Yayin da ake ƙara hana mu samun dama ga albarkatu daban-daban akan hanyar sadarwa, batun ƙetare toshewa ya zama mafi mahimmanci, wanda ke nufin cewa tambayar "Yadda za a ketare toshewa da sauri?" ya zama mafi dacewa.
Bari mu bar batun dacewa dangane da keɓance masu ba da izini na DPI don wani shari'ar, kuma kawai kwatanta ayyukan shahararrun kayan aikin toshewa.
Hankali: Za a sami hotuna da yawa a ƙarƙashin masu ɓarna a cikin labarin.
Disclaimer: wannan labarin yana kwatanta ayyukan shahararrun mafita na wakili na VPN a ƙarƙashin yanayi kusa da "mafi kyau". Sakamakon da aka samu da aka kwatanta a nan ba lallai ba ne ya yi daidai da sakamakonku a cikin filayen. Domin lambar da ke cikin gwajin gudun ba za ta dogara da yadda ƙarfin kayan aikin kewayawa ke da ƙarfi ba, amma kan yadda mai ba da ku ke murkushe ta.
Hanyar hanya
An sayi 3 VPS daga mai ba da girgije (DO) a cikin ƙasashe daban-daban na duniya. 2 a Netherlands, 1 a Jamus. An zaɓi mafi kyawun VPS (ta adadin ƙididdiga) daga waɗanda ke akwai don asusu a ƙarƙashin tayin don ƙimar kuɗi.
Ana tura sabar iperf3 mai zaman kansa akan sabar Dutch ta farko.
A kan uwar garken Dutch na biyu, ana tura sabar daban-daban na kayan aikin toshewa ɗaya bayan ɗaya.
Hoton Linux na tebur (xubuntu) tare da VNC da tebur mai kama-da-wane ana tura su akan VPS na Jamusanci. Wannan VPN abokin ciniki ne na sharadi, kuma ana shigar da abokan ciniki na wakili na VPN daban-daban kuma ana ƙaddamar da su bi da bi.
Ana aiwatar da ma'aunin saurin sau uku, muna mai da hankali kan matsakaici, muna amfani da kayan aikin 3: a cikin Chromium ta gwajin saurin yanar gizo; a cikin Chromium ta hanyar fast.com; daga na'ura wasan bidiyo ta hanyar iperf3 ta hanyar proxychains4 (inda kuke buƙatar sanya zirga-zirgar iperf3 cikin wakili).
Haɗin kai tsaye “abokin ciniki” - uwar garken iperf3 yana ba da saurin 2 Gbps a cikin iperf3, kuma kaɗan kaɗan cikin saurin sauri.
Mai karatu mai tambaya na iya tambaya, "me yasa ba ku zaɓi speedtest-cli ba?" kuma zai yi gaskiya.
Speedtest-cli ya juya ya zama marar dogaro kuma hanya ce da ba ta isa ba don auna kayan aiki, saboda dalilan da ban sani ba. Ma'auni guda uku a jere na iya ba da sakamako daban-daban guda uku, ko, alal misali, nuna kayan aiki da yawa fiye da saurin tashar jiragen ruwa na VPS na. Wataƙila matsalar hannuna ce ta gado, amma da alama ba zai yiwu a gudanar da bincike da irin wannan kayan aiki ba.
Dangane da sakamakon hanyoyin auna guda uku (mafi sauri fastiperf), Ina la'akari da alamun iperf don zama mafi daidai kuma abin dogaro, kuma mafi sauri a matsayin tunani. Amma wasu kayan aikin kewayawa ba su ba da izinin kammala ma'auni 3 ta hanyar iperf3 ba kuma a irin waɗannan lokuta, zaku iya dogaro da saurin gwaji.
gwajin gudun yana ba da sakamako daban-daban
Kayan aiki
Gabaɗaya, an gwada kayan aikin kewayawa daban-daban guda 24 ko haɗin haɗin su, ga kowane ɗayansu zan ba da ƙaramin bayani da ra'ayi na na yin aiki tare da su. Amma da gaske, makasudin shine a kwatanta saurin shadowsocks (da gungun masu ɓoyewa daban-daban don shi) openVPN da mai tsaron waya.
