VMess Monitoring
Real-time uptime monitoring for VMess servers on V2Ray-core and Xray-core. TunnelHQ auto-detects vmess:// URIs (both base64 JSON and plain formats), performs real AEAD handshakes, and supports all standard transports — TCP, WebSocket, gRPC, mKCP, HTTP/2. Sub-second alerts, REST API, free for 5 monitors.
VMess is the original V2Ray protocol — and the trickiest to monitor
VMess predates VLESS and was designed with a complex authentication system involving UUID-derived keys, alter IDs (now legacy), timestamps, and AEAD cipher negotiation. Over the years the protocol has had several incompatible iterations, so correct monitoring requires matching the client flow exactly.
Port probes tell you nothing useful here. What actually matters:
- Is the VMess process running? (port alone doesn't tell you)
- Is the AEAD cipher configured correctly? (wrong cipher = silent stalls)
- Is the server's clock within ±90 seconds of real time? (VMess uses timestamps in auth; clock drift = auth failures)
- Is the underlying transport (WS, gRPC, etc.) correctly routed?
- Are the right alterID / security settings still in use?
TunnelHQ performs the complete VMess client handshake, including AEAD auth with the UUID, across whatever transport your config specifies.
URI auto-detection
VMess has two URI formats. TunnelHQ parses both:
V2RayN format (base64-encoded JSON, most common):
vmess://eyJ2IjoiMiIsInBzIjoiU2VydmVyIiwiYWRkIjoic2VydmVyLmV4YW1wbGUuY29tIiwicG9ydCI6IjQ0MyIsImlkIjoiNWI4ZDhmMmUtYWIxMi00YzM0LTlkNTYtZTdmODkwYTFiMmMzIiwiYWlkIjoiMCIsIm5ldCI6IndzIiwidHlwZSI6Im5vbmUiLCJob3N0Ijoic2VydmVyLmV4YW1wbGUuY29tIiwicGF0aCI6Ii90dW5uZWwiLCJ0bHMiOiJ0bHMifQ==Decodes to:
{
"v": "2",
"ps": "Server",
"add": "server.example.com",
"port": "443",
"id": "5b8d8f2e-ab12-4c34-9d56-e7f890a1b2c3",
"aid": "0",
"net": "ws",
"host": "server.example.com",
"path": "/tunnel",
"tls": "tls"
}RFC-style URI (newer, less common):
vmess://[email protected]:443?
security=auto&type=ws&path=/tunnel#ServerSupported transports
- TCP (
"net": "tcp") — raw TCP, with optional HTTP header obfuscation - WebSocket (
"net": "ws") — with path and Host header - gRPC (
"net": "grpc") — with service name and multiplex mode - mKCP (
"net": "kcp") — with seed and UDP-based retransmit - HTTP/2 (
"net": "h2") — less common in 2026
AEAD vs legacy auth
Modern VMess deployments use AEAD authentication (default since V2Ray 4.35+, Xray since day one). AlterID is deprecated and should be 0. If your monitoring is failing and your config has "aid": "64" or similar, that's likely the root cause — rotate clients to AEAD-only and drop alterID.
VMess vs VLESS
Both are Xray/V2Ray protocols. Rough differences:
- VMess: Older, built-in encryption, built-in auth with AEAD or legacy.
- VLESS: Newer, no built-in encryption (relies on TLS/REALITY), more efficient, better for modern deployments.
Both are monitored by TunnelHQ with URI auto-detect. See VLESS monitoring for that side.
Pricing for VMess monitoring
| Plan | VMess Monitors | Interval | Price |
|---|---|---|---|
| Free | 5 | 10 min | $0 |
| Starter | 20 | 5 min | $12/mo or $84/yr |
| Pro | 100 | 2 min | $39/mo or $276/yr |
| Business | 500 | 1 min | $99/mo or $756/yr |
FAQ
Does TunnelHQ support V2Ray-core and Xray-core VMess equally?
Yes. VMess is a protocol spec; both V2Ray and Xray implement it. The same URI works on both.
My VMess server uses dynamic port allocation. Can TunnelHQ monitor it?
Dynamic port allocation is a V2Ray legacy feature that most modern deployments don't use. TunnelHQ monitors the primary port specified in the URI; dynamic range allocation isn't supported. If you rely on dynamic ports, consider migrating to VLESS+XTLS/REALITY.
Does subscription URL monitoring find new VMess servers?
Yes. Subscription URL polling detects added VMess configs (alongside VLESS, Trojan, Shadowsocks) and auto-creates monitors for each.