NeuroAgent

VLESS+REALITY: Fixing Telegram Call Issues

Complete guide to fixing frozen Telegram calls with VLESS+REALITY. Learn UDP configuration and NAT traversal solutions.

#nat-traversal#real-time-apps#telegram-calls#udp-support#vless-reality#vpn-optimization
Question

Telegram calls not working with VLESS+REALITY: what to do?

I have a server (provider aeza) with 3X-UI panel (VLESS, XTLS Vision, REALITY). Overall everything works fine: traffic loads, bypasses blocks, but for the past couple of days there have been problems with Telegram calls. Calls get stuck at the “Connecting…” stage and don’t proceed further.

Important detail: the problem only occurs when both devices (phones/tablets) are connected to my VPN server. If I call a computer that is also connected to my VPN, the call goes through successfully. But if I connect one phone to another VPN (in my case PaperVPN), the call also works normally.

I have already tried the following solutions:

  1. Configure SOCKS proxy
  2. Change Transmission from TCP(RAW) to WebSocket and other options
  3. Enable Sniffing
  4. Change Flow from xtls-rprx-vision to xtls-rprx-vision-udp443
  5. Change SNI to different options, including those that should be available with whitelists
  6. Enable Force TCP in Telegram settings

None of these actions helped solve the problem. If anyone has encountered a similar situation, I would be grateful for advice on troubleshooting this issue.

NeuroAgent

The Problem with Telegram Call Hanging When Using VLESS+REALITY

The issue with Telegram call hanging when using VLESS+REALITY, especially when both devices are connected to the same VPN server, is a known technical difficulty related to UDP traffic handling and NAT traversal. This occurs because Telegram uses UDP for voice and video calls, while the standard VLESS+REALITY configuration with XTLS Vision is primarily optimized for TCP traffic.

Table of Contents

Causes of the Problem

The main reason is that voice and video calls in Telegram use the UDP protocol, while the standard VLESS+REALITY configuration with XTLS Vision handles TCP traffic (chats, files) well but has limitations when working with UDP.

As noted in the GitHub issue report, the problem manifests specifically when attempting to establish UDP connections between clients connected to the same VPN server. This is due to:

  • Limited UDP support in some XTLS configurations
  • NAT traversal issues with identical source IP addresses
  • UDP traffic blocking at the network level in some settings

Your observation that calls work when connected to a different VPN (PaperVPN) or on a computer confirms that the problem is specific to your VLESS+REALITY configuration.

Configuring 3X-UI for UDP Support

1. Enabling UDP Support in Inbound

In the 3X-UI panel, navigate to the settings for your VLESS+REALITY inbound and ensure:

json
"streamSettings": {
  "network": "tcp",
  "tcpSettings": {
    "header": {
      "type": "none"
    }
  },
  "sockopt": {
    "mark": 255,
    "tcpMptcp": false,
    "tcpNoDelay": true,
    "tcpKeepAliveIdle": 300,
    "tcpKeepAliveInterval": 60,
    "tcpFastOpen": true,
    "tproxy": "off"
  }
}

Important: Add the "tcpFastOpen": true parameter to improve TCP connection performance.

2. Configuring the Transport Layer

Try changing the transport layer to grpc or kcp instead of pure TCP:

json
"streamSettings": {
  "network": "grpc",
  "grpcSettings": {
    "serviceName": "grpc"
  }
}

Or for KCP:

json
"streamSettings": {
  "network": "kcp",
  "kcpSettings": {
    "mtu": 1350,
    "tti": 50,
    "uplinkCapacity": 12,
    "downlinkCapacity": 100,
    "congestion": false,
    "readBufferSize": 2,
    "writeBufferSize": 2,
    "header": {
      "type": "none"
    },
    "seed": "password"
  }
}

3. Disabling XTLS Vision for Calls

Create a separate inbound without XTLS Vision specifically for calls:

json
"inbounds": [
  {
    "port": 443,
    "protocol": "vless",
    "settings": {
      "clients": [...],
      "decryption": "none"
    },
    "streamSettings": {
      "network": "tcp",
      "security": "tls",
      "tlsSettings": {
        "certificates": [...]
      }
    }
  }
]

