vless + reality (xtls‑rprx‑vision)
guide
by invite
access to this proxy is strictly provisioned. you have access if you were provided
with an authenticated subscription link (e.g., https://gasha337services...)
that dynamically encodes the server address, port, and transport parameters.
the proxy uses the reality transport. this means it does not present its
own tls certificate — instead it borrows the fingerprint of a legitimate
external domain. clients must support the xtls‑rprx‑vision
flow and reality security.
| platform | client | notes |
|---|---|---|
| windows |
v2rayn hiddify |
primary. allows granular routing via advanced payloads. alternative. ships with reality support out of the box. |
| android |
v2rayng hiddify |
primary. available on google play and github releases. alternative. robust cross‑platform ui. |
| macos |
v2rayu foxray |
optimized for apple silicon and core routing tasks. |
| ios |
shadowrocket streisand |
both available on the app store. full reality support. |
follow these steps to initialize the node via subscription on android devices.
there are two methods to import your subscription link.
method a (quick): open v2rayng, tap the add icon in the top‑right
corner of
the main screen, and select import profile from clipboard. a new profile will
appear with a generic name. optional: to rename it, open the menu side menu, go to
subscription group setting, tap the edit pencil icon, and update
the
remarks field.
method b (manual): open the menu side menu and select
subscription group setting. tap the add icon. enter a name
(e.g., gasha337services) and paste your link into the optional url field.
tap the check icon
to save.
return to the main interface. tap the more_vert icon in the top‑right corner and select update subscription. the server profile will not load until this remote fetch is completed.
tap the server name to select it (a vertical bar will appear). tap the play_arrow icon in the bottom‑right corner to initialize the tunnel. grant the operating system vpn permissions when prompted.
follow these steps to initialize the node via subscription on windows devices.
there are two methods to import your subscription link.
method a (quick): launch v2rayn. in the top navigation bar, click
configuration > import share links from clipboard. a new
subscription
tab will appear with a generic name.
method b (manual): in the top navigation bar, click subscription
group > subscription group setting. click add, input
a
remarks name, and paste your link into the url field. click confirm.
click subscription group > update subscription without proxy.
the interface will populate with the node configuration. select the server from
the list and press enter to set it as active.
at the bottom of the window, ensure the system proxy is set to set system proxy (the icon should turn red). this routes windows traffic through the node.
by default, a vpn routes 100 % of your data through the remote server (v2rayn and v2rayng include default bypass presets for china). to optimize bandwidth and maintain access to local regional services (e.g., banking apps, lan), you must implement a routing payload.
in v2rayn: go to setting > routing setting. click add, name the rule in the remarks field, and click import rules from clipboard using one of the json blocks below. a dialog will ask if you want to append rules — click no to replace them. click confirm and select this rule from the routing dropdown at the bottom of the main window.
intercepts and proxies specific domains (ai tools, blocked media, cloud infrastructure). all other traffic bypasses the node entirely.
[
{
"outboundTag": "direct",
"ip":[ "geoip:private" ],
"domain":[ "geosite:private", "domain:localhost" ],
"enabled": true,
"remarks": "Direct - Private/Local"
},
{
"outboundTag": "proxy",
"domain":[
"domain:hetzner.com", "domain:hetzner.cloud", "domain:aeza.net",
"domain:aeza.host", "domain:digitalocean.com", "domain:vultr.com",
"domain:linode.com", "domain:contabo.com", "domain:kamatera.com",
"domain:hostinger.com"
],
"enabled": true,
"remarks": "Proxy - VPS & Hosting Sites"
},
{
"outboundTag": "direct",
"ip":[ "geoip:by", "geoip:ru" ],
"domain":[ "domain:by", "domain:ru", "domain:su", "domain:xn--p1ai" ],
"enabled": true,
"remarks": "Direct - BY/RU Regional"
},
{
"outboundTag": "proxy",
"domain":[
"domain:belsat.eu", "domain:charter97.org", "domain:euroradio.fm",
"domain:kyky.org", "domain:mediazona.by", "domain:nashaniva.com",
"domain:nn.by", "domain:reform.by", "domain:reform.news",
"domain:spring96.org", "domain:svaboda.org", "domain:tribuna.com",
"domain:zerkalo.io"
],
"enabled": true,
"remarks": "Proxy - Blocked Media"
},
{
"outboundTag": "proxy",
"domain":[
"ai.google.dev", "aistudio.google.com", "alkalimakersuite-pa.clients6.google.com",
"domain:aistudio.google.com", "domain:anthropic.com", "domain:chatgpt.com",
"domain:claude.ai", "domain:gemini.google.com", "domain:generativelanguage.googleapis.com",
"domain:labs.google.com", "domain:makersuite.google.com", "domain:midjourney.com",
"domain:oaistatic.com", "domain:oaiusercontent.com", "domain:openai.com",
"generativelanguage.googleapis.com", "labs.google.com"
],
"enabled": true,
"remarks": "Proxy - AI Services"
},
{
"outboundTag": "proxy",
"domain":[
"domain:upwork.com", "domain:fiverr.com", "domain:canva.com",
"domain:docker.com", "domain:docker.io", "domain:coursera.org",
"domain:linkedin.com", "domain:intel.com", "domain:amd.com",
"domain:nvidia.com", "domain:jetbrains.com"
],
"enabled": false,
"remarks": "Proxy - IT & Work Tools"
},
{
"outboundTag": "proxy",
"domain":[
"domain:deepl-reseller.com", "domain:deepl.com", "domain:medium.com",
"domain:music.youtube.com", "domain:patreon.com", "domain:patreonusercontent.com",
"domain:scdn.co", "domain:spotify.com", "domain:spotifycdn.com",
"domain:substack.com", "geosite:spotify"
],
"enabled": true,
"remarks": "Proxy - Media & Services"
},
{
"network": "tcp,udp",
"outboundTag": "direct",
"enabled": true,
"remarks": "Direct - Default Fallback"
}
]
forces all network traffic through the encrypted node. the only exceptions are local network connections and regional domains (by/ru) to prevent geoblocking loops.
[
{
"outboundTag": "direct",
"ip": [ "geoip:private" ],
"domain":[ "geosite:private", "domain:localhost" ],
"enabled": true,
"remarks": "Bypass - Private/LAN"
},
{
"outboundTag": "direct",
"ip":[ "geoip:by", "geoip:ru" ],
"domain":[ "domain:by", "domain:ru", "domain:su", "domain:xn--p1ai" ],
"enabled": true,
"remarks": "Bypass - BY/RU Regions"
},
{
"network": "tcp,udp",
"outboundTag": "proxy",
"enabled": true,
"remarks": "Proxy - Default Catch-All"
}
]
temporal synchronization. the reality protocol utilizes strict tls handshakes. your local device clock must be synchronized with universal time. a variance of more than 30 seconds will result in immediate connection rejection by the node.
subscription integrity. node certificates and stealth domains undergo regular rotation to evade active probing. if connectivity drops unexpectedly, execute a manual update subscription via your client to fetch the latest parameters.