vproxy is a Rust-based proxy server that handles HTTP, HTTPS, and SOCKS5 protocols with native IPv6 support and session management.
In this guide, you'll learn how to install, configure, and optimize vproxy for web scraping, privacy, and IP rotation.
What is vproxy and Why Use It?
vproxy transforms your server into a high-performance proxy by routing traffic through IPv6 addresses at 143 Gbits/sec. The tool supports session persistence, TTL-based IP rotation, and CIDR range management—features that cost-prohibitive rotating proxies typically charge $50-100/month for.
Unlike traditional proxies like Squid or Dante, vproxy uses kernel-space zero-copy to minimize latency. The architecture outperforms hev-socks5-server by 15% in upload speeds during concurrent connections.
Installing vproxy on Linux
vproxy requires minimal dependencies. You'll need root access for IPv6 configuration and either curl, wget, or Cargo installed.
Quick Installation Methods
Using curl:
curl -sSL https://raw.githubusercontent.com/0x676e67/vproxy/main/.github/install.sh | bash
Using wget:
wget -qO- https://raw.githubusercontent.com/0x676e67/vproxy/main/.github/install.sh | bash
The install script automatically downloads the binary for your architecture. It places vproxy in /usr/local/bin/ and makes it executable system-wide.
Using Cargo (from source):
cargo install vproxy
Building from source takes 2-3 minutes. This method ensures you get the latest features before they reach stable releases.
Docker deployment:
docker run --rm -it ghcr.io/0x676e67/vproxy:latest run http
Docker isolates vproxy from your system. Use this for testing or when you can't install software directly.
Verifying Installation
Check your installation by running:
vproxy -h
You should see command options including run, start, restart, stop, and log. If the command fails, your PATH doesn't include the installation directory.
Configuring IPv6 for vproxy
vproxy leverages IPv6 subnets to generate unique IP addresses. Each request can originate from a different IP within your allocated range.
Essential IPv6 Setup Commands
Enable non-local IPv6 binding:
sudo sysctl net.ipv6.ip_nonlocal_bind=1
This setting lets vproxy bind to any IP in your subnet. Without it, the proxy fails with "cannot assign requested address" errors.
Enable IPv6 routing:
sudo sysctl net.ipv6.conf.all.disable_ipv6=0
Some systems disable IPv6 by default. This command activates the IPv6 stack.
Add your IPv6 subnet to local routing:
sudo ip route add local 2001:470:e953::/48 dev lo
Replace 2001:470:e953::/48 with your actual subnet. You get IPv6 subnets from providers like Hurricane Electric, Tunnelbroker, or your VPS provider.
The /48 prefix gives you 281 trillion IP addresses. Even a /64 provides 18 quintillion IPs—more than enough for any scraping operation.
Making IPv6 Configuration Permanent
The sysctl changes don't persist across reboots. Add them to /etc/sysctl.conf:
echo "net.ipv6.ip_nonlocal_bind=1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.all.disable_ipv6=0" | sudo tee -a /etc/sysctl.conf
For the routing rule, add it to /etc/rc.local or create a systemd service. Without persistence, you'll reconfigure after each reboot.
Running vproxy as HTTP Proxy
HTTP proxy mode handles standard web traffic. It's the simplest protocol to configure and test.
Basic HTTP Proxy
vproxy run http
This starts vproxy on default port 1080 without authentication. Any client can connect. Use this for internal networks only.
Custom port binding:
vproxy run --bind 0.0.0.0:8080 http
Port 8080 is common for HTTP proxies. Binding to 0.0.0.0 accepts connections from any network interface.
HTTP Proxy with Authentication
vproxy run http -u myuser -p mypassword
Authentication prevents unauthorized access. Clients must provide credentials in the proxy URL format: http://myuser:mypassword@127.0.0.1:1080
HTTP Proxy with IPv6 Subnet
vproxy run -i 2001:470:e953::/48 http
Each connection pulls a random IP from your subnet. Sites see different IPs per request—perfect for bypassing rate limits.
Testing your HTTP proxy:
curl -x http://127.0.0.1:1080 https://api6.ipify.org
This command routes through vproxy and returns your current IPv6 address. Run it multiple times to see IP rotation in action.
Running vproxy as SOCKS5 Proxy
SOCKS5 supports UDP traffic and handles more protocols than HTTP proxies. Use vproxy SOCKS5 for applications that need lower-level network access.
