VMess

  • Name: vmess
  • Type: Inbound / Outbound

VMess is a protocol for encrypted communications. It includes both inbound and outbound proxy.

VMess depends on system time. Please ensure that your system time is in sync with UTC time. Timezone doesn't matter. One may install ntp service on Linux to automatically adjust system time.

OutboundConfigurationObject

{
  "vnext": [
    {
      "address": "127.0.0.1",
      "port": 37192,
      "users": [
        {
          "id": "27848739-7e62-4138-9fd3-098a63964b6b",
          "alterId": 4,
          "security": "auto",
          "level": 0
        }
      ]
    }
  ]
}

vnext: [ ServerObject ]

An array, where each element presents a remote server

ServerObject

{
  "address": "127.0.0.1",
  "port": 37192,
  "users": []
}

address: address

Server address, may be IPv4, IPv6 or domain name.

port: number

Server port

users: [ UserObject ]

An array where each element is an VMess user

UserObject

{
  "id": "27848739-7e62-4138-9fd3-098a63964b6b",
  "alterId": 16,
  "security": "auto",
  "level": 0
}

id: string

User ID, in the form of a UUID.

alterId: number

Number of alternative IDs. The alternative IDs will be generated in a deterministic way. Default to 0. Maximum 65535. Recommend 4. Its value must be not larger than the one in corresponding Inbound.

level: number

User level. See Policy for more detail.

security: "aes-128-gcm" | "chacha20-poly1305" | "auto" | "none"

Method for encrypting payload. This setting is only available at outbound. The VMess inbound will automatically recognize this setting and decrypt payload accordingly. Options are:

  • "aes-128-gcm": Recommended for PC.
  • "chacha20-poly1305": Recommended for mobile.
  • "auto": Default value. Use aes-128-gcm on AMD64, ARM64 and S390x, or chacha20-poly1305 otherwise.
  • "none": Traffic is not encrypted at all.

Use "auto" wherever possible for better compatibility.

InboundConfigurationObject

{
  "clients": [
    {
      "id": "27848739-7e62-4138-9fd3-098a63964b6b",
      "level": 0,
      "alterId": 4,
      "email": "[email protected]"
    }
  ],
  "default": {
    "level": 0,
    "alterId": 4
  },
  "detour": {
    "to": "tag_to_detour"
  },
  "disableInsecureEncryption": false
}

clients: [ ClientObject ]

An array for valid user accounts. May be empty when used for dynamic port feature.

detour: DetourObject

Optional feature to suggest client to take a detour. If specified, this inbound will instruct the outbound to use another inbound.

default: DefaultObject

Optional default client configuration. Usually used with detour.

disableInsecureEncryption: true | false

Forbids client for using insecure encryption methods. When set to true, connections will be terminated immediately if the following encryption is used. Default value false.

  • none
  • aes-128-cfb

ClientObject

{
  "id": "27848739-7e62-4138-9fd3-098a63964b6b",
  "level": 0,
  "alterId": 4,
  "email": "[email protected]"
}

id: string

User ID, in the form of UUID.

level: number

User level. See Policy for its usage.

alterId: number

Number of alternative IDs. Same as in Outbound.

email: string

Email address for user identification.

DetourObject

{
  "to": "tag_to_detour"
}

to: string

The tag of an inbound proxy. See Overview. If configured, VMess will suggest its client to use the detour for further connections.

DefaultObject

{
  "level": 0,
  "alterId": 4
}

level: number

User level.

alterId: number

Number of alternative IDs. Default value 64. Recommend 4.