MoaV
Mother of all VPNs
Install / Use
/learn @shayanb/MoaVREADME
MoaV
English | فارسی
Multi-protocol Internet censorship circumvention stack optimized for hostile network environments.
Features
- Multiple protocols - Reality (VLESS), Trojan, Hysteria2, XHTTP (VLESS+XHTTP+Reality), XDNS (mKCP DNS tunnel), TrustTunnel, AmneziaWG, WireGuard (direct & wstunnel), DNS tunnels (dnstt + Slipstream), Telegram MTProxy, CDN (VLESS+WS)
- Stealth-first - All traffic looks like normal HTTPS, WebSocket, DNS, or IMAPS
- Per-user credentials - Create, revoke, and manage users independently
- Easy deployment - Docker Compose based, single command setup
- Mobile-friendly - QR codes and links for easy client import
- Decoy website - Serves innocent content to unauthenticated visitors
- Home server ready - Run on Raspberry Pi or any ARM64/x64 Linux as a personal VPN
- Psiphon Conduit - Optional bandwidth donation to help others bypass censorship
- Tor Snowflake - Optional bandwidth donation to help Tor users bypass censorship
- MahsaNet - Donate VPN configs to help Mahsa VPN users (2M+ users in Iran)
- Monitoring - Optional Grafana + Prometheus observability stack
Read the full documentation — setup guides, CLI reference, client apps, monitoring, OPSEC, and more.
Quick Start
One-liner install (recommended):
curl -fsSL moav.sh/install.sh | bash
This will:
- Install prerequisites (Docker, git, qrencode) if missing
- Clone MoaV to
/opt/moav - Prompt for domain, email, and admin password
- Offer to install
moavcommand globally - Launch the interactive setup
Manual install (alternative):
git clone https://github.com/shayanb/MoaV.git
cd MoaV
cp .env.example .env
nano .env # Set DOMAIN, ACME_EMAIL, ADMIN_PASSWORD
./moav.sh
After installation, use moav from anywhere:
moav # Interactive menu
moav start # Start services
moav status # Show service status
moav user add alice # Add user (generates configs + QR codes)
moav user add --batch 10 # Batch create users
moav donate # Donate configs to MahsaNet/Psiphon/Snowflake
moav doctor # Run diagnostics (DNS, ports, services)
moav update # Update MoaV
moav admin password # Reset admin/Grafana password
moav help # Show all commands
See the Setup Guide for complete instructions, the CLI Reference for all commands, or browse the full documentation.
Deploy Your Own
Architecture
┌───────────────┐ ┌───────────────┐
┌───────────────┐ │ Psiphon Users │ │ Tor Users │
│ Your Clients │ │ (worldwide) │ │ (worldwide) │
│ (private) │ └───────┬───────┘ └───────┬───────┘
└───────┬───────┘ │ │
│ │ │
├─────────────────┐ │ │
│ │ (when IP blocked) │ │
│ ┌──────┴───────┐ │ │
│ │ Cloudflare │ │ │
│ │ CDN (VLESS) │ │ │
│ └──────┬───────┘ │ │
│ │ │ │
┌──────────────╪─────────────────╪────────────────────────────────────╪──────────────────╪─────────┐
│ │ │ Restricted Internet │ │ │
└──────────────╪─────────────────╪────────────────────────────────────╪──────────────────╪─────────┘
│ │ │ │
╔══════════════╪═════════════════╪════════════════════════════════════╪══════════════════╪═════════╗
║ │ │ │ │ ║
║ ┌────────┼─────────────────┼───────┼──────┐ │ │ ║
║ │ │ │ │ │ │ │ │ ║
║ ▼ ▼ ▼ ▼ ▼ ▼ ▼ ▼ ║
║ ┌─────────┐┌─────────┐┌───────┐┌─────────┐┌────────┐ ┌───────────┐ ┌───────────┐ ║
║ │ Reality ││WireGuard││ Trust ││ DNS ││Telegram│ │ │ │ │ ║
║ │ 443/tcp ││51820/udp││Tunnel ││ 53/udp ││MTProxy │ │ Conduit │ │ Snowflake │ ║
