meridian-vpn 3.0.1

Censorship-resistant VLESS+Reality proxy server management

Meridian

Deploy a censorship-resistant proxy server in one command.
Invisible to DPI, active probing, and TLS fingerprinting.

Install

curl -sSf https://meridian.msu.rocks/install.sh | bash

Or install directly from PyPI:

uv tool install meridian-vpn    # recommended
pipx install meridian-vpn       # alternative

Quick start

meridian setup                       # interactive wizard
meridian setup 1.2.3.4               # deploy to server
meridian setup 1.2.3.4 --domain d.io # with CDN fallback

After setup, your server is a fully functional proxy. Share access:

meridian client add alice            # generate keys for a friend
meridian client list                 # see all clients
meridian client remove alice         # revoke access

Each client gets an HTML page with QR codes and one-tap deep links. In domain mode, the page is also hosted on the server with live usage stats.

How it works

Meridian deploys VLESS+Reality — a protocol that makes your server indistinguishable from a legitimate website:

Censorship method	How Meridian beats it
Deep Packet Inspection	Traffic is byte-for-byte identical to normal HTTPS. No proxy signatures.
Active probing	Censors connecting to your server get a real TLS certificate from microsoft.com. Only clients with your private key reach the proxy.
TLS fingerprinting	uTLS impersonates Chrome's exact Client Hello, matching billions of real devices.
IP blocking	Domain mode routes through Cloudflare CDN as a fallback — no direct IP exposure.

What you need

• A VPS (Debian/Ubuntu) with root SSH key access — $3–5/month from any provider
• Recommended: Finland, Netherlands, Sweden, Germany (low latency, not flagged)
• Optional: a domain pointed to the server (for CDN fallback via Cloudflare)

Commands

Command	Description
meridian setup [IP]	Deploy proxy server (interactive wizard if no IP)
meridian setup IP --xhttp	Deploy with XHTTP transport (enhanced stealth)
meridian client add NAME	Add a named client key
meridian client list	List all clients
meridian client remove NAME	Remove a client key
meridian server list	List managed servers
meridian check [IP]	Pre-flight validation (ports, SNI, ASN, DNS)
meridian scan [IP]	Find optimal SNI targets on server's network
meridian ping [IP]	Test proxy reachability from this device
meridian diagnostics [IP]	Collect info for bug reports
meridian uninstall [IP]	Remove proxy from server
meridian self-update	Update CLI

Architecture

Standalone mode — Xray on port 443. No domain needed.

Domain mode — HAProxy routes by SNI: Reality traffic goes to Xray, everything else to Caddy (auto-TLS). Adds VLESS+WSS through Cloudflare CDN as a fallback.

Client apps

After setup, connect with any of these apps:

Platform	App
iOS	v2RayTun
Android	v2rayNG
Windows	v2rayN
All platforms	Hiddify

Docs

Full documentation, interactive command builder, and setup guides:

meridian.msu.rocks · Connection page demo

Feedback

Not connecting? Run meridian ping to check if the server is reachable, or use the web-based ping tool.

Something else not working? Get instant AI-powered help:

meridian diagnostics --ai        # copies an AI-ready prompt to clipboard

Paste the prompt into ChatGPT, Claude, or any AI assistant for personalized troubleshooting.

Or open an issue with meridian diagnostics output.