What & Why & When & How Use V2Ray VPN

Ali Razmjoo
10 min readNov 30, 2023

Get your premium Anonymous V2Ray VPN subscription for 5€/Month (512GB, Unlimited Devices, Unlimited Connections).

What is V2Ray VPN?

In summary, V2Ray is an open-source VPN and tunneling service that focuses on bypassing censorship and restrictions. It provides a variety of clients and servers for different operating systems so users can connect and enjoy their freedom on any device.

Why? Same Challenge, Different Locations.

The first question that comes to mind is why V2Ray is used as an alternative to WireGuard, OpenVPN, or any other VPN provider (such as NordVPN, ExpressVPN, etc.). There are so many providers that are already in the market with good quality service, so why?

We all know about restrictions and censorship in many countries (if you don’t, read more about The Challenge of Internet Censorship), and they are getting smarter and more restricted every day. At some point, regions start blocking the VPN providers or messing up with VPN and tunneling protocols such as WireGuard, Socks, IPSEC, and so on. However, they are still letting HTTP/HTTPS pass with fewer restrictions or maybe just a speed limit toward outside-world IPs.

Internet censorship in the World 2020 by country

Even in Europe or the US, trying to enjoy your freedom and privacy while using a shopping mall or a cafe WiFi, their IT department blocks some websites or protocols to only limit users to browsing relevant content, e.g., using their website for purchasing goods, tickets, or checking updates, news or simple messaging on whats app. But they are blocked if you try to connect to your work/business services, such as VPN or SSH. This is partially the security and compliance challenges they are facing, and I understand it’s for their protection in case someone wants to serve malicious torrents or any other activity while it’s also blocking you from doing your routine work.

I am pretty sure some of you at least got that slap in the face when you decide to work from a cafe, and you can’t connect to your services via their wifi, and the 4G/5G signal is not good there.

When? HTTP(S) Tunneling.

I have a memory of a day I needed to connect to my service in a cafe where mobile internet was not an option, and I started trying different providers until I figured, why not use my private HTTPS proxy? It worked, but the experience was the worst! Slow, high latency and I was seconds away from punching my laptop. The only reason I didn’t punch it was I felt a bit good about bypassing that firewall restriction using HTTPS.

Why? Legacy HTTP(S) Proxy Reduces your Productivity.

While I really liked the cafe location, the internet was pushing me away to find a new place, but I had a charging station, a good amount of noise (doesn’t distract you, doesn’t bore you), and good corners, so no one would look into my monitor while I am working (nothing weird, just a lot of smelly code on my monitor which I prefer people see them after I clean up). But this HTTPS proxy was killing the vibe and my productivity so I started Googling a bit about the issue and found out there was a strong open-source project (V2Ray discontinued, V2Fly took over, and V2Ray restarted again), and it provides an alternative proxy/tunneling with much faster speed, better latency, and more protocol variety. A protocol that caught my eye was using HTTP(S) WebSocket (or even QUIC) as a VPN tunnel, which provides authentication, usage stats, and much more flexibility. It took a while for me to configure everything, but I did it, and it works great!

Cloudflare CDN Piggyback

I am sure we have all heard of Cloudflare’s great free services (such as their WAF & CDN), and now they even provide CDN accelerated VPN (Cloudflare WARP Zero Trust Solution and VPN), but the issue still remains. Most countries or firewalls blocked the services while their CDN, which covers 80% of the world’s websites and trillions of requests daily, is reachable from all over the world; although some of the websites (domains) are censored in some countries, it’s because of their content. At some points, countries applied speed limits, but the connection still works!

Cloudflare CDN Map

While I was using V2Ray VPN, I created a subdomain on my personal blog and pointed it to my VPN servers, and since the protocol was HTTPS/WebSocket, it’s working for free and taking leverage of large Cloudflare’s CDN, which according to their website they are present in 310 locations in 120+ countries. While I am doing TLS 1.3 encryption on Cloudflare and passing it to my server in Germany, it is amazing how my speed increased by 88% because of the Cloudflare CDN!! Naturally, VPN reduces the speed because of encryption and tunneling processes, but the gain back from Cloudflare’s CDN was bigger than the loss from encryption.

When to use V2Ray?

I use V2Ray not only when I am traveling to restricted countries but also in European cafes when there is an angry firewall (I am allergic to public WiFi, TBH I use VPN all the time) or when the network speed is low, and I need a faster network. VPN isn’t only for proxy/tunneling; it’s also for your privacy, protecting your IP/location, so my thought is, trust your ISPs; you never know if they are creepy and looking into your connections or DNS requests; even most of the websites are encrypted via HTTPS/HSTS; ISPs or website are able to track you at some level.

How to Use V2Ray?

Two ways!

  1. Set up your own private service: Follow the post and read about the V2Ray/V2Fly setup process, and then set up your own server. If you face any issues, post in the comment section for help or ask the beloved ChatGPT, connect it to your Cloudflare DNS, and then download any of their VPN Client apps.
  2. Buy an awesome Secologist V2Ray VPN subscription from me (yup, this post was for marketing); I have already done all these, plus I added an HTTP(S) load balancer, so you can automatically connect to the fastest server.

