vproxy guide: Step-by-step Rust proxy setup & IPv6 rotation

vproxy is a Rust-based HTTP, HTTPS, and SOCKS5 proxy server with native IPv6 subnet support. This guide covers installation, configuration, IPv6 rotation, and production deployment.

What is vproxy?

vproxy is a high-performance proxy server written in Rust that supports HTTP, HTTPS, and SOCKS5 protocols with native IPv6 subnet binding. Unlike commercial rotating proxy services, vproxy lets you create your own IP rotation system using IPv6 subnets—turning a single VPS into a proxy pool with billions of unique addresses.

The tool achieves 143 Gbits/sec throughput in upload benchmarks. It includes session persistence, TTL-based IP rotation, and CIDR range management without external dependencies.

Note: This guide covers the 0x676e67/vproxy Rust proxy server. There are other unrelated projects with similar names (Java load balancers, VMware backup tools) that this article does not cover.

vproxy Features

vproxy provides several features that set it apart from traditional proxy servers:

• IPv4/IPv6 dual-stack support with automatic IP rotation from CIDR subnets
• Session persistence to maintain the same IP across multiple requests
• TTL-based rotation to automatically change IPs after a set number of requests
• Auto protocol detection to handle HTTP, HTTPS, and SOCKS5 on a single port
• Kernel-space zero-copy for minimal latency
• SOCKS5 CONNECT, BIND, and ASSOCIATE support
• Daemon mode with automatic restart on crash
• Basic authentication with username/password

Installing vproxy

vproxy requires minimal dependencies. You need root access for IPv6 configuration and either curl, wget, or Cargo installed.

Using curl

curl -sSL https://raw.githubusercontent.com/0x676e67/vproxy/main/.github/install.sh | bash

The script downloads the binary for your architecture and places it in /usr/local/bin/.

Using wget

wget -qO- https://raw.githubusercontent.com/0x676e67/vproxy/main/.github/install.sh | bash

Using Cargo

cargo install vproxy

Building from source takes 2-3 minutes. This method gets you the latest features before stable releases.

Using Docker

docker run --rm -it ghcr.io/0x676e67/vproxy:latest run http

Docker isolates vproxy from your system. Use this for testing or when you cannot install software directly.

Verifying Installation

Check your vproxy installation:

vproxy -h

You should see commands including run, start, restart, stop, and log. If the command fails, verify your PATH includes the installation directory.

Configuring IPv6 for vproxy

vproxy uses IPv6 subnets to generate unique IP addresses. Each request can originate from a different IP within your allocated range.

IPv6 Setup Commands

Enable non-local IPv6 binding:

sudo sysctl net.ipv6.ip_nonlocal_bind=1

This setting lets vproxy bind to any IP in your subnet. Without it, the proxy fails with "cannot assign requested address" errors.

Enable IPv6 routing:

sudo sysctl net.ipv6.conf.all.disable_ipv6=0

Some systems disable IPv6 by default. This command activates the IPv6 stack.

Add your IPv6 subnet to local routing:

sudo ip route add local 2001:470:e953::/48 dev lo

Replace 2001:470:e953::/48 with your actual subnet. You can get IPv6 subnets from Hurricane Electric, Tunnelbroker, or your VPS provider.

A /48 prefix gives you 281 trillion IP addresses. Even a /64 provides 18 quintillion IPs—more than enough for any scraping operation.

Making IPv6 Configuration Permanent

The sysctl changes do not persist across reboots. Add them to /etc/sysctl.conf:

echo "net.ipv6.ip_nonlocal_bind=1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.all.disable_ipv6=0" | sudo tee -a /etc/sysctl.conf

For the routing rule, create a systemd service or add it to /etc/rc.local.

Automatic Configuration as Root

If you run vproxy as root, it automatically configures:

• net.ipv6.ip_nonlocal_bind=1
• net.ipv6.conf.all.disable_ipv6=0
• ip route add local [your-subnet] dev lo

This simplifies setup for dedicated proxy servers.

Running vproxy as HTTP Proxy

HTTP proxy mode handles standard web traffic. It is the simplest protocol to configure and test.

Basic HTTP Proxy

vproxy run http

This starts vproxy on default port 1080 without authentication. Any client can connect. Use this for internal networks only.

Custom Port Binding

vproxy run --bind 0.0.0.0:8080 http

Port 8080 is common for HTTP proxies. Binding to 0.0.0.0 accepts connections from any network interface.

HTTP Proxy with Authentication

vproxy run http -u myuser -p mypassword

Authentication prevents unauthorized access. Clients must provide credentials in the proxy URL format:

http://myuser:mypassword@127.0.0.1:1080

HTTP Proxy with IPv6 Subnet

vproxy run -i 2001:470:e953::/48 http

Each connection pulls a random IP from your subnet. Sites see different IPs per request—perfect for bypassing rate limits.

