How run Reality protocol with Xray or Sing-box Core with iSegaro
iSegaro 1402-01-29Hello, how are you, I'm Segaru, let's see how to use this Reality protocol, which everyone is talking about 
Still, the only way to contact me is Twitter and the comments section. I and others will help you solve your problem and we will promote new ways from other users to use. My address is on Twitter.
https://twitter.com/iSegaro
Please read this article to the end, especially the description about SNI is very important, otherwise you won't be able to get a strong connection, and then if you use it, come to my Twitter and test the speed of your upload and download + tell me the name of your operator, because I need to know. Thank you so much if I can help you.
I don't see you hanging over the internet. Well, after the last few days of restrictions on cloudflare operators, which I hope is temporary, the connection conditions have become more difficult, but there is still a long way to access. My goal here is to introduce the most cost-free or the least expensive and most common methods. You yourself can search and use many other methods, don't wait, someone will teach you
In this tutorial, I want to write the configuration of reality with three models, which should be comprehensive and go from simple to advanced and professional, and tell what the story is. Forgive me for writing slowly, because each tutorial or writing takes at least 3-4 hours for me. I can't try to compensate until I find free time
Well, we said three methods: the first method is with the Kafka panel and the Xray core, which is introduced on YouTube by children like Iman and Arman, etc. It is very simple for friends who want to work with the panel and can quickly change the addresses, it is the best method. Because you don't need to execute Linux commands and get involved in errors and problems, you can watch their videos if you want. I already tweeted some of them.
The second method is with a Chinese script, go to the throat with the Xray kernel and I will tell you one line with two transmissions, tcp and grpc. It is functional with Xray core
https://twitter.com/iSegaro/status/1648102179016790019
The third method is entered manually with the Singbox core and commands. Let's see what we should do
The first point: Reality domain is not required, you are dealing directly with the server address. Regarding the choice of server, you can buy cheap NATVPS servers with these methods. You can connect directly to your server's IP, just be careful. First, check the email address of Python in Iran filter. No way, secondly, you can also install it along with x-ui, but there is no place for me to explain it here, it will be a long article. If you can reset your server OS, just make sure to make a copy of the information you need first, and if it doesn't work for you, go back to cloudflare. Regarding NATVPS ports, since it is random, choose your port and limit it to two ports, I will say based on 443 and 8443, but since it is not in your port range, don't worry, it works with any port)
Second point: because this method is a direct connection to our server's IP, if the traffic increases or if it is detected, there is a possibility that your server's IP will be filtered, so take action according to this risk!!
The third point: except for the reality protocol, if you want to buy a server, try not to be located in Europe!! Especially Germany, England, France and the Netherlands! Why, because the IP addresses on these data centers in these countries are highly likely to be disrupted, especially on Germany's Hetzner, if you are going to buy a server from European countries such as Romania, Finland, Switzerland, Denmark, or anything else, it is better to use American or Russian servers. Yes, the period is correct, but since we are not behind Cloudflare, our delay is much, much less. For example, with Cloudflare, the delay was below 1000 milliseconds. American servers last up to 250 milliseconds, which is great for you, and they suffer less from them on Iran. Russian servers have problems accessing Twitter and some social networks. Please read this first and then prepare a server. At the end of this article, I will provide you with a list of Yesri data centers that I use myself.
First method: Kafka panel
Well, this panel is exactly like the x-ui panel, there is nothing to do, the installation and settings are the same, my language is English, the address is
https://github.com/FranzKafkaYu/x-ui/blob/main/README_EN.md
Yes, you can read more information, to install it, just enter the following code in the terminal of your server and enter the user, password and port to enter the panel, like the previous tutorials.
