v2ray + wireguard to unblock gfw and netflix,spotify,hulu

v2ray_wireguard_netflix_spotify_hulu.md

I previously write a gist about how to set up v2ray + openvpn to unblock gfw and netflix

Refers to that gist for more detail.

In short, this a solution to proxy your network to bypass Firewall with stable connections, and also unblock Proxy detection for Netflix/Spotify/etc....

In my use case from China network:

(V2ray service can be both client and server)

• Visit baidu/qq from my IP directly. -- fast network speed for local resource.
• Proxy youtube/google request to the VPS, from my VPS's IP. -- Unblock GFW.
• Proxy netflix/spotify request to the VPS, VPS then proxy the request to a VPN vendor through wireguard tunnel, this time use the VPN vendor's IP. -- Unblock Netflix Proxy Detection.

Things that needs to be prepared.

• A VPS that can ssh into

  • Use a CN2 network or CN2 GIA network to gain fast netowk speed if you're from China.
    • Can use the vendor same as mine: bandwagonhost(you need to login, click Client Area -> Services -> Order New Services to get CN2 server)
    • Or search CN2 here

• A wireguard config(vpn vendor that can unblock netflix/spotify)

  • I use purevpn, Scroll down and follow this guideline to get config file for purevpn.

Steps

Install V2ray

ssh into your VPS, install v2ray server, recommand using this one line installer

bash <(curl -s -L https://git.io/v2ray.sh)

Then pasted your v2ray configuration to your device

• v2rayN for windows
• v2rayNG for Android
• V2rayU for Mac
• kitsunebi for IOS

Config wireguard

Setup wireguard proxy follow my repo wireguard_socks5_docker

# tested only on Ubuntu/Debian
git clone https://github.com/zpoint/wireguard_socks5_docker.git
cd wireguard_socks5_docker
# build image
bash ./build.sh
# copy the configure file you downloaded to ./config/wg0.conf, or pasted the content
vim ./config/wg0.conf
# start container 
bash ./start.sh
# test connection
bash ./test.sh

Change the v2ray config to forward the netflix/spotify proxy to the wireguard tunne

vim /etc/v2ray/config.json

Part of my configuration

      "inbounds": [
        {
         "port": 8888,
         "protocol": "vmess",
         "settings": {
          "clients": [
           {
            // private config
           }
          ]
         },
         "streamSettings": {
          "network": "ws"
         },
         "sniffing": {
          "enabled": true,
          "destOverride": [
           "http",
           "tls"
          ]
         }
        }
       ]


       "outbounds": [
        {
          "settings": {},
          "protocol": "freedom"
        },
        // ...
        {
         "protocol": "socks",
         "settings": {
          "servers": [{
           "port": 9050,
           "address": "localhost"
          }]
         },
         "streamSettings": {
          "tcpSettings": {
           "header": {
            "type": "none"
           }
          },
          "network": "tcp",
          "security": "none"
         },
         "tag": "streaming"
        }
       ]

       "routing": {
        "rules": [
            {
          "type": "field",
          "domain": [
           "domain:btstatic.com",
           "domain:netflix.com",
           "domain:netflix.net",
           "domain:nflxext.com",
           "domain:nflximg.com",
           "domain:nflximg.net",
           "domain:nflxsearch.net",
           "domain:nflxso.net",
           "domain:nflxvideo.net",
           "domain:fast.com",
           "domain:fast.ca",
           "domain:netflixinvestor.com",
           
           "domain:byspotify.com",
           "domain:pscdn.co",
           "domain:scdn.co",
           "domain:spoti.fi",
           "domain:spotify-everywhere.com",
           "domain:spotify.com",
           "domain:spotify.design",
           "domain:spotifycdn.com",
           "domain:spotifycdn.net",
           "domain:spotifycharts.com",
           "domain:sspotifycodes.com",
           "domain:spotifyforbrands.com",
           "domain:spotifyjobs.com"
          ],
          "outboundTag": "streaming"
         }
        ]
       }

More domain rules refers to here

Then restart v2ray

systemctl restart v2ray

Or select reboot menu here

v2ray

Check logs under /var/log/v2ray/ if you encounter configuration error after restart.

Thank you very much for the easy but detailed instruction! It's exactly what I am going to setup!
May I ask:

1. On the VPS v2ray_server, The streaming flow should only relate to "outbound" flow (connect to wireguard), why there is a need to specify "streamSettings" in "inbounds" section?

edited: my apology, streamSettings is actually a v2ray default tag. I confuse with streaming. Please ignore question1.

2. I guess the wireguard container is listening at port:9050. Besides the port, where to put the wireguard authentication keys on v2ray_server?

Thank you!

@upsangel

The wg0.conf contains the authentication and server info.
And the start.sh will start wireguard and connect via this config file.

I see, I was thinking authentication is required between v2ray_server and wireguard_container.
Read your docker instruction found the clue: Dante SOCKS Server is used. It listens on eth0 (the network from the host PC) and connects to this wg0 network (the OpenVPN network).

tldr:
v2ray_server <=> wireguard_container: No auth is required.
wireguard_container <=> vpn_vendor : wg0.conf
Is it correct?

Yes

@zpoint
can we use this to unblock www.hotstar.com, www.jiocinema.com?
using wireguard VPN, was trying to find solutions, please let me know if this works?

It depends on your VPN IP. If your VPN vendor's IP can, then the answer is yes; if not, the answer is no.
This solution forwards your different traffic to different IPs.

So its depends on VPS
I deployed custom VPN using wireguard
we are using digital ocean and GCP and it didn't worked it