Mekya
V2ray is a powerful and privacy-enhancing proxy tool. It supports multiple tunneling protocols and can bypass the censorship of many countries. Traffic is fully encrypted, securing your Internet use over and above regular HTTPS encryption.
V2ray's Meek protocol tunnels your traffic as ordinary HTTP requests and response. Mekya improves performance over Meek by using the mkcp protocol instead of sequential transmission of HTTP requests and responses.
1. Set up server
1.1. Install V2ray
SSH into your server as root and issue the commands:
apt update && apt upgrade -y && apt autoremove -y
bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)
1.2. Open firewall
Open your server's firewall and/or security groups for TCP input on port tcp/17773.
1.3. Generate universally unique id
Generate a new UUID:
v2ray uuid
Example:
eb2b7e74-2df2-3777-d61e-274b83b2e9a7
1.4. Create self-signed certificate
mkdir /usr/local/etc/v2ray/cert
cd /usr/local/etc/v2ray/cert
openssl req -x509 -newkey rsa:4096 -keyout self-signed_key.pem -out self-signed_cert.pem -sha256 -days 3650 -nodes
Press Enter to accept the default answers to the questions about the certificate's distinguished name (DN).
Since V2ray will run as User=Nobody, make the private key readable to V2ray:
chmod +r self-signed_key.pem
Generate the certificate chain hash:
v2ray tls certChainHash --cert self-signed_cert.pem
Make a note of the hash value, as you will need it when you configure the client.
Example:
+IbDYp/49u5aLsa7g/Dasj4AdG9KTO9t9z2lke0FRTc=
1.5. Configure Mekya server
Edit the V2ray configuration file:
vi /usr/local/etc/v2ray/config.json
Use this as a model:
{
"log": {
"error": {
"level": "Warning",
"type": "Console"
},
"access": {
"type": "None"
}
},
"inbounds": [
{
"listen": "0.0.0.0",
"port": 17773,
"protocol": "vmess",
"settings": {
"users": [
"eb2b7e74-2df2-3777-d61e-274b83b2e9a7"
]
},
"streamSettings": {
"transport": "mekya",
"transportSettings": {
"url": "http://127.0.0.1:12777",
"maxWriteSize": 10485760,
"maxWriteDurationMs": 5000,
"maxSimultaneousWriteConnection": 128,
"packetWritingBuffer": 65536,
"kcp": {
"mtu": {
"value": 1450
},
"tti": {
"value": 15
},
"uplink_capacity": {
"value": 40
},
"downlink_capacity": {
"value": 2000
},
"congestion": false,
"write_buffer": {
"size": 671088640
},
"read_buffer": {
"size": 671088640
}
}
},
"security": "tls",
"securitySettings": {
"certificate": [
{
"usage": "ENCIPHERMENT",
"certificateFile": "/usr/local/etc/v2ray/cert/self-signed_cert.pem",
"keyFile": "/usr/local/etc/v2ray/cert/self-signed_key.pem"
}
]
}
}
}
],
"outbounds": [
{
"protocol": "freedom"
}
]
}
Mekya takes these parameters:
maxWriteSize-- The maximum size of a response that will be written to a single response.maxWriteDurationMs-- The maximum time in milliseconds that a server will hold a request for write.maxSimultaneousWriteConnection-- The maximum amount of in-flight http request a server will hold for write.packetWritingBuffer-- The maxium amount of packets that a server will hold awaiting write.
KCP takes these parameters:
mtu-- Maximum transmission unit. This value is typically between 576 - 1460 bytes. It is 1350 bytes by default.tti-- Transmission time interval in a millisecond. mKCP will send data at this frequency. Please choose a value between 10 - 100. It is 50 by default.uplinkCapacity-- Upload bandwidth capacity. The maximum speed to send data in MB/s. It is 5 MB/s by default. Note that it is Bytes/second, not Bits/second. You can set it to 0 MB/s for very low bandwidth.downlinkCapacity-- Download bandwidth capacity. The maximum speed to receive data in MB/s. It is 20 MB/sby default. Note that it is Bytes/second, not Bits/second. You can set it to 0 MB/sfor very low bandwidth.congestion-- Whether congestion control is enabled. It isfalseby default. This will instruct V2ray to decrease transfer speed if there is too much packet loss.readBufferSize-- The read buffer size of a single connection, in MB. It is 2 MB by default.writeBufferSize-- The write buffer size of a single connection, in MB. It is 2 MB by default.
