VMess
- Name:
vmess
- Type: Inbound / Outbound
VMess is a protocol for encrypted communications. It includes both inbound and outbound proxy.
VMess depends on system time. Please ensure that your system time is in sync with UTC time. Timezone doesn't matter. One may install ntp
service on Linux to automatically adjust system time.
OutboundConfigurationObject
{
"vnext": [
{
"address": "127.0.0.1",
"port": 37192,
"users": [
{
"id": "27848739-7e62-4138-9fd3-098a63964b6b",
"alterId": 4,
"security": "auto",
"level": 0
}
]
}
]
}
vnext
: [ ServerObject ]
An array, where each element presents a remote server
ServerObject
{
"address": "127.0.0.1",
"port": 37192,
"users": []
}
address
: address
Server address, may be IPv4, IPv6 or domain name.
port
: number
Server port
users
: [ UserObject ]
An array where each element is an VMess user
UserObject
{
"id": "27848739-7e62-4138-9fd3-098a63964b6b",
"alterId": 16,
"security": "auto",
"level": 0
}
id
: string
User ID, in the form of a UUID.
alterId
: number
Number of alternative IDs. The alternative IDs will be generated in a deterministic way. Default to 0. Maximum 65535. Recommend 4. Its value must be not larger than the one in corresponding Inbound.
level
: number
User level. See Policy for more detail.
security
: "aes-128-gcm" | "chacha20-poly1305" | "auto" | "none"
Method for encrypting payload. This setting is only available at outbound. The VMess inbound will automatically recognize this setting and decrypt payload accordingly. Options are:
"aes-128-gcm"
: Recommended for PC."chacha20-poly1305"
: Recommended for mobile."auto"
: Default value. Useaes-128-gcm
on AMD64, ARM64 and S390x, orchacha20-poly1305
otherwise."none"
: Traffic is not encrypted at all.
Use "auto"
wherever possible for better compatibility.
InboundConfigurationObject
{
"clients": [
{
"id": "27848739-7e62-4138-9fd3-098a63964b6b",
"level": 0,
"alterId": 4,
"email": "[email protected]"
}
],
"default": {
"level": 0,
"alterId": 4
},
"detour": {
"to": "tag_to_detour"
},
"disableInsecureEncryption": false
}
clients
: [ ClientObject ]
An array for valid user accounts. May be empty when used for dynamic port feature.
detour
: DetourObject
Optional feature to suggest client to take a detour. If specified, this inbound will instruct the outbound to use another inbound.
default
: DefaultObject
Optional default client configuration. Usually used with detour
.
disableInsecureEncryption
: true | false
Forbids client for using insecure encryption methods. When set to true
, connections will be terminated immediately if the following encryption is used. Default value false
.
none
aes-128-cfb
ClientObject
{
"id": "27848739-7e62-4138-9fd3-098a63964b6b",
"level": 0,
"alterId": 4,
"email": "[email protected]"
}
id
: string
User ID, in the form of UUID.
level
: number
User level. See Policy for its usage.
alterId
: number
Number of alternative IDs. Same as in Outbound.
Email address for user identification.
DetourObject
{
"to": "tag_to_detour"
}
to
: string
The tag of an inbound proxy. See Overview. If configured, VMess will suggest its client to use the detour for further connections.
DefaultObject
{
"level": 0,
"alterId": 4
}
level
: number
User level.
alterId
: number
Number of alternative IDs. Default value 64. Recommend 4.