Pamene tikukanidwa kwambiri kupeza zinthu zosiyanasiyana pa intaneti, nkhani yodutsa kutsekereza imakhala yovuta kwambiri, zomwe zikutanthauza kuti funso lakuti "Momwe mungalambalale kutsekereza mofulumira?" limakhala lofunika kwambiri.
Tiyeni tisiye mutu wakuchita bwino pankhani yolambalala ozunguza a DPI pamilandu ina, ndikungofanizira magwiridwe antchito a zida zodziwika bwino za block bypass.
Chenjerani: Padzakhala zithunzi zambiri pansi pa owononga m'nkhaniyi.
Chodzikanira: nkhaniyi ikufanizira magwiridwe antchito a proxy odziwika a VPN pansi pamikhalidwe yomwe ili pafupi ndi "zabwino". Zotsatira zomwe zapezedwa ndikufotokozedwa pano sizikugwirizana kwenikweni ndi zomwe mwapeza m'minda. Chifukwa nambala yoyeserera liwiro nthawi zambiri sizitengera mphamvu ya chida chodulira, koma momwe woperekera wanu amachigwedeza.
Njira
3 VPS idagulidwa kuchokera kwa wothandizira mitambo (DO) m'maiko osiyanasiyana padziko lonse lapansi. 2 ku Netherlands, 1 ku Germany. VPS yopindulitsa kwambiri (mwa kuchuluka kwa ma cores) idasankhidwa kuchokera kuzomwe zilipo pa akauntiyo pansi pa kuperekedwa kwa ma coupon credits.
Seva yachinsinsi ya iperf3 imayikidwa pa seva yoyamba ya Dutch.
Pa seva yachiwiri yachi Dutch, ma seva osiyanasiyana a zida za block bypass amayikidwa imodzi ndi imodzi.
Chithunzi cha desktop cha Linux (xubuntu) chokhala ndi VNC ndi kompyuta yeniyeni imayikidwa pa VPS yaku Germany. VPN iyi ndi kasitomala wokhazikika, ndipo makasitomala osiyanasiyana amtundu wa VPN amayikidwa ndikukhazikitsidwa nawonso.
Kuyeza liwiro kumachitika katatu, timayang'ana pafupifupi, timagwiritsa ntchito zida zitatu: mu Chromium kudzera pakuyesa liwiro la intaneti; mu Chromium kudzera pa fast.com; kuchokera pa console kudzera iperf3 kudzera pa proxychains3 (pomwe muyenera kuyika traffic iperf4 mu proxy).
Kulumikizana kwachindunji "kasitomala" -seva iperf3 imapereka liwiro la 2 Gbps mu iperf3, komanso pang'ono mu fastspeedtest.
Wowerenga wofuna kudziwa angafunse kuti, "bwanji simunasankhe speedtest-cli?" ndipo adzakhala wolondola.
Speedtest-cli idakhala yosadalirika komanso njira yosakwanira yoyezera kutulutsa, pazifukwa zomwe sindikudziwa. Miyezo itatu yotsatizana ingapereke zotsatira zitatu zosiyana, kapena, mwachitsanzo, kusonyeza kupititsa patsogolo kwambiri kuposa kuthamanga kwa doko la VPS yanga. Mwina vuto ndi dzanja langa la clubbed, koma zinkawoneka zosatheka kuchita kafukufuku ndi chida choterocho.
Ponena za zotsatira za njira zitatu zoyezera (speedtest fastiperf), ndimawona zizindikiro za iperf kukhala zolondola komanso zodalirika, komanso fastspeedtest monga zofotokozera. Koma zida zina zodumphadumpha sizinalole kukwaniritsa miyeso 3 kudzera pa iperf3 ndipo muzochitika zotere, mutha kudalira speedtestfast.
liwiro test limapereka zotsatira zosiyana
Chida
Pazonse, zida 24 zosiyana zodutsa kapena kuphatikiza kwawo zidayesedwa, kwa aliyense wa iwo ndipereka mafotokozedwe ang'onoang'ono ndi malingaliro anga ogwirira nawo ntchito. Koma kwenikweni, cholinga chake chinali kufananiza kuthamanga kwa ma shadowsocks (ndi gulu lazinthu zosiyanasiyana) openVPN ndi wireguard.