Alternative Solutions

1. Using Double VPN

Set up a tunnel within a tunnel - create an additional VPN connection (such as WireGuard or OpenVPN) inside your VLESS+REALITY specifically for calls:

bash
# Example of WireGuard setup over VLESS
wg-quick up /etc/wireguard/phone-wg.conf

2. Separate Servers for Different Needs

Use one server for regular traffic and a second one specifically for calls. This can be configured through load balancing:

nginx
# Example of Nginx as reverse proxy configuration
server {
    listen 443 ssl;
    server_name your-domain.com;
    
    location /chat/ {
        proxy_pass http://vless-server:80;
    }
    
    location /calls/ {
        proxy_pass http://calls-server:80;
    }
}

3. Using STUN/TURN Servers

Configure Telegram to use external STUN/TURN servers to bypass NAT:

  • Google STUN: stun:stun.l.google.com:19302
  • Microsoft STUN: stun:stun1.l.google.com:19302

In Telegram settings (available via Telegram Desktop), you can specify custom STUN servers.

Additional Client Settings

1. Forced Operation Mode

In Telegram Desktop settings, enable:

  • Force TCP: Force the use of TCP protocol
  • Disable VoIP: Temporarily disable calls to restart the connection

2. VLESS Client Settings

For mobile clients (v2box, nekobox), try:

  • Change the operation mode from xtls-rprx-vision to ws or grpc
  • Enable the option "mux": {"enabled": false} to disable multiplexing
  • Set timeouts: "dialerProxy": {"dialerTimeout": "30s"}

3. Network Optimization

In operating system network settings:

  • Increase UDP buffer size
  • Disable power saving for network interfaces
  • Configure QoS to prioritize voice traffic

Diagnosis and Monitoring

1. Error Logging

Enable detailed logging in 3X-UI and monitor errors:

bash
# View XRay logs
tail -f /var/log/xray/access.log
tail -f /var/log/xray/error.log

Look for errors like:

  • failed to dial dest: dial: unknown network
  • connection timeout
  • udp session failed

2. UDP Testing

Use utilities to test UDP connections:

bash
# Test UDP connection between clients
nc -u -v [IP_address] [port]

3. Traffic Monitoring

Use tcpdump to analyze traffic:

bash
tcpdump -i any -n 'port 443 or port 8080' -vvv

Conclusion

The problem with Telegram call hanging when using VLESS+REALITY has a technical solution. Key recommendations:

  1. Main problem: UDP traffic for calls is handled differently than regular TCP traffic
  2. Most effective solution: Create a separate inbound without XTLS Vision or use alternative protocols (grpc, kcp)
  3. Temporary workaround: Use double VPN connection or different VPN servers for calls
  4. Long-term solution: Consider traffic separation - one server for chats, another for calls

If none of the solutions work, you might consider alternative protocols such as Hysteria2 or TUIC, which are better optimized for UDP traffic and real-time applications.

Sources

  1. Telegram voice/video calls not working – how to enable UDP for my VLESS inbound?
  2. VLESS + Reality (xtls-rprx-vision) on 3x-UI works in Russia but TLS handshake times out in China
  3. Telegram connection can not be established after VPN connection
  4. 3X-UI Graphics Panel Documentation
  5. Error with XRay Config - Vless+TCP+Reality+XTLS+uTLS
  6. Vless + Reality/TLS keeps timing out every 10-20 minutes
How to configure a separate inbound in 3X-UI for Telegram calls without XTLS Vision?How does VLESS+REALITY configuration for UDP traffic differ from regular TCP traffic?What alternative protocols are better suited for Telegram calls besides VLESS+REALITY?How to properly configure STUN/TURN servers to bypass NAT issues in Telegram via VPN?Why do Telegram calls work with another VPN (PaperVPN) but not with my VLESS+REALITY server?What are long-term solutions for traffic separation - one server for chats, another for Telegram calls?
Ask NeuroAgent