║ │ Trojan ││AmneziaWG││4443/ │├─────────┤│993/tcp │ │ (donate │ │ (donate │ ║
║ │8443/tcp ││51821/udp││tcp+udp││ dnstt │└───┬────┘ │ bandwidth)│ │ bandwidth)│ ║
║ │Hysteria2││wstunnel ││ ││Slipstrm │ │ └─────┬─────┘ └─────┬─────┘ ║
║ │ 443/udp ││8080/tcp ││ │└────┬────┘ │ │ │ ║
║ │ CDN WS │└────┬────┘└───┬───┘ │ │ │ │ ║
║ │2082/tcp │ │ │ │ │ ┌────────────────┐ │ │ M ║
║ ├─────────┤ │ │ │ │ │ Grafana :9444 │ │ │ O ║
║ │ sing-box│ │ │ │ │ │ Prometheus │ │ │ A ║
║ └────┬────┘ │ │ │ │ └────────────────┘ │ │ V ║
║ │ │ │ │ │ │ │ ║
╚══════╪══════════╪═════════╪═════════╪═════════╪═════════════════════╪══════════════════╪═════════╝
│ │ │ │ │ │ │
▼ ▼ ▼ ▼ ▼ ▼ ▼
┌─────────────────────────────────────────────────────────────────────────────────────────────────┐
│ Open Internet │
└─────────────────────────────────────────────────────────────────────────────────────────────────┘
Protocols
| Protocol | Port | Stealth | Speed | Use Case | |----------|------|---------|-------|----------| | Reality (VLESS) | 443/tcp | ★★★★★ | ★★★★☆ | Primary, most reliable | | Hysteria2 | 443/udp | ★★★★☆ | ★★★★★ | Fast, works when TCP throttled | | Trojan | 8443/tcp | ★★★★☆ | ★★★★☆ | Backup, uses your domain | | CDN (VLESS+WS) | 443 via Cloudflare | ★★★★★ | ★★★☆☆ | When server IP is blocked | | TrustTunnel | 4443/tcp+udp | ★★★★★ | ★★★★☆ | HTTP/2 & QUIC, looks like HTTPS | | WireGuard (Direct) | 51820/udp | ★★★☆☆ | ★★★★★ | Full VPN, simple setup | | AmneziaWG | 51821/udp | ★★★★★ | ★★★★☆ | Obfuscated WireGuard, defeats DPI | | WireGuard (wstunnel) | 8080/tcp | ★★★★☆ | ★★★★☆ | VPN when UDP is blocked | | DNS Tunnel (dnstt) | 53/udp | ★★★☆☆ | ★☆☆☆☆ | Last resort, hard to block | | Slipstream | 53/udp | ★★★☆☆ | ★★☆☆☆ | QUIC-over-DNS, 1.5-5x faster than dnstt | | Telegram MTProxy | 993/tcp | ★★★★☆ | ★★★☆☆ | Fake-TLS V2, direct Telegram access | | XHTTP (VLESS+XHTTP+Reality) | 2096/tcp | ★★★★★ | ★★★★☆ | Xray-core, no domain needed | | XDNS (VLESS+mKCP+DNS) | 53/udp | ★★★☆☆ | ★☆☆☆☆ | DNS tunnel via Xray FinalMask, works during heavy shutdowns | | Psiphon Conduit | - | - | - | Donate bandwidth to Psiphon (2M+ users) | | Tor Snowflake | - | - | - | Donate bandwidth to Tor network | | MahsaNet | - | - | - | Donate VPN configs to Mahsa VPN (2M+ users) |
User Management
moav user list # List all users
moav user add joe # Add user to all protocols
moav user add alice bob # Add multiple users
moav user add --batch 10 --prefix team # Batch create team01..team10
moav user revoke joe # Revoke user
moav user package joe # Create zip bundle
Each user gets a bundle in outputs/bundles/<username>/ with config files, QR codes, and a README.html guide.
Download bundles from the admin dashboard at https://your-server:9443 or via SCP.
Admin Dashboard & Monitoring
- Admin dashboard:
https://your-server:9443— user management, service status, MahsaNet donations - Grafana:
https://your-server:9444— per-user traffic, protocol breakdown, GeoIP distributio
Related Skills
tmux
341.0kRemote-control tmux sessions for interactive CLIs by sending keystrokes and scraping pane output.
blogwatcher
341.0kMonitor blogs and RSS/Atom feeds for updates using the blogwatcher CLI.
prd
Raito Bitcoin ZK client web portal.
Unla
2.1k🧩 MCP Gateway - A lightweight gateway service that instantly transforms existing MCP Servers and APIs into MCP servers with zero code changes. Features Docker deployment and management UI, requiring no infrastructure modifications.
