- Enable tun mode for v2rayN: Open in administrator mode.
V2rayN open source project address: Click here
- v2rayN settings
Settings -> Parameter settings -> tun mode settings -> Stack mode: gvisor
Settings -> Routing settings -> Enable advanced features -> Domain resolution strategy: IPOnDemand -> Domain matching algorithm: mph (select this option if the previous step does not work)
- How to enable in Chrome browser
Enter chrome://flags/#encrypted-client-hello in the address bar, set the Encrypted ClientHello option to Enable, and restart the browser;
Enter chrome://flags/#use-dns-https-svcb-alpn in the address bar, set the Use DNS https alpn option to Enable, and restart the browser;
Settings -> Privacy and security -> Security -> Use secure DNS -> Select Cloudflare (1.1.1.1)
- How to enable in Edge browser
Settings -> Privacy, search, and services -> Security -> Enable Use secure DNS to specify how to look up the network address of websites -> Enter the following in the service provider field: https://1.1.1.1/dns-query
Find the browser shortcut -> Right-click and select "Properties" -> Add the parameter --enable-features=EncryptedClientHello after the space after "Target"
- Check if ECH is enabled in the browser
- In v2ray's tun mode
System refers to the system proxy settings. When using v2ray tun mode, you can choose to set the system proxy to v2ray, so that all network traffic will be proxied through v2ray.
gvisor is a tool for providing advanced network isolation and security. It is an open-source sandbox tool that can containerize at the operating system level to protect applications from malicious code attacks. Using gvisor can increase the security of network applications and prevent malicious code from attacking and abusing the system.
- v2rayN's routing settings
Domain resolution strategy
"AsIs": Only use domain names for routing selection. Fast resolution, not accurate routing. Default value.
"IPIfNonMatch": When a domain name does not match any rules, resolve the domain name to an IP (A record or AAAA record) and match again;
When a domain name has multiple A records, it will try to match all A records until one matches a rule;
The resolved IP only takes effect in routing selection, the forwarded packets still use the original domain name;
In theory, resolving is slightly slower than "AsIs", but it is usually not noticeable in use.
"IPOnDemand": When matching, immediately resolve the domain name to an IP for matching. Most accurate, but slowest.
Domain matching algorithm
"linear": Use linear matching algorithm, default value;
"mph": Use minimal perfect hash algorithm (v4.36.1+). Testing data is about 170,000 records, matching speed is improved by about 30%, and memory usage is reduced by about 15%.