M'nkhaniyi, sindidzakambirana mwatsatanetsatane funso la "momwe mungabisire magalimoto kuti asadutse," chifukwa kutsekereza kutsekereza ndi njira yokhazikika - timatengera zomwe censor amagwiritsa ntchito ndikuchita izi.
Zotsatira
Strongswanipsec
M'malingaliro anga, ndizosavuta kukhazikitsa ndikugwira ntchito mokhazikika. Ubwino umodzi ndikuti ndiwokwera kwambiri, osafunikira kuyang'ana makasitomala papulatifomu iliyonse.
kutsitsa - 993 mbits; kukweza - 770 mbits
Njira ya SSH
Mwina ndi aulesi okha omwe sanalembe za kugwiritsa ntchito SSH ngati chida changa. Chimodzi mwazovuta ndi "ndondomeko" yothetsera, i.e. kuyiyika kuchokera kwa kasitomala wosavuta, wokongola papulatifomu iliyonse sikungagwire ntchito. Ubwino ndikuchita bwino, palibe chifukwa choyika chilichonse pa seva konse.
kutsitsa - 1270 mbits; kukweza - 1140 mbits
OpenVPN
OpenVPN idayesedwa m'njira zinayi zogwirira ntchito: tcp, tcp+sslh, tcp+stunnel, udp.
Ma seva a OpenVPN adasinthidwa zokha ndikuyika streisand.
Momwe munthu angaweruze, pakadali pano mawonekedwe a stunnel okha ndi omwe amalimbana ndi ma DPI apamwamba. Chifukwa cha kuwonjezereka kwachilendo kwa kutulutsa pamene kukulunga VPN-tcp mu stunnel sikumveka bwino kwa ine, kufufuza kunachitika maulendo angapo, nthawi zosiyanasiyana ndi masiku osiyanasiyana, zotsatira zake zinali zofanana. Mwina izi ndichifukwa cha makonda a network stack omwe adayikidwa potumiza Streisand, lembani ngati muli ndi malingaliro chifukwa chake zili choncho.
openvpntcp: kutsitsa - 760 mbits; kukweza - 659 mbits
openvpntcp+sslh: kutsitsa - 794 mbits; kukweza - 693 mbits
openvpntcp+stunnel: kutsitsa - 619 mbits; kukweza - 943 mbits
openvpnudp: kutsitsa - 756 mbits; kukweza - 580 mbits
Openconnect
Osati chida chodziwika kwambiri chodutsa zotsekereza, chimaphatikizidwa ndi phukusi la Streisand, chifukwa chake tidaganiza zoyesanso.
kutsitsa - 895 mbits; kukweza 715 mbps
Woteteza
Chida cha hype chomwe chimatchuka pakati pa ogwiritsa ntchito a Kumadzulo, omwe amapanga ndondomekoyi adalandira ngakhale ndalama zothandizira chitukuko kuchokera ku ndalama zotetezera. Imagwira ntchito ngati Linux kernel module kudzera pa UDP. Posachedwapa, makasitomala a mawindo awonekera.
Adapangidwa ndi mlengi ngati njira yosavuta, yachangu yowonera Netflix pomwe mulibe m'maiko.
Chifukwa chake zabwino ndi zoyipa. Ubwino: mofulumira kwambiri protocol, wachibale mosavuta unsembe ndi kasinthidwe. Zoyipa - wopangayo sanazipange poyambirira ndi cholinga chodutsa zotchinga zazikulu, chifukwa chake wargard imadziwika mosavuta ndi zida zosavuta, kuphatikiza. wireshark.
