VXVX Docs

Hysteria2

Hysteria2ServerConfig and Hysteria2ClientConfig

Proto: protos/proto/vx/proxy/hysteria/hysteria.proto

Hysteria2 is built on QUIC. TLS is configured inside the protocol via tlsConfig (TlsConfig), not via TransportConfig.tls.

Hysteria2ServerConfig

users
UserConfig[]

Allowed users; the authentication password is in secret

obfs
ObfsConfig

Traffic obfuscation; see ObfsConfig

bandwidth
BandwidthConfig

Server-side bandwidth limits; see BandwidthConfig

quic
QuicConfig

QUIC tuning; see QuicConfig

ignoreClientBandwidth
bool

Ignore bandwidth hints reported by the client

tlsConfig
TlsConfig

Server TLS certificates and settings

addresses
string[]

Listen / advertised addresses

{
  "@type": "type.googleapis.com/vx.proxy.hysteria.Hysteria2ServerConfig",
  "users": [{ "secret": "auth-password" }],
  "tlsConfig": {
    "certificates": [{ "certificateFilepath": "/path/cert.pem", "keyFilepath": "/path/key.pem" }]
  }
}

Hysteria2ClientConfig

auth
string

Authentication password; must match a server users[].secret

tlsConfig
TlsConfig

Client TLS (SNI, allowInsecure, ECH, certificate pinning, etc.)

quic
QuicConfig

QUIC tuning

fastOpen
bool

Enable QUIC 0-RTT fast open

bandwidth
BandwidthConfig

Client bandwidth declaration (upload maxTx, download maxRx)

obfs
ObfsConfig

Salamander obfuscation

{
  "@type": "type.googleapis.com/vx.proxy.hysteria.Hysteria2ClientConfig",
  "auth": "auth-password",
  "tlsConfig": { "serverName": "example.com" }
}

QuicConfig

Window fields come in two groups: MB fields (initialStreamReceiveWindow, etc., uint32, internally × 1 MiB) and bytes fields (initialStreamReceiveWindowBytes, etc., uint64). MB fields take precedence when non-zero; when both are zero, the bytes fields or platform defaults are used.

initialStreamReceiveWindow
uint32

Initial stream receive window (MiB)

maxStreamReceiveWindow
uint32

Maximum stream receive window (MiB)

initialConnectionReceiveWindow
uint32

Initial connection receive window (MiB)

maxConnectionReceiveWindow
uint32

Maximum connection receive window (MiB)

initialStreamReceiveWindowBytes
uint64

Initial stream receive window (bytes)

maxStreamReceiveWindowBytes
uint64

Maximum stream receive window (bytes)

initialConnectionReceiveWindowBytes
uint64

Initial connection receive window (bytes)

maxConnectionReceiveWindowBytes
uint64

Maximum connection receive window (bytes)

maxIdleTimeout
uint32

Idle timeout (seconds, default 30)

keepAlivePeriod
uint32

Keep-alive period (seconds, default 10)

disablePathMtuDiscovery
bool

Disable QUIC path MTU discovery

maxIncomingStreams
uint32

Maximum incoming streams (server only)

ObfsConfig

salamander is the only obfuscation type currently supported (oneof).

salamander
SalamanderConfig

Salamander obfuscation configuration

SalamanderConfig

password
string

Obfuscation password

BandwidthConfig

maxTx / maxRx are in Mbps (internally converted to bytes per second).

maxTx
uint32

Upload bandwidth limit. On the client, this is upload; on the server, the maximum allowed upload

maxRx
uint32

Download bandwidth limit. On the client, this is download; on the server, the maximum allowed download

Comments

On this page

Hysteria2ServerConfigHysteria2ClientConfigQuicConfigObfsConfigSalamanderConfigBandwidthConfigRelated