Bypass The Islamic Republic Again: Installing V2ray + XUI

When the situation is challenging, UDP-based VPN protocols might not work and we have to use something else to be able to bypass this madness. This tutorial is about installing and configuring the popular Chinese VPN protocol V2Ray on a ubuntu server using a web-based control panel called X-UI.

1. Intro

Last time, I wrote an article about bypassing God’s government restrictions to be able to access the outside world. Now the base solution still stands, but the protocol we used to implement that solution no longer works. We can clap our hands to the government priests for upgrading their knowledge about VPN protocols and say bravo in chinese “高丝纳纳顿”.

As our government and Chinese folks are each other’s besties and in the same bed! we can conclude that any protocol that works on the great firewall of china, should work for the evils firewall of the Islamic Republic!

V2Ray is a VPN protocol written with love by some free Chinese people. It works on the application layer and its traffic looks like working with an actual web-site and it’s less prone to detect. The problem with V2Ray is the english language support, documentations and weak client software which can easily be improved if their community decided to share their information and issues in english not in fucking chinees!

For this article we consider you have access to a Virtual Machine in the outside world. You can access that machine using SSH or you can easily install a cockpit to be able to access your Linux machine through the browser.

1.1 Installing Cockpit (Optional)

To install Cockpit, connect to your machine using ssh and use the aptitude package manager to install cockpit:

$ sudo apt update --yes
$ sudo apt upgrade --yes
$ sudo apt install cockpit --yes

This should install the cockpit and dose all the configurations for you. The cockpit is a web-based control panel and it will run on port 9090 of the server so, you have to allow connecting this port if your firewall is enabled:

$ sudo ufw allow 9090
$ sudo ufw disable
$ sudo ufw enable

Then open a browser and type the address YOUR_VM_IP:9090 to see the cockpit panel. Username and password of cockpit panel are the same as your vm user for example:

username: root
password: 123456

2. Installing V2ray using X-UI

To install V2ray you can easily install X-UI panel on your machine and this will automatically install all necessary things for you. X-UI documentation could be found here: seakfind

The installation process is pretty easy, just connect to your machine and install socat first:

$ apt install curl socat -y

Then you can skip obtaining certificate steps and directly jump on installing the x-ui using its script:

$ bash <(curl -Ls https://raw.githubusercontent.com/vaxilu/x-ui/master/install.sh)

Then it will ask you to type yes|no, you type yes and press enter on any chinese message prompt it shows to you. That’s it, you can start the panel by typing:

$ x-ui start

It starts the X-UI panel on the port 54321 of server. Open a browser and type YOUR_VM_IP:54321 in the address bar to see the panel. Default username and password are:

username: admin
password: admin

Default language of x-ui is chaines, i use Google chrome and Google translate to translate its contexts to english and i recommend you to do so.

After login, you have to go and change the default username and password of the panel (You can change the default port as well). From the sidebar panel select the third option, then select the second tab. Now type the old username and password on first two fields the new ones on the next two. Press Revise to save the changes.

Now go to inbound list from the sidebar and press add for creating a new VPN configuration. For example you can select VMess or VLess protocol under Websocket(ws) as you can see on the picture below. If you choose VLess be aware of that VLess has no encryption and VMess is a better choice.

Note: You can go and search for other V2Ray configurations but VMess is good enough for our article.

Now, you are all set, you can scan the QR code or press copy share link to copy the share link to the clip board and send it to your clients.

3. Clients setup for using V2Ray

To connect to the V2Ray server you have to install the proper client application on your devices. Here is a list of application clients for different devices and operating systems:

4. Using TLS (Optional but, recommended.)

To make the clients connection more secure and safer, we need to use TLS on our server.

4.1 What is Transport Layer Security (TLS)?

Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. A primary use case of TLS is encrypting the communication between web applications and servers, such as web browsers loading a website. TLS can also be used to encrypt other communications such as email, messaging, and voice over IP (VoIP). In this article we will focus on the role of TLS in web application security.

TLS was proposed by the Internet Engineering Task Force (IETF), an international standards organization, and the first version of the protocol was published in 1999. The most recent version is TLS 1.3, which was published in 2018.

4.2 Buy a domain

4.3 Generating a new certificate using cert-bot

4.5 Activating CDN (Optional but recommended)

References