wireguard protocol mu wireshark
kutsitsa - 1681 mbits; kukweza 1638 mbps
Chosangalatsa ndichakuti, protocol ya warguard imagwiritsidwa ntchito pa kasitomala wachitatu wa tunsafe, yemwe, akagwiritsidwa ntchito ndi seva yoyang'anira yemweyo, amapereka zotsatira zoyipa kwambiri. Ndizotheka kuti kasitomala wa Windows wargard awonetsa zotsatira zomwezo:
tunsafeclient: kutsitsa - 1007 mbits; kukweza - 1366 mbits
OutlineVPN
Outline ndikukhazikitsa seva ya shadowox ndi kasitomala wokhala ndi mawonekedwe okongola komanso osavuta ogwiritsira ntchito kuchokera ku jigsaw ya Google. Mu Windows, kasitomala wa autilaini amangokhala gulu la zokutira za shadowsocks-zako (makasitomala a shadowsocks-libev) ndi badvpn (binary tun2socks yomwe imawongolera magalimoto onse ku proxy yamasokisi yakomweko).
Shadowsox nthawi ina inali yolimbana ndi Great Firewall yaku China, koma kutengera ndemanga zaposachedwa, sizili choncho. Mosiyana ndi ShadowSox, kunja kwa bokosi sikuthandizira kulumikiza kusokoneza kudzera pa mapulagini, koma izi zitha kuchitika pamanja poyang'ana seva ndi kasitomala.
kutsitsa - 939 mbits; kukweza - 930 mbits
Zithunzi za ShadowsocksR
ShadowsocksR ndi foloko ya Shadowsocks yoyambirira, yolembedwa mu Python. M'malo mwake, ndi bokosi lamthunzi lomwe njira zingapo zowonera magalimoto zimayikidwa mwamphamvu.
Pali mafoloko a ssR ku libev ndi zina. Kutsika kocheperako mwina ndi chifukwa cha chilankhulo cha code. Choyambirira cha shadowsox pa python sichithamanga kwambiri.
shadowsocksR: tsitsani 582 mbits; kwezani 541 mbits.
Zithunzi zochepa
Chida chachi China chodumphadumpha chomwe chimapangitsa kuti magalimoto aziyenda mwachisawawa ndikusokoneza kusanthula kwadzidzidzi m'njira zina zodabwitsa. Mpaka posachedwa, GFW sinatsekedwe; amati tsopano yatsekedwa pokhapokha ngati UDP relay yatsegulidwa.
Cross-platform (pali makasitomala papulatifomu iliyonse), imathandizira kugwira ntchito ndi PT yofanana ndi ma obfuscators a Thor, pali ma obfuscators angapo athu kapena kutengera izo, mwachangu.
Pali kukhazikitsidwa kwamakasitomala a shadowox ndi maseva, m'zilankhulo zosiyanasiyana. Poyesa, shadowsocks-libev adakhala ngati seva, makasitomala osiyanasiyana. Makasitomala othamanga kwambiri a Linux adakhala a shadowsocks2 popita, ogawidwa ngati kasitomala wosakhazikika mu streisand, sindinganene kuti mawindo a shadowsocks amapangidwa bwanji. M'mayeso ena ambiri, shadowsocks2 idagwiritsidwa ntchito ngati kasitomala. Zithunzi zoyeserera zoyera shadowsocks-libev sizinapangidwe chifukwa chakusakhazikika kwa izi.
shadowsocks2: kutsitsa - 1876 mbits; upload - 1981 mbits.
shadowsocks-dzimbiri: kutsitsa - 1605 mbits; kukweza - 1895 mbits.
Shadowsocks-libev: kutsitsa - 1584 mbits; kukweza - 1265 mbits.
Zosavuta-obfs
Pulagi ya shadowsox tsopano ili mu "depreciated" koma imagwirabe ntchito (ngakhale sizikhala bwino nthawi zonse). Kwambiri m'malo ndi v2ray-plugin. Imasokoneza kuchuluka kwa magalimoto pansi pa HTTP websocket (ndipo imakupatsani mwayi wowononga mutu wa komwe mukupita, kuyerekeza kuti simudzawonera zolaula, koma, mwachitsanzo, tsamba la Constitution of the Russian Federation) kapena pansi pa pseudo-tls (pseudo). , chifukwa sichigwiritsa ntchito satifiketi iliyonse, DPI yosavuta kwambiri monga nDPI yaulere imadziwika kuti "tls no cert." Mu tls mode, sikuthekanso kusokoneza mitu).
