How To Install VLESS with XTLS based on xray core
What is vless?
Vless is an an updated version of vmess protocol, which has been around for a while. After several developers found flaws on vmess protocol, and showed that vmess protocol can be detected by DPI, vless was developed. I should note that, it is the simple vmess tcp combination that can be easily detected, vmess ws+tls is still a good and secure option.
Additionally, xray core has been developed as an alternative to standard v2ray core. According to developers, xray is more stable, better for UDP gaming and %30 faster than v2ray.
Recently, v2-ui script has been updated to use xray core, and now we can fully enjoy the xray vless combination.
If you are new to v2ray, feel free to get more info from my previous tutorial.
Choosing a VPS
- Before making payment ping an IP address of the VPS provider
- Prefer hourly billing VPS services
- Prefer less popular VPS services
- Check for ratings and user reviews
- Prefer KVM virtualization
- Use a VPN when using Putty or an alternative SSH programme, to prevent IP address blocking
I can suggest these VPS services:
- Vultr – hourly billing – starting from $3.5 per month – vultr.com (get a $100 bonus)
- DigitalOcean – hourly billing – starting from $5 per month – digitalocean.com (get a $100 bonus)
- RackNerd – monthly billing – starting from $2 per month (annual subscription) – racknerd.com
- Contabo – monthly billing – starting from € 3.99 per month – contabo.com
- CloudCone – hourly billing – starting from $4.2 per month – cloudcone.com
Setting up vless xtls
Note: If you are familiar with v2ray ws+tls tutorial, feel free to skip to Managing Vless.
Thanks to the one-command script by sprov065, you can install vless easily, even if you are not familiar with Linux commands.
You need to have at least Ubuntu 16, Debian 8 or CentOS 7.
This guide will be for Ubuntu.
The setup consists of two parts. First, the v2-ui script installation, and the second is getting a free SSL certificate from Let’s Encrypt for TLS, and enabling CDN from Cloudflare. The second part is only needed if you wish to use tls and cdn.
Part one – install the script
1. First make updates and upgrades, and install curl
sudo apt-get update -y
sudo apt-get upgrade -y
sudo apt install curl -y
2. Run the v2-ui script
bash <(curl -Ls https://blog.sprov.xyz/v2-ui.sh)
And that is it for the installation part.
Part two – get the SSL CertificatesYou will need:
- A domain name
- A Cloudflare account
- Point your nameservers to Cloudflare
- Point your VPS IP to your domain name
To get an SSL certificate, you need a domain name (www.example.com), preferably a paid one from providers like namecheap or porkbun, and a Cloudflare account. Both Porkbun and Namecheap have free Whois Guard. When it comes to pricing, Porkbun has an upper hand, you can find domain names for under $3 per year. Please do check the renewal prices before purchasing a domain.
1. Nameservers configurationWhen adding your domain name to your Cloudflare account, Cloudflare will ask you to redirect your nameservers. It will be something like this:
example2.ns.cloudflare.comYou need to copy those from Cloudflare to your domain name registrar (ex: namecheap.com). On Namecheap you can find it on Domain List > Manage > Nameservers. Change the DNS to Custom DNS and add Cloudflare nameservers. After a while, Cloudflare will inform you that the setup is done.,
2. Connecting your domain name to the VPS IP address
- Go to DNS Management
- Press “Add Record”
- Type your sub-domain name or domain name to “Name” (ex: write test for test.example.com or @ for example.com)
- Write your VPS IP to “IPv4 address”.
- Make sure the color of “Proxy status” is orange and says DNS Only.
3. Getting SSL Certificate
Now SSH to your VPS using Putty.
- Install certbot.
sudo apt install software-properties-common sudo add-apt-repository ppa:certbot/certbot sudo apt-get install certbot
2. Use certbot to get SSL Certificate. Use your own email address and domain name.
sudo certbot certonly --standalone --preferred-challenges http --agree-tos --email your-email-address -d test.example.com
3. If you get a note like “Congratulations!..”, it means that now you have SSL certificate for your domain/sub-domain.
In the text you will find destinations of your certificate file and key file. Copy them, as you will need them on web panel. It will be something like this:
If you face errors and cannot get the certificate, please make sure that your firewall is listening to ports 80 and 443, you have pointed your VPS IP address to the domain name and the Cloudflare CDN is off.
4. Last, the SSL certificate expires in 90 days, to make sure to reew it before expiration. Here is a manual renewal command.
certbot renew --force-renewal
Adding a user
You can go to v2-ui web panel typing your IP address and the port (65432) on a browser. By default, both login and password are admin. You can change them in the panel settings.
To add a user, you need to go to “accounts”, press add button and fill in the blanks according to your preferences.
There are various combinations, we will be using most preferred VLESS TCP XTLS combination.
- Remark – here you can write anything you want
- Protocol – vless
- Listening IP, Port and ID (UUID) generated automatically. You can change them manually, as well. It is advised to use port 443.
- Flow – xtls-rprx-direct
- Transport – TCP
- Turn on TLS, and XTLS
- Domain – write your domain name or sub-domain name
- You can choose certificate file path and copy the file paths, or copy the certificate and key directly to certificate file content
- Copy and paste certificate and key file paths, respectively
- Press “Add”
And that is it. You can add, edit, delete users within seconds, and check bandwidth usage using v2-ui web-panel.
You are not only limited to vless with this web panel, you can configure and test various combinations of vmess, trojan and shadowsocks.
I would like to thank sprov065 for this easy multi-user management panel.
If you think your vless has slow speed, or have an older Linux version on your VPS, you can use bbr script by teddysun, to install google bbr.
wget -N --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh && chmod +x bbr.sh && bash bbr.sh
Installing vless to Your Devices
vless apps for Android
vless apps for iOS
vless clients for Windows
vless clients for macOS
VPN services that offer vless
Sometimes IP blocks are so often that you may want a solution without a hassle and go for a paid option. If that is the case for you, Wannaflix offers vless, along with other VPN protocols. You can read my brief review about the VPNs on the blog post the Best Stealth VPNs.
Wanna check other VPNs? Head over to the VPN Comparison Table, and find the best VPN that fits you.