Subscriptions are not limited to a number of devices/connections and are much more affordable than other solutions.

Note: When you are connecting to load balancers, you will have IP rotation per a few requests, so if you want to have persistent sessions, you can try the latency check feature in your VPN client app and connect to the servers directly.

How to do a latency check?

Ping any server on Cloudflare CDN (or mine) by opening CMD/Terminal and writing:

# Ping any website on Cloudflare           
➜ ~ ping www.secologist.com -c 4
PING www.secologist.com (172.67.74.55): 56 data bytes
64 bytes from 172.67.74.55: icmp_seq=0 ttl=57 time=9.652 ms
64 bytes from 172.67.74.55: icmp_seq=1 ttl=57 time=10.246 ms
64 bytes from 172.67.74.55: icmp_seq=2 ttl=57 time=12.344 ms
64 bytes from 172.67.74.55: icmp_seq=3 ttl=57 time=10.723 ms

--- www.secologist.com ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 9.652/10.741/12.344/1.000 ms
# Ping one of my load balancers
➜ ~ ping falkenstein-lb-1.vs.secologist.com -c 4
PING falkenstein-lb-1.vs.secologist.com (104.26.1.215): 56 data bytes
64 bytes from 104.26.1.215: icmp_seq=0 ttl=57 time=9.263 ms
64 bytes from 104.26.1.215: icmp_seq=1 ttl=57 time=10.811 ms
64 bytes from 104.26.1.215: icmp_seq=2 ttl=57 time=10.018 ms
64 bytes from 104.26.1.215: icmp_seq=3 ttl=57 time=10.597 ms

--- falkenstein-lb-1.vs.secologist.com ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 9.263/10.172/10.811/0.600 ms

So.. 10ms.

New: Alternatively, you can check the latency via HTTPS request from your browser (different than ping) and verify if your ISP is not blocked or if you will be bypassing the firewall following the URL:

All logs and monitoring are disabled on our servers, data is encrypted via TLS 1.3 on transit, and our servers’ disks are encrypted via AES-256. We care about our customer's privacy and security. However, this is not an open invitation for malicious actors to use our services for some shady activities.

Secologist Third Parties

  • Your connectivity goes through Cloudflare, and the Secologist will not and cannot see your real IP. Instead, we will see Cloudflare’s IP, and we will turn all of our logs off. You can read more about Cloudflare’s security and privacy here.
  • Your subscription & purchasing data is stored via Wix. Read more: [1], [2].

How to Setup your own V2Ray Servers

The first step is to buy a Linux (e.g., Ubuntu) server from any data center you prefer, and in case you want also to use Cloudflare’s CDN to lower the latency, you will need a domain name (in case you don’t already have it) and set it up on the Cloudflare. After buying the VPS, here are the steps you need to take:

  1. Run this Bash script to install the latest version, V2Ray, and extract it in /usr/bin.
  2. Download this config file and save it as config.json.

Notes about the configuration:

  1. The configuration provides HTTP on 80; please follow V2Fly documentation to secure it. I recommend to activate VMESS+WS+TLS 1.3.
  2. The default path is set to /secologist. You can change it to anything.
  3. Default users are set as placeholders; you must change their emails and UUIDs. You can easily generate new UUID4 from this website.

Now, you can just run v2ray run -c config.json to run the V2Ray server or run nohup v2ray run -c config.json &> /dev/null & (press enter two times) to run it in the background.

How to Setup V2Ray Subdomain on Cloudflare (Optional)

So now you can set up a subdomain that points to your server IPv4 / IPv6 and enable the DNS proxy, and it’s as simple as that! Depends on your configuration. If you enabled SSL/TLS on the V2Ray, you should set Cloudflare’s SSL security configuration to full or full (restricted) to verify the SSL certificate; in case you kept the HTTP (not recommended), you can set the configuration to flexible or off. This configuration will help Cloudflare understand how to connect to your server.

Additionally, you must ensure that you turn off the bot challenge restriction and set the security to essentially turned off. The best way to do this and keep the protection on your website is to create a configuration profile and separate the traffic configuration.

How do we generate the connection string (client config) for V2Ray

Each configuration depends on your Cloudflare and origin server configuration. Here are two samples:

  1. Connect via Cloudflare or Origin TLS (HTTPS)

Note: id is the exact uuid4 for the users I created, and you must create your own and copy them both in server and client configuration.

Note: add, host, could also be replaced by your server IP address. The difference is that the address is the socket address V2Ray will try to connect to, and the host is the HTTP header V2Ray will send along with the requests.

Note: sni is the domain address to verify the SSL certificate.

Note: ps is the name of the connection that will appear on the client application.

