Configuring VPN v2ray on Linux server

• Create a configuration file
  • Set the sysctl value net.ipv4.ip_forward = 1 to enable routing
  • Set up appropriate ownership for all configuration and authentication files to run the OpenVPN server daemon under a non-root account
  • Set OpenVPN to start with the appropriate configuration file
  • Configure your firewall
• Use prebuilt server and client configuration file templates
  • Download script from website to set up appropriate directories and set up ownership
  • Edit OVPNserver2020.conf and OVPNclient2020.ovpn to include your IP addresses
• Set up file ownership
  • Create a user called openvpn that is a member of a group named openvpn and set the ownership of everything in /etc/openvpn to this user and group
• Firewall
  • Enable the OpenVPN service with the firewall-cmd command
• Start your server
  • Use systemctl enable --now openvpn-server@OVPNserver2020.service to start your OpenVPN server and make it start automatically after a reboot

• Use a script to install v2ray without needing to get a domain
  • Use the script from the Github repository: https://github.com/iamtrazy/bash-xray-script
  • Run the xray-whatever.sh script from the repository
  • Input a UUID to create a v2ray account
• Use v2ray’s GUI to configure any website as the spoofed site
  • Use v2-ui/x-ui, which gives the GUI experience when configuring the v2ray server
  • To spoof, fill in the SNI field with the desired website
• Use Trojan as the connection protocol
  • Transport protocol should be TCP
• Use SNI(Server name indication) to trick the ISP into thinking the connection is to a specific website
  • ISP can give the special package for Zoom because they have basic DPI
  • ISP don’t bother to verify if the domain actually resolves for the VPS IP
• Use Windows V2ray client settings
  • Follow the instructions for the Windows V2ray client settings

• Use a VPN provider
  • It will save time and money
  • Can buy packages from providers for 15-30rmb per month
• Configure a remote VPS with V2Ray
  • Use the setting: socks-proxy x.x.x.x xxx
  • Change the public IP of the server and update the DNS to see the new address
• Route the connection to a commercial VPN’s IP
  • Tunnel openvpn through v2ray for faster connection
  • One encryption point and 2 decryption points as opposed to encrypt/decrypt/encrypt/decrypt
  • Cloudflare and DNS lookup for a domain can add 100m/s ish when added together

• Installing OpenVPN on a Linux VPN Server
  • Prerequisites: Account with root access or sudo privileges, configure the firewall to allow TCP traffic over port 943, UDP traffic over port 1194
  • For Ubuntu and Debian: Update indexes using apt, install ca-certificates wget net-tools gnupg, download client from OpenVPN website using wget command, and install OpenVPN Access Server
  • For CentOS: Install OpenVPN Access Server using yum
  • After installation, enable TUN/TAP Adapter and enable IP forwarding in the kernel
  • Disable IPv6 to set up an OpenVPN tunnel
  • Alter DNS resolver settings to avoid DNS leak
• Connecting to Other Devices
  • Install and connect the OpenVPN Client for Windows
  • Install and connect the OpenVPN Client for macOS
  • Install and connect the OpenVPN Client for Linux
  • Install and connect the OpenVPN Client for Android
  • Install and connect the OpenVPN Client for iOS

• v2ray
  • V2ray is an undetectable protocol for bypassing the censorship and is the best one out of the three (shadowsocks, v2ray, WireGuard).
  • It is most reliable, and governments have not yet found a way to block it.
  • It is recommended to install BBR alongside v2ray for faster speed.
• Shadowsocks
  • It is a network proxy and a more proper comparison would be between Shadowsocks and v2ray.
  • It is good and easy to setup for a simple proxy.
• WireGuard
  • It is a full on VPN.
  • It is lightweight and very fast and easy to setup.
  • It can be baked into the kernel on the client side for more security than OpenVPN or Shadowsocks.

💭  Looking into

What are the best ways to test the connection of a VPN server?

💭  Looking into

What are the benefits of setting up a private VPN server?

💭  Looking into

What are the detailed steps to install OpenVPN and cURL programs?

💭  Looking into

What are the exact steps to select Bypass mainland address?

💭  Looking into

What is the exact syntax for the command to save the config output to a config.json file?

• Setting up a private Linux VPN server
  • Need to install OpenVPN and cURL programs
  • Need to download a VPN installation script, make it executable and run it
  • Make sure you have sudo privileges or root access
  • Allow TCP traffic over port 943, and UDP traffic over port 1194
• Install OpenVPN on client computer and the OpenVPN extension for the network manager
• Download configuration file from server
• Copy configuration file to OpenVPN client folder
• Add configuration file to the Network Manager
• Test the connection
• Test for IP, IPv4, IPv6, DNS and WebRTC leaks
• Consider subscribing to a paid, premium VPN service
• Consider setting up a free VPN
• Benefits of setting up private VPN server include: being in complete control of your traffic, streaming remotely, accessing files and applications remotely, no risk of data-logging, easier to spot and combat intrusions, more traceability back to yourself.

• Update the Linux Server Date Time
  • Run the command “$ date” to get the current date-time
  • Run the command “date –set=”Fri Jun 28 15:05:15 CST 2020”” to change the date time and time zone
• Install V2ray On Ubuntu Linux Server
  • Install unzip manually
  • Change to the root user
  • Install v2ray on the Linux server using the command “bash <(curl -L -s https://install.direct/go.sh)”
  • If you meet an error when running the above shell script, browse https://github.com/v2fly/fhs-install-v2ray to see the new v2ray install method
  • Download the v2ray install shell script file using the command “curl -O https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh” and “curl -O https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-dat-release.sh”
  • Install v2ray using the command “bash install-release.sh”
  • Install geoip.dat and geosite.dat using the command “bash install-dat-release.sh”
  • Uninstall v2ray using the command “bash install-release.sh –remove”
  • New v2ray installation shell script is “bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)”
  • The new v2ray configuration file is located at ExecStart=/usr/local/bin/v2ray -config /usr/local/etc/v2ray/config.json
  • V2ray has been created as a Linux service daemon, which means it will be auto-started when the Linux OS startup.

• Install V2Ray on Ubuntu 22.04/20.04 Server
  • Download the official V2Ray install script
  • Run the install script
  • Check status of V2Ray
  • Restart V2Ray
  • Enable auto-start at system boot time
• Set Up NTP Time Sync
  • Check the time on your server
  • Follow the tutorial to set up NTP time synchronization
• Configure V2Ray on the Server
  • Edit V2Ray configuration file
  • Replace the id with some random characters in UUID format
• Configure Reverse Proxy
  • Install Nginx web server
  • Create a virtual host file for V2Ray
  • Replace example.com with your own domain name

• Setting up a v2ray server on a VPS
  • Tutorial can be found at https://privacymelon.com/v2ray-setup-guide/
  • Can use Clash for Windows as a v2ray client
  • Slower than Shadowsocks or ShadowsocksR, but more stable and has more variations and masking protocols
  • More stable in China
• Setting up a v2ray client on OpenWRT router
  • No experience with this, but may be possible
• Setting up a v2ray client on Windows Server
  • Can be done on ADW

• Construct the entire client config
  • This includes an inbound (e.g. socks) and the vmess outbound
  • Save the output of the config to a config.json file
  • Use the command “v2ray -c config.json”, or start it in the background with a systemd service
• Bypass mainland address
  • In the app settings select “Bypass mainland address” under “Predefined rules”
  • This will export the rules to the config file
  • The socks/http proxy can send all traffic to it, which will send Chinese traffic directly while proxying everything else to vmess.

💭  Looking into

What is the best way to configure VPN v2ray on a Linux server?