Testing HTTP Proxy

curl -x http://127.0.0.1:1080 https://api6.ipify.org

This command routes through vproxy and returns your current IPv6 address. Run it multiple times to see IP rotation working.

Running vproxy as SOCKS5 Proxy

SOCKS5 supports UDP traffic and handles more protocols than HTTP proxies. Use vproxy SOCKS5 for applications that need lower-level network access.

Basic SOCKS5 Configuration

vproxy run socks5

The proxy listens on port 1080. SOCKS5 does not inspect HTTP headers, making it faster for pure TCP streams.

SOCKS5 with Authentication and IPv6

vproxy run -i 2001:470:70c6::/48 socks5 -u testuser -p testpass

This combines IPv6 rotation, authentication, and SOCKS5 protocol. The configuration handles 1,024 concurrent connections by default.

Increasing Connection Limit

vproxy run -c 5000 socks5

The -c flag sets maximum concurrent connections. Raise this for high-traffic scraping operations.

Testing SOCKS5 Proxy

curl -x socks5h://testuser:testpass@127.0.0.1:1080 https://api6.ipify.org

The socks5h:// scheme tells curl to use SOCKS5 and resolve DNS through the proxy. This prevents DNS leaks.

Running vproxy as HTTPS Proxy

HTTPS proxy mode requires TLS certificates. vproxy auto-generates self-signed certificates if you do not provide your own.

HTTPS with Self-Signed Certificate

vproxy run https

Clients connecting to this proxy get certificate warnings. Use self-signed certificates for testing or internal tools that trust them.

HTTPS with Custom Certificates

vproxy run https --tls-cert /path/to/cert.pem --tls-key /path/to/key.pem

Provide your own certificates from Let's Encrypt or a commercial CA. This eliminates certificate warnings in production.

Generating Let's Encrypt Certificates

certbot certonly --standalone -d proxy.yourdomain.com

Point vproxy to /etc/letsencrypt/live/proxy.yourdomain.com/fullchain.pem and the corresponding private key file.

Auto Protocol Detection Mode

Auto mode detects HTTP, HTTPS, or SOCKS5 protocols automatically. One port handles all traffic types.

vproxy run auto -u admin -p secret123

Clients do not need to specify the protocol. vproxy analyzes the first few bytes of each connection and routes accordingly.

Auto Mode with HTTPS Support

vproxy run auto --tls-cert cert.pem --tls-key key.pem -u admin -p secret123

This configuration handles encrypted and unencrypted traffic on one port. It is the most flexible setup but adds 5-10ms of detection latency.

vproxy Username Extensions

vproxy supports special username formats for session management and IP control. These extensions work with both HTTP and SOCKS5 protocols.

Session Extension for Sticky IPs

Append -session-<id> to usernames to maintain the same IP across multiple requests:

# All requests use the same IP
curl -x http://myuser-session-abc123:pass@127.0.0.1:1080 https://api6.ipify.org
curl -x http://myuser-session-abc123:pass@127.0.0.1:1080 https://api6.ipify.org

Both commands return identical IPv6 addresses. Change the session ID to get a new IP.

Use cases for sessions:

• Maintaining login state during web scraping
• Avoiding "unusual activity" flags from websites
• Testing geolocation-dependent features

TTL Extension for Automatic IP Rotation

Append -ttl-<number> to rotate IPs after a specific number of requests:

curl -x http://myuser-ttl-3:pass@127.0.0.1:1080 https://api6.ipify.org
curl -x http://myuser-ttl-3:pass@127.0.0.1:1080 https://api6.ipify.org
curl -x http://myuser-ttl-3:pass@127.0.0.1:1080 https://api6.ipify.org
curl -x http://myuser-ttl-3:pass@127.0.0.1:1080 https://api6.ipify.org

The first three requests share one IP. The fourth request gets a new IP automatically.

TTL values between 5-10 work well for most scraping. Lower values provide better anonymity but increase connection overhead.

Range Extension for CIDR Subset Management

Use -range-<id> to select IPs from specific subnet ranges:

vproxy run --bind 127.0.0.1:1080 --cidr-range 56 -i 2001:470:70c6::/48 http -u test -p test

curl -x http://test-range-group1:test@127.0.0.1:1080 https://api6.ipify.org

All requests with range-group1 pull from the same /56 subset. Different range IDs use different subsets within your /48.

Using vproxy with Popular Tools

vproxy works with any HTTP or SOCKS5 client.

Python Requests

import requests

proxies = {
    'http': 'http://user-session-python1:pass@127.0.0.1:1080',
    'https': 'http://user-session-python1:pass@127.0.0.1:1080'
}

response = requests.get('https://httpbin.org/ip', proxies=proxies)
print(response.json())

The session ID keeps the same IP across your entire Python session. Change it between script runs for fresh IPs.