A cikin wannan kayan, ba zan tattauna dalla-dalla game da tambayar "yadda mafi kyau don ɓoye zirga-zirgar ababen hawa ba don kada a cire haɗin gwiwa," saboda ƙetare toshe wani ma'auni ne mai amsawa - muna daidaitawa da abin da censor ke amfani da shi kuma muna aiki akan wannan tushen.
Результаты
Strongwanipsec
A cikin ra'ayi na, yana da sauƙin saitawa kuma yana aiki sosai. Ɗaya daga cikin fa'idodin shine cewa shi ne ainihin giciye-dandamali, ba tare da buƙatar neman abokan ciniki ga kowane dandamali ba.
saukewa - 993 mbts; upload - 770 mbits
SSH tunnel
Wataƙila kawai malalaci ba su rubuta game da amfani da SSH azaman kayan aikin rami ba. Ɗaya daga cikin rashin amfani shine "ƙuƙwalwa" na maganin, watau. tura shi daga dacewa, kyakkyawan abokin ciniki akan kowane dandamali ba zai yi aiki ba. Abubuwan amfani suna aiki mai kyau, babu buƙatar shigar da wani abu akan uwar garke kwata-kwata.
saukewa - 1270 mbts; upload - 1140 mbits
OpenVPN
An gwada OpenVPN a cikin hanyoyin aiki guda 4: tcp, tcp+sslh, tcp+stunnel, udp.
An saita sabar OpenVPN ta atomatik ta shigar da streisand.
Kamar yadda mutum zai iya yin hukunci, a halin yanzu kawai yanayin stunnel kawai yana jure wa ci gaba DPIs. Dalilin haɓakar haɓakar abubuwan da ba na al'ada ba lokacin da ake nannade openVPN-tcp a cikin stunnel bai bayyana a gare ni ba, an yi rajistar a lokuta da yawa, a lokuta daban-daban kuma a ranaku daban-daban, sakamakon ya kasance iri ɗaya. Wataƙila wannan ya faru ne saboda saitunan tarin cibiyar sadarwa da aka shigar yayin tura Streisand, rubuta idan kuna da wasu ra'ayoyi dalilin haka.
openvpntcp: saukewa - 760 mbts; upload - 659 mbits
openvpntcp+sslh: zazzagewa - 794 mbts; upload - 693 mbits
openvpntcp + stunnel: zazzagewa - 619 mbts; upload - 943 mbits
budevpnudp: saukewa - 756 mbts; upload - 580 mbits
Buɗe haɗin kai
Ba mafi mashahuri kayan aiki don ketare blockages ba, an haɗa shi a cikin kunshin Streisand, don haka mun yanke shawarar gwada shi ma.
saukewa - 895 mbts; Saukewa: 715Mbps
Waya tsaro
Wani kayan aiki mai ban sha'awa wanda ya shahara tsakanin masu amfani da Yammacin Turai, masu haɓaka tsarin har ma sun sami wasu tallafi don haɓakawa daga kudaden tsaro. Yana aiki azaman ƙirar kernel na Linux ta hanyar UDP. Kwanan nan, abokan ciniki don windowssios sun bayyana.
Mahalicci ne ya ɗauki cikinsa a matsayin hanya mai sauƙi, mai sauri don kallon Netflix yayin da ba a cikin jihohi ba.
Saboda haka ribobi da fursunoni. Ribobi: yarjejeniya mai sauri, dangi sauƙi na shigarwa da daidaitawa. Rashin hasara - mai haɓakawa bai fara ƙirƙira shi da manufar ƙetare manyan toshewar ba, sabili da haka ana iya gano wargard ta hanyar mafi sauƙin kayan aikin, gami da. wayashark.
