-
Notifications
You must be signed in to change notification settings - Fork 13
Configuration Guide
The flexible and composable YtFlow configuration system allows you to customize every single bit of how YtFlowApp VPN works. For an extensive description about plugins, parameters and YtFlow internals, please refer to YtFlowBook. The instructions below serves as a quick guide to spin up a working YtFlow Profile.
Note The instructions below apply to profiles that does not use Dynamic Outbound. We recommend using Dynamic Outbound as it is easier for users to manage multiple proxy servers, and should cover the most of simple use cases. Refer to Quick Start on how to create a profile with Dynamic Outbound.
In this guide, we assume YtFlow (next, version 1.2.0.0) has been installed on your device, with System VPN Profile properly set up.
We also recommend understanding the JSON format if necessary, so that you won't get into trouble later when editing the parameters. See What is JSON. Take note that JSON is sensitive about trailing commas.
For first-time set up, you are required to create a new profile. As of version 1.2.0.0, you can choose among Shadowsocks (with or without obfs), Trojan and HTTP Proxy. Enter a profile name and click 'Save'.
Click 'Edit' beside the new profile. Based on the outbound type chosen, navigate to corresponding plugins to enter server information.
Go to ss-client
with the default parameter:
{
"method": "aes-128-gcm",
"password": {
"__byte_repr": "utf8",
"data": "my_ss_password"
},
"tcp_next": "proxy-redir.tcp",
"udp_next": "null.udp"
}
- Replace
aes-128-gcm
with the desired cipher/method. Supported methods:plain
/none
/rc4
/rc4-md5
/aes-128-cfb
/aes-192-cfb
/aes-256-cfb
/aes-128-ctr
/aes-192-ctr
/aes-256-ctr
/camellia-128-cfb
/camellia-192-cfb
/camellia-256-cfb
/aes-128-gcm
/aes-192-gcm
/aes-256-gcm
//chacha20-ietf
/chacha20-ietf-poly1305
/xchacha20-ietf-poly1305
. Note thatchacha20
andchacha20-poly1305
are not supported. - Replace
my_ss_password
with your Shadowsocks password in text format. - Click 'Save' when done.
If you need your Shadowsocks stream obfuscated by TLS/HTTP headers, here are the extra steps to achieve that.
- Create a new plugin
obfs-client
with typetls-obfs-client
orhttp-obfs-client
. - Replace
null
with the following JSON object:
{
"host": "my.obfs.host.com",
"path": "/",
"next": "phy.tcp"
}
for http-obfs-client
, where my.obfs.host.com
and /
are obfs parameters, and
{
"host": "my.obfs.host.com",
"next": "phy.tcp"
}
for tls-obfs-client
, where my.obfs.host.com
is obfs host.
- Click 'Save' when done.
- Go to
proxy-redir
, replacephy.tcp
withobfs-client.tcp
. - Click 'Save' when done.
Go to trojan-client
with the default parameter:
{
"password": {
"__byte_repr": "utf8",
"data": "my_trojan_password"
},
"tls_next": "trojan-client-tls.tcp"
}
- Replace
my_trojan_password
with your Trojan password in text format. - Click 'Save' when done.
Go to trojan-tls-client
with the default parameter:
{
"next": "proxy-redir.tcp",
"skip_cert_check": false,
"sni": "my.trojan.proxy.server.com"
}
- Replace
my.trojan.proxy.server.com
with your Trojan host name. - Change
false
totrue
if your certificate is invalid or untrusted. In this case, you will risk MITM attack. - Click 'Save' when done.
No protocol-specific plugin parameters need changing.
Go to proxy-redir
with the default parameter:
{
"dest": {
"host": "my.proxy.server.com.",
"port": 8388
},
"tcp_next": "phy-socket",
"udp_next": "phy-socket"
}
- Replace
my.proxy.server.com.
with the domain name or IP address of your server. - Replace
8388
with your service port. - Click 'Save' when done.
If all parameters are valid and correct, you should be able to connect to your proxy server with this profile. Refer to YtFlowBook for more tweaks. Join our Telegram group YtFlow α for help and troubleshooting.