Python with SOCKS5

import requests
import socks
import socket

socks.set_default_proxy(socks.SOCKS5, "127.0.0.1", 1080, username="user", password="pass")
socket.socket = socks.socksocket

response = requests.get('https://httpbin.org/ip')
print(response.json())

This approach routes all network traffic through vproxy, not just HTTP requests. It handles websockets and custom protocols.

Puppeteer and Playwright

const puppeteer = require('puppeteer');

(async () => {
  const browser = await puppeteer.launch({
    args: ['--proxy-server=http://127.0.0.1:1080']
  });
  
  const page = await browser.newPage();
  await page.authenticate({
    username: 'user-session-browser1',
    password: 'pass'
  });
  
  await page.goto('https://httpbin.org/ip');
  console.log(await page.content());
  await browser.close();
})();

Browser automation through vproxy prevents IP bans during automated testing. The session extension maintains state across page navigations.

Curl Examples

HTTP proxy:

curl -x http://user:pass@127.0.0.1:1080 https://example.com

SOCKS5 proxy:

curl -x socks5h://user:pass@127.0.0.1:1080 https://example.com

With custom headers:

curl -x http://user-ttl-5:pass@127.0.0.1:1080 \
  -H "User-Agent: Mozilla/5.0" \
  https://example.com

Running vproxy as a Daemon

Daemon mode runs vproxy in the background as a system service. It survives terminal disconnections and server reboots.

Starting the Daemon

sudo vproxy start -i 2001:470:e953::/48 http -u user -p password

The daemon logs to /var/log/vproxy.log. It restarts automatically if it crashes.

Managing the Daemon

Restart:

sudo vproxy restart

Stop:

sudo vproxy stop

Check status:

vproxy ps

View logs:

vproxy log

Logs show connection counts, IP rotations, and authentication failures. Check them when debugging connection issues.

Daemon Configuration Persistence

The daemon remembers your last configuration. You do not need to re-specify IPv6 subnets or ports after restarts.

To change configuration:

1. Stop the daemon: sudo vproxy stop
2. Start with new settings: sudo vproxy start <new-settings>

Running vproxy with systemd

For production deployments, create a systemd service file:

[Unit]
Description=vproxy High-Performance Proxy Server
After=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/vproxy run -i 2001:470:e953::/48 http -u proxyuser -p strongpassword
Restart=always
RestartSec=5
User=root

[Install]
WantedBy=multi-user.target

Save this to /etc/systemd/system/vproxy.service, then:

sudo systemctl daemon-reload
sudo systemctl enable vproxy
sudo systemctl start vproxy

vproxy Performance Benchmarks

vproxy achieves high throughput in standardized benchmarks. Tests were performed on Apple M3 Max with Ubuntu 25.04.

Single Connection Upload

[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.01  sec   167 GBytes   143 Gbits/sec    1    sender
[  5]   0.00-10.01  sec   167 GBytes   143 Gbits/sec         receiver

10 Concurrent Connections Upload

[SUM]   0.00-10.00  sec   418 GBytes   359 Gbits/sec  106   sender
[SUM]   0.00-10.00  sec   417 GBytes   359 Gbits/sec        receiver

Single Connection Download

[ ID] Interval           Transfer     Bitrate         Retr
[  9]   0.00-10.01  sec   116 GBytes  99.5 Gbits/sec    0   sender
[  9]   0.00-10.01  sec   116 GBytes  99.5 Gbits/sec        receiver

10 Concurrent Connections Download

[SUM]   0.00-10.00  sec   427 GBytes   367 Gbits/sec   90   sender
[SUM]   0.00-10.00  sec   427 GBytes   367 Gbits/sec        receiver

vproxy vs Alternatives

When to Choose vproxy

Choose vproxy when you need:

• IPv6 rotation from a subnet
• Session management via username extensions
• High throughput with minimal configuration
• A single binary with no dependencies

When to Choose Alternatives

Choose Squid if you need content filtering, caching, or complex access control lists.

Choose 3proxy if you need RADIUS authentication or detailed traffic logging.

Choose Dante if you need PAM or LDAP authentication.

Performance Optimization

vproxy handles high traffic volumes out of the box. These settings extract maximum performance.

Adjusting Concurrent Connections

vproxy run -c 10000 http

Default concurrency is 1,024 connections. Increase this for large-scale scraping operations.

Test your system limits gradually. Start at 2,000, then double until you hit resource constraints.

Connection Timeout Configuration

vproxy run -T 5 http

The -T flag sets connection timeout in seconds. Lower values fail faster on dead connections but may drop legitimate slow requests.

Default 10 seconds works for most websites. Reduce to 5 for scraping responsive APIs. Increase to 30 for slow targets.

