Categories
Ubuntu

How to Set Up V2Ray Proxy on Ubuntu 22.04/20.04 Server

This tutorial is going to show you how to set up V2Ray proxy server on Ubuntu 22.04/20.04. V2Ray is a lightweight, fast, and secure Socks5 proxy to bypass Internet censorship. We will learn how to set up the server side and how to configure the desktop client on Ubuntu/Windows.

V2Ray Features

Requirements

To follow this tutorial, you will need a VPS (Virtual Private Server) that can access blocked websites freely (Outside of your country or Internet filtering system). I recommend Kamatera VPS, which features:

Follow the tutorial linked below to create your Linux VPS server at Kamatera.

Once you have a VPS running Ubuntu 22.04/20.04, follow the instructions below.

Step 1: Install V2Ray on Ubuntu 22.04/20.04 Server

SSH into your remote Ubuntu server. If you are running Ubuntu 22.04/20.04, then I recommend manually installing V2Ray, because the v2ray package in the repository has a problem when starting it up. Run the following command to install dependency packages.

sudo apt install curl unzip

Download the official V2Ray install script. (I don’t usually recommend installing software with third-party scripts, but this is the install script provided by official V2Ray developers, so I use it.)

curl -O https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh

Run the install script.

sudo bash install-release.sh

Sample output:

install v2fly ubuntu

Check status:

sudo systemctl status v2ray

sudo systemctl status v2ray

If it’s not running, then restart it.

sudo systemctl restart v2ray

Enable auto-start at system boot time.

sudo systemctl enable v2ray

Step 2: Set Up NTP Time Sync

It’s very important that your server has accurate time, or V2Ray can fail. This is to ensure the best security for users. Check the time on your server.

timedatectl

Sample output:

v2ray ntp time sync

As you can see, my server system clock is synchronized. If this is not the case on your server, please follow the tutorial linked below to set up NTP time synchronization.

Step 3: Configure V2Ray on the Server

Edit V2Ray configuration file with a command-line text editor such as Nano.

sudo nano /usr/local/etc/v2ray/config.json

Delete everything in this file, then add the following lines. Replace the id with some random characters in UUID format. You can use an online UUID generator.

{
  "log": {
    "loglevel": "warning",
    "access": "/var/log/v2ray/access.log",
    "error": "/var/log/v2ray/error.log"
  },
  "inbounds": [
    {
      "port": 10000,
      "listen":"127.0.0.1",
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "id": "b831381d-6324-4d53-ad4f-8cda48b30811",
            "alterId": 64
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "wsSettings": {
        "path": "/ray"
        }
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "settings": {}
    }
  ]
}

Save and close the file. V2Ray server will listen on port 10000. Then restart V2Ray for the changes to take effect.

sudo systemctl restart v2ray

Check listening ports.

sudo ss -lnpt | grep v2ray

Sample output:

LISTEN 0      4096                 127.0.0.1:10000            *:*    users:(("v2ray",pid=701205,fd=3))

Step 4: Configure Reverse Proxy

Install Nginx web server.

sudo apt install nginx

Create a virtual host file for V2Ray.

sudo nano /etc/nginx/conf.d/v2ray.conf

Add the following lines in this file. Replace example.com with your own domain name. You can also use a sub-domain.

server {
  listen 80;
  server_name    example.com;

  index index.html;
  root /usr/share/nginx/html/;

  access_log /var/log/nginx/v2ray.access;
  error_log /var/log/nginx/v2ray.error;

    location /ray { # Consistent with the path of V2Ray configuration
      if ($http_upgrade != "websocket") { # Return 404 error when WebSocket upgrading negotiate failed
          return 404;
      }
      proxy_redirect off;
      proxy_pass http://127.0.0.1:10000; # Assume WebSocket is listening at localhost on port of 10000
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $host;
      # Show real IP in v2ray access.log
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

Save and close the file.  Then test Nginx configuration.

sudo nginx -t

If the test is successful, reload Nginx.

sudo systemctl reload nginx

Step 5: Enable HTTPS

We enable HTTPS so that your national firewall doesn’t know you are using a proxy.

Install the latest version of Let’s Encrypt client certbot from the Snap store.

sudo apt install snapd
sudo snap install certbot --classic

Then run the following command to obtain a free Let’s Encrypt certificate.

sudo /snap/bin/certbot --webroot -i nginx --agree-tos --hsts --staple-ocsp -d example.com -e [email protected] -w /usr/share/nginx/html/

Once it’s obtained, it will be automatically installed for your Nginx web server.

Step 6: Configure Firewall

If you are using iptables firewall on your server, then you need to allow traffic to the TCP port 443 by running the following command.

sudo iptables -I INPUT -p tcp --dport 443 -j ACCEPT

If you are using UFW firewall, then run the following commands:

sudo ufw allow 443/tcp

Step 7: Install and Configure V2Ray on Client Computer


Linux Desktop


Please follow the same procedure in step 1 to install V2Ray on Linux desktop. Once it’s done, edit the configuration file.

sudo nano /usr/local/etc/v2ray/config.json

Delete everything in this file, then add the following lines.

{
  "inbounds": [
    {
      "port": 1090,
      "listen": "127.0.0.1",
      "protocol": "socks",
      "sniffing": {
        "enabled": true,
        "destOverride": ["http", "tls"]
      },
      "settings": {
        "auth": "noauth",
        "udp": false
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "vmess",
      "settings": {
        "vnext": [
          {
            "address": "example.com",
            "port": 443,
            "users": [
              {
                "id": "b831381d-6324-4d53-ad4f-8cda48b30811",
                "alterId": 0
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "security": "tls",
        "wsSettings": {
          "path": "/ray"
        }
      }
    }
  ]
}

The id parameter on V2Ray client must match the id parameter on V2Ray server. It’s like a pre-shared password. The alterId must be set to 0, so the V2Ray client will enable AEAD encryption algorightm.

