Guide for using http header or tls in vless

[omid-j-d]

Hello, my question is that I've seen many people in Iran using the combination of vless tcp http to create their own configurations. From what I've read, vless does not have any encryption, but some claim that there have been severe disruptions when using TLS in operators like MCI, and sometimes SNI is also blocked when the IP points to it. I'm confused about this matter and I don't exactly know how to configure it.

[ghost]

The posts I've read here say that TLS-in-TLS results in proxy detection by the GFW Iran as well as the GFW China.

When you say "vless tcp http" you may be thinking of Xray Reality. If you use that configuration, you must configure your Xray Reality server correctly. You must prevent traffic to the proxy server from returning back through the firewall to your own country. That would flag your IP address as an obvious proxy server. Also, only certain SNI names work for Xray Reality. I do not have an up-to-date list of which SNI names work.

For Iran, IP blocking seems to be as big a problem as protocol detection. In fact, proxy blocking is often blamed on protocol detection, whereas the blocking is more likely to be due to IP blocking. The GFW Iran partitions IP addresses into 3 subsets:

• "Blacklist" consists of IPs that are completely blocked.
• "Whitelist" consists of IPs that are allowed.
• "Graylist" consists of all other IP addresses. These are subject to throttling and packet loss.

ISPs may gradually move graylisted IP addresses into the blacklist, if they discover the AS is commonly used for proxy servers. In other words, what your IP neighbors do may impact your own proxy server, through no fault of your own.

You can find links to Xray Reality tutorials on the GitHub README page for Xray-core.

[omid-j-d]

Thank you for your good explanation. You are right, this has happened to me many times and I have also heard it. Let's say I'm six months ago and reality doesn't exist at all because I have another method in mind and I'll share the results later. What I am concerned about is dpi, suppose I want to connect to Instagram and use the vless tcp http method, and I consider that the firewall has become suspicious and wants to analyze my packets, the question is, since vless It doesn't have encryption, is it enough to hide what http does? Or dpi analyzes it and finds traces of Instagram in my packets? Although I think the second option is correct, of course, in your opinion, using flow vision does not solve the problem of TLS-in-TLS?

[asimov1234]

@omid-j-d hi , this method not working now, and i'm suffering from gfw, would you mind tell me what's your choice now?

[omid-j-d]

@omid-j-d hi , this method not working now, and i'm suffering from gfw, would you mind tell me what's your choice now?

Use ipv6

[asimov1234]

@omid-j-d hi , this method not working now, and i'm suffering from gfw, would you mind tell me what's your choice now?

Use ipv6

is ipv6 widely supported in iran?

[MJamshidnejad]

@omid-j-d hi , this method not working now, and i'm suffering from gfw, would you mind tell me what's your choice now?

Use ipv6

is ipv6 widely supported in Iran?

Not widely, partially.