Summary of "Каскадный ВПН на 3x-ui. Самый простой способ обхода ограничения трафика ВПН. Двойной ВПН сервер."

Technological concept: “cascading” (double) VPN using 3x-ui / Xray

The video explains how to build a double/cascading VPN setup:

• Incoming VPN server (in Russia): first processes traffic for clients.
• Outgoing/final VPN server (foreign, e.g., Europe): receives only the traffic that should be treated as “foreign”.

Key idea:

• Route Russian domains/IPs directly.
• Route non-Russian domains/IPs through the second server.

---

Motivation / analysis tied to policy change

A news discussion notes that Russia plans a fee for traffic to foreign servers exceeding 15 GB starting May 1.

Suggested mitigation approach:

• If users typically don’t exceed ~15 GB/month, they may not be affected.
• Otherwise, use client/server-side routing so not all traffic goes through VPN—only traffic to selected resources.

---

Planned follow-up content (series/tutorials)

The speaker says they’ll publish multiple related tutorials:

• Cascade on panels
• Cascade on “bare core”
• A traffic routing video specifically

They encourage viewers to subscribe to not miss these releases.

---

Architecture / behavior of the cascade

Traffic classification happens at the incoming server:

• If the destination is Russian domain / Russian IP → sent directly to Russian Internet.
• If the destination is non-Russian → forwarded to the outgoing server (Europe/NL/etc.), then to the Internet.

Performance note: Each additional server hop increases latency/ping and reduces speed. While the diagram shows 2 servers, the concept could be expanded to 3–5.

---

Product setup: installing 3x-ui (panel) on both servers

The speaker uses SSH terminal Termius for SSH access:

1. Create “host” entries for:
   • the incoming server
   • the outgoing server
2. Include server details (server IP/hostname, SSH port 22, username root, password).

Install 3X-UI panel on each server

• Update packages (mentioned as general commands):
  • apt update && apt upgrade -y
• Run the official installer script from the developer GitHub (Quickstart command).
• SSL certificate options in the example:
  • “SSL for IP address” (no domain/custom cert in the example)
  • Skip IPv6 option
  • Default panel port (or random if desired)
  • Certificate is issued automatically and renewed automatically
• Save panel access details (panel link + username/password).
• Open both panels in a browser.

---

Connection configuration details (Xray / 3x-ui settings)

Outgoing server panel

Create a connection with:

• Protocol: XTLS/Xray Vision (video mentions “Vles/XTLS RPRX Vision” and selects it in “Flow”)

• Port: 443

• Transport: TCP
• Transport security: Reality
• “Reality safety / SNI camouflage”:
  • Uses a non-blocked foreign website (e.g., Amazon/Apple/NVIDIA/etc.) as camouflage basis
• Sniffing: off

Copy the connection link from this panel—this will be reused on the incoming server.

Incoming server panel

• Create an outgoing connection that points to the outgoing server by inserting the copied connection link.
• Create routing rules so the incoming server decides where traffic goes.

---

Routing rules (core of the tutorial)

In the incoming server, routing rules use:

• Network: TCP/UDP
• Outbound tag: the outgoing connection created earlier

“Direct” routing rules

• Basic Connections → Direct IP addresses: Russia
• Direct domains: includes Russian domain patterns (video references patterns such as r.ru / “r.ru.rf” as examples of direct-domain criteria)

Rule order logic

Rules are ordered so that:

1. Russian domains/IPs route directly
2. Foreign traffic routes through the outgoing cascade connection

Then:

• Save and restart Xray

---

Reality (TLS disguise) optimization via RealLS Scanner

For the incoming server “connection” (Reality configuration), the video uses:

• A Russian domain in Target/SNI fields, or
• A tool called RealLS Scanner from the Xray-core ecosystem.

RealLS Scanner workflow

• Download the release binary (using wget is mentioned as “WET”)
• Make it executable:
  • chmod +x <file>
• Run the scanner:
  • uses subnet scanning to generate a list of usable sites/domains for disguise
• Choose a candidate domain and paste it into SNI and related fields
• Optionally create a custom camouflage site on the VPN server (referenced as a prior video)

---

Validation / testing results

Testing is performed after routing is set up:

• Use mobile QR scan or paste connection link into a client (Windows is mentioned; possibly a specific Xray client such as “Vray N”)

Verification method:

• Check IP via 2ip.ru

Expected behavior:

• On Russian sites → IP of the incoming server (example mentions Frankfurt/Germany substitute for privacy)

• On .com / foreign services → IP of the outgoing server (example: Netherlands)

Conclusion: The two-server cascade works correctly.

---

Key deliverable outcome

The final configuration described ensures:

• Russian IPs/domains: handled directly via the incoming server → Russian Internet
• Foreign IPs/domains: forwarded through the outgoing server → external Internet via Europe

---

Main speakers / sources

• Main speaker: host of the channel “Server Technologies” (addresses viewers directly)
• Primary software sources mentioned:
  • 3x-ui (installed via the official GitHub quickstart script)
  • Xray core / Xray Reality
  • RealLS Scanner tool (GitHub releases referenced)

Category

Technology

---

Share this summary

Share on X/Twitter Share on Facebook Share on LinkedIn Share on Reddit Share on WhatsApp Share on Telegram

---

Is the summary off?

If you think the summary is inaccurate, you can reprocess it with the latest model.

Reprocess summary

Video