I previously write a gist about how to set up v2ray + openvpn to unblock gfw and netflix
Refers to that gist for more detail.
In short, this a solution to proxy your network to bypass Firewall with stable connections, and also unblock Proxy detection for Netflix/Spotify/etc....
In my use case from China network:
(V2ray service can be both client and server)
- Visit
baidu/qqfrom my IP directly. -- fast network speed for local resource. - Proxy
youtube/googlerequest to the VPS, from my VPS's IP. -- Unblock GFW. - Proxy
netflix/spotifyrequest to the VPS, VPS then proxy the request to a VPN vendor through wireguard tunnel, this time use the VPN vendor's IP. -- Unblock Netflix Proxy Detection.
Things that needs to be prepared.
-
A VPS that can ssh into
- Use a CN2 network or CN2 GIA network to gain fast netowk speed if you're from China.
- Can use the vendor same as mine: bandwagonhost(you need to login, click Client Area -> Services -> Order New Services to get CN2 server)
- Or search CN2 here
- Use a CN2 network or CN2 GIA network to gain fast netowk speed if you're from China.
-
A wireguard config(vpn vendor that can unblock netflix/spotify)
ssh into your VPS, install v2ray server, recommand using this one line installer
bash <(curl -s -L https://git.io/v2ray.sh)Then pasted your v2ray configuration to your device
- v2rayN for windows
- v2rayNG for Android
- V2rayU for Mac
- kitsunebi for IOS
Setup wireguard proxy follow my repo wireguard_socks5_docker
# tested only on Ubuntu/Debian
git clone https://github.com/zpoint/wireguard_socks5_docker.git
cd wireguard_socks5_docker
# build image
bash ./build.sh
# copy the configure file you downloaded to ./config/wg0.conf, or pasted the content
vim ./config/wg0.conf
# start container
bash ./start.sh
# test connection
bash ./test.shvim /etc/v2ray/config.jsonPart of my configuration
"inbounds": [
{
"port": 8888,
"protocol": "vmess",
"settings": {
"clients": [
{
// private config
}
]
},
"streamSettings": {
"network": "ws"
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
]
"outbounds": [
{
"settings": {},
"protocol": "freedom"
},
// ...
{
"protocol": "socks",
"settings": {
"servers": [{
"port": 9050,
"address": "localhost"
}]
},
"streamSettings": {
"tcpSettings": {
"header": {
"type": "none"
}
},
"network": "tcp",
"security": "none"
},
"tag": "streaming"
}
]
"routing": {
"rules": [
{
"type": "field",
"domain": [
"domain:btstatic.com",
"domain:netflix.com",
"domain:netflix.net",
"domain:nflxext.com",
"domain:nflximg.com",
"domain:nflximg.net",
"domain:nflxsearch.net",
"domain:nflxso.net",
"domain:nflxvideo.net",
"domain:fast.com",
"domain:fast.ca",
"domain:netflixinvestor.com",
"domain:byspotify.com",
"domain:pscdn.co",
"domain:scdn.co",
"domain:spoti.fi",
"domain:spotify-everywhere.com",
"domain:spotify.com",
"domain:spotify.design",
"domain:spotifycdn.com",
"domain:spotifycdn.net",
"domain:spotifycharts.com",
"domain:sspotifycodes.com",
"domain:spotifyforbrands.com",
"domain:spotifyjobs.com"
],
"outboundTag": "streaming"
}
]
}
More domain rules refers to here
Then restart v2ray
systemctl restart v2rayOr select reboot menu here
v2rayCheck logs under /var/log/v2ray/ if you encounter configuration error after restart.
I see, I was thinking authentication is required between v2ray_server and wireguard_container.
Read your docker instruction found the clue: Dante SOCKS Server is used. It listens on eth0 (the network from the host PC) and connects to this wg0 network (the OpenVPN network).
tldr:
v2ray_server <=> wireguard_container: No auth is required.
wireguard_container <=> vpn_vendor : wg0.conf
Is it correct?