Save and close the file.  Then restart V2Ray for the changes to take effect.

sudo systemctl restart v2ray

Check listening ports.

sudo ss -lnpt | grep v2ray

Sample output:

LISTEN 0      4096       127.0.0.1:1090       0.0.0.0:*    users:(("v2ray",pid=495211,fd=3))

V2Ray client listens on port 1090 (for web browsers) and will redirect requests to the V2Ray server, which is listening on port 10086.


Windows

Windows users can download V2Ray client from its Github release page. Click the Show all assets link, then you can find the V2Ray Windows ZIP file.

Unzip the file. You will find a config.json file. Use NotePad or your favorite text editor to open this file. Delete everything in this file, then add the following lines.

{
  "inbounds": [
    {
      "port": 1090,
      "listen": "127.0.0.1",
      "protocol": "socks",
      "sniffing": {
        "enabled": true,
        "destOverride": ["http", "tls"]
      },
      "settings": {
        "auth": "noauth",
        "udp": false
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "vmess",
      "settings": {
        "vnext": [
          {
            "address": "example.com",
            "port": 443,
            "users": [
              {
                "id": "b831381d-6324-4d53-ad4f-8cda48b30811",
                "alterId": 0
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "ws",
        "security": "tls",
        "wsSettings": {
          "path": "/ray"
        }
      }
    }
  ]
}

Replace server_ip_address with your actual server IP address. The id parameter on V2Ray client must match the id parameter on V2Ray server. It’s like a pre-shared password.

Save and close the file. Then open Window Powershell and run the following command to start v2ray, assuming the v2ray-windows-64 folder is extracted in your Desktop folder.

. \\Desktop\v2ray-windows-64\v2ray run

Step 8: Configure Web Browser to Use V2Ray Proxy

To make your program use V2Ray proxy, the program must support SOCKS proxy. Programs like Firefox, Google Chrome and Dropbox allow users to use proxy. I will show you how to configure Firefox and Google Chrome.


Firefox

In Firefox, go to Edit > Preferences > General (or Tools -> Options -> General). Then scroll down to the bottom and click Settings in Network Setting.

In the Connection Settings window, select manual proxy configuration. Then select SOCKS v5 because V2Ray is a Socks5 proxy. Enter 127.0.0.1 in the SOCKS Host field and 1090 in the port field. Make sure Proxy DNS when using SOCKS v5 is enabled. Click OK to apply these modifications.

Firefox v2ray proxy settings


Google Chrome

I recommend installing the Proxy SwitchyOmega extension to manage proxies for Google Chrome.

google chrome Proxy SwitchyOmega

Once the extension is installed in Google Chrome, configure a proxy server as follows:

google chrome v2ray proxy settings

Apply the changes. Then click the extensions icon on the upper-right corner and click Proxy SwithyOmega.

proxy swithy omega shadowsocks-libev

By default, SwithyOmega uses the operating system’s proxy settings. We need to change it from system proxy to proxy.

switchyomega default proxy

Now your proxy should be working.

Step 9: DNS Leak Test

Go to dnsleaktest.com. You will see your V2Ray server’s IP address, which indicates that your V2Ray proxy is working.

v2ray dns leak test

Click the Standard test. Make sure your local ISP isn’t in the test results.

shadowsocks-libev ubuntu 17.10

Step 10: Enable TCP BBR

TCP BBR is a TCP congestion control algorithm that can drastically improve connection speed. Run the following two commands to enable TCP BBR algorithm.

echo "net.core.default_qdisc=fq" | sudo tee -a /etc/sysctl.d/60-custom.conf

echo "net.ipv4.tcp_congestion_control=bbr" | sudo tee -a /etc/sysctl.d/60-custom.conf

Then apply the changes with the below command. The -p option will load sysctl settings from /etc/sysctl.d/60-custom.conf file. This command will preserve our changes across system reboots.

sudo sysctl -p /etc/sysctl.d/60-custom.conf

Troubleshooting

If V2Ray doesn’t work, please check the logs under /var/log/v2ray/ (access.log and error.log).

If you see the following error, it’s likely because the client’s time is wrong. Please configure time sync.

rejected proxy/vmess/encoding: failed to read request header > websocket: close 1000 (normal)

If you encounter the following error, please set alterId to 0 in the V2Ray client configuation file to enable AEAD.

invalid user: VMessAEAD is enforced and a non VMessAEAD connection is received.

iOS Client

OneClick is a free V2Ray client for iOS users.

Once you install OneClick, open the app, select add configuration -> VMESS, then use the following parameters.

Note: OneClick doesn’t seem to support VMESS-AEAD. You need to disable it on the V2Ray server.

sudo systemctl edit v2ray.service

Enter the following lines.

[Service]
Environment=V2RAY_VMESS_AEAD_FORCED=false

Save and close the file. Then restart V2Ray.

sudo systemctl restart v2ray

Global Mode on Linux Desktop

If you use Desktop Linux, you can actually use the V2Ray proxy for all of your Internet traffic (not only web browser traffic). Go to your System settings -> Network -> Network Proxy.

desktop linux network proxy

Then select Manual -> Sock Host (127.0.0.1: 1090). It will automatically detect the SOCK protocol (SOCKS4 or SOCK5).

linux desktop v2ray proxy

How to Upgrade V2Ray

Simply run the install script again.

sudo bash install-release.sh

Wrapping Up

That’s it! I hope this tutorial helped you install V2Ray proxy on Ubuntu. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks 🙂


Source