Glossary: VLESS, Reality, SNI, DPI, node, inbound in plain words
From here on, across all sections, terms get thrown around without explanation — the assumption is that you know them. Here's the reference you come back to when you hit an unfamiliar word. Don't memorize it, just keep it handy.
This material covers the engineering of your own network infrastructure and is educational in nature. Complying with the laws of your own jurisdiction is on you.
Infrastructure
Node — a server through which client traffic actually flows. An exit node releases traffic to the internet from its own IP; an entry node (in a cascade) receives the client and passes it further on. Xray runs on the node, not the panel.
Panel — the control center of the service. Stores users, plans, nodes, hands out subscriptions. For us that's Remnawave. It doesn't push traffic itself — it only orchestrates the nodes.
VPS — a virtual server you rent from a host. All the infrastructure is built from VPSes: both nodes and the panel.
ASN — an autonomous system, roughly "the provider's network." Important because blocking is often done by a whole subnet within one ASN. Nodes in different ASNs survive one at a time rather than all at once.
Cascade — a chain of nodes where the client enters through one (usually inside the country) and exits through another (abroad). Revives the service where a direct foreign node has gone down.
Protocols and transport
VLESS — the modern traffic-carrier protocol in the Xray ecosystem. Lightweight, without extra overhead. It doesn't disguise itself — disguise comes from what's layered on top (Reality, TLS).
Reality — a way of disguising VLESS: during the handshake your node impersonates someone else's real site (the donor). Inspection knocks on the port and sees what looks like an ordinary large HTTPS resource. Currently the baseline of resilience under harsh inspection.
Selfsteal — a variety of Reality where the donor is your own real site on the node. Maximum disguise, because the site really is there.
Vision — a flow inside VLESS-Reality over TCP that improves disguise and performance. Works only with raw TCP, not with gRPC/XHTTP.
gRPC — a transport that wraps traffic in gRPC over HTTP/2. Currently flagged as deprecated, but fine as a reserve.
XHTTP — a transport that packages the stream so it travels well behind a CDN. The primary option when blocking is by IP.
Hysteria2 — a protocol over QUIC (that's UDP). Holds up excellently on bad networks and at peak hours, when TCP is choked. Downside — UDP is cut entirely in some places.
Trojan / Shadowsocks — older protocols. Trojan disguises itself as an HTTPS site, kept in reserve. Shadowsocks, without TLS disguise, is noticeable under harsh inspection — last-ditch reserve only.
Inbound — one "listener" on a node: a specific protocol on a specific port that accepts connections. A single node can hold several inbounds (TCP, gRPC, XHTTP) at once.
Outbound — an outgoing direction of traffic from the node: out to the internet (freedom) or into a black hole (blackhole/block). If you forget outbounds in the config, the client connects but the traffic goes nowhere.
Disguise and inspection
DPI — deep packet inspection. The technology that looks not only at addresses but at the content/behavior of traffic to tell a VPN apart from ordinary web.
TSPU — technical means of countering threats, the Russian implementation of traffic inspection at the operator level. Catches VPNs by signatures, TLS fingerprint, active probing, and behavior.
SNI — the domain name a client states when establishing a TLS connection (visible in plaintext). In Reality the donor's name is substituted here so the connection looks like a visit to that site.
Donor — someone else's (or your own, in Selfsteal) large site that the node disguises itself as. It must resolve into someone else's big network, not your subnet, otherwise the disguise falls apart on correlations.
uTLS / fingerprint — the mechanism of spoofing the TLS fingerprint (JA3): rewrites the handshake so it looks like a real browser's. The fingerprint field in host setup isn't cosmetic — an empty fingerprint gives you away instantly.
JA3 — an imprint of TLS-handshake parameters that lets you identify a software client. Inspection catches rare JA3s as "this is definitely a VPN."
Active probing — when inspection knocks on your port itself and watches how it responds. Reality survives this by silently proxying the stray request to the donor.
The Remnawave panel
Config Profile — the full Xray config for a node: all inbounds and settings. A node references exactly one profile.
Host — what the client sees in the subscription: server name, connection address, port, the associated inbound, and advanced settings (SNI, fingerprint). One visible host = one server in the client's list.
Squad — a set of access rights, essentially a plan. Defines which inbounds are available to members. Users and squads are linked many-to-many. The key gotcha: until an inbound is added to the user's squad, they won't see it, even if everything else is set up.
Subscription — the link a client pastes into their app. Through it the app pulls the list of servers. The same URL serves both a nice page in a browser and a config to the app — the panel decides based on the request.
HWID — a device identifier. Used for a per-account device limit (against key sharing).
Usage coefficient — a multiplier for charging traffic on a specific node. 0 — traffic through it doesn't eat the client's limit; 1.0 — one-to-one; 10.0 — a trick for "pretty numbers" in the offer.
Miscellaneous
Client — a double meaning. It can mean the app (Happ, v2rayTun, an xray client), or it can mean a buyer of your service. Context always makes it clear.
White / dirty IP — a white address gets through even mobile "jammers" and TSPU throttling (it's on the operators' whitelist) and is also not on blacklists, i.e. it has a good reputation; a dirty one is already flagged and gets cut.
Rotation — the regular changing of IPs, SNIs, donors, fingerprints. Not a one-time setup but ongoing hygiene: what's resilient today is under a ban tomorrow.
Keep this page open while you read the other sections. The terms recur constantly, and once each one stops being a black box, configs start reading like engineering rather than incantations.
Next guide Remnawave or 3x-ui: which panel to choose → ↗ Article unclear or something off? Message me and I will help or fix it. @notrealvpn →