Usually, using a VPN means certain costs, like a VPS and a domain name. In areas with censorship, VPS IPs can be blocked. To avoid the issue with IP blocks, we can use Cloudflare so that the request goes to Cloudflare IPs first before going to the VPS. So if Cloudflare is still accessible, you will be able to access your VPN because your IP will be protected from censors. In order to use Cloudflare we generally need a domain. But we can use a free us.to subdomain from afraid.org and a free tier oracle VPS
https://www.oracle.com/cloud/free/
Oracle offers two always free VPS with up to 10TB of data transfer a month. First, you will have to use a credit card, but you won’t get charged when the trial runs out. Just set up an always free server type. I will demonstrate how to set up an Ubuntu server.
Log into Oracle cloud and go to compute instances
Then click Create Instance
When setting up the server you need to save the SSH private key
You will need to SSH into the server with ssh -i FILENAME.key ubuntu@YOUR_SERVER_IP
on Linux or use Putty on Windows
You need to open the port both in the Oracle console and the VPS itself. After you SSH into the VPS you should open the firewall and install the x-ui
$ sudo apt update -y
$ sudo apt install firewalld
$ sudo firewall-cmd --zone=public --permanent --add-port=443/tcp
$ sudo firewall-cmd --zone=public --permanent --add-port=65432/tcp
$ sudo firewall-cmd --reload
$ wget https://raw.githubusercontent.com/alireza0/x-ui/master/install.sh
$ sudo chmod +x install.sh
$ sudo ./install.sh
Next, hit y, type in your username, password, and the 65432 port we opened earlier
Go to your instances and click on the correct instance
Click on the subnet
click on security list
Add all of our required ingress rules for all sources (0.0.0.0/0) and the ports we set up earlier, including the panel port (65432)
Now you should be able to go to http://YOUR_SERVER_IP:65432/ and set up an inbound.
WARNING: if you press settings it will generate a new URL like http://YOUR_SERVER_IP:65432/STUFF and make it so just accessing http://YOUR_SERVER_IP:65432/ returns error 404 so make note of this new URL if you click that button
Go to Inbounds -> Add inbound and then choosing trojan as protocol (for some reason works better than vless)
We’re going to set up a GRPC connection to the server
We need to set up a us.to free subdomain in https://freedns.afraid.org/
Click subdomains
Add two nameserver records to have the subdomain be managed by cloudflare:
Now go to cloudflare and add the new site
Then in DNS add a new A record that points to your VPS
In SSL/TLS overview make sure the encryption mode is Full
Then we’ll create a client certificate because let’s encrypt has a limit for each domain (so everyone using for us.to will max this limit out)
After we make it, we just paste the contents into the x-ui panel we have open so we can use tls
Then after this is done, you can use this inbound by clicking the QR code button
For Android, I suggest https://play.google.com/store/apps/details?id=com.v2ray.ang&hl=en_US
There are two downsides to this approach: you go through multiple layers of servers so your ping is going to reflect that. You can also only go as fast as cloudflare will let you go.
If this speed/latency is acceptable for at least some of your use cases, it’s hard to censor as governments will just see you connecting to a cloudflare IP and transmit encrypted data. You can always set up a second free server with Reality and duckdns:
Leave a comment