Easily install and manage a multi-protocol, multi-route V2ray VPN server; with user management, domain camouflage (fallback), and route auto update for users.
- TROJAN, Shadowsocks/v2ray and VLESS protocols (Powered by XRay project)
- Camouflage domains with a real website to reduce the risk of being blocked by probing
- One-command installation and management
- Support multiple domains and IPs, and auto-select the best route on user's devices
- Multi-user management with connection limitation
- A server running Ubuntu 20.04+ or Debian 11+ (Ubuntu 22.04 recommended)
- At least 1 GB of RAM
- One domain/subdomain pointed to a CDN (such as Cloudflare), and the CDN set to
Full
SSL mode
- Two domains behind a CDN (such as Cloudflare), one for the panel/update and one for the VPN itself
- One or more extra servers for the secondary proxy (512MB RAM is enough for secondary proxies)
-
Buy a domain and point its DNS to a CDN (such as Cloudflare), and set the CDN to
Full
SSL mode. help -
Set your server's IP address to the CDN's DNS record, and make sure CDN is enabled. (Orange cloud icon in Cloudflare)
-
run the following command on your server and follow the instructions.
curl -s https://raw.githubusercontent.com/quiniapiezoelectricity/Libertea-Marron/master/bootstrap.sh -o /tmp/bootstrap.sh && bash /tmp/bootstrap.sh install
The installation may take a few minutes.
IPv6 for outgoing connection is not supported by default due to limitations of docker containers, however, Libertea Marron offers different network modes to provide support for outgoing IPv6 connections in different server setups.
Network Modes:
- Default - IPv4 only.
- Dualstack - Full support for IPv6, recommended, requires a IPv6 routed range prefix allocated by your server provider.
- NAT - Supports IPv6 with an IPv6 NAT, recommended if your provider only offers single /128 IPv6 address for your server, may have issues establishing peer-to-peer connections with IPv6.
- Host - Supports IPV6 by disabling docker container network stack isolation, outbound firewall will be disabled, internal routing will be used to limit outbound ports (if possible).
Choose network mode by appending the network mode choice to the end of the command.
Incoming IPv6 connection is supported by default.
To update, just run the following command on your server:
curl -s https://raw.githubusercontent.com/quiniapiezoelectricity/Libertea-Marron/master/bootstrap.sh -o /tmp/bootstrap.sh && bash /tmp/bootstrap.sh update
If you want to uninstall Liberta or Liberta-secondary-proxy from your server for any reason, run the following command on your server:
curl -s https://raw.githubusercontent.com/quiniapiezoelectricity/Libertea-Marron/master/bootstrap.sh -o /tmp/bootstrap.sh && bash /tmp/bootstrap.sh uninstall
Contributions are welcome! Please feel free to open an issue for any bugs, improvements and ideas; or open a pull request if you want to contribute code. If you're opening a pull request, make sure to send it to the development
branch of this repository.
Libertea uses SSL-based protocols, so the traffic is not distinguishable from normal HTTPS traffic. Also by setting a Camouflage domain to your Libertea installation, the risk of active probing gets reduced. However, GFW may still block your domains and IPs based on usage after a period of time. It is recommended to use multiple domains and secondary proxies, and periodically change your secondary proxy IPs.
Yes. In the admin panel, go to the Settings tab, and in the Route regional IPs directly section, select the countries you want to go through directly.
Yes. You can set a priority for each domain and secondary proxy; users' devices will try higher priority routes first, and use the lower priority ones only if those are not available. This way, you can optimize your traffic usage per server/domain according to your needs.