Xray Server Configuration Guide - DanielLavrushin/asuswrt-merlin-xrayui GitHub Wiki

This guide walks you through the steps to configure Xray as a VLESS+REALITY server on your ASUS router. By the end of this guide, your router will be set up to securely handle VPN traffic with enhanced privacy and performance.

Configure Inbounds

Adding a New Inbound (VLESS)

image

User Configuration

  • Add one or more users to your VLESS inbound.
  • For each user, assign a unique UUID.
  • It is recommended to select the xtls-rprx-vision flow for enhanced security, as it provides better protection against attacks and ensures more efficient traffic routing.

Configure Transport for VLESS

Once the VLESS inbound is created, click the Transport button located next to it to configure its transport layer settings.

Reality Settings

The REALITY protocol is a powerful feature that adds an extra layer of encryption and security to your Xray server. Here’s how to configure it:

In the Security dropdown menu, select REALITY. Click the Settings button next to the security dropdown to open the REALITY configuration dialog.

image

Required Fields

  • Server Destination: Specify the server destination. In this guide, we use speed.cloudflare.com:443 as an example.
  • Server Names: Add speed.cloudflare.com to the server names list. This helps the client identify the REALITY server correctly.
  • Short IDs:
    • Generate at least one Short ID by clicking the Manage button in the Short IDs section. Short IDs are essential for identifying traffic streams securely.
  • Public/Private Key Pair:
    • If you already have a REALITY key pair, you can manually input your Private Key.
    • To generate a new key pair, click the Regenerate button. Your router will create a unique public/private key pair for you.

Finalizing REALITY Settings

Once the above fields are configured click the Close button to save your settings. Your REALITY transport layer is now set up and ready to secure VLESS connections.

Outbounds

With inbounds configured, it’s time to set up outbounds. Outbounds define how traffic leaving your server is handled.

FREEDOM Outbound

image

The FREEDOM outbound is used to allow unrestricted traffic to flow directly to its destination.

  • Add a new outbound and select FREEDOM as the protocol.
  • Ensure this outbound appears first in the list, as Xray processes outbounds in order of priority.

BLACKHOLE Outbound

image

The BLACKHOLE outbound is used to block any unwanted or unauthorized traffic.

  • Add a new outbound and select BLACKHOLE as the protocol.
  • You can keep all the settings at their default values.