X-ray VPN implementation in future releases of pfSense+

Sergei_Shablovsky

Dear pfSense Dev Team!

Please share Your position about implementing Xray VPN into future releases of pfSense+.

P.S. Opposite to other modern VPNs, Xray already have great reputation, especially in countries where government regulating/pressure on VPN technology rapidly increased…

patient0

@Sergei_Shablovsky I had a look at their website, it's that one?

Could you share what makes them better than others or better: how did you come to that conclusion?

The app seems neither open source nor existing for very long, it's based in a country (Turkey) I wouldn't trust the government.

They claim to keep no logs (lots do) and double-VPN.

At the end of their terms of service is written

"Please note that this is a sample and should be reviewed and customized according to your specific needs and requirements. It’s also recommended to have a lawyer review your terms of service before publishing them."

... a badly edited template of a terms of service.

Privacy Policy:

"Data Sharing

We do not share your data with any third parties, except in the following circumstances:

• To comply with a legal obligation or court order"

... you want to trust a company which may have to comply with their government, especially theirs?

And further down:

"Jurisdiction and Governing Law

This Privacy Policy is governed by the laws of USA. Any disputes arising from this policy will be resolved in accordance with the laws of USA."

... well, that sounds trustworthy.

I probably ended on the wrong website.

w0w

@patient0
https://github.com/XTLS/Xray-core

patient0

@w0w I found that too, yes. But that's not X-ray VPN, right?

w0w

@patient0 said in X-ray VPN implementation in future releases of pfSense+:

But that's not X-ray VPN

Some kind of analog, not as a paid service, but as functional client-service software.
I think it's about this one, not the one you've mentioned.

stephenw10

Hmm, it does seem kinda shady!

There's no FreeBSD port as far as I can see, though there is one for v2ray which this was forked from.

You are asking about adding it as a client to connect to the xrayvpn service only?

I'm not really seeing any advantages over existing VPN options TBH.

Сергей 3

In some countries, this package is absolutely necessary in pfsense.
I found these instructions
But the topic has stalled there. Is there any way to adapt these instructions for pfsense?
Or could someone explain to the newbies where all these IP addresses come from?

elvisimprsntr

I stay away from any of the so called "privacy" VPNs, especially those promoted by YouTube shills.

"If you are not paying for the product, you are the product."

Youtube Video

stephenw10

@Сергей-3 said in X-ray VPN implementation in future releases of pfSense+:

In some countries, this package is absolutely necessary in pfsense.

I still don't see how this is any better than any other existing VPN provider?

Сергей 3

@stephenw10
You're lucky you don't live in such a country.
Other VPN providers (protocols) are blocked.

stephenw10

Hmm, so the novel protocol used here bypasses state-level filtering?

Сергей 3

@stephenw10
Xray is a Chinese development that bypasses the Great Firewall of China.
I'm not very knowledgeable about networking and would like some tips for setting up Xray in pfSense.
It would be better if pfSense had its own xray package.
Could anyone get the pfSense developers involved in this?

Gertjan

@Сергей-3 said in X-ray VPN implementation in future releases of pfSense+:

Could anyone get the pfSense developers involved in this?

Wouldn't that be a temporary solution ?

I you were working for this company (?) that was mandated by gouvernement of the country you mentioned above, what would be your mission ?
With simple words : Blocking outgoing traffic.
You wouldn't want this government's big boss X... calling you and telling you you did a bad job as he just found out how to bypass your "Great Firewall" - he knows, as he could find it on the Internet ... we're talking about it right now.
The issue with open source is : it is visible to everyone. So, get it integrated, and it will work for a while. And then suddenly, the Great Firewall maintainers block whatever X-Ray is. After all, it's a protocol, so it can be blocked, the usefulness is gone. It becomes yet another type of VPN, like OpenVPN, Wireguard, IPSEC, etc etc. that needs to be supported by the authors of pfSense, Netgate.

And as always, I hope to be wrong

Btw : the oSense already has it ... did you give it a try ? ( it's probably just for some short time anyway )

edit : I'm just a forum poster like you - this is what I think, based of what I've read, and what think I know.

Сергей 3

@Gertjan, Xray disguises traffic as regular HTTPS connections, making it difficult to block.
I provided a link to an implementation of Xray in oSense, but the thread stopped responding to questions. I'm asking knowledgeable people to adapt that instruction for pfSense.

stephenw10

I would first try to make it work in FreeBSD where the package exists.

Сергей 3

@stephenw10
Here are the packages that work on FreeBSD
Xray
Tun2socks
But I don't have the knowledge to configure it manually.
I wish there was a standard package for pfSence.

elvisimprsntr

Is it just me, or does it seem like the KISS (Keep It Simple [redacted]) answer is to install X-Ray on an officially supported platform or a VPS and tunnel traffic through that?