Configuration Guide - YtFlow/YtFlowApp GitHub Wiki

The flexible and composable YtFlow configuration system allows you to customize every single bit of how YtFlowApp VPN works. For an extensive description about plugins, parameters and YtFlow internals, please refer to YtFlowBook. The instructions below serves as a quick guide to spin up a working YtFlow Profile.

Note The instructions below apply to profiles that does not use Dynamic Outbound. We recommend using Dynamic Outbound as it is easier for users to manage multiple proxy servers, and should cover the most of simple use cases. Refer to Quick Start on how to create a profile with Dynamic Outbound.

Prerequisite

In this guide, we assume YtFlow (next, version 1.2.0.0) has been installed on your device, with System VPN Profile properly set up.

We also recommend understanding the JSON format if necessary, so that you won't get into trouble later when editing the parameters. See What is JSON. Take note that JSON is sensitive about trailing commas.

Create a Profile

For first-time set up, you are required to create a new profile. As of version 1.2.0.0, you can choose among Shadowsocks (with or without obfs), Trojan and HTTP Proxy. Enter a profile name and click 'Save'.

Edit Protocol Details

Click 'Edit' beside the new profile. Based on the outbound type chosen, navigate to corresponding plugins to enter server information.

Shadowsocks

Go to ss-client with the default parameter:

{
  "method": "aes-128-gcm",
  "password": {
    "__byte_repr": "utf8",
    "data": "my_ss_password"
  },
  "tcp_next": "proxy-redir.tcp",
  "udp_next": "null.udp"
}
  • Replace aes-128-gcm with the desired cipher/method. Supported methods: plain/none/rc4/rc4-md5/aes-128-cfb/aes-192-cfb/aes-256-cfb/aes-128-ctr/aes-192-ctr/aes-256-ctr/camellia-128-cfb/camellia-192-cfb/camellia-256-cfb/aes-128-gcm/aes-192-gcm/aes-256-gcm//chacha20-ietf/chacha20-ietf-poly1305/xchacha20-ietf-poly1305. Note that chacha20 and chacha20-poly1305 are not supported.
  • Replace my_ss_password with your Shadowsocks password in text format.
  • Click 'Save' when done.

simple-obfs

If you need your Shadowsocks stream obfuscated by TLS/HTTP headers, here are the extra steps to achieve that.

  • Create a new plugin obfs-client with type tls-obfs-client or http-obfs-client.
  • Replace null with the following JSON object:
{
  "host": "my.obfs.host.com",
  "path": "/",
  "next": "phy.tcp"
}

for http-obfs-client, where my.obfs.host.com and / are obfs parameters, and

{
  "host": "my.obfs.host.com",
  "next": "phy.tcp"
}

for tls-obfs-client, where my.obfs.host.com is obfs host.

  • Click 'Save' when done.
  • Go to proxy-redir, replace phy.tcp with obfs-client.tcp.
  • Click 'Save' when done.

Trojan

Go to trojan-client with the default parameter:

{
  "password": {
    "__byte_repr": "utf8",
    "data": "my_trojan_password"
  },
  "tls_next": "trojan-client-tls.tcp"
}
  • Replace my_trojan_password with your Trojan password in text format.
  • Click 'Save' when done.

Go to trojan-tls-client with the default parameter:

{
  "next": "proxy-redir.tcp",
  "skip_cert_check": false,
  "sni": "my.trojan.proxy.server.com"
}
  • Replace my.trojan.proxy.server.com with your Trojan host name.
  • Change false to true if your certificate is invalid or untrusted. In this case, you will risk MITM attack.
  • Click 'Save' when done.

HTTP Proxy

No protocol-specific plugin parameters need changing.

Edit Server Details

Go to proxy-redir with the default parameter:

{
  "dest": {
    "host": "my.proxy.server.com.",
    "port": 8388
  },
  "tcp_next": "phy-socket",
  "udp_next": "phy-socket"
}
  • Replace my.proxy.server.com. with the domain name or IP address of your server.
  • Replace 8388 with your service port.
  • Click 'Save' when done.

Conclusion

If all parameters are valid and correct, you should be able to connect to your proxy server with this profile. Refer to YtFlowBook for more tweaks. Join our Telegram group YtFlow α for help and troubleshooting.