bash <(curl -Ls https://raw.githubusercontent.com/FranzKafkaYu/x-ui/master/install_en.sh)
The port to enter the panel should be any port except 443 and 80 and cloudflare ports because we need it. After entering your panel, just create a configuration like the picture below and enjoy it. We have already said that if you are new to reading this, first read the following article, then come back here in the following article, tutorial on how to buy a server ( Dear friend, don't buy the seven dollar NatVPS server that I put in the address below, it doesn't work with the new Cloudflare restrictions, at the end of this tutorial, the address I introduced the purchase of a server ) it is all the same model, it is comprehensive, there is a tutorial on how to connect to the server, and there is a tutorial on how to install the panel with photos and details.
https://telegra.ph/Buy-VPS-and-Domain-just-with-10-for-One-Year-with-iSegaro-03-29
Well, we said that you installed the Kafka panel with the above command and entered the panel, create a configuration like the picture below, protocol Vless+TCP+443+reality+flowxtls 
Well, as you have seen in the above two configurations, I am connected to the addresses of the destinations on Google with great speed and no problems on Irancell and the first mobile phone. Now, how do I choose and use these addresses, I will tell you below. I can't show you, just enter the end of the port address in the dest section, it should be like the picture below, and in the serverName section, it should be exactly the same address without: 443. Pay attention, I will show you with a picture. 
OK, so I address www.google-analytics.com:443 for the first mobile phone for Irancell and the address www.googletagmanager.com:443 used the , the rest of the values like PrivateKey and PublicKey are filled in when creating the configuration, so nothing changes. Be sure to add the latest version of the V2rayN program for Windows so that the Xray kernel version is 1.8. Get it from Github at the following address for Windows:
https://github.com/2dust/v2rayN/releases
For Android phones, be sure to get the latest version of Android from the following address:
https://github.com/2dust/v2rayNG/releases
For iPhone and Mac phones, be sure to use only the following client:
https://apps.apple.com/us/app/wings-x/id6446119727
The latest versions of these clients only support Reality, well, when you copy the configuration you created, you add it to your Windows, that's how it should be, you don't need to fill in Short ID and Spider X. 
Pay attention to the ports, Irancell should be 443 and the first mobile phone should be 8443. I am telling you exactly my configuration and settings because I am connected without any problems with excellent download and upload speed and I tweeted the download and upload speed a few days ago, you all saw. .
OK, that's it. Let's go to the second method with the Kafka panel, which is the simplest model
Second method: Xray core
Well, the second method is very easy, for those who don't want to install the panel or test this method, well, what is this script, sir, it has everything, save it somewhere, it's really a shame, this script, click with the following command to install it.
wget -P /root -N --no-check-certificate "https://raw.githubusercontent.com/mack-a/v2ray-agent/master/install.sh" && chmod 700 /root/install.sh && /root/install.sh
You will face such a scene 
See what it has, it is very useful, from hysteria, v2ray, reality, warp cloudflare, certificate, account manager, etc. In short, it has everything. 
Well, after you run the above command, according to both photos, we want to bring up Reality, enter option number 5, it will ask you if you want to install Reality, you choose option number 1 and press enter (if after you click option 1 It asked you a question about ct-preset-deb.timer (no or press N), it will start installing Reality prerequisites, then it will ask you about UUID, just press enter and skip. 
When you hit enter, it will ask you about port configuration, I said that it is better to enter Irancell 443 and first mobile phone 8443. 
The important part of the port you entered is here, it asks for the address for SNI, well, above in the panel, we said exactly the addresses, here I enter it for Irancell like the picture below, see the address+port 
For the first companion, if you want, don't forget www.googletagmanager.com: 443 , well, when you enter the Internet, it asks for the serverName address, as we said, enter whatever you entered without: 443 to enter 
As soon as you hit enter, two configurations are ready for you, correct and first-class, with TCP and GRPC transmission, very easily, just copy and enter in your desired client, you only have to copy the part that I marked in red, the rest is not important. 
