Chain Laboratory

Build chained proxy routes step-by-step. Test each hop live. Troubleshoot failures. Get free, uncensored internet access.

Step 1 Diagnose & Choose Your Base Proxy

First, let's understand what your network can reach. Then choose or paste a proxy to build your chain.

Network Diagnosis (click to run)

We'll test what your network can access. This determines the best chain strategy for your situation.

I already have a local proxy (Layer 1)

If you have Psiphon, Lantern, V2RayN, or any SOCKS/HTTP proxy running locally, enter it here. It becomes Layer 1 of your chain.

Proxy Type

Address

Common ports: 1080 (SOCKS), 8080/3128 (HTTP), 10808 (V2RayN), 7890 (Clash)

Proxy URI (your destination proxy)

Supports VLESS, VMess, Trojan, Shadowsocks, Hysteria2, TUIC, WireGuard. This is the proxy that reaches the free internet.

Or use pre-tested proxies from ConfigStream:

Step 2 Discover Clean IPs

Cloudflare WARP endpoints require "clean" IPs that are not blocked by your ISP. We'll scan for working Cloudflare IPs from your location. This is the critical step that determines if WARP chaining will work for you.

Discovery Method

Tip: "Auto" works for most users. If your ISP aggressively blocks Cloudflare, use "Local Scan" with the offline lab-scanner.py tool to find IPs that work from your specific network.

Step 3 Build Your Chain

Choose a chain strategy based on what works on your network. WARP is not the only option — you can cascade proxies, use a LAN relay, apply TLS fragmentation, or route through a CDN Worker.

Chain Strategy

Pick a strategy based on what works on your network. Not sure? Run the scanner's --auto-chain to find out.

💻

You

Local

→

☁️

WARP

Clean IP

→

🔒

Proxy

→

🌐

Internet

Free

WARP Clean IP

WARP Key (optional)

WARP+ key for better speed. Format: xxxxxxxx-xxxxxxxx-xxxxxxxx

Relay Chain: Add up to 4 intermediate hops before your destination proxy (Step 1). Each layer can be any protocol — a local SOCKS5/HTTP proxy, a LAN machine, a pipeline proxy, or a full proxy URI (VLESS, VMess, Trojan, SS, WARP). Your traffic flows: You → Layer 1 → Layer 2 → ... → Destination Proxy → Internet.

Layer 1 Type

Address / URI

Local proxy (Psiphon, Tor, Clash), LAN relay, or any proxy URI. --scan-lan finds LAN relays.

Layer 2 Type

Address / URI

Layer 3 Type

Address / URI

Layer 4 Type

Address / URI

Advanced Evasion Options

TLS Fingerprint (uTLS)

ALPN Protocol

Multiplex Protocol

Mux Padding

Step 4 Test Your Chain

Test the chain end-to-end. We'll verify that traffic flows through WARP and your proxy successfully reaches the open internet. If the test fails, check the troubleshooting guide below.

Tip: If the live test is unavailable, you can still test manually. Save the config, run sing-box run -c chain.json, then visit ip.gs through the proxy to verify your exit IP changes.

Troubleshooting Guide

Connection timed out

The clean IP may be blocked by your ISP. Go back to Step 2 and try different IPs. Best ports to try: 854, 859, 864, 878, 880, 890, 891, 894, 903, 908, 928, 2408, 4500. Use lab-scanner.py --scan-ips to find working IP:port combos automatically.

TLS handshake failed

Your ISP is likely doing deep packet inspection (DPI). Solutions: 1) Enable TLS Fragment in Step 3. 2) Try the "Randomized" uTLS fingerprint. 3) Switch to ALPN "h2" only. 4) Try Double WARP strategy.

WARP connects but proxy fails

The inner proxy might be down or misconfigured. Try: 1) A different base proxy from Step 1. 2) Check if the proxy requires WebSocket or gRPC transport. 3) Verify the UUID/password is correct. 4) Test the proxy directly (without WARP) first.

