v2ray + wireguard to unblock gfw and netflix,spotify,hulu

v2ray_wireguard_netflix_spotify_hulu.md

I previously write a gist about how to set up v2ray + openvpn to unblock gfw and netflix

Refers to that gist for more detail.

In short, this a solution to proxy your network to bypass Firewall with stable connections, and also unblock Proxy detection for Netflix/Spotify/etc....

In my use case from China network:

(V2ray service can be both client and server)

• Visit baidu/qq from my IP directly. -- fast network speed for local resource.
• Proxy youtube/google request to the VPS, from my VPS's IP. -- Unblock GFW.
• Proxy netflix/spotify request to the VPS, VPS then proxy the request to a VPN vendor through wireguard tunnel, this time use the VPN vendor's IP. -- Unblock Netflix Proxy Detection.

Things that needs to be prepared.

• A VPS that can ssh into

  • Use a CN2 network or CN2 GIA network to gain fast netowk speed if you're from China.
    • Can use the vendor same as mine: bandwagonhost(you need to login, click Client Area -> Services -> Order New Services to get CN2 server)
    • Or search CN2 here

• A wireguard config(vpn vendor that can unblock netflix/spotify)

  • I use purevpn, Scroll down and follow this guideline to get config file for purevpn.

Steps

Install V2ray

ssh into your VPS, install v2ray server, recommand using this one line installer

bash <(curl -s -L https://git.io/v2ray.sh)

Then pasted your v2ray configuration to your device

• v2rayN for windows
• v2rayNG for Android
• V2rayU for Mac
• kitsunebi for IOS

Config wireguard

Setup wireguard proxy follow my repo wireguard_socks5_docker

# tested only on Ubuntu/Debian
git clone https://github.com/zpoint/wireguard_socks5_docker.git
cd wireguard_socks5_docker
# build image
bash ./build.sh
# copy the configure file you downloaded to ./config/wg0.conf, or pasted the content
vim ./config/wg0.conf
# start container 
bash ./start.sh
# test connection
bash ./test.sh

Change the v2ray config to forward the netflix/spotify proxy to the wireguard tunne

vim /etc/v2ray/config.json

Part of my configuration

      "inbounds": [
        {
         "port": 8888,
         "protocol": "vmess",
         "settings": {
          "clients": [
           {
            // private config
           }
          ]
         },
         "streamSettings": {
          "network": "ws"
         },
         "sniffing": {
          "enabled": true,
          "destOverride": [
           "http",
           "tls"
          ]
         }
        }
       ]


       "outbounds": [
        {
          "settings": {},
          "protocol": "freedom"
        },
        // ...
        {
         "protocol": "socks",
         "settings": {
          "servers": [{
           "port": 9050,
           "address": "localhost"
          }]
         },
         "streamSettings": {
          "tcpSettings": {
           "header": {
            "type": "none"
           }
          },
          "network": "tcp",
          "security": "none"
         },
         "tag": "streaming"
        }
       ]

       "routing": {
        "rules": [
            {
          "type": "field",
          "domain": [
           "domain:btstatic.com",
           "domain:netflix.com",
           "domain:netflix.net",
           "domain:nflxext.com",
           "domain:nflximg.com",
           "domain:nflximg.net",
           "domain:nflxsearch.net",
           "domain:nflxso.net",
           "domain:nflxvideo.net",
           "domain:fast.com",
           "domain:fast.ca",
           "domain:netflixinvestor.com",
           
           "domain:byspotify.com",
           "domain:pscdn.co",
           "domain:scdn.co",
           "domain:spoti.fi",
           "domain:spotify-everywhere.com",
           "domain:spotify.com",
           "domain:spotify.design",
           "domain:spotifycdn.com",
           "domain:spotifycdn.net",
           "domain:spotifycharts.com",
           "domain:sspotifycodes.com",
           "domain:spotifyforbrands.com",
           "domain:spotifyjobs.com"
          ],
          "outboundTag": "streaming"
         }
        ]
       }

More domain rules refers to here

Then restart v2ray

systemctl restart v2ray

Or select reboot menu here

v2ray

Check logs under /var/log/v2ray/ if you encounter configuration error after restart.

@kapil-tftus as we discussed earlier for wireguard on upwork, can we have discussion at [email protected]

Hi OP,

I have

• Chinese users connecting to one of my VPS (A) hosting v2ray
• VPS (A) is also a wireguard peer/client which connects to another VPS (B) only hosting as wireguard server

Issue I had is when v2ray and wireguard peer is both up, the v2ray is not able to be connected, if I turn off the wireguard peer, then the v2ray works perfectly on its own.

What I want from this config is to let Chinese users be able to visit internal IPs like 10.x.x.x whichever device connects to the VPS (B), but for other traffics, we can just use v2ray to proxy, how should I config in this case?

proxy 10.x.x.x only in v2ray config?