{
"id":"8b27bf75-38d5-4409-89dc-d5c44b577afc",
"ps":"Server-1-SSL",
"add":"serveraddress.domain.com",
"host":"serveraddress.domain.com",
"aid":"0",
"net":"ws",
"path":"/secologist",
"port":"443",
"scy":"auto",
"sni":"serveraddress.domain.com",
"type":"none",
"v":"2",
"tls":"tls"
}

2. Connection via HTTP

{
"id":"8b27bf75-38d5-4409-89dc-d5c44b577afc",
"ps":"Server-1-SSL",
"add":"serveraddress.domain.com",
"host":"serveraddress.domain.com",
"aid":"0",
"net":"ws",
"path":"/secologist",
"port":"80",
"scy":"auto",
"sni":"",
"tls":"none",
"type":"",
"v":"2"
}

After you insert your id, add, host, and sni; it’s time to build the connection string. Connections are in base64 encoding, which you can just copy and paste to generate them on this website. Whatever the output is, you add vmess:// at the beginning, and the connection is ready to be imported into your client app.

Example

vmess://ewogICAiaWQiOiI4YjI3YmY3NS0zOGQ1LTQ0MDktODlkYy1kNWM0NGI1NzdhZmMiLAogICAicHMiOiJTZXJ2ZXItMS1TU0wiLAogICAiYWRkIjoic2VydmVyYWRkcmVzcy5kb21haW4uY29tIiwKICAgImhvc3QiOiJzZXJ2ZXJhZGRyZXNzLmRvbWFpbi5jb20iLAogICAiYWlkIjoiMCIsCiAgICJuZXQiOiJ3cyIsCiAgICJwYXRoIjoiL3NlY29sb2dpc3QiLAogICAicG9ydCI6IjQ0MyIsCiAgICJzY3kiOiJhdXRvIiwKICAgInNuaSI6InNlcnZlcmFkZHJlc3MuZG9tYWluLmNvbSIsCiAgICJ0eXBlIjoibm9uZSIsCiAgICJ2IjoiMiIsCiAgICJ0bHMiOiJ0bHMiCn0=

How to Generate QR Code for V2Ray Connections

Once you follow the previous steps to create the connection string, you can copy the whole connection and paste it (vmess://…) into one of the online QR Code Generators as a simple text to get your QR Code. As an example, I used qr.io and generated the below image. Note: You don’t have to sign up on the websites; just take a screenshot of the QR code.

Sample V2Ray Connection QR Code

How to connect to V2Ray Client VPN

On Android and iOS, it is very straightforward: Download one of the below applications and import your connection via URL (vmes://…) or QR Code.

  1. Android: v2rayNG
  2. iOS: Npv Tunnel, Fair VPN

For Windows, Mac, and Linux, you might also need to download V2Ray-Core from V2Fly or V2Ray and add them to your graphical application.

  1. https://github.com/v2fly/v2ray-core (recommended)
  2. https://github.com/v2ray/v2ray-core

Tools for MacOS, Linux, and Windows:

  1. https://www.v2ray.com/en/awesome/tools.html
  2. https://www.v2fly.org/en_US/awesome/tools.html

More: https://github.com/search?q=v2ray+client&type=repositories&s=stars&o=desc

The process is more / less the same; you need to set up the app, import your connections, and enjoy the surfing.

For step-by-step guidelines follow the links:

  1. How to connect to V2Ray VPN on iOS?
  2. How to connect to V2Ray VPN on macOS?
  3. How to connect to v2Ray VPN on Android?
  4. How to connect to v2Ray VPN on Windows?

Why it is easier to go with Secologist’s Anonymous V2Ray VPN

When you set the V2Ray server yourself, you have to always

  1. Update and maintain your configuration
  2. Update the SSL Key and take care of Rotation (excluding Cloudflare’s key)
  3. Keep your V2Ray server and its packages updated and patched.

When you buy

  1. Maintenance, Security, and updates are taken care of!
  2. Instead of one server, you will have many servers and locations to choose between instead of one server, increasing availability.
  3. You will have access to configured load balancers, and you can rotate between servers while surfing.
  4. You don’t have to pay for the server or domain; you can always share the connection between friends and family (there is no device or connection limit set).
  5. Your anonymity will increase by using a server to which other users are connected. If you purchase your own server and you are the only one using it, network activities are not considered anonymous and will be considered your activities.
  6. You can invite your friend, and you both get 25% off on the first/next billing cycle through the Secologist referral program.

In case you have concerns about speed issues when using shared servers, we encourage you to try our seven-day free trial with the option to cancel for free. You can benchmark the network speed on different servers during the trial period.

References

  1. https://www.secologist.com/anonymous-v2ray-vpn
  2. https://latency.vs.secologist.com/
  3. https://www.cloudflare.com/network/
  4. https://commons.wikimedia.org/wiki/File:Internet_censorship_in_the_World_2020_by_country.png
  5. https://community.cloudflare.com/t/statistically-speaking-whats-the-percentage-of-total-sites-that-use-cf/372054
  6. https://blog.cloudflare.com/cyber-week-analyzing-internet-traffic-and-e-commerce-trends/
  7. https://www.v2fly.org/
  8. https://www.v2ray.com/
  9. https://gist.github.com/Ali-Razmjoo/688390e093d0605968e3777f6f889c19
  10. https://gist.github.com/Ali-Razmjoo/8fc6567877678d324ae51da49ba0f2e5

--

--