Very slow speed

Try a clean IP with lower latency. Use a WARP+ key for better routing. Enable multiplex (h2mux or yamux) in Advanced Evasion. Consider switching to a geographically closer proxy exit node.

Works for a while then stops

Your ISP may be detecting and blocking the connection after a period. Try: 1) Switch to a different clean IP. 2) Enable multiplex with padding. 3) Use the Double WARP strategy. 4) Rotate clean IPs periodically.

DNS resolution fails

Your ISP may be hijacking DNS. In your VPN client settings, force DNS to use DoH (DNS-over-HTTPS): https://1.1.1.1/dns-query or https://dns.google/dns-query. Also try setting the remote DNS in sing-box config.

SNI blocked for specific sites

Some ISPs block by SNI (Server Name Indication). Use TLS Fragment strategy or ECH (Encrypted Client Hello) if supported. Reality protocol is also effective against SNI-based filtering.

Step 5 Export & Use

Your chain is ready! Export the configuration in your preferred format and import it into your VPN client.

Export Format

Quick Import Guide

Sing-Box / Hiddify

Copy the JSON config. In Hiddify, go to Profiles → New Profile → Manual → paste the JSON content.

Clash / Mihomo

Copy the YAML config. In Clash Verge, go to Profiles → Import from clipboard or save as .yaml file.

V2RayN / V2RayNG / Nekobox

Copy the raw URI. In V2RayN, click Server → Import from clipboard. For chains, use the Sing-Box JSON export.

Offline Tools & Scripts

Download these tools to run locally when you have no web access. They work offline with zero dependencies.

Lab Scanner (Python)

Full network diagnostic: find clean IPs, discover local proxies, test DNS, build multi-layer chains interactively. Works on Windows/Linux/Mac with Python 3.7+.

Download lab-scanner.py

Lab Runner (Bash)

Run and test chain configs, scan clean IPs, test individual layers. Auto-downloads sing-box. For Linux/Mac.

Download lab-runner.sh

Offline Lab Page

A self-contained HTML file with the full chain builder. No server needed - just open in any browser.

Download lab-offline.html

Quick Start Commands (Current)

# Full network diagnostic (all phases)
python lab-scanner.py

# Quick connectivity check (ICMP, TCP, DNS, TLS, HTTPS)
python lab-scanner.py --quick

# Scan for clean Cloudflare IPs
python lab-scanner.py --scan-ips --top-n 20

# Include your own IPs in the scan
python lab-scanner.py --scan-ips --custom-ips "1.2.3.4:2408,5.6.7.8"

# Find working DNS servers (UDP, DoH, DoT)
python lab-scanner.py --scan-dns

# Detect SNI-based domain blocking (25 domains)
python lab-scanner.py --scan-sni

# TCP port reachability matrix (includes alt CDN IPs)
python lab-scanner.py --scan-ports

# Find local SOCKS/HTTP proxies
python lab-scanner.py --scan-proxies

# Find intranet/LAN relays with internet access
python lab-scanner.py --scan-lan

# Auto-detect best chain path (6 strategies, not just WARP)
python lab-scanner.py --auto-chain

# Auto-chain with your own proxy as Layer 1
python lab-scanner.py --auto-chain --custom-proxy socks5://127.0.0.1:1080

# Interactive multi-layer chain builder
# (paste URIs, import IPs, remove layers, mid-build testing)
python lab-scanner.py --interactive

# Test through existing proxy (HTTP + HTTPS + speed test)
python lab-scanner.py --test-proxy socks5://127.0.0.1:1080

# Export results as JSON
python lab-scanner.py --scan-ips --json > clean-ips.json

Chain Laboratory

Step 1 Diagnose & Choose Your Base Proxy

Step 2 Discover Clean IPs

Discovered Clean IPs

Step 3 Build Your Chain

Step 4 Test Your Chain

Troubleshooting Guide

Step 5 Export & Use

Quick Import Guide

Offline Tools & Scripts