-
Notifications
You must be signed in to change notification settings - Fork 12
Configuration Guide
The flexible and composable YtFlow configuration system allows you to customize every single bit of how YtFlowApp VPN works. For an extensive description about plugins, parameters and YtFlow internals, please refer to YtFlowBook. The instructions below serves as a quick guide to spin up a working YtFlow Profile.
Note The instructions below apply to profiles that does not use Dynamic Outbound. We recommend using Dynamic Outbound as it is easier for users to manage multiple proxy servers, and should cover the most of simple use cases. Refer to Quick Start on how to create a profile with Dynamic Outbound.
In this guide, we assume YtFlow (next, version 1.2.0.0) has been installed on your device, with System VPN Profile properly set up.
We also recommend understanding the JSON format if necessary, so that you won't get into trouble later when editing the parameters. See What is JSON. Take note that JSON is sensitive about trailing commas.
For first-time set up, you are required to create a new profile. As of version 1.2.0.0, you can choose among Shadowsocks (with or without obfs), Trojan and HTTP Proxy. Enter a profile name and click 'Save'.
Click 'Edit' beside the new profile. Based on the outbound type chosen, navigate to corresponding plugins to enter server information.
Go to ss-client with the default parameter:
{
"method": "aes-128-gcm",
"password": {
"__byte_repr": "utf8",
"data": "my_ss_password"
},
"tcp_next": "proxy-redir.tcp",
"udp_next": "null.udp"
}- Replace
aes-128-gcmwith the desired cipher/method. Supported methods:plain/none/rc4/rc4-md5/aes-128-cfb/aes-192-cfb/aes-256-cfb/aes-128-ctr/aes-192-ctr/aes-256-ctr/camellia-128-cfb/camellia-192-cfb/camellia-256-cfb/aes-128-gcm/aes-192-gcm/aes-256-gcm//chacha20-ietf/chacha20-ietf-poly1305/xchacha20-ietf-poly1305. Note thatchacha20andchacha20-poly1305are not supported. - Replace
my_ss_passwordwith your Shadowsocks password in text format. - Click 'Save' when done.
If you need your Shadowsocks stream obfuscated by TLS/HTTP headers, here are the extra steps to achieve that.
- Create a new plugin
obfs-clientwith typetls-obfs-clientorhttp-obfs-client. - Replace
nullwith the following JSON object:
{
"host": "my.obfs.host.com",
"path": "/",
"next": "phy.tcp"
}for http-obfs-client, where my.obfs.host.com and / are obfs parameters, and
{
"host": "my.obfs.host.com",
"next": "phy.tcp"
}for tls-obfs-client, where my.obfs.host.com is obfs host.
- Click 'Save' when done.
- Go to
proxy-redir, replacephy.tcpwithobfs-client.tcp. - Click 'Save' when done.
Go to trojan-client with the default parameter:
{
"password": {
"__byte_repr": "utf8",
"data": "my_trojan_password"
},
"tls_next": "trojan-client-tls.tcp"
}- Replace
my_trojan_passwordwith your Trojan password in text format. - Click 'Save' when done.
Go to trojan-tls-client with the default parameter:
{
"next": "proxy-redir.tcp",
"skip_cert_check": false,
"sni": "my.trojan.proxy.server.com"
}- Replace
my.trojan.proxy.server.comwith your Trojan host name. - Change
falsetotrueif your certificate is invalid or untrusted. In this case, you will risk MITM attack. - Click 'Save' when done.
No protocol-specific plugin parameters need changing.
Go to proxy-redir with the default parameter:
{
"dest": {
"host": "my.proxy.server.com.",
"port": 8388
},
"tcp_next": "phy-socket",
"udp_next": "phy-socket"
}- Replace
my.proxy.server.com.with the domain name or IP address of your server. - Replace
8388with your service port. - Click 'Save' when done.
If all parameters are valid and correct, you should be able to connect to your proxy server with this profile. Refer to YtFlowBook for more tweaks. Join our Telegram group YtFlow α for help and troubleshooting.