wireguard yarjejeniya a cikin wireshark
saukewa - 1681 mbts; Saukewa: 1638Mbps
Abin sha'awa, ana amfani da ka'idar warguard a cikin abokin ciniki na tunsafe na ɓangare na uku, wanda, lokacin da aka yi amfani da shi tare da uwar garken wardi iri ɗaya, yana ba da sakamako mafi muni. Wataƙila abokin ciniki na wargard na Windows zai nuna sakamako iri ɗaya:
tunsafeclient: zazzagewa - 1007 mbts; upload - 1366 mbits
OutlineVPN
Shaci shine aiwatar da uwar garken inuwa da abokin ciniki tare da kyawawa kuma dacewa mai amfani daga jigsaw na Google. A cikin Windows, abokin ciniki mai fa'ida shine kawai saitin nannade don shadowsocks-local (shadowsocks-libev abokin ciniki) da badvpn (binary tun2socks wanda ke jagorantar duk zirga-zirgar injin zuwa wakili na safa na gida) binaries.
Shadowsox ya taɓa yin juriya ga Babban Tacewar Wuta na China, amma dangane da sake dubawa na kwanan nan, wannan ba haka bane. Ba kamar ShadowSox ba, daga cikin akwatin baya goyan bayan haɗa obfuscation ta hanyar plugins, amma ana iya yin wannan da hannu ta tinkering tare da sabar da abokin ciniki.
saukewa - 939 mbts; upload - 930 mbits
ShadowsocksR
ShadowsocksR cokali ne na ainihin Shadowsocks, wanda aka rubuta cikin Python. Mahimmanci, akwatin inuwa ne wanda aka ƙulla hanyoyi da dama na toshe hanya.
Akwai cokali mai yatsu na ssR zuwa libev da wani abu dabam. Ƙarƙashin abin da ake fitarwa yana yiwuwa saboda yaren lambar. Asalin inuwasox akan python baya sauri sosai.
shadowsocksR: zazzage 582 mbts; upload 541 mbts.
Shadowsocks
Kayan aikin toshewa na kasar Sin wanda ke ba da izinin zirga-zirgar ababen hawa da kuma yin katsalandan ga bincike ta atomatik ta wasu hanyoyi masu ban mamaki. Har zuwa kwanan nan, ba a toshe GFW; sun ce yanzu an toshe shi ne kawai idan an kunna relay na UDP.
Cross-platform (akwai abokan ciniki don kowane dandamali), yana goyan bayan aiki tare da PT mai kama da masu ɓarna na Thor, akwai da yawa nasa ko daidaita shi da masu ɓoyewa, da sauri.
Akwai tarin aiwatar da abokan ciniki na shadowox da sabar, a cikin yaruka daban-daban. A cikin gwaji, shadowsocks-libev yayi aiki azaman sabar, abokan ciniki daban-daban. Abokin ciniki mafi sauri na Linux ya zama shadowsocks2 yana tafiya, ana rarraba shi azaman abokin ciniki na asali a cikin streisand, ba zan iya faɗi yawan amfanin inuwa-windows ba. A yawancin ƙarin gwaje-gwaje, an yi amfani da shadowsocks2 azaman abokin ciniki. Ba a yi hotunan hotunan kariyar da aka gwada da tsantsar shadowsocks-libev ba saboda tsayuwar aiwatar da wannan.
shadowsocks2: zazzagewa - 1876 mbts; Saukewa: 1981MB.
shadowsocks-tsatsa: zazzagewa - 1605 mbts; Saukewa: 1895MB.
Shadowsocks-libev: zazzagewa - 1584 mbts; upload - 1265 mbits.
Sauƙaƙe-obfs
Plugin don shadowsox yanzu yana cikin matsayin "raguwa" amma har yanzu yana aiki (ko da yake ba koyaushe ba ne). An maye gurbinsa da yawa ta hanyar v2ray-plugin. Yana hana zirga-zirga ko dai a ƙarƙashin saƙon gidan yanar gizo na HTTP (kuma yana ba ku damar zubar da taken manufa, kuna yin riya cewa ba za ku kalli batsa ba, amma, alal misali, gidan yanar gizon Kundin Tsarin Mulki na Tarayyar Rasha) ko ƙarƙashin pseudo-tls (pseudo) , saboda baya amfani da kowane takaddun shaida, DPI mafi sauƙi kamar nDPI kyauta ana gano su azaman “tls no cert.” A cikin yanayin tls, ba zai yuwu a sake yin shuru ba).
