Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Simple, Lightweight Setup for a Beginner? #414

Open
burgers4me opened this issue Oct 30, 2024 · 13 comments
Open

Simple, Lightweight Setup for a Beginner? #414

burgers4me opened this issue Oct 30, 2024 · 13 comments
Labels

Comments

@burgers4me
Copy link

burgers4me commented Oct 30, 2024

Hi everyone,
I'm in IRN, trying to set up a low-end VPS (only 512 MB of RAM and preferably only with IPv6 as the costs gets lower) with a clean, lightweight configuration, but the learning curve is steep. There are all these protocols and programs like QUIC, gRPC, ws, XTLS, V2ray, xray, xcore, sing-box, etc., and honestly, it’s overwhelming—takes a lot of time just to understand the basics.

I used to run a Hysteria2 connection with minimal configuration, and it worked great, but now it just won’t connect on my home ISP. So I’m currently using trojan(tcp)+tls through vaxilu/x-ui, but the connection feels throttled. Data only arrives in bursts, and it’s frustrating.

Here's the Hysteria2 config I used:

Server config (click to open):
listen: :1020

tls:
  cert: /etc/letsencrypt/live/my.website/fullchain.pem
  key: /etc/letsencrypt/live/my.website/privkey.pem

auth:
  type: password
  password: ***

masquerade:
  type: proxy
  proxy:
    url: https://some.website
    rewriteHost: true
Client config (click to open):
server: my.website:1020

auth: ***

bandwidth:
  up: 20 mbps
  down: 100 mbps

socks5:
  listen: 127.0.0.1:1080

http:
  listen: 127.0.0.1:8080

I’m not even sure if there’s a way to get around whatever’s blocking my Hysteria2 connection, and I don’t know what protocol would work best with my ISP. Does anyone know of a tool or method to test different protocols/configs to see what would connect best? Like a benchmarking tool?

I’d really rather use original project repositories or minimalist tools, instead of all these forks and scripts that bundle everything together and aren’t easy to trust or check for security issues. I liked Hysteria2 because it was straightforward, lightweight, and easy to set up.

Any ideas?

@underdog-03
Copy link

underdog-03 commented Oct 30, 2024

Hi @burgers4me,

You can use one of the links below to help set up the desired VPN protocol. Make sure your VPS address isn’t blocked in Iran; this is very important, my friend. Also, be sure you have the right client application to test it. The tools below might help speed things up and ensure everything works just the way you like.

Check your VPS IP here.
Choose the TCP or HTTP port check option, and verify your IP as shown below.

https://www.host-tracker.com/en/ic/port-check

Screenshot 2024-10-30 at 13 42 41

for your client application setup maybe use this telegram bots @IRAN_VPN_Guide_bot

Hope that helps

@burgers4me
Copy link
Author

Check your VPS IP here. Choose the TCP or HTTP port check option, and verify your IP as shown below.

https://www.host-tracker.com/en/ic/port-check

My VPS doesn't seem blocked, but when I check my domain and IP on that site, it says 'unsuccessful requests,' even if I pick North America or other regions. I think the firewall might be blocking ICMP ping requests if that tool uses them.

Thanks for sharing those tool links, but as I mentioned, those panels are a bit too heavy on resources and too big to verify security-wise. I don’t need the extra features or web UIs, either.

@underdog-03
Copy link

Check your VPS IP here. Choose the TCP or HTTP port check option, and verify your IP as shown below.

https://www.host-tracker.com/en/ic/port-check

My VPS doesn't seem blocked, but when I check my domain and IP on that site, it says 'unsuccessful requests,' even if I pick North America or other regions. I think the firewall might be blocking ICMP ping requests if that tool uses them.

Thanks for sharing those tool links, but as I mentioned, those panels are a bit too heavy on resources and too big to verify security-wise. I don’t need the extra features or web UIs, either.

Maybe Use this: https://github.com/SasukeFreestyle/Hysteria2-Iran

@ghost
Copy link

ghost commented Nov 2, 2024

Here's one that uses original repositories rather than scripts or panels. It sets up Xray Reality with the steal_oneself option: Latest recommendations for Iran

@burgers4me
Copy link
Author

Here's one that uses original repositories rather than scripts or panels. It sets up Xray Reality with the steal_oneself option: Latest recommendations for Iran

Thanks. I’ll check that out. Do you think an IPv6-only VPS would work?

@ghost
Copy link

ghost commented Nov 2, 2024

Most probably, but you would have to systematically change the configurations, e.g. AAAA instead of A, :: instead of 0.0.0.0, and ::1 instead of 127.0.0.1.

