In this article, we will look at 3 ways to set up a VPN connection with VLESS and Reality.
VLESS is a modern data transfer protocol designed to provide high speed and privacy on the internet. It is often called VLESS VPN, although strictly speaking, we will be discussing the installation of a proxy with the VLESS protocol based on an XRay server with Reality.
Let's start with the simplest and most universal option, which requires no technical knowledge.
Method 1. Simple Installation
The fastest and most convenient way to set up VLESS is with Amnezia, detailed instructions are here.
Go to VDSina and register. If the site doesn't load, try this virtual browser, and complete the registration within the 3 free minutes; you only need an email. A password and a link to your personal account will be sent to it, which should load without any problems. Log in to your account and order a standard server with 1 core and 2GB of RAM. Then, install the AmneziaVPN application on your computer or phone, launch it, click on "Self-hosted VPN" (set up a VPN on your own server) and enter the IP address and root password of our virtual server. In the next step, click on "Select VPN protocol" and select "XRay" (XRay with Reality).
The program will then configure everything on the server and prompt you to connect to your VPN. The VLESS protocol is used by default.
Method 2. Virtual Server with 3X-UI
With the hosting provider mentioned above, when ordering a server, you can choose to install 3X-UI (or X-UI) — a convenient graphical interface for configuring XRay with VLESS.
When the server is ready, you will receive a link to log in to the VPN settings panel, as well as a username and password.
Open this link, log in, and go to the "Connections" section. Next, click "Add Connection" and perform the following actions in the pop-up window:
Protocol set to vless, port change to 443
In the "Security" line, select Reality and press the "Get New Cert" button
In the "Client" section, replace Email with any recognizable name, and for Flow select xtls-rprx-vision
Don't change anything else, click "Create" and make sure that the new configuration has been added and is available as a QR code or URL link (the 'Information' icon), which will be used later to connect to the VPN.
For clarity, I'll show this in a video:
The server is configured, and to connect to it, you need to install a client program.
Here are the most popular clients:
for Windows: Hiddify, InvisibleMan-XRay, NekoBox
To connect most clients, you just need to scan the configuration QR code or paste the corresponding URL link. In some cases, if the client does not have an import function, the configuration data from the URL link must be transferred manually.
Method 3. Manual Installation
This option is the most labor-intensive and involves several steps. As with the previous two methods, it is assumed that you already have a VPS.
Step 1. Log in to the server as root, update the package lists, and run the XRay installation script:
apt update -y bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install
Step 2. Create the necessary credentials for the configuration and save them somewhere; you will need them later:
xray uuid xray x25519
Step 3. For VLESS to work, you need a site that supports HTTP/2, TLS 1.3, and an X25519 certificate. You can check this as follows:
curl -I --tlsv1.3 --http2 https://example.com openssl s_client -connect example.com:443 -brief
Example of checking Habr:
Step 4. Replace the contents of the /usr/local/etc/xray/config.json file with the config template below. The template needs to be edited and supplemented according to the comments in it:
config.json
{ "log": { "loglevel": "warning" }, "inbounds": [ { "port": 443, "protocol": "vless", "settings": { "clients": [ { "id": "", // здесь вставить uuid, сгенерированный на шаге №2 "flow": "xtls-rprx-vision" } ], "decryption": "none" }, "streamSettings": { "network": "tcp", "security": "reality", "realitySettings": { "dest": "example.com:443", // здесь заменить `example.com` на ваш сайт из шага №3, порт оставляем "serverNames": [ "example.com", // заменить на ваш сайт из шага №3 "www.example.com" // и добавить альтернативные имена (если есть) ], "privateKey": "", // вставить приватный ключ (Private key), созданный на шаге №2 "shortIds": [ "0a381e1fa219", // Список уникальных коротких идентификаторов, доступных клиентам, чтобы их различать "be0ce04754dc", // Длина: от 2 до 16 символов. Используемые символы: 0-f. "41beec74f4bc" // Для удобства, значения можно сгенерировать командой `openssl rand -hex 6` ] } }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] } } ], "outbounds": [ { "protocol": "freedom", "tag": "direct" } ] }
Step 5. Restart XRay and make sure everything is working:
systemctl restart xray systemctl status xray
The server is ready. We discussed the list of client applications for connection in the previous setup method; use them.
Prepare the configuration URL string to paste into the client, here is the template:
vless://<uuid из шага 2>@<IP-адрес сервера>:443?type=tcp&security=reality&pbk=<публичный ключ из шага 2>&fp=chrome&sni=<домен из serverNames в конфиге>&sid=<одно из значений shortIds в конфиге>&flow=xtls-rprx-vision#<произвольное название, под которым профиль будет сохранён в приложении>
From this string, you can use any QR generator to create a graphical code for easy configuration import later. For example, like this:
apt install qrencode -y qrencode -o qr.png 'vless://...'
As a result, we will get a file qr.png containing a QR code that can be scanned by any compatible client.