Da sauri, shigar daga repo tare da umarni ɗaya, an daidaita shi cikin sauƙi, yana da ginanniyar aikin gazawar (lokacin da zirga-zirga daga abokin ciniki mara sauƙi-obfs ya zo tashar jiragen ruwa wanda mai sauƙin obfs ke saurare, yana tura shi zuwa adireshin. inda kuka saka a cikin saitunan - kamar wannan Ta wannan hanyar, zaku iya guje wa bincika tashar jiragen ruwa 80, alal misali, ta hanyar turawa kawai zuwa gidan yanar gizo tare da http, da kuma toshe ta hanyar binciken haɗin gwiwa).
shadowsockss-obfs-tls: zazzagewa - 1618 mbts; Saukewa: 1971MB.
shadowsockss-obfs-http: zazzagewa - 1582 mbts; upload - 1965 mbits.
Sauƙaƙan obfs a cikin yanayin HTTP kuma na iya aiki ta hanyar wakilin CDN na baya (misali, Cloudflare), don haka ga mai ba da mu zirga-zirgar zirga-zirgar za ta yi kama da zirga-zirgar HTTP-plaintext zuwa Cloudflare, wannan yana ba mu damar ɓoye ramin mu kaɗan kaɗan, kuma a lokaci guda raba wurin shigarwa da fita zirga-zirga - mai ba da sabis yana ganin cewa zirga-zirgar ku tana zuwa adireshin IP na CDN, kuma ana sanya masu tsattsauran ra'ayi akan hotuna a wannan lokacin daga adireshin IP na VPS. Dole ne a faɗi cewa s-obfs ne ta hanyar CF wanda ke aiki cikin shubuhohi, lokaci-lokaci ba buɗe wasu albarkatun HTTP ba, misali. Don haka, ba zai yiwu a gwada ƙaddamarwa ta amfani da iperf ta hanyar shadowsockss-obfs+CF ba, amma idan aka yi la'akari da sakamakon gwajin saurin, abin da aka samar yana a matakin shadowsocksv2ray-plugin-tls+CF. Ba na haɗa hotunan kariyar kwamfuta daga iperf3, saboda... Kada ku dogara gare su.
saukewa (gwajin sauri) - 887; upload (sauri) - 1154.
Saukewa (iperf3) - 1625; upload (iperf3) - NA.
v2ray-plugin
V2ray-plugin ya maye gurbin sauƙaƙan obfs azaman babban “official” obfuscator don ss libs. Ba kamar obfs masu sauƙi ba, har yanzu bai kasance a cikin ma'ajiya ba, kuma kuna buƙatar ko dai zazzage binary ɗin da aka riga aka haɗa ko tattara shi da kanku.
Yana goyan bayan yanayin aiki guda 3: tsoho, HTTP websocket (tare da goyan baya don zazzage kawunan mai masaukin baki); tls-websocket (ba kamar s-obfs ba, wannan cikakken zirga-zirgar tls ne, wanda kowane sabar gidan yanar gizon wakili ta gane shi kuma, alal misali, yana ba ku damar saita ƙarewar tls akan sabobin Cloudfler ko a cikin nginx); quic - yana aiki ta hanyar udp, amma rashin alheri aikin quic a cikin v2rey yayi ƙasa sosai.
Daga cikin fa'idodin idan aka kwatanta da obfs masu sauƙi: plugin ɗin v2ray yana aiki ba tare da matsala ba ta hanyar CF a cikin yanayin HTTP-websocket tare da kowane zirga-zirga, a cikin yanayin TLS yana da cikakken zirga-zirgar TLS, yana buƙatar takaddun shaida don aiki (misali, daga Bari mu ɓoye ko kai. - sa hannu).
shadowsocksv2ray-plugin-http: zazzagewa - 1404 mbts; Saukewa: 1938MB.
shadowsocksv2ray-plugin-tls: zazzagewa - 1214 mbts; Saukewa: 1898MB.
shadowsocksv2ray-plugin-quic: zazzagewa - 183 mbts; upload 384 mbts.