Basic SOCKS5 Configuration
vproxy run socks5
The proxy listens on port 1080. SOCKS5 doesn't inspect HTTP headers, making it faster for pure TCP streams.
SOCKS5 with Authentication and IPv6
vproxy run -i 2001:470:70c6::/48 socks5 -u testuser -p testpass
Combine all features: IPv6 rotation, authentication, and SOCKS5 protocol. This configuration handles 1,024 concurrent connections by default.
Increase connection limit:
vproxy run -c 5000 socks5
The -c flag sets maximum concurrent connections. Raise this for high-traffic scraping operations.
Testing SOCKS5 proxy:
curl -x socks5h://testuser:testpass@127.0.0.1:1080 https://api6.ipify.org
The socks5h:// scheme tells curl to use SOCKS5 and resolve DNS through the proxy. This prevents DNS leaks.
Running vproxy as HTTPS Proxy
HTTPS proxy mode requires TLS certificates. vproxy auto-generates self-signed certificates if you don't provide your own.
HTTPS with Self-Signed Certificate
vproxy run https
Clients connecting to this proxy get certificate warnings. Use self-signed certificates for testing or internal tools that trust them.
HTTPS with Custom Certificates
vproxy run https --tls-cert /path/to/cert.pem --tls-key /path/to/key.pem
Provide your own certificates from Let's Encrypt or a commercial CA. This eliminates certificate warnings in production.
Generate Let's Encrypt certificates:
certbot certonly --standalone -d proxy.yourdomain.com
Point vproxy to /etc/letsencrypt/live/proxy.yourdomain.com/fullchain.pem and the corresponding private key file.
Auto Protocol Detection Mode
Auto mode detects HTTP, HTTPS, or SOCKS5 protocols automatically. One port handles all traffic types.
vproxy run auto -u admin -p secret123
Clients don't need to specify the protocol. vproxy analyzes the first few bytes of each connection and routes accordingly.
Auto mode with HTTPS support:
vproxy run auto --tls-cert cert.pem --tls-key key.pem -u admin -p secret123
This configuration handles encrypted and unencrypted traffic on one port. It's the most flexible setup but adds 5-10ms of detection latency.
Advanced Username Extensions
vproxy supports special username formats for session management and IP control. These extensions work with both HTTP and SOCKS5 protocols.
Session Extension: Sticky IPs
Append -session-<id> to usernames to maintain the same IP across multiple requests:
# All requests use the same IP
curl -x http://myuser-session-abc123:pass@127.0.0.1:1080 https://api6.ipify.org
curl -x http://myuser-session-abc123:pass@127.0.0.1:1080 https://api6.ipify.org
Both commands return identical IPv6 addresses. Change the session ID to get a new IP.
Use cases for sessions:
- Maintaining login state during web scraping
- Avoiding "unusual activity" flags from websites
- Testing geolocation-dependent features
TTL Extension: Automatic IP Rotation
Append -ttl-<number> to rotate IPs after a specific number of requests:
curl -x http://myuser-ttl-3:pass@127.0.0.1:1080 https://api6.ipify.org
curl -x http://myuser-ttl-3:pass@127.0.0.1:1080 https://api6.ipify.org
curl -x http://myuser-ttl-3:pass@127.0.0.1:1080 https://api6.ipify.org
curl -x http://myuser-ttl-3:pass@127.0.0.1:1080 https://api6.ipify.org
The first three requests share one IP. The fourth request gets a new IP automatically.
TTL values between 5-10 work well for most scraping. Lower values provide better anonymity but increase connection overhead.
Range Extension: CIDR Subset Management
Use -range-<id> to select IPs from specific subnet ranges:
vproxy run --bind 127.0.0.1:1080 --cidr-range 56 -i 2001:470:70c6::/48 http -u test -p test
curl -x http://test-range-group1:test@127.0.0.1:1080 https://api6.ipify.org
All requests with range-group1 pull from the same /56 subset. Different range IDs use different subsets within your /48.
This feature helps when you need geographically distributed IPs from the same data center.
Using vproxy with Popular Tools
vproxy works with any HTTP/SOCKS5 client. Here are configurations for common scraping tools.
Python Requests
import requests
proxies = {
'http': 'http://user-session-python1:pass@127.0.0.1:1080',
'https': 'http://user-session-python1:pass@127.0.0.1:1080'
}
response = requests.get('https://httpbin.org/ip', proxies=proxies)
print(response.json())
The session ID keeps the same IP across your entire Python session. Change it between script runs for fresh IPs.