Using with Proxychains

Proxychains forces any application through vproxy without modifying the app:

proxychains4 firefox

Edit /etc/proxychains4.conf:

socks5  127.0.0.1 1080

Now Firefox routes all traffic through vproxy. This works with any Linux application.

Troubleshooting vproxy

Address Already in Use

Error: Address already in use (os error 48)

Solution: Another process uses your port. Find it:

lsof -i :1080

Kill the conflicting process or choose a different port:

vproxy run --bind 0.0.0.0:8080 http

Cannot Assign Requested Address

Error: Cannot assign requested address

Cause: IPv6 configuration missing or incorrect subnet.

Solution: Verify sysctl settings:

sysctl net.ipv6.ip_nonlocal_bind
sysctl net.ipv6.conf.all.disable_ipv6

Both should return 1 and 0 respectively.

Check your IPv6 route:

ip -6 route show

You should see your subnet with local flag.

Authentication Failures

Clients cannot connect with valid credentials. Check username formatting—extensions like -session- or -ttl- go after the base username but before the colon:

• Correct: user-session-123:password
• Incorrect: user:password-session-123

Slow Connection Speeds

If speeds fall below expectations:

1. Check CPU usage with top. vproxy should use less than 30% on modern hardware.
2. Test without vproxy to isolate network vs proxy issues.
3. Reduce concurrent connections with -c 512.
4. Disable verbose logging with --log error.

Security Best Practices

Always Use Authentication

vproxy run http -u stronguser -p "complex!pass$123"

Open proxies attract abuse within hours. Use passwords with 16+ characters mixing cases, numbers, and symbols.

Bind to Localhost for Local Use

vproxy run --bind 127.0.0.1:1080 http

This prevents external connections. Only local processes access the proxy.

For remote access, use SSH tunneling instead of exposing ports publicly:

ssh -L 1080:localhost:1080 user@yourserver.com

Firewall Configuration

Block the proxy port with iptables if binding to 0.0.0.0:

sudo iptables -A INPUT -p tcp --dport 1080 -s 192.168.1.0/24 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 1080 -j DROP

This allows only your local network (192.168.1.0/24) to connect.

Monitoring Usage Logs

tail -f /var/log/vproxy.log

Watch for unusual patterns like thousands of connections from one IP or failed authentication attempts.

Updating vproxy

Keep vproxy current with the built-in update command:

vproxy self update

This downloads the latest release from GitHub and replaces your current binary. The daemon restarts automatically with the same configuration.

Check your current version:

vproxy -V

Updates arrive every 2-4 weeks with bug fixes and performance improvements.

Uninstalling vproxy

Remove vproxy completely:

vproxy self uninstall

This deletes the binary and cleans up configuration files. IPv6 sysctl settings persist—remove them manually from /etc/sysctl.conf if needed.

Frequently Asked Questions

What is vproxy used for?

vproxy is used for creating rotating proxy servers, web scraping with IP rotation, maintaining anonymous browsing sessions, and load testing applications. It turns a VPS with an IPv6 subnet into a proxy pool with billions of unique addresses.

How does vproxy compare to commercial rotating proxies?

Commercial rotating proxies cost $50-100/month. vproxy with an IPv6-enabled VPS ($5-10/month) delivers comparable functionality at 90% cost savings. The tradeoff is that you manage the server yourself.

Can vproxy use IPv4 addresses?

Yes. vproxy supports IPv4/IPv6 dual-stack. However, IPv6 provides the rotation capability since IPv4 subnets are limited. Without an IPv6 subnet configured, vproxy uses your server's default network configuration.

What IPv6 subnet size do I need?

A /64 subnet provides 18 quintillion addresses—more than enough for any use case. A /48 provides even more. Most VPS providers allocate /64 or larger subnets for IPv6.

Does vproxy work on Windows?

vproxy primarily targets Linux servers. The Docker image runs on any platform with Docker support, including Windows and macOS.

How many concurrent connections can vproxy handle?

Default is 1,024 concurrent connections. Increase with the -c flag. Hardware limits depend on your CPU and memory. Most modern servers handle 10,000+ connections without issue.

Conclusion

vproxy transforms any Linux server with IPv6 into a high-performance rotating proxy. The session and TTL extensions provide granular control over IP rotation without external services.

For basic needs, start with HTTP mode and authentication. Add IPv6 when you need rotation. Use SOCKS5 for applications beyond web browsers.

The daemon mode ensures vproxy survives reboots. Combine it with systemd for production deployments.

Key takeaways:

• Enable IPv6 binding before configuring subnets
• Always use authentication on public-facing proxies
• Use session extensions for stable connections during scraping
• Start with 1,024 concurrent connections and scale based on workload
• Consider systemd for production server deployments