What VLESS is
VLESS is a proxy protocol from the Xray ecosystem. Unlike OpenVPN or WireGuard, it does not add its own encryption on top — it uses standard TLS 1.3. That saves resources and makes traffic look more like ordinary HTTPS.
What Reality is
Reality is a layer on top of VLESS that solves the "cover" problem: your tunnel disguises itself as a genuine connection to a real, well-known website (say, www.microsoft.com). To an observer, it is an ordinary TLS handshake with a known service, not a suspicious self-signed certificate.
Why that matters more than it seems
Classical OpenVPN has recognisable fingerprints — packet lengths, handshake byte patterns. WireGuard is simpler and faster but still fingerprintable. Modern DPI systems can block both at the ISP level.
VLESS + Reality breaks that flow: to block it, you would also have to block the cover websites — something DPI operators usually will not do.
Why the Russia node is VLESS only, without Reality
Reality requires the cover domain to be geographically unreachable from the country of the client — otherwise the "reference" handshake can be compared with the real one. That condition does not hold for the Russia node, so we ship basic VLESS there. Encryption is not weakened; masking is.
Primary sources
- XTLS / Xray-core — reference implementation of VLESS and Reality (open-source).
- VLESS specification — inside the Xray documentation.