Kamar yadda na fada a baya, v2ray na iya saita masu kai, kuma ta haka za ku iya aiki tare da shi ta hanyar CDN wakili na baya (misali Cloud). A gefe guda, wannan yana rikitarwa gano ramin, a gefe guda, yana iya ƙaruwa kaɗan (kuma wani lokacin rage) lag - duk ya dogara da wurin ku da sabar. CF a halin yanzu yana gwada aiki tare da quic, amma wannan yanayin bai wanzu ba (akalla don asusun kyauta).
shadowsocksv2ray-plugin-http+CF: zazzagewa - 1284 mbts; Saukewa: 1785MB.
shadowsocksv2ray-plugin-tls+CF: zazzagewa - 1261 mbts; Saukewa: 1881MB.
Cloak
Yanke shi ne sakamakon ƙarin ci gaba na GoQuiet obfuscator. Yana daidaita zirga-zirgar TLS kuma yana aiki ta hanyar TCP. A halin yanzu, marubucin ya fito da nau'i na biyu na plugin, alkyabbar-2, wanda ya bambanta da ainihin alkyabbar.
A cewar mai haɓakawa, sigar farko ta plugin ɗin ta yi amfani da tsarin sake ci gaba da tls 1.2 don ɓata adireshin inda ake nufi don tls. Bayan fitowar sabon sigar (clock-2), duk shafukan wiki akan Github da ke siffanta wannan tsarin an goge su; babu ambaton wannan a cikin bayanin na yanzu na ɓoye ɓoye. Bisa ga bayanin marubucin, ba a amfani da sigar farko na shred saboda kasancewar "mahimman rauni a cikin crypto." A lokacin gwaje-gwajen, akwai kawai sigar farko na alkyabbar, binaries har yanzu suna kan Github, kuma ban da komai, rashin lahani mai mahimmanci ba su da mahimmanci, saboda shadowsox yana ɓoye zirga-zirga kamar yadda ba tare da alkyabba ba, kuma alkyabbar ba ta da wani tasiri akan crypto na shadowsox.
shadowsockscloak: zazzagewa - 1533; Saukewa: 1970MB
Kcptun
yana amfani da kcptun a matsayin sufuri kuma a wasu lokuta na musamman yana ba da damar samun karuwar kayan aiki. Abin baƙin ciki (ko sa'a), wannan ya fi dacewa ga masu amfani daga China, wasu daga cikin masu amfani da wayar hannu suna matsawa TCP sosai kuma ba sa taɓa UDP.
Kcptun yana fama da yunwar wutar lantarki, kuma cikin sauƙi yana ɗaukar muryoyin 100 zion a 4% lokacin da abokin ciniki 1 ya gwada shi. Bugu da ƙari, plugin ɗin yana "jinkirin", kuma lokacin aiki ta hanyar iperf3 baya kammala gwaje-gwaje har zuwa ƙarshe. Bari mu kalli gwajin saurin gudu a cikin burauzar.
shadowsockskcptun: saukewa (gwajin sauri) - 546 mbts; upload (sauri) 854 mbts.
ƙarshe
Kuna buƙatar VPN mai sauƙi, mai sauri don dakatar da zirga-zirga daga dukkan injin ku? Sannan zabinku shine mai gadin yaki. Kuna son proxies (don zaɓin ramin rami ko rabuwa da raƙuman ruwa na mutum) ko yana da mahimmanci a gare ku don hana zirga-zirga daga babban toshewa? Sannan duba akwatin shadow tare da tlshttp obfuscation. Shin kuna son tabbatar da cewa Intanet ɗinku za ta yi aiki muddin Intanet ɗin tana aiki kwata-kwata? Zabi hanyar zirga-zirga ta hanyar mahimman CDNs, toshewa wanda zai haifar da gazawar rabin Intanet a cikin ƙasa.
Teburin Pivot, wanda aka tsara ta hanyar zazzagewa
source: www.habr.com