listen":"0.0.0.0",
         "port":443,
         "protocol":"vless",
         "settings":{
            "clients":[
               {
                  "id":"UUID HERE", // Your generated UUID here.
                  "flow":"xtls-rprx-vision"
               }
            ],
            "decryption":"none"
         },
         "streamSettings":{
            "network":"tcp",
            "security":"reality",
            "realitySettings":{
               "show":false,
               "dest":"www.google-analytics.com:443", // Edit to a website/server that works without VPN outside of Iran
               "xver":0,
               "serverNames":[
                  "www.google-analytics.com" // (SNI) Same as "dest" but without portnumber.
               ],
               "privateKey":"PRIVATE KEY HERE", // Private key you generated earlier.
               "minClientVer":"1.8.0",
               "maxClientVer":"",
               "maxTimeDiff":0,
               "shortIds":["SHORT ID HERE" // Short ID
               ]
            }
         },

Example

"id":"92c96807-e627-5328-8d85-XXXXXXXXX",
"privateKey":"qBvFzkSMcgrXXXXXJu2VSt3-0dCy-XX8IXXXXXXXXXX",
"shortIds":["d82fb387XXXXXXXX"]

Now start xray and check if xray is running it should now say Active: active (running).

sudo systemctl start xray && sudo systemctl status xray
● xray.service - XTLS Xray-Core a VMESS/VLESS Server
     Loaded: loaded (/etc/systemd/system/xray.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2023-02-14 18:31:07 CET; 22min ago
   Main PID: 338362 (xray)
      Tasks: 16 (limit: 9365)
     Memory: 279.6M
        CPU: 5min 28.315s

Done! Now test the server with your clients.

Client/Apps (Settings)

V2rayNG (Android)

In V2rayNG press + then pick "Type manually[VLESS]"

Settings also apply to V2rayN (Windows).

Remember to set (uTLS) Fingerprint to Chrome.

photo_2023-04-14_16-33-50

If you want to be able to visit Iranians websites without disconnecting the VPN follow the instructions in the video below.

This will also make it harder for government to see that you are using a VPN.

Enter

geoip:private,
geosite:private,
geoip:ir,
geosite:category-ir

Video Instructions:

https://user-images.githubusercontent.com/2391403/235455406-96746fe5-fa45-43de-9c2a-9e9cca51f10d.mp4


V2rayN (Windows)

V2rayN 6.21+

v2rayN


Nekoray (Windows/Linux)

Nekoray 2.25+

Change core to sing-box in "Basic Settings".

nekoraysing

nekosettings


Iphone/Mac

FoXray

Pictures/Screenshots comming soon.


Routing rules

For routing rules for each client see bootmortis excellent guides. https://github.com/bootmortis/iran-hosted-domains

Link to some other routing rules for V2rayNG and FoXray


How to update to latest version

If a new version of Xray is published and you want to update to the latest version do this easy steps.

Change directory to your xray folder.

cd xray/

wget the latest release.

wget https://github.com/XTLS/Xray-core/releases/download/v1.8.3/Xray-linux-64.zip

This command will stop the xray service and remove old files and start xray service again.

sudo systemctl stop xray && rm geo* && rm LICENSE && rm README.md && rm xray && unzip Xray-linux-64.zip && sudo systemctl start xray

Make sure xray is running by entering this command.

sudo systemctl status xray

Remove the zipfile.

rm Xray-linux-64.zip

Done!

Credits

XTLS-core Team / v2fly

@bootmortis for Iranian domain list and routing rules.

And many others.