Just one very important point, please note that when you copy the configuration from the Windows terminal or the phone first, paste it somewhere in a text file or your telegram and delete the empty spaces that appear when copying, because in the terminal the configuration is in several lines. It will leave two or three spaces depending on the size of the panel screen that you have chosen. Look in putty, for example, see the picture below, only two are visible here, but it will leave three blank spaces depending on the size of your terminal screen in putty. Be careful, delete this after configuration. Copy it and take it to your client 
Well, this is the second method with the command, if you want to delete it, make changes or whatever, just re-enter the script code and press the number 21, it will completely delete all settings related to xray and reality from your server, make it raw, like the first one, the rest are my options. which you need, you can use, for example, Warp to solve the problem of Google captcha and chat, JChit, etc.
Well, what is the difference between this and Kafka? Kafka is easier, you can change the SNI and serverName addresses whenever you want, there is no difference, Kafka is much better, but based on my experience, I don't know why we have two different speed models!! For me, this method works better than Kafka, even though it is exactly paired with Xray core!! I don't know the reason. You could test with each of these two to see if your connection is more stable. In fact, you can make grpc transmission in the Kafka panel, but it doesn't matter.
The third method: Singbox kernel
The correct pronunciation is Sinbox or Singbox. Please excuse your bigness!!
Well, the core of Singbox is forked from the same Xray, it has been rewritten and made lighter and features like ShadowTLS have been added to it. ShadowTLS is also a method like Reality to connect directly to the server without problems, which works easily on different operators. It's time to write this
Let's raise the reality with Singbox kernel. I am connected to the Russian server with Singbox kernel. The speed and quality are very, very good. On Irancell, I don't know which one of these you will use on your server because we don't know the behavior of the system and its limitations. In every region, I can connect on the Russian server or Singbox, both with the first mobile phone and especially with Irancell, first class, first class.
Why singbox now? Look at the picture below and see his masterpiece, you will understand, there is no need for me to explain 
Singbox address for more information:
https://sing-box.sagernet.org
https://github.com/SagerNet/sing-box/releases
Update on July 9, 1402
Well, I can't sleep tonight, let me introduce you to Reality using the Singbox method. In the previous series, many people were unable to install it. Tonight, we want to do it with a new and very simple method. It's super easy in the Reality method. The SNI address is very important, as if the IP is clean. So, according to the tutorial at the end of the singbox, I put the tutorial on how to find SNI. Follow it so that you can use Apple and download at maximum speed, because the better the SNI, the better the speed.
Installation and configuration on the server
Download the latest version of Singbox kernel with the commands below, guys, I am installing version 1.3, which is the latest version, whenever you read this article, go and replace the latest version, ok?
curl -Lo /root/sb https://github.com/SagerNet/sing-box/releases/download/v1.3.0/sing-box-1.3.0-linux-amd64.tar.gz && tar -xzf /root/sb && cp -f /root/sing-box-*/sing-box /root && rm -r /root/sb /root/sing-box-* && chown root:root /root/sing-box && chmod +x /root/sing-box
With the above command, the Singbox core will be downloaded and ready to run in the Root folder of your server, go to the next
curl -Lo /root/sing-box_config.json https://raw.githubusercontent.com/iSegaro/Sing-Box/main/sing-box_config.json
With the above command, a server-side configuration file will be placed next to the Singbox core in your Root folder, which we need to edit later, let's go to the next command.
curl -Lo /etc/systemd/system/sing-box.service https://raw.githubusercontent.com/iSegaro/Sing-Box/main/sing-box.service && systemctl daemon-reload
With the above command, you put singbox in the list of your server's services, so that we can control it later, and every time it is reset, the server will run itself, after the above 3 commands, when you type ls, you should see that 2 files are located on your root folder, as in the picture below. , one is the green Singbox core, the other is the server side configuration 
Let's go to the very interesting part of the story, editing the config and preparing it for ourselves, as soon as the terminal page of your server is open, type these 3 commands that I write below in order and copy the values it gives you, because we need to put them in the configuration.