Mwachangu kwambiri, yoyikidwa kuchokera ku repo ndi lamulo limodzi, lokonzedwa mophweka kwambiri, lili ndi ntchito yolephera (pamene magalimoto ochokera kwa kasitomala omwe siwosavuta-obfs abwera padoko omwe obfs amamvera, amawatumizira ku adilesi. kumene mumatchula muzokonda - monga chonchi Mwa njira iyi, mukhoza kupewa kuyang'ana pamanja pa doko 80, mwachitsanzo, pongopita ku webusaiti yomwe ili ndi http, komanso kutsekereza kudzera muzofufuza zogwirizanitsa).
shadowsockss-obfs-tls: kutsitsa - 1618 mbits; kwezani 1971 mbits.
shadowsockss-obfs-http: kutsitsa - 1582 mbits; upload - 1965 mbits.
Obfs osavuta mumayendedwe a HTTP amathanso kugwira ntchito kudzera pa CDN reverse proxy (mwachitsanzo, cloudflare), kotero kwa opereka athu magalimoto aziwoneka ngati HTTP-plain traffic traffic to cloudflare, izi zimatilola kubisa ngalande yathu bwinoko, ndipo pa nthawi yomweyo kulekanitsa malo olowera ndi kutuluka kwa magalimoto - woperekayo akuwona kuti magalimoto anu akupita ku CDN IP adilesi, ndipo zokonda monyanyira pazithunzi zimayikidwa panthawiyi kuchokera ku adilesi ya IP ya VPS. Ziyenera kunenedwa kuti ndi s-obfs kudzera mu CF yomwe imagwira ntchito momveka bwino, nthawi ndi nthawi osatsegula zinthu zina za HTTP, mwachitsanzo. Chifukwa chake, sikunali kotheka kuyesa kutsitsa pogwiritsa ntchito iperf kudzera pa shadowsockss-obfs + CF, koma potengera zotsatira za mayeso othamanga, kutulutsa kuli pamlingo wa shadowsocksv2ray-plugin-tls+CF. Sindikulumikiza zithunzi za iperf3, chifukwa ... Simuyenera kudalira iwo.
kutsitsa (mwachangu) - 887; kwezani (mwachangu) - 1154.
Tsitsani (iperf3) - 1625; kwezani (iperf3) - NA.
v2ray-plugin
V2ray-plugin yalowa m'malo mwa ma obfs osavuta ngati "official" obfuscator ya ss libs. Mosiyana ndi ma obfs osavuta, sichinafike m'malo osungira, ndipo muyenera kutsitsa binary yomwe idasonkhanitsidwa kale kapena kudzipanga nokha.
Imathandizira mitundu itatu yogwiritsira ntchito: kusakhulupirika, HTTP websocket (mothandizidwa ndi mitu ya spoofing ya omwe akupita); tls-websocket (mosiyana ndi s-obfs, izi ndizodzaza zonse za tls traffic, zomwe zimadziwika ndi seva yapaintaneti yotsatsira, mwachitsanzo, imakupatsani mwayi wokonza kutha kwa tls pa maseva a cloudfler kapena mu nginx); quic - imagwira ntchito kudzera pa udp, koma mwatsoka machitidwe a quic mu v3rey ndi otsika kwambiri.
Zina mwazabwino poyerekeza ndi ma obfs osavuta: pulogalamu yowonjezera ya v2rey imagwira ntchito popanda mavuto kudzera pa CF mumayendedwe a HTTP-websocket ndi magalimoto aliwonse, mumayendedwe a TLS ndi traffic ya TLS yodzaza, imafunikira ziphaso zogwirira ntchito (mwachitsanzo, kuchokera ku Let's encrypt kapena kudzikonda. -saina).
shadowsocksv2ray-plugin-http: kutsitsa - 1404 mbits; kwezani 1938 mbits.
shadowsocksv2ray-plugin-tls: kutsitsa - 1214 mbits; kwezani 1898 mbits.
shadowsocksv2ray-plugin-quic: kutsitsa - 183 mbits; kwezani 384 mbits.
