VLESS

Danger

Currently, VLESS does not provide built-in encryption. Please use it with a reliable channel, such as TLS.

VLESS is a stateless lightweight transport protocol that consists of inbound and outbound parts. It can serve as a bridge between Xray clients and servers.

Unlike VMess, VLESS does not rely on system time. The authentication method is still UUID-based.

InboundConfigurationObject

{
  "clients": [
    {
      "id": "5783a3e7-e373-51cd-8642-c83782b807c5",
      "level": 0,
      "email": "love@xray.com",
      "flow": "xtls-rprx-vision"
    }
  ],
  "decryption": "none",
  "fallbacks": [
    {
      "dest": 80
    }
  ]
}

clients: [ ClientObject ]

An array representing a group of users approved by the server.

Each item in the array is a user ClientObject.

decryption: "none"

Currently, you need to specify "none". It cannot be left empty. If the decryption value is not set correctly, you will receive an error message when using Xray or -test.

Note that decryption is at the same level as clients. The placement of decryption is different from the encryption in the vmess protocol because if there is a layer of agreed encryption, the server needs to decrypt it first to know which user it belongs to.

fallbacks: [ FallbackObject ]

An array that contains a series of powerful fallback configurations (optional). The specific configuration for fallbacks can be found in the FallbackObject documentation.

ClientObject

{
  "id": "5783a3e7-e373-51cd-8642-c83782b807c5",
  "level": 0,
  "email": "love@xray.com",
  "flow": "xtls-rprx-vision"
}

id: string

The user ID for VLESS. It can be any string less than 30 bytes or a valid UUID. Custom strings and their corresponding UUIDs are equivalent, which means you can use either of the following in the configuration file to identify the same user:

  • "id": "我爱🍉老师1314"
  • "id": "5783a3e7-e373-51cd-8642-c83782b807c5" (This UUID is the mapping of the string "我爱 🍉 老师 1314")

The mapping standard is described in the VLESS UUID Mapping Standard: Mapping a Custom String to a UUIDv5open in new tag.

You can use the command xray uuid -i "custom string" to generate the UUID corresponding to a custom string.

You can also use the command xray uuid to generate a random UUID.

level: number

The user level that the connection will use to determine the corresponding Local Policy.

The value of level corresponds to the value of level in the policy. If not specified, the default value is 0.

email: string

User email address used to differentiate traffic from different users (reflected in logs and statistics).

flow: string

Flow control mode used to select the XTLS algorithm.

Currently, the following flow control modes are available for inbound protocols:

  • No flow, empty string, or none: Use regular TLS proxy.
  • xtls-rprx-vision: Use the new XTLS mode, including inner-handshake random padding.

Additionally, XTLS currently only supports TCP, mKCP, and DomainSocket as transport methods.