./sing-box generate uuid
./sing-box generate reality-keypair
./sing-box generate rand --hex 8
You will see something like the picture below, I have separated it by color, don't get confused, the first command is for UUID, it will make it for us, the second command is very important, it will make Public&Private Key for handshake, and the third command will make Shortid here in Singbox, it will make a shortid in Singbox It's important, we need it, guys 
Well, now that we have this information and you have copied it somewhere, let's edit the config file on the server side with the command below, guys, I wrote an article in Farsi in the config file that you should delete. What we need to change is clear from the above information, that is, the public uuid and private key and short ID, don't forget to enter the Private Key in the server configuration and the Pulic Key on your phone or system, I will show you with a picture, type them.
nano sing-box_config.json
When you type, you will see a picture like the one below, the parts marked with yellow color should be changed 
The port 443 that I underlined first is the same port on your server, you can change it to any port you want, but 443 is more normal, except for the yellow parts that I underlined, do not change, especially the second port 443, which should not be changed. We got those 3 commands in the previous step, we have to paste them, and the important thing is that you have to delete the content that I wrote in Persian script along with two //, I paste the information and at the end, the output will be like the picture below, and then you have to save it. First, press Ctrl+X, then press Y, and finally press Enter to save the changes. 
. above Guys, I entered the address www.yahoo.com in the server_name and server fields, but now it doesn't help. You have to find an SNI address that is at the end of this tutorial. Everything I say here will interfere with the method, for example, the google-tag I mentioned It's too slow, you should use something else, you see, I changed our config with the information we had and saved it. Now, before we start the singbox, let's see if we have saved our configuration correctly, type the following command, if it doesn't give you any error message, it means that you saved the configuration by hand, don't forget to save the private key on the server.
/root/sing-box check -c sing-box_config.json
Well, you didn't get an error message, it's time to start the kernel with the following command and check the status of the kernel to see if it is activated correctly or not.
systemctl enable --now sing-box && sleep 0.2 && systemctl status sing-box
If you have done everything correctly, you should see something like the picture below 
Guys, these 4 commands below are also for managing the singbox core. If you need to change your configuration, you must first stop the core, apply the changes, and then start or restart it. You can also use status to see the status of the core.
systemctl stop sing-box
systemctl restart sing-box
systemctl start sing-box
systemctl status sing-box
OK, that's it, the core of our singbox, but let's start using it on the phone or Windows or any client you like, a very important point, for singbox on Android phones, be sure to use the latest version of the NekoBox program, and on Windows, be sure to use the latest version of the V2rayN client. Especially with Sagrant core which I will show you in the picture, why I say this is because your ping increases drastically, for example on Nekobox, the same gunfig gives me 230 ping on Irancell, but 2000 ping on V2rayNG!! That's why it's very important to pay attention to this point, create a raw Vless configuration on your Windows V2rayN program, and like the picture below, put the required information such as server IP, port, etc., and most importantly, put the Public Key and Shortid, don't forget Core Put it on the SageNet section like the picture below 
You have to copy everything that I specified above with the information that I said when creating it, you should fill it in and cut it. You have told me so much about Singbox and Reality. You told me so much. I will say again that the Yahoo SNI that I put is a formality. You have to find the best one yourself. Do it, I tweeted about buying a server for Reality, I told you to find it from this link below, why do I insist on this, because it is an hour and it has payment with crypto and webmoney, etc., it has 5 European countries + Russia, and if IP Your server was not clean, you quickly delete the server and create another server that gives you a new IP and you don't need to recharge your account, for example, deposit 2 dollars, because there is an hour, whenever your charge was over, your server was fine, add another 2 dollars and renew it like this. If your server is filtered and you haven't paid for 1 month and your expenses have not been spent, buy from the link below, the link below is a referral from me, that is, register with this link and charge your account in less than 12 hours, you will get 15% more charge and a They give me a small percentage as a bonus that we are going to get a server for users and do a great job
Again, don't put too much money in your account because it might get dirty due to the large number of Iranian users registering. Charge 2 dollars at the end. First, if the server was good and you were satisfied, renew the same server continuously and don't let it be deleted until it works. Take my money little by little because they will not return your money
Get the latest version of NekoBox Android from the link below
https://github.com/MatsuriDayo/NekoBoxForAndroid/releases
Tutorial to find clean SNI
Well, let's go to an explanation about what addresses we can put for TLS and how it is, well, if you want to work with Reality, the site must have TLSv1.3 and the key exchange should have X25519, and most importantly in my opinion It must have AES_128_GCM cipher and must have alpn H2, why this cipher? Based on my experience, I am wrong because it is lighter than other ciphers such as AES_256_GCM. 