Monga ndanenera kale, v2ray ikhoza kuyika mitu, motero mutha kugwira nawo ntchito kudzera pa CDN (cloudfler mwachitsanzo). Kumbali imodzi, izi zimasokoneza kuzindikira kwa ngalandeyo, kumbali ina, imatha kuwonjezeka pang'ono (ndipo nthawi zina kuchepetsa) kutsalira - zonse zimadalira komwe muli ndi ma seva. CF ikuyesa kugwira ntchito ndi quic, koma mawonekedwe awa sanapezeke (makaunti aulere).
shadowsocksv2ray-plugin-http+CF: kutsitsa - 1284 mbits; kwezani 1785 mbits.
shadowsocksv2ray-plugin-tls+CF: kutsitsa - 1261 mbits; kwezani 1881 mbits.
Cloak
Kuphulikaku ndi zotsatira za kupititsa patsogolo kwa GoQuiet obfuscator. Imatsanzira magalimoto a TLS ndikugwira ntchito kudzera pa TCP. Pakalipano, wolembayo watulutsa mtundu wachiwiri wa pulogalamu yowonjezera, chovala-2, chomwe chiri chosiyana kwambiri ndi chovala choyambirira.
Malinga ndi wopanga mapulogalamuwo, pulogalamu yowonjezerayo idagwiritsa ntchito njira ya tls 1.2 kuyambitsanso gawo kuti iwononge adilesi yopita kwa tls. Pambuyo pa kutulutsidwa kwa mtundu watsopano (wotchi-2), masamba onse a wiki pa Github omwe akufotokoza makinawa adachotsedwa; palibe kutchulidwa kwa izi pakulongosola kwaposachedwa kwachinsinsi cha obfuscation. Malinga ndi kufotokozera kwa wolembayo, mtundu woyamba wa shred sugwiritsidwa ntchito chifukwa cha kukhalapo kwa "zofooka zazikulu mu crypto." Pa nthawi ya mayesero, panali chovala choyamba chokha, ma binaries ake akadali pa Github, ndipo pambali pa china chirichonse, zofooka zazikulu sizofunikira kwambiri, chifukwa. shadowsox encrypts traffic mofanana ndi opanda chovala, ndipo chovalacho sichimakhudza shadowsox's crypto.
shadowsockscloak: kutsitsa - 1533; kukweza - 1970 mbits
Kcptun
amagwiritsa kcptun ngati transport ndipo nthawi zina zapadera amalola kukwaniritsa kuchuluka throughput. Tsoka ilo (kapena mwamwayi), izi ndizofunikira kwambiri kwa ogwiritsa ntchito ochokera ku China, ena omwe oyendetsa mafoni awo amatsitsa TCP kwambiri ndipo samakhudza UDP.
Kcptun ili ndi njala yamphamvu, ndipo imanyamula ma zion cores 100 mosavuta pa 4% ikayesedwa ndi kasitomala m'modzi. Kuphatikiza apo, pulogalamu yowonjezerayo ndi "pang'onopang'ono", ndipo pogwira ntchito kudzera mu iperf1 sichimaliza mayeso mpaka kumapeto. Tiyeni tiwone kuyesa liwiro mu osatsegula.
shadowsockskcptun: kutsitsa (speedtest) - 546 mbits; kwezani (mofulumira) 854 mbits.
Pomaliza
Kodi mukufuna VPN yosavuta, yachangu kuti muyimitse magalimoto pamakina anu onse? Ndiye kusankha kwanu ndi warguard. Kodi mukufuna ma proxies (osankha mwanzeru kapena kulekanitsa mayendedwe amunthu) kapena ndikofunikira kwambiri kuti musokoneze kuchuluka kwa magalimoto kuti musatseke kwambiri? Kenako yang'anani pa shadowbox ndi tlshttp obfuscation. Kodi mukufuna kutsimikiza kuti intaneti yanu idzagwira ntchito bola intaneti ikugwira ntchito? Sankhani ma proxy traffic kudzera mu ma CDN ofunikira, kutsekereza zomwe zingayambitse kulephera kwa theka la intaneti mdziko muno.
Pivot table, yosanjidwa ndi kutsitsa
Source: www.habr.com