Comments (14)
SasukeFreestyle
commented on May 18, 2024
Show me your config file
from xtls-iran-reality.
yumeo-ch
commented on May 18, 2024
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
###################################################################
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
###################################################################
# Magic system request Key
# 0=disable, 1=enable all, >1 bitmask of sysrq functions
# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html
# for what other values do
#kernel.sysrq=438
net.ipv4.tcp_keepalive_time = 90
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_fastopen = 3
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
fs.file-max = 65535000
from xtls-iran-reality.
yumeo-ch
commented on May 18, 2024
{
"log":{
"loglevel":"warning"
},
"policy":{
"levels":{
"0":{
"handshake":3,
"connIdle":180
}
}
},
"inbounds":[
{
"listen":"0.0.0.0",
"port":443,
"protocol":"vless",
"settings":{
"clients":[
{
"id":"851abb8f-079a-51de-8b87-90e4c9b6c207",
"flow":"xtls-rprx-vision"
}
],
"decryption":"none"
},
"streamSettings":{
"network":"tcp",
"security":"reality",
"realitySettings":{
"show":false,
"dest":"www.yahoo.com:443",
"xver":0,
"serverNames":[
"www.yahoo.com"
],
"privateKey":"YEZ9-xlL5pD6Qu6TwnzbsWaQdJdaOg04gK2tMVmxQUU",
"minClientVer":"1.8.0",
"maxClientVer":"",
"maxTimeDiff":0,
"shortIds":[
"6ae2a3ec795f95e1"
]
}
},
"sniffing":{
"enabled":true,
"destOverride":[
"http",
"tls"
]
}
}
],
"routing":{
"domainStrategy":"IPIfNonMatch",
"rules":[
{
"type":"field",
"ip":[
"geoip:ir",
"geoip:private",
"2.144.0.0/14",
"[LONG LIST OF IP RANGES]"
"100.64.0.0/10"
],
"outboundTag":"block"
},
{
"type":"field",
"outboundTag":"block",
"domain":[
"geosite:category-ir",
"geosite:private",
"domain:intrack.ir",
"domain:divar.ir",
"domain:irancell.ir",
"domain:yooz.ir",
"domain:iran-cell.com",
"domain:irancell.i-r",
"domain:shaparak.ir",
"domain:learnit.ir",
"domain:yooz.ir",
"domain:baadesaba.ir",
"domain:webgozar.ir"
]
}
]
},
"outbounds":[
{
"protocol":"freedom",
"tag":"direct"
},
{
"protocol":"blackhole",
"tag":"block"
}
]
}
from xtls-iran-reality.
Sadjat
commented on May 18, 2024
is it necessary to have clean IP for server?
I mean if I can not ssh to server with Hamrah-Aval and Irancell , does it work?
from xtls-iran-reality.
arsham6ix
commented on May 18, 2024
Make a vmess tcp + header configuration, if it doesn't work, reality not worked, for header or destination use [ ftp.debian.org ], it working normally on Irancell, HamrahAval, Mokhaberat or etc...
from xtls-iran-reality.
Sadjat
commented on May 18, 2024
Make a vmess tcp + header configuration, if it doesn't work, reality not worked, for header or destination use [ ftp.debian.org ], it working normally on Irancell, HamrahAval, Mokhaberat or etc...
Yeah, It doesn't work for me...
from xtls-iran-reality.
SasukeFreestyle
commented on May 18, 2024
Sorry for late reply people, I've been busy with work.
@Sadjat
is it necessary to have clean IP for server? I mean if I can not ssh to server with Hamrah-Aval and Irancell , does it work?
Yes, many IPs I've used in the past are still banned/blocked. So you need a clean IP
@arsham6ix
Make a vmess tcp + header configuration, if it doesn't work, reality not worked, for header or destination use [ ftp.debian.org ], it working normally on Irancell, HamrahAval, Mokhaberat or etc...
This guide is only for reality, as vmess gets blocked more easily in Iran with many users. Now that cloudflare is banned in Iran.
net4people/bbs#245
For anyone trying to use Irancell with reality try one of these sites in dest and servernames.
"dest":"www.google-analytics.com:443",
"serverNames":["www.google-analytics.com"],or
"dest":"www.googletagmanager.com:443",
"serverNames":["www.googletagmanager.com"],from xtls-iran-reality.
arsham6ix
commented on May 18, 2024
Hello, thank you for helping the people of Iran.
I have a question, i use an internal site that gives me very good results, is there any problem to use internal sites?
( Zula.ir && telewebion.com )
from xtls-iran-reality.
SasukeFreestyle
commented on May 18, 2024
@arsham6ix
You're welcome
I would not recommend it if your VPS/server is outside of Iran, as Xray will then make a connection to sites inside Iran to steal the TLS certificate from those sites and your Xray can be potentially banned/blocked. But since reality is very new I've no data to tell you 100% that this is the case.
What is however 100% is that a connection will be made from your Xray server to those sites. How this affect banning/blocking of xray is still unknown.
Some Iranian hosting companies have unfiltered internet, if you have this then it should be ok since connection will be made Iran->Iran. But most people have a VPS/server outside of Iran.
from xtls-iran-reality.
yumeo-ch
commented on May 18, 2024
thank you for helping the people of Iran.
where to find a clean "IP" ?
from xtls-iran-reality.
arsham6ix
commented on May 18, 2024
Thanks.
from xtls-iran-reality.
asterriya
commented on May 18, 2024
So if all subnet from VPS is blocked, then this method wouldn't work? Or it doesn't matter if it's blocked or not?
from xtls-iran-reality.
yumeo-ch
commented on May 18, 2024
Exactly, method doesn't work if IP address is blocked in Iran. I am no expert, but I think it has a drawback to block all ips that's why they don't do it.
from xtls-iran-reality.
SasukeFreestyle
commented on May 18, 2024
Sorry for a late reply I've been very busy
Yes, many VPS services and all their subnets / IPs are blocked. If they are blocked this method will not work for you.
You need to find a service that is not blocked. I dont know how to find one.
I recommend you follow/read these twitter accounts regarding clean-IPs as I've trouble reading farsi.
They have more information about this than I do.
https://twitter.com/iSegaro
https://twitter.com/vahidfarid
from xtls-iran-reality.
Related Issues (17)
- You can go ahead and add your article to the README file of the Xray project. HOT 1
- (IOS & macOS) - FoXray برنامه Routing آموزش نصب و تنظیمات HOT 4
- (Android) - Shadowrocket برنامه Routing آموزش نصب و تنظیمات
- (IOS) - Shadowrocket برنامه Routing آموزش نصب و تنظیمات
- Some instructions in README seem unnecessary HOT 8
- invalid character '.' in string escape code HOT 4
- Two IPs might not be in Iran HOT 2
- Optional Block: List of 200 Iranian mobile applications. HOT 1
- هنوز کار میکنه؟
- Seems like TLS is a must. HOT 3
- is domain name a must ?/ is certificate needed for own domain? HOT 6
- Is there a possibility to add multiple destinations ? HOT 1
- Custom rules not working HOT 3
- [Xray Configuration] error HOT 1
- Adding geosite:category-ir to direct rules break the service
- (Android) - V2RayNG برنامه Routing آموزش نصب و تنظیمات HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from xtls-iran-reality.