Change the values in the template to your values.
Save the file when done.
1.6. Modify systemd service file
Create an override for the systemd service file for V2ray:
cd /etc/systemd/system/v2ray.service.d
cp 10-donot_touch_single_conf.conf 20-jsonv5.conf
vi 20-jsonv5.conf
Add -format jsonv5 to the run command:
ExecStart=/usr/local/bin/v2ray run -config /usr/local/etc/v2ray/config.json -format jsonv5
Save the file.
Reload the systemd daemon:
systemctl daemon-reload
1.7. Enable and start V2ray
systemctl enable v2ray
systemctl start v2ray
Exit your SSH session with the server.
2. Set up client
2.1. Install V2ray client
Download the client executable from https://github.com/v2fly/v2ray-core/releases.
Example:
v2ray-windows-64.zip
Extract the .zip file.
2.2. Configure V2ray client
Edit the client configuration file config.json in the same folder as the V2ray client executable.
Use this as a model.
{
"log": {
"error": {
"level": "Warning",
"type": "Console"
},
"access": {
"type": "None"
}
},
"inbounds": [
{
"protocol": "socks",
"listen": "127.0.0.1",
"port": 17774,
"settings": {
"udpEnabled": false,
"address": "127.0.0.1",
"packetEncoding": "Packet"
}
}
],
"outbounds": [
{
"protocol": "vmess",
"settings": {
"address": "V2RAY.SERVER.IP.ADDRESS",
"port": 17773,
"uuid": "eb2b7e74-2df2-3777-d61e-274b83b2e9a7"
},
"streamSettings": {
"transport": "mekya",
"transportSettings": {
"url": "https://V2RAY.SERVER.IP.ADDRESS:17773/mrss48bvxrkfq1qzeqte5o61mmvc9gx6hq51",
"maxWriteDelay": 80,
"maxRequestSize": 96000,
"pollingIntervalInitial": 200,
"h2_pool_size": 8,
"kcp": {
"mtu": {
"value": 1450
},
"tti": {
"value": 15
},
"uplink_capacity": {
"value": 40
},
"downlink_capacity": {
"value": 2000
},
"congestion": false,
"write_buffer": {
"size": 671088640
},
"read_buffer": {
"size": 671088640
}
}
},
"security": "tls",
"securitySettings": {
"pinnedPeerCertificateChainSha256": [
"+IbDYp/49u5aLsa7g/Dasj4AdG9KTO9t9z2lke0FRTc="
],
"allowInsecureIfPinnedPeerCertificate": true
}
}
}
]
}
Mekya takes these parameters:
url-- The url of the server.maxWriteDelay-- The maximum amount of time in milliseconds that writes are accumulated for a single request.maxRequestSize-- The maximum size of a request that will be written to a single response.pollingIntervalInitial-- The initial polling time for response.h2PoolSize-- The size of the http2 clients to use for higher concurrency.pinnedPeerCertificateChainSha256-- The SHA256 hash of the remote server's certificate chain in base64 encoding.
Replace the sample values in the above with your own values.
Save the file.
2.3. Run V2ray client
Run the client in a command prompt window.
Example:
v2ray.exe run -c config.json -format jsonv5
Leave the command prompt window open, with v2ray.exe running in it.
2.4. Install and configure Firefox
Download the Firefox browser from https://www.mozilla.org.
Edit Settings > General > Network Settings > Settings.
Set Manual proxy configuration, SOCKS Host 127.0.0.1, Port 17774, SOCKS v5, Proxy DNS when using SOCKS v5.
Browse the web.