Python with SOCKS5
import requests
import socks
import socket
socks.set_default_proxy(socks.SOCKS5, "127.0.0.1", 1080, username="user", password="pass")
socket.socket = socks.socksocket
response = requests.get('https://httpbin.org/ip')
print(response.json())
This approach routes all network traffic through vproxy, not just HTTP requests. It handles websockets and custom protocols.
Puppeteer and Playwright
const puppeteer = require('puppeteer');
(async () => {
const browser = await puppeteer.launch({
args: [
'--proxy-server=http://127.0.0.1:1080'
]
});
const page = await browser.newPage();
await page.authenticate({
username: 'user-session-browser1',
password: 'pass'
});
await page.goto('https://httpbin.org/ip');
console.log(await page.content());
await browser.close();
})();
Browser automation through vproxy prevents IP bans during automated testing. The session extension maintains state across page navigations.
Curl Examples
HTTP proxy:
curl -x http://user:pass@127.0.0.1:1080 https://example.com
SOCKS5 proxy:
curl -x socks5h://user:pass@127.0.0.1:1080 https://example.com
With custom headers:
curl -x http://user-ttl-5:pass@127.0.0.1:1080 \
-H "User-Agent: Mozilla/5.0" \
https://example.com
The -x flag works identically across all curl versions. Add session/TTL extensions directly in the proxy URL.
Running vproxy as Daemon
Daemon mode runs vproxy in the background as a system service. It survives terminal disconnections and server reboots.
Starting the Daemon
sudo vproxy start -i 2001:470:e953::/48 http -u user -p password
The daemon logs to /var/log/vproxy.log. It restarts automatically if it crashes.
Managing the Daemon
Restart:
sudo vproxy restart
Stop:
sudo vproxy stop
Check status:
vproxy ps
View logs:
vproxy log
Logs show connection counts, IP rotations, and authentication failures. Check them when debugging connection issues.
Daemon Configuration Persistence
The daemon remembers your last configuration. You don't need to re-specify IPv6 subnets or ports after restarts.
To change configuration:
- Stop the daemon:
sudo vproxy stop - Start with new settings:
sudo vproxy start <new-settings>
Performance Optimization
vproxy handles high traffic volumes out of the box. These tweaks extract maximum performance.
Adjusting Concurrent Connections
vproxy run -c 10000 http
Default concurrency is 1,024 connections. Increase this for large-scale scraping operations.
Test your system's limits gradually. Start at 2,000, then double until you hit resource constraints.
Connection Timeout Configuration
vproxy run -T 5 http
The -T flag sets connection timeout in seconds. Lower values fail faster on dead connections but may drop legitimate slow requests.
Default 10 seconds works for most websites. Reduce to 5 for scraping responsive APIs. Increase to 30 for slow targets.
Using with Proxychains
Proxychains forces any application through vproxy without modifying the app:
proxychains4 firefox
Edit /etc/proxychains4.conf:
socks5 127.0.0.1 1080
Now Firefox routes all traffic through vproxy. This works with any Linux application.
Troubleshooting Common Issues
IP Address Already in Use
Error: Address already in use (os error 48)
Solution: Another process uses your port. Find it:
lsof -i :1080
Kill the conflicting process or choose a different port:
vproxy run --bind 0.0.0.0:8080 http
Cannot Assign Requested Address
Error: Cannot assign requested address
Cause: IPv6 configuration missing or incorrect subnet.
Solution: Verify sysctl settings:
sysctl net.ipv6.ip_nonlocal_bind
sysctl net.ipv6.conf.all.disable_ipv6
Both should return 1 and 0 respectively. Check your IPv6 route:
ip -6 route show
You should see your subnet with local flag.
Authentication Failures
Clients can't connect with valid credentials. Check username formatting—extensions like -session- or -ttl- go after the base username but before the colon:
Correct: user-session-123:password
Incorrect: user:password-session-123
Slow Connection Speeds
If speeds fall below expectations:
- Check CPU usage with
top. vproxy should use <30% on modern hardware. - Test without vproxy to isolate network vs proxy issues.
- Reduce concurrent connections with
-c 512. - Disable verbose logging with
--log error.
Security Considerations
Running vproxy exposes your server to proxy traffic. Follow these security practices.
Always Use Authentication
vproxy run http -u stronguser -p "complex!pass$123"
Open proxies attract abuse within hours. Use passwords with 16+ characters mixing cases, numbers, and symbols.
