Got it — you want Approach 3: Shadowsocks / V2Ray because that’s the one that’s most likely to work well in China. I’ll give you a detailed, step-by-step guide to set up V2Ray on Ubuntu, optimized for bypassing the Great Firewall.
We’ll go for VLESS over TCP + TLS (very stealthy — it looks like normal HTTPS traffic).
Step 1 — Update Your Ubuntu Server
sudo apt update && sudo apt upgrade -y
Step 2 — Install Required Tools
We’ll need curl, socat, wget, unzip, and uuid-runtime:
sudo apt install curl socat wget unzip uuid-runtime -y
Step 3 — Get a Domain Name
To make V2Ray harder to detect, you must use a domain name pointing to your server’s public IP.
- Buy a domain (e.g., from Namecheap, Cloudflare, or Alibaba Cloud).
- Create an A record for
vpn.yourdomain.com→ your server’s IP. - Wait for DNS to propagate (can check with
ping vpn.yourdomain.com).
Step 4 — Install V2Ray via Official Script
bash <(curl -sL https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)
This will:
- Download the latest V2Ray binaries
- Install them into
/usr/local/bin - Set up a systemd service
Step 5 — Get a TLS Certificate (HTTPS)
We’ll use acme.sh (lightweight Let’s Encrypt client):
# Install acme.sh
curl https://get.acme.sh | sh
# Issue a certificate for your domain (replace with your actual domain!)
sudo systemctl stop nginx
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
~/.acme.sh/acme.sh --issue -d vpn.futurelei.com --standalone --keylength ec-256
sudo systemctl start nginx
# Install the certificate into /etc/v2ray/
sudo mkdir -p /etc/v2ray/
~/.acme.sh/acme.sh --install-cert -d vpn.yourdomain.com \
--ecc \
--fullchain-file /etc/v2ray/v2ray.crt \
--key-file /etc/v2ray/v2ray.key
- Issue 0: When I run the step 5, I got the following: touch: cannot touch ‘/etc/v2ray/v2ray.key’: No such file or directory
When I run step, will it generate a folder /etc/v2ray/ ?
- Solution 0: sudo mkdir -p /etc/v2ray/
Step 6 — Configure V2Ray (VLESS over TCP+TLS)
Edit the config file:
sudo nano /usr/local/etc/v2ray/config.json
Paste this config (replace UUID-GOES-HERE with a generated UUID and vpn.yourdomain.com with your domain):
{
"inbounds": [{
"port": 443,
"protocol": "vless",
"settings": {
"clients": [{
"id": "29c23e6b-e7fa-414b-ab30-6015d17b2fe3",
"level": 0,
"email": "user@v2ray"
}],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [{
"certificateFile": "/etc/v2ray/v2ray.crt",
"keyFile": "/etc/v2ray/v2ray.key"
}]
}
}
}],
"outbounds": [{
"protocol": "freedom",
"settings": {}
}]
}
Step 7 — Generate Your UUID
uuidgen
Copy that UUID and replace UUID-GOES-HERE in the config.
Step 8 — Start & Enable V2Ray
sudo systemctl enable v2ray
sudo systemctl restart v2ray
Check if it’s running:
sudo systemctl status v2ray
Step 9 — Client Setup
On your device (Windows, Mac, Android, iOS):
- Install V2RayN (Windows) or Shadowrocket (iOS) or V2RayNG (Android).
-
Add a VLESS server:
- Address:
vpn.yourdomain.com - Port:
443 - UUID: (the one you generated)
- Encryption: none
- Transport: TCP
- TLS: enabled
- Address:
Step 10 — Test
Connect in your client, then check your IP:
curl ifconfig.me
It should show your server’s IP (not your local one).
💡 Extra Tips for China
- If VLESS over TCP+TLS still gets blocked, we can add WebSocket+TLS or XTLS to make it look exactly like normal web traffic.
- You can also run Nginx as a fake website in front of V2Ray so casual observers only see a normal HTTPS page.
If you like, I can give you a ready-made install script that:
- Installs V2Ray
- Gets TLS cert automatically
- Configures VLESS+TLS with WebSocket fallback
That’s faster and less error-prone than doing each step manually. Do you want me to prepare that script for you?