Hosting and using stable VPN in China

As a foreigner living in China, it’s no secret that using your favorite online services won’t be easy as home. For a long time I have used the Streisand Effect to swiftly host new VPN-server with a mix of protocols, but it’s been very unstable and slow in recent half year. Recently I noticed majority of VPN-providers in China is offering something called V2Ray to avoid censorship. It offers great speed and apparently hard to detect for the GFW/DPI. I have also heard some noise about Trojan, but I think it’s too early and I haven’t seen it available for all platforms, so let’s focus on V2Ray for this post.

V2Ray is “A platform for building proxies to bypass network restrictions.”. The biggest difference between V2Ray and other services to bypass GFW is that V2Ray doesn’t act as tunnel network (tun) adapter interface but rather as a proxy where you need to route your individual software to use. I’m not very knowledgeable in this field but what I’ve experienced is on Android this works flawlessly (excluding some DNS problem on my new phone) but on Ubuntu/Windows I had some issues forcing software to use the proxy. I was hoping setting the system proxy would “automagically” forcing all my software to go through the V2Ray proxy but the reality is some what different.

For today, let’s focus on how we setup a V2Ray (TLS+WS+CDN) and how I use it on Ubuntu.

Pre-requirement:

• VPS — I will use GCE for this tutorial
• Domain name — I will use a free one through freenom (can be a bit tricky to register domains and account, not sure why)
• Cloudflare account

1. Add firewall-rules for GCE. Make sure to notice the port you set for Ingress.

2. Create new GCE Instance:

Make sure to add the firewall-rules you created in previous step:

3. Configure Domain registry and CDN

• Add your domain to Cloudflare
• Add DNS A record in Cloudflare site:

Make sure the Cloud is “grey” = DNS Resolution only

Configure your domain registry to use the nameservers at the end of the step when configuring Cloudflare:

3.5 Have a smoke

4. Install V2Ray service

• Connect to the GCE instance through SSH directly in browser window

sudo -i
apt update
apt upgrade
apt install curl
bash <(curl -s -L https://git.io/v2ray.sh)

• 1. 安装 =install
• 4. WebSocket + TLS = transport protocol
• Enter the port number earlier created in the firewall-rule
• Domain name
• If the resolved IP is correct then y
• Auto config TLS -> y
• Camouflage website -> n
• Ad blocking -> n
• Config Shadowsocks -> n
• Enter to install

v2ray url

Now you should have your vmess config.

Go back to Cloudflare and activate HTTP proxy

And enable Full SSL/TLS en:

Test with Surfboard app on Android:

Ubuntu client:

sudo snap install qv2ray

Download v2ray core

Default path for V2ray core

cd ~/snap/qv2ray/242/.config/qv2ray/
wget https://github.com/v2ray/v2ray-core/releases/latest/download/v2ray-linux-64.zip
unzip v2ray-linux-64.zip -d vcore

Add connection with vmess link.

To use the proxy with the apt:

sudo nano /etc/apt/apt.conf.d/12proxy

Add following line in the file

Acquire::https::proxy "socks5h://127.0.0.1:10808";

Notice I use 10808 for socks port

Whenever I need to use the proxy for something else, I use proxychains4.

Short of time, I think you guys will figure out how to setup that one!