How can you find this?
In general, in my opinion, all the certificates issued by Google, I mean the GTS CA 1C3 Google Trust Services certificate publisher, work best, especially on Irancell, now how can we find this? So how do we know that a site issuing a Google certificate is very simple, one of them is to go to one of Google's addresses, such as Gmail, YouTube, Drive or Google Maps, then right-click on your browser, which is Chrome, on the same site and press Inspect or the F12 key on your keyboard. Click on it and then you can check the status from the Security tab like the picture below 
Now, the information about the publisher of that certificate is enough. Now click on Show More. You can see, as in the picture below, there are 134 domain and subdomain addresses that you can use for TLS Server, all of which are published by Google, with different domains, many of which are close to the addresses of I don't have Google 
As you can see in the picture below, you are not limited to those addresses, any certificate that has the above specifications can be used. 
Now limited to Google or Apple? No, any website that has the specifications we want can be used, many of the certificates are issued by other companies and institutions, and you can easily use them, but why do we say Google or even Apple's CDN addresses? Why? Because these have the least delay and interference, they are vital, if they call this, my phone will stop working because it's the internet, the same cloudflare issue will happen here, tomorrow some people may say, oh dogs, why did you say Google, they will close Google tomorrow!!! Maybe they will close, I don't know, go grab the collar of the person in charge, not me
Well, we can call many of these addresses if it doesn't work? We also have a TLS scanner hahaha, you can get the TLS scanner from the following address
https://github.com/XTLS/RealiTLScanner
Download it, you can run it on both Windows and Linux. The prerequisite for Linux is go. On Windows, it is not required. Get the exe version from Github and run it in CMD like the picture below. 
And then start scanning with one of the following three commands, needless to say, do the scan based on the internet you want, for example, connect Irancell net, then scan the system with Irancell net or the first connection or....
RealiTLScanner-windows-64.exe -addr www.google-analytics.com
RealiTLScanner-windows-64.exe -addr 20.53.203.50
RealiTLScanner-windows-64.exe -addr 2607:f8b0:4004:c1b::65 -thread 10
It comes based on your internet and the possibility of connection with domains and sub-domains and certificates. It scans all the addresses by itself and shows you which addresses you can connect to without any problems.
Update: I wrote some important points about this scanner on Twitter, be sure to read it to get the best speed
Don't get tired, you could read the most complete tutorial about Reality, this is it, I hope your problem will be solved and you will be able to connect to the free internet easily.
And if you know a method, don't be stingy, teach me, there are other methods, such as ShadowSax with a clock plugin or SSR, which can be tunneled, but our focus is currently on free or cheap methods limited to V2ray.
In the end, if you are connected, be sure to post a photo of your upload and download test under my tweet, see the rest as well, like the photo below, where you can see the test on fixed telecommunications, Irancell and my first cell phone (Irancell with two different SNI addresses), I am exactly the same I have the same config and addresses above that I told you, and my server is not filtered!! Until now of course 
Regarding the purchase of a server, please stay away from the famous data centers for the time being, or go to this address, it is the source of all the discounted servers in the world, and see which one is good to use with strange prices https://lowendtalk.com/categories/offers ( previously I had tweeted his address)
Or use the same address of the data center that I posted https://aeza.net/?ref=387569 , its IP servers are clean.
Just now, something came to my mind or I needed to update this article here
We are very sincere
Internet for everyone or no one