This guide explains the structure and functionality of the provided Xray client configuration. It is intended for users setting up an Xray client to route traffic through a VLESS proxy with Reality security.

DNS Settings

Keep the DNS settings as provided:

• Ensure the tag field has some value, e.g. dnsQuery
• add 1 simple server item (click manage button inside the servers row)
  • https+local://dns.google/dns-query

Inbounds

Add a DOKODEMO-DOOR inbound

• Tag: Assign a tag e.g. all-in (or keep the default one).
• Port: Use any available port number on your router, e.g., 5599.
• Network: Select tcp,udp.
• Follow Redirect: Ensure this option is checked.

Sniffing

Enable sniffing for the DOKODEMO inbound (press sniffing button next to it):

Outbounds

This step is critical for routing traffic correctly. Configure the outbound traffic depending on the Xray server's inbound listener. In this case, we use the robust vless+REALITY configuration.

FREEDOM Outbound

Add the first outbound - FREEDOM protocol.

VLESS Outbound

Add a VLESS outbound as a first proxy

• Configuration Details:
  • Server Address: Specify the Xray server's IP address.
  • Server Port: Set the port used by the Xray server.
• Add a Client:
  • Provide the client ID (UUID) that matches the configuration on the remote Xray server.
  • Ensure the id in the client configuration is identical to the id set on the remote Xray server.

Transport settings

Next, press the transport button to configure transport and security for the outbound.

• Network - select tcp
• Security - select REALITY

Then select REALITY from the dropdown and press settings button.

REALITY Settings:

• Server Name: Specify the server name, e.g., dl.google.com.
• Short ID: Must match the server-side configuration.
• Public Key: Provided by the server.
• Fingerprint: Defines the fingerprint of the TLS Client Hello message.

[!IMPORTANT] Important to set the exact server name that is specified in the dest property of the server side config.

BLACKHOLE protocol

Add a third outbound with the BLACKHOLE protocol. Use this to block unwanted traffic.

Routing rules

We need to define some rules to split domestic and foreign traffic. Xray can use its internal mechanisms to determine the traffic from different regions and then send them to different outbound proxies.

[!CAUTION] Be aware of the rules ordering, it is crucual for a correct setup.

[!TIP]

Common domain lists

The list contains some common domain names & ips, which can be used as geosite:token to perform routing or DNS filtering for domain names/ips that match those in the file.

You can use XRAYUI to download and setup community list by pressing the update metadata button in the Routing section

Rules

The configuration of routing rules depends on your specific scenario and how you intend to manage network traffic through the router. Below are examples of common setups.

Scenario 1: Forward All Traffic to Proxy

For a simple setup, you can forward all traffic to an outbound proxy:

• Add a new rule.
• Select proxy (e.g., vless) as the outbound.
• Apply the rule to all inbounds.
• Save the rule.

Scenario 2: Proxy YouTube Traffic

In this scenario, YouTube traffic is routed through the proxy, while all other traffic is sent directly.

First: Create a YouTube-Specific Rule

Add a rule to route all YouTube traffic through the proxy.

Second: Create a Rule for All Other Traffic

Although not required if your first outbound is set to direct (e.g., FREEDOM), adding this ensures clarity.

Apply the changes.