Overview of VLESS + REALITY server setup and client connections
Contents
I put together this overview for the VPN comparison article, where I called VLESS + REALITY the strongest candidate. This is not a step-by-step guide; it is mainly the big picture and related resources.
What VLESS + REALITY is
This is a protocol developed by Xray, a fork of V2Ray. It communicates by “borrowing” TLS certificates from real HTTPS sites.
Problems with conventional TLS spoofing:
- Self-signed certificates or Let’s Encrypt certificates are easy to flag as “looks real, but suspicious”
- You need to obtain and manage your own domain and certificate
What REALITY solves:
- It uses the TLS certificate of a real site such as
microsoft.comorcloudflare.com - From the GFW’s point of view, it looks like normal access to
microsoft.com - You do not need to prepare your own domain or certificate
Note: REALITY and Hysteria2 are not compatible. They cannot be combined.
Server setup overview
What you need
- A Linux VPS
- Open ports: TCP/443 (other ports are also possible)
- No domain required - that is one of REALITY’s big advantages
Installation methods
3X-UI (recommended):
A web UI panel that makes user management and traffic monitoring easy.
bash <(curl -Ls https://raw.githubusercontent.com/mhsanaei/3x-ui/master/install.sh)After installation, open the web UI and add a VLESS + REALITY inbound.
Direct Xray-core install:
bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ installYou will need to create the config file manually.
Key settings
Parameters you need when configuring REALITY:
| Parameter | Description |
|---|---|
dest | The spoofed destination site, such as www.microsoft.com:443 |
serverNames | The domain used for SNI |
privateKey / publicKey | REALITY key pair, generated with xray x25519 |
shortIds | Client authentication ID |
How to choose the spoofed site:
- It must support TLS 1.3 and HTTP/2
- It must not be blocked from China
- Examples:
microsoft.com,cloudflare.com,www.lovelive-anime.jp
Management panels
| Panel | Notes |
|---|---|
| 3X-UI | Recommended. Feature-rich, Japanese supported |
| X-UI | Simpler, but development has slowed |
| Marzban | Multi-node support |
Client apps
The easiest option is to use an existing client app.
Windows / macOS / Linux
| App | Notes |
|---|---|
| v2rayN | Windows/macOS/Linux, Xray core recommended |
| Hiddify | Cross-platform, free, open source |
| NekoRay | Qt-based GUI client |
| ClashX Meta | macOS client with Clash Meta core |
If you choose the Xray core in v2rayN, it supports VLESS + REALITY.
Android
| App | Notes |
|---|---|
| v2rayNG | Android version of v2rayN |
| Hiddify | Recommended. Free and ad-free |
| NekoBox | Download the APK from GitHub |
iOS
| App | Notes |
|---|---|
| Shadowrocket | Paid (about $3), most feature-rich |
| FoXray | Free, based on Xray |
| Stash | Paid, Clash-compatible |
Connection methods
Add the config to the client app in any of these ways:
- URI scheme: paste a
vless://uuid@server:443?...URL - Subscription: generate a subscription URL in 3X-UI or another panel and import it
- QR code: scan a QR code generated by the panel
- Manual setup: enter the server address, port, UUID, public key, and so on
Custom app development
Libraries and SDKs if you want to build your own app.
Go
XTLS/Xray-core - the official implementation and the reference for VLESS + REALITY.
go get github.com/xtls/xray-coresing-box, for multiple protocols
sing-box - a Go library that supports many protocols, including REALITY.
- Supports Hysteria2, Trojan, Shadowsocks, and more at the same time
- Requires Go 1.21 or later
- Used internally by Hiddify and NekoBox
This is the better choice if you are building an app that handles multiple protocols.
Mobile app development
If you are building a VPN app for iOS or Android:
- Call Xray-core or sing-box through FFI
- Use a VPNclient Engine - Swift for iOS, Kotlin for Android, with a Go/C++ engine
- Use LibXray - a C binding for Xray-core
In practice, forking and modifying an existing open-source client such as v2rayNG or Hiddify is the more realistic path.
Comparison with Hysteria2
| Item | VLESS + REALITY | Hysteria2 |
|---|---|---|
| Base protocol | TCP (TLS 1.3) | UDP (QUIC) |
| Spoofing method | Borrow real-site certificates | QUIC spoofing |
| Speed | Fast | Very fast |
| Domain | Not required | Not required |
| Setup difficulty | Slightly higher | Medium |
| Compatibility | Cannot be combined | Cannot be combined |
Which one you choose depends on the environment. Use REALITY if UDP is blocked; choose Hysteria2 if speed matters more.
Related articles
- Comparison of VPN protocols for China-facing connectivity
- Hysteria2 server setup and client connection overview