Remove ,none as default, as most clients support vision.

Remove ,none as the default, as most clients support vision. Added video for V2rayNG for Direct connection using geoip/geosite. Added some explanations.
SasukeFreestyle · Mar 5, 2023 · 565d940 · 565d940
1 parent 33bf208
commit 565d940
Showing 1 changed file with 56 additions and 19 deletions.
diff --git a/README.md b/README.md
@@ -1,6 +1,22 @@
 # XTLS-Iran-TLS
 ### How to make a V2ray (XTLS) Server for bypassing internet censorship in Iran with TLS encryption and Fallback (Anti-probe) to Nginx webserver.
 
+- The main goal of this guide is to spread awereness on how to make one correctly.
+- I see many guides/videos online and v2ray servers in public Telegram groups that are missconfigured for Iranian users. Some are not even encrypted...
+- The configuration file [(config.json)](https://github.com/SasukeFreestyle/XTLS-Iran-TLS/blob/main/config.json) is the main key here that includes a correct CIDR-IP block so the server does not initiate a connection back to Iran as this is not "normal" behaviour for a (web)server.
+- The use of encryption, in this case TLS and a fallback to Nginx to prevent active-probing.
+- The use of uTLS fingerprint is also important. This is configured in the clients/apps.
+
+This will work with or without CDN. But this guide is without CDN.
+****
+
+### Notes
+- This is a noob-friendly guide but if you are an experienced linux user you should make a new user without sudo-access to run xray and give right permissions to files.
+- I wanted to make it easy for anyone non-technical to make a server without changing/creating users or editing permissions of files.
+- I will also teach on how to use your Iranian IP for direct communication to Iranian websites/services without disconnecting the "VPN".
+
+****
+
 This guide is written for Ubuntu 22.04 LTS but any Debian based distro should also work.
 
 ### What you need before starting this guide. Prerequisites
@@ -12,9 +28,6 @@ This guide is written for Ubuntu 22.04 LTS but any Debian based distro should al
 - Domain name must be pointed to your IP hosting the server.
 - Port 80 and 443 open in your router or/and firewall.
 
-### Notes
-This is a noob-friendly guide but if you are an experienced linux user you should make a new user without sudo-access to run xray and give right permissions to files.
-
 
 ****
 ## First we need to do some kernel settings for performance and raise ulimits.
@@ -263,9 +276,18 @@ nano /home/USERNAME/xray/config.json
 
 - Enter your UUID inside "YOUR UUID HERE" Example: "id":"92c96807-e627-5328-8d85-XXXXXXXXX",
 - Change your path to your USERNAME
-- If all your clients/apps support xtls-rprx-vision you should remove ,none from "flow" If you want backwards-compability to VLESS keep it as it is.
-
+- My recommendation is to use Vision without ,none. Most popular clients today support vision. 
+- If your clients/apps does not support xtls-rprx-vision add ,none in flow.
+- If your client/app does support vision, do not add ,none to flow.
 
+Example
+```json
+"flow":"xtls-rprx-vision,none"
+```
+Or (recommended)
+```json
+"flow":"xtls-rprx-vision"
+```
 
 The parts to edit are.
 ```json
@@ -278,7 +300,8 @@ The parts to edit are.
             "clients":[
                {
                   "id":"YOUR UUID HERE", // Edit to your own UUID
-                  "flow":"xtls-rprx-vision,none" // Remove ,none if all your apps/clients support vision. If you want backwards-compability to VLESS keep it as it is.
+                  "flow":"xtls-rprx-vision" // add ,none if your apps/clients does not support vision.
+               // "flow":"xtls-rprx-vision,none"
                }
             ],
             "decryption":"none",
@@ -316,19 +339,6 @@ Example
 "keyFile":"/home/SasukeFreestyle/cert/privkey.pem"
 ```
 
-- If all your clients/apps support xtls-rprx-vision you should remove ,none from "flow"
-- You should use vision only for better speeds and to better hide xray from government firewall. 
-
-
-Example
-```json
-"flow":"xtls-rprx-vision"
-```
-- Or If you want backwards-compability to VLESS keep it as it is.
-```json
-"flow":"xtls-rprx-vision,none"
-```
-
 ## Configure Certbot renewal script for certificate updates
 
 Create a stop [script](https://github.com/SasukeFreestyle/XTLS-Iran-TLS/blob/main/stop.sh), this script stops xray when certificates updates.
@@ -398,6 +408,8 @@ In V2rayNG press + then pick "Type manually[VLESS]"
 
 Settings also apply to V2rayN (Windows).
 
+Remember to set (uTLS) Fingerprint to Chrome.
+
 - Remarks/Alias
   -  Name of the server, choose whatever name you want.
 - Address
@@ -416,6 +428,30 @@ Settings also apply to V2rayN (Windows).
 
 ![photo_2023-02-26_04-49-03](https://user-images.githubusercontent.com/2391403/221391586-acebea4e-6467-4908-972c-ef882142b113.jpg)
 
+
+
+If you want to be able to visit Iranians websites without disconnecting the VPN follow the instructions in the video below.
+
+This will also make it harder for government to see that you are using a VPN.
+
+Go to Settings -> Custom Rules -> Direct URL or IP.
+
+Enter
+```
+geoip:private,
+geosite:private,
+geoip:ir,
+geosite:category-ir
+```
+Then save.
+
+Video Instructions:
+
+https://user-images.githubusercontent.com/2391403/222937653-fac82776-5580-4b7f-92cc-347e3cff5cf5.mp4
+
+
+***
+
 - Settings for V2rayN.
 
 ![Capt1ure](https://user-images.githubusercontent.com/2391403/221391385-0a5e50af-77cd-40db-9b8f-a4092551b784.PNG)
@@ -453,6 +489,7 @@ rm Xray-linux-64.zip
 Done!
 
 
+
 ## Roadmap
  * [x] Initial release of Instructions
  * [ ] Create or link to fake website for anti-probe