Bind to Localhost for Local Use
vproxy run --bind 127.0.0.1:1080 http
This prevents external connections. Only local processes access the proxy.
For remote access, use SSH tunneling instead of exposing ports publicly:
ssh -L 1080:localhost:1080 user@yourserver.com
Firewall Configuration
Block the proxy port with iptables if binding to 0.0.0.0:
sudo iptables -A INPUT -p tcp --dport 1080 -s 192.168.1.0/24 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 1080 -j DROP
This allows only your local network (192.168.1.0/24) to connect.
Monitor Usage Logs
tail -f /var/log/vproxy.log
Watch for unusual patterns like thousands of connections from one IP or failed authentication attempts.
Comparing vproxy to Alternatives
vproxy outperforms several popular proxy servers in specific scenarios.
vproxy vs. Squid
Squid excels at caching and complex ACLs. vproxy wins on raw speed and IPv6 management.
Squid configuration requires 50+ lines for basic setup. vproxy needs one command.
Choose Squid if: You need content filtering, caching, or complex access control.
Choose vproxy if: You need IPv6 rotation, session management, or raw performance.
vproxy vs. 3proxy
3proxy offers more authentication methods and logging options. vproxy delivers 2-3x faster throughput.
3proxy requires manual IPv6 configuration per IP. vproxy handles entire subnets automatically.
Choose 3proxy if: You need RADIUS authentication or detailed traffic logging.
Choose vproxy if: Speed and IPv6 automation matter most.
vproxy vs. Dante
Dante is the most mature SOCKS proxy. It supports more authentication backends.
vproxy matches Dante's speed while adding HTTP/HTTPS support and session extensions.
Choose Dante if: You need PAM or LDAP authentication.
Choose vproxy if: You need multi-protocol support and IPv6 rotation.
Advanced Use Cases
Beyond basic proxying, vproxy enables several creative applications.
Load Balancing Across Multiple vproxy Instances
Run vproxy on multiple servers, then use HAProxy to distribute traffic:
frontend proxy_frontend
bind *:1080
mode tcp
default_backend proxy_backend
backend proxy_backend
mode tcp
balance roundrobin
server vpro
xy1 10.0.0.1:1080 check
server vproxy2 10.0.0.2:1080 check
This scales beyond a single server's connection limit.
Geographic IP Distribution
Providers allocate IPv6 subnets to specific data centers. Get subnets from multiple locations:
- Hurricane Electric (US): 2001:470::/32
- Tunnelbroker (Europe): Different prefix
- Your VPS provider's native IPv6
Run vproxy instances with different subnets. Route clients based on target geography.
Rotating Proxies for Web Scraping
Combine TTL extension with automation:
import requests
import random
def get_proxy():
session_id = random.randint(10000, 99999)
return {
'http': f'http://user-ttl-5:pass@127.0.0.1:1080',
'https': f'http://user-ttl-5:pass@127.0.0.1:1080'
}
for url in url_list:
response = requests.get(url, proxies=get_proxy())
# Process response
Each iteration gets a fresh IP after 5 requests. This bypasses most rate limits without manual IP management.
Updating vproxy
Keep vproxy current with the built-in update command:
vproxy self update
This downloads the latest release from GitHub and replaces your current binary. The daemon restarts automatically with the same configuration.
Manual update process:
- Download new binary from GitHub releases
- Replace
/usr/local/bin/vproxy - Restart daemon:
sudo vproxy restart
Check your current version:
vproxy -V
Updates arrive every 2-4 weeks with bug fixes and performance improvements.
Uninstalling vproxy
Remove vproxy completely:
vproxy self uninstall
This deletes the binary and cleans up configuration files. IPv6 sysctl settings persist—remove them manually from /etc/sysctl.conf if needed.
Conclusion
vproxy transforms any Linux server with IPv6 into a high-performance rotating proxy. The session and TTL extensions provide granular control over IP rotation without external services.
For basic needs, start with HTTP mode and authentication. Add IPv6 when you need rotation. Use SOCKS5 for applications beyond web browsers.
The daemon mode ensures vproxy survives reboots. Combine it with systemd for production deployments.
Key takeaways: Enable IPv6 binding first, always use authentication, and leverage session extensions for stable connections. Start with 1,024 concurrent connections and scale up based on your workload.
Most commercial rotating proxies charge $50-100/month. vproxy with an IPv6-enabled VPS ($5-10/month) delivers comparable functionality at 90% cost savings.
