@FeitengLi: https://x.com/FeitengLi/status/2073380054575313033
Summary
This article details how to securely subscribe to and use Claude Codex by purchasing a VPS and deploying a VPN, including payment methods that do not require a foreign bank card (such as Google Pay and App Store gift cards) and steps to deploy the VPN with a single command.
View Cached Full Text
Cached at: 07/05/26, 12:55 AM
No Foreign Bank Card Needed: Two Simple Steps to Secure Claude Codex Subscription & Dedicated VPN
This article is for friends who want to set up a personal VPN and use Claude Codex safely.
Two key points to keep your Claude Code account safe:
-
Secure payment method
-
Stable and supported region IP (US IP recommended)
Rumors online claiming “must use residential IP, can’t be Beijing/Shanghai timezone, simplified Chinese will be detected” are pure speculation. I’ve been using data center IP VPNs and running Claude Code on four machines (Mac + Ubuntu) simultaneously for over six months without any issues.
Secure Payment Method
1. Official foreign bank credit card
-
Subscribe directly via the web using a foreign bank credit card
-
Getting WildCard banned? Isn’t that deserved?
2. No foreign bank card? Subscribe via mobile
-
Android: Bind a mainland China bank Visa card to Google Pay, then pay through Google Pay on Android. Your card details are never shared with Anthropic.
-
iPhone: Use a US App Store account (or other supported region), log in to the App Store, download Claude, and do not bind a mainland China bank card for payment. Use gift cards instead: search for App Store gift cards on Xianyu – ~$100 USD ≈ ¥660 RMB.
Stable VPN
Below I’ll show you how to deploy a secure and reliable VPN on a VPS with a single command, complete with a UI for easy configuration.
- Please comply with local laws and service provider rules. For personal learning and self-use only.
Step 1: Buy a VPS
If you already have a VPS, skip to the next section. If not, I recommend Hostinger’s KVM VPS because it supports Alipay, has a low entry threshold, comes with a free domain, and the dashboard is intuitive.
-
Only running a lightweight VPN: KVM 1
-
Most people’s first choice: KVM 2
-
Running website, Docker, Traefik, Dokploy, or multiple services on the same machine: KVM 4
-
Clearly high-load requirements: KVM 8
Use the referral links for 20% off:
-
KVM 1 Referral Link
-
KVM 2 Referral Link
-
KVM 4 Referral Link
-
KVM 8 Referral Link
I personally recommend KVM 2. With 2 vCPU / 8 GB RAM / 100 GB NVMe, it’s more comfortable for S-UI, system updates, lightweight services, and occasional traffic spikes.
On the VPS page, select KVM VPS → choose Ubuntu 24.04 LTS as the OS
For data centers, you can choose the US – suitable for daily use with Claude Code, Codex, etc.
Payment supports Alipay:
The machine will be ready about 2 minutes after purchase.
Step 2: Confirm SSH Login
Test SSH in your local terminal. Replace the IP below with your server’s public IP:
ssh [email protected]
In the commands below, replace [email protected] with your actual SSH address.
Step 3: Deploy with a Single Command
On a new VPS, you can directly use port 443.
Replace [email protected] with your SSH address, then copy and run the following (in your local terminal – not in the VPN environment):
curl -fsSL https://raw.githubusercontent.com/fvp1717/freevpn/main/install.sh | bash -s -- --target [email protected] --inbound-port 443
The script will prompt you to enter a username and password for the S-UI panel. Remember these credentials – you’ll need them to log in to the panel, manage VPN users, and view configurations.
After the script finishes, it will output the panel address. Defaults:
-
Panel:
http://<your server public IP>:2095/app/ -
Subscription:
http://<your server public IP>:2096/sub/
Open the panel address in your browser, enter the username and password you just set.
User Management:
The user management section will have two example clients: mac and iphone. Each uses its own unique UUID/password – no shared keys. You can rename them and add new users to support multiple devices with isolation.
Ports
If your VPS provider’s firewall is enabled, you need to allow the ports used by the deployment script.
For a new VPS using port 443, at minimum allow:
-
443 TCP
-
443 UDP
If you want to access the panel and subscription directly from the internet, also allow:
-
2095 TCP
-
2096 TCP
If you’re using an existing VPS that already hosts services, you might later change the inbound port to 8443. In that case, allow 8443 TCP and 8443 UDP.
Step 5: Choose a Client
You can continue using the client you’re familiar with – the VPN supports multiple protocols:
-
Windows / Mac: v2rayN
-
Android: NekoBox
-
iOS / Mac: Shadowrocket
If v2rayN shows “application damaged” on macOS, run:
xattr -cr /Applications/v2rayN.app
If you’re not familiar with clients, refer to the following video for configuration:
Existing VPS
If this VPS is already running websites, Docker, Traefik, Nginx, Caddy, Dokploy, an old VPN, a panel, or other services, do not directly occupy port 443.
First, perform a read-only pre-check (no installation, no file changes):
curl -fsSL https://raw.githubusercontent.com/fvp1717/freevpn/main/install.sh | bash -s -- --target [email protected] --preflight
Key things to check:
-
Whether port 443 is already occupied
-
Whether port 8443 is free
-
Whether S-UI is already installed
-
Whether any S-UI clients already exist
-
Whether the auto-detected public IPv4 is correct
If port 443 is already used by another service, switch to a free port, for example:
curl -fsSL https://raw.githubusercontent.com/fvp1717/freevpn/main/install.sh | bash -s -- --target [email protected] --inbound-port 8443
The script will re-check for port conflicts before writing configuration; if the port is in use by another process, it will exit immediately.
If S-UI is already installed on the target machine, the script will not overwrite existing clients by default. Only add --replace-existing when you are sure you want to replace them with the minimal mac/iphone configuration.
Final Words
Happy vibing!
Similar Articles
@Suu766: It's 2026 now, and I'm sure many friends are still struggling with VPN subscription costs and stability. Here I recommend a zero-cost self-built node solution: set up your personal node through Cloudflare. The whole process requires no server purchase or coding—just operate on a web page, and it takes about 10-15 minutes to complete. Deploy...
Introduces a method to build a free VPN node through Cloudflare, no server or coding required, suitable for unlocking AI tools like ChatGPT, with a step-by-step tutorial.
@dulipeng: https://x.com/dulipeng/status/2067450611529093311
This article is a practical tutorial that details how to use the Cloudflare Workers/Pages free tier to deploy a low-cost VPN, based on the open-source project edgetunnel, and used with clients like Clash and Shadowrocket.
@portertech: https://x.com/portertech/status/2068646696096264320
This article shares the complete process and experience of successfully applying for Oracle Cloud's permanent free VPS using domestic mobile data and a domestic debit card, including detailed steps and precautions.
@AYi_AInotes: https://x.com/AYi_AInotes/status/2065397156320612829
This article explains how to quickly check VPS IP quality using three free websites (Scamalytics, ipinfo, check-host), and promotes VoyraCloud's residential IP servers, emphasizing the importance of clean IPs for running AI tools like Claude Code and Codex, as well as accessing overseas accounts.
@justsosooknow: Many people are getting their VPN detected by domestic apps. It's likely that your DNS settings are leaking your real IP. A few simple steps can strengthen your VPN disguise, even allowing you to fool domestic banking apps while keeping the VPN on. Using iOS Shadowrocket as an example: Step 1: Settings (mentioned in text) 1. Open S…
Explains how to enhance VPN disguise by modifying Shadowrocket's DNS and proxy settings to avoid detection by domestic apps and even fool banking apps.