N.B. I have seen some reports saying there are problems issuing SSL certificates to IPv6-only domains. I do not know the solution if you encounter this problem.

@wkrp wkrp added the Iran label Nov 3, 2024
@burgers4me
Copy link
Author

burgers4me commented Nov 24, 2024

I'm following the tutorial you shared @shikantazacomputers , but when I try running acme.sh --issue -d www.mydomain.example --standalone --keylength ec-256, I get this error:

www.mydomain.example: Invalid status. Verification error details: <vps-ip>: Fetching http://www.mydomain.example/.well-known/acme-challenge/***: Connection refused

With the --debug flag, the debug output shows:

[Sun Nov 24 16:51:47 UTC 2024] www.mydomain.example: Invalid status. Verification error details: <vps-ip>: Fetching http://www.mydomain.example/.well-known/acme-challenge/***: Connection refused
[Sun Nov 24 16:51:47 UTC 2024] Debug: GET token URL.
[Sun Nov 24 16:51:47 UTC 2024] GET
[Sun Nov 24 16:51:47 UTC 2024] url='http://www.mydomain.example/.well-known/acme-challenge/***'
[Sun Nov 24 16:51:47 UTC 2024] timeout=1
[Sun Nov 24 16:51:47 UTC 2024] Http already initialized.
[Sun Nov 24 16:51:47 UTC 2024] _CURL='curl --silent --dump-header /home/ubuntu/.acme.sh/http.header  -L  --trace-ascii /tmp/tmp.u7Fiddc3yh  -g  --connect-timeout 1'
[Sun Nov 24 16:51:47 UTC 2024] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
[Sun Nov 24 16:51:47 UTC 2024] Here is the curl dump log:
[Sun Nov 24 16:51:47 UTC 2024] == Info: Host www.mydomain.example:80 was resolved.
== Info: IPv6: (none)
== Info: IPv4: <vps-ip>
== Info:   Trying <vps-ip>:80...
== Info: connect to <vps-ip> port 80 from <vps-private-ip> port 41870 failed: Connection refused
== Info: Failed to connect to www.mydomain.example port 80 after 3 ms: Couldn't connect to server
== Info: Closing connection

Running curl -I www.mydomain.example, gives: curl: (56) Recv failure: Connection was reset.
Running telnet www.mydomain.example 80, gives:

Trying <vps-ip>...
Connected to www.mydomain.example.
Escape character is '^]'.
Connection closed by foreign host.

I've set the firewall to allow all TCP and UDP traffic, and UFW is inactive. Any ideas on what's causing this?

@ghost
Copy link

ghost commented Nov 24, 2024

Something is preventing access to www.mydomain.example port 80, but I do not know what it is.

@burgers4me
Copy link
Author

burgers4me commented Nov 25, 2024

Something is preventing access to www.mydomain.example port 80, but I do not know what it is.

I found the cause: using sudo su allowed the command to work, and I ran the rest of the tutorial commands as root. However, my proxy now seems to be broken. How can I fix it, and is there a way to test if the connection is working?

EDIT: I manually added it to NekoBox on Android, and it's working well (only the HTTP handshake takes about 700ms- is it good?) so my problem now is that I need a working client on Windows that would work as VPN, not proxy.

@ghost
Copy link

ghost commented Nov 26, 2024

If I recall correctly, both NekoRay and v2rayN have TUN mode on Windows.

@burgers4me
Copy link
Author

burgers4me commented Nov 26, 2024

Thanks @shikantazacomputers , the guide was helpful, but it didn’t mention whether to run commands as root. I also heard about tcp+tls+fallback and tcp+tls+xtls-rprx-vision+utls:randomized. How can I set them up and try them? Also, are they VLESS, VMESS, or something else?

Why do I need routing rules on both the server and client? How do I use them with NekoBox and the app on my Android?

@ghost
Copy link

ghost commented Nov 26, 2024

For all your other questions, please consult the example repositories, the documentation, and the support group for your software:

https://github.com/XTLS/Xray-examples

https://github.com/chika0801/Xray-examples

https://xtls.github.io/en

https://matsuridayo.github.io

https://t.me/nekoray_group

@burgers4me
Copy link
Author

burgers4me commented Nov 27, 2024

My domain got blocked after just two days, but my server's IP seems to be still working. What should I do? Could there be an issue with the method in your tutorial? Like the 443 port?
@shikantazacomputers @irgfw please help.

@burgers4me burgers4me reopened this Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants