Njengoko sivalelwa ngakumbi ukufikelela kwimithombo eyahlukeneyo kwinethiwekhi, umba wokuthintela ukudlula uya ucinezela ngakumbi nangakumbi, okuthetha ukuba umbuzo othi "Ungadlula njani ukubhloka ngokukhawuleza?" uba ngakumbi nangakumbi.
Masishiye isihloko sokusebenza ngokufanelekileyo malunga nokudlula kwi-whitelists ye-DPI kwenye imeko, kwaye uthelekise ngokulula ukusebenza kwezixhobo ezidumileyo zokudlula ibhloko.
Qaphela: Kuya kubakho imifanekiso emininzi phantsi kwabaphangi kwinqaku.
Ukuziphendulela: eli nqaku lithelekisa ukusebenza kwezisombululo zeproxy ze-VPN ezidumileyo phantsi kweemeko ezikufutshane "ezifanelekileyo". Iziphumo ezifunyenweyo nezichazwe apha azihambelani neziphumo zakho emasimini. Kuba inani kuvavanyo lwesantya liya kuxhomekeka ekubeni sinamandla kangakanani na isixhobo sokudlula, kodwa kwindlela umniki-nkonzo wakho asibetha ngayo.
Indlela yokusebenza
I-3 VPS yathengwa kumnikezeli wefu (DO) kumazwe ahlukeneyo emhlabeni jikelele. 2 eNetherlands, 1 eJamani. I-VPS eyona nto ivelisa kakhulu (ngenani le-cores) ikhethwe kwizinto ezikhoyo kwi-akhawunti phantsi kokunikezelwa kweekhredithi zekhuphoni.
Iseva yabucala iperf3 ibekwe kwiseva yokuqala yesiDatshi.
Kumncedisi wesibini waseDatshi, iiseva ezahlukeneyo zebhloko zokudlula izixhobo zihanjiswa nganye nganye.
Umfanekiso wedesktop yeLinux (xubuntu) eneVNC kunye nedesktop enenyani ibekwe kwiVPS yaseJamani. Le VPN ngumxhasi onemiqathango, kwaye abathengi abahlukeneyo be-proxy ye-VPN bafakwe kwaye baqaliswe kuyo ngokulandelelana.
Imilinganiselo yesantya yenziwa kathathu, sigxininisa kumyinge, sisebenzisa izixhobo ezi-3: kwiChromium ngovavanyo lwesantya sewebhu; kwiChromium nge-fast.com; ukusuka kwiconsole nge iperf3 nge proxychains4 (apho ufuna ukubeka iperf3 traffic kwiproxy).
Uqhagamshelo oluthe ngqo "umxhasi" -iseva iperf3 inika isantya se-2 Gbps kwi-iperf3, kunye nencinci encinci kwi-fastspeedtest.
Umfundi onomdla unokubuza, "kutheni ungakhethanga i-speedtest-cli?" kwaye uya kuba elungile.
I-Speedtest-cli ibonakale ingathembekanga kwaye iyindlela enganelanga yokulinganisa i-output, ngenxa yezizathu ezingaziwayo kum. Imilinganiselo emithathu elandelelanayo inokunika iziphumo ezintathu ezihluke ngokupheleleyo, okanye, umzekelo, ubonise i-throughput ephezulu kakhulu kunesantya se-port yeVPS yam. Mhlawumbi ingxaki sisandla sam esigqunyiweyo, kodwa kwakubonakala kungenakwenzeka ukwenza uphando ngesixhobo esinjalo.
Ngokuphathelele iziphumo zeendlela ezintathu zokulinganisa (i-speedtest fastiperf), ndithatha izikhombisi ze-iperf njengezona zichanekileyo kwaye zithembekileyo, kunye ne-fastspeedtest njengereferensi. Kodwa ezinye izixhobo zokudlula azizange zivumele ukugqiba imilinganiselo emi-3 nge-iperf3 kwaye kwiimeko ezinjalo, unokuxhomekeka kwi-speedtestfast.
uvavanyo lwesantya lunika iziphumo ezahlukeneyo
Izixhobo
Lilonke, izixhobo ze-24 ezahlukeneyo zokudlula okanye indibaniselwano yazo zavavanywa, nganye yazo ndiya kunika iinkcazo ezincinci kunye nemibono yam yokusebenza kunye nabo. Kodwa ngokusisiseko, injongo yayikukuthelekisa isantya se-shadowsocks (kunye neqela lee-obfuscators ezahlukeneyo zalo) openVPN kunye ne-wireguard.
Kulo mbandela, andiyi kuxubusha ngokubanzi umbuzo othi "yeyona ndlela ingcono yokufihla i-traffic ukuze ingaqhawulwa," kuba ukuthintela ukudlula kuyindlela esebenzayo - siqhelana noko kusetyenziswa ngumhloli kwaye senze ngokwesi siseko.
Iziphumo
Strongswanipsec
Kwimibono yam, kulula kakhulu ukuseta kwaye isebenza ngokuzinzileyo. Enye yeenzuzo kukuba i-cross-platform ngokwenene, ngaphandle kwesidingo sokukhangela abathengi kwiqonga ngalinye.
Khuphela - 993 mbits; layisha - 770 mbits
Itonela ye-SSH
Mhlawumbi ngamavila kuphela angabhalanga malunga nokusebenzisa i-SSH njengesixhobo setonela. Enye yezinto ezingalunganga "yi-crutch" yesisombululo, okt. ukuyithumela kumxhasi ofanelekileyo, omhle kwiqonga ngalinye alizukusebenza. Iinzuzo zisebenza kakuhle, akukho mfuneko yokufaka nantoni na kumncedisi konke konke.
Khuphela - 1270 mbits; layisha - 1140 mbits
OpenVPN
I-OpenVPN yavavanywa kwiindlela ezi-4 zokusebenza: tcp, tcp + sslh, tcp + stunnel, udp.
Iiseva ze-OpenVPN zalungiswa ngokuzenzekelayo ngokufaka i-streisand.
Ukuya kuthi ga apho umntu unokugweba, okwangoku kuphela imowudi ye-stunnel echasene neeDPI eziphambili. Isizathu sokunyuka okungaqhelekanga kwi-throughput xa uvala i-openVPN-tcp kwi-stunnel ayicaci kum, iitshekhi zenziwe ngeendlela ezininzi, ngamaxesha ahlukeneyo nangeentsuku ezahlukeneyo, umphumo wawufana. Mhlawumbi oku kungenxa yogcino lwezicwangciso zothungelwano olufakelweyo xa uhambisa iStreisand, bhala ukuba unazo naziphi na izimvo zokuba kutheni oku kunjalo.
openvpntcp: khuphela - 760 mbits; layisha - 659 mbits
openvpntcp+sslh: Khuphela - 794 mbits; layisha - 693 mbits
openvpntcp+stunnel: download - 619 mbits; layisha - 943 mbits
openvpnudp: khuphela - 756 mbits; layisha - 580 mbits
Vula uqhagamshelwano
Ayisosona sixhobo sidumileyo sokudlula iibhlokhi, sibandakanyiwe kwiphakheji ye-Streisand, ngoko kuye kwagqitywa ukuba siyivavanye.
Khuphela - 895 mbits; layisha 715 mbps
Umgcini
Isixhobo se-hype esithandwayo phakathi kwabasebenzisi baseNtshona, abaphuhlisi beprotocol bade bafumana izibonelelo ezithile zophuhliso kwiimali zokukhusela. Isebenza njengemodyuli ye-Linux kernel nge-UDP. Kutshanje, abathengi beefestile baye bavela.
Yaqulunqwa ngumdali njengendlela elula, ekhawulezayo yokubukela iNetflix ngelixa ungekho kumazwe.
Kungoko iinzuzo kunye nokungalunganga. IiPros: iprotocol ekhawulezayo, ukukhululeka kofakelo kunye noqwalaselo. Ukungalungi - umphuhlisi akazange aqale ukuyidala ngenjongo yokudlula izithintelo ezinzulu, kwaye ngoko i-wargard ibonakala lula ngezona zixhobo ezilula, kubandakanywa. i-wireshark.
wireguard protocol kwi-wireshark
Khuphela - 1681 mbits; layisha 1638 mbps
Okubangela umdla kukuba, iprotocol ye-warguard isetyenziswa kumxhasi we-tusafe yomntu wesithathu, ethi, xa isetyenziswa kunye nomncedisi womlindi ofanayo, inike iziphumo ezibi kakhulu. Kusenokwenzeka ukuba umxhasi weWindows wargard uya kubonisa iziphumo ezifanayo:
tunsafeclient: Khuphela - 1007 mbits; layisha - 1366 mbits
OutlineVPN
Ulwandlalo kukuphunyezwa kweseva ye-shadowox kunye nomxhasi onojongano oluhle nolufanelekileyo lomsebenzisi olusuka kwijigsaw kaGoogle. Kwi-Windows, umxhasi wolwandlalo yiseti nje yee-wrappers ze-shadowsocks-yasekuhlaleni (i-shadowsocks-libev client) kunye ne-badvpn (i-tun2socks yokubini esalathisa yonke i-traffic yomatshini kwi-proxy yasekhaya yeekawusi) iibhinari.
I-Shadowsox yayikhe yaxhathisa kwi-Firewall enkulu yaseTshayina, kodwa ngokusekwe kuphononongo lwamva nje, ayisenjalo. Ngokungafaniyo ne-ShadowSox, ngaphandle kwebhokisi ayixhasi ukudibanisa i-obfuscation ngokusebenzisa iiplagi, kodwa oku kunokwenziwa ngesandla ngokucofa umncedisi kunye nomxhasi.
Khuphela - 939 mbits; layisha - 930 mbits
Ukukhuselwa nguR
I-ShadowsocksR yifolokhwe ye-Shadowsocks yokuqala, ebhalwe kwi-Python. Ngokwenyani, yibhokisi yomthunzi apho iindlela ezininzi ze-traffic obfuscation zifakwe ngokuqinileyo.
Kukho iifolokhwe ze-ssR kwi-libev kunye nenye into. Ugqithiso oluphantsi mhlawumbi kungenxa yolwimi lwekhowudi. I-shadowsox yasekuqaleni kwipython ayikhawulezi kakhulu.
shadowsocksR: Khuphela i-582 mbits; layisha 541 mbits.
Uluhlu
Isixhobo sokudlula ibhloko yaseTshayina esenza i-randomize traffic kwaye iphazamise uhlalutyo oluzenzekelayo ngezinye iindlela ezimangalisayo. Kuze kube kutshanje, i-GFW ayizange ivalwe; bathi ngoku ivaliwe kuphela ukuba i-UDP relay ivuliwe.
I-Cross-platform (kukho abaxumi balo naliphi na iqonga), ixhasa ukusebenza kunye ne-PT efana ne-obfuscators ye-Thor, kukho ezininzi zayo okanye zilungelelaniswe kuyo i-obfuscators, ngokukhawuleza.
Kukho iqela lokuphunyezwa kwabathengi be-shadowox kunye neeseva, ngeelwimi ezahlukeneyo. Ekuvavanyeni, i-shadowsocks-libev isebenze njengomncedisi, abathengi abahlukeneyo. Oyena mxhasi weLinux ukhawulezayo wajika waba yi-shadowsocks2 ekuhambeni, isasazwe njengomxhasi ongagqibekanga kwi-streisand, andinakutsho ukuba zininzi kangakanani iifestile ze-shadowsocks-windows. Kwiimvavanyo ezininzi ezongezelelweyo, i-shadowsocks2 yayisetyenziswa njengomthengi. Izikrini zokuvavanya i-shadowsocks-libev ecocekileyo ayenziwanga ngenxa ye-lag ebonakalayo yolu kuphunyezwa.
shadowsocks2: ukukhuphela - 1876 mbits; layisha - 1981 mbits.
shadowsocks-rust: ukukhuphela - 1605 mbits; layisha - 1895 mbits.
I-Shadowsocks-libev: ukukhuphela - i-1584 mbits; layisha - 1265 mbits.
Ii-obfs ezilula
Iplagin ye-shadowsox ngoku ikwimo "eyehlileyo" kodwa isasebenza (nangona ingasoloko ilungile). Ithatyathelwe indawo enkulu yi-v2ray-plugin. Iyaphazamisa i-traffic nokuba iphantsi kwe-websocket ye-HTTP (kwaye ikuvumela ukuba ulahlekise i-header yendawo ekusingwa kuyo, uzenza ngathi awuzukubukela i-pornhub, kodwa, umzekelo, iwebhusayithi yoMgaqo-siseko weRussian Federation) okanye phantsi kwepseudo-tls (pseudo). , kuba ayisebenzisi naziphi na izatifikethi, eyona DPI ilula efana ne-nDPI yasimahla ichongiwe njenge βtls no cert.β Kwimo ye-tls, akusakwazeki ukumosha iiheader).
Ngokukhawuleza, ifakwe kwi-repo ngomyalelo omnye, iqwalaselwe ngokulula kakhulu, inomsebenzi owakhelwe-ngaphakathi we-failover (xa i-traffic evela kumxhasi ongeyo-obfs engeyiyo ilula iza kwizibuko ezimamela ezi-obfs ezilula, iyidlulisela phambili kwidilesi. apho ukhankanya khona kwizicwangciso - ngolu hlobo, unokunqanda ukukhangela ngesandla kwe-port 80, umzekelo, ngokuthumela kwakhona kwiwebhusayithi ene-http, kunye nokuthintela ngokusebenzisa iiprobes zoqhagamshelwano).
shadowsockss-obfs-tls: khuphela - 1618 mbits; layisha 1971 mbits.
shadowsockss-obfs-http: ukukhuphela - 1582 mbits; layisha - 1965 mbits.
Ii-obfs ezilula kwimowudi ye-HTTP zinokusebenza kwakhona nge-CDN reverse proxy (umzekelo, i-cloudflare), ke kumboneleli wethu i-traffic iya kujongeka njengetrafikhi ye-HTTP-plain text to cloudflare, oku kusivumela ukuba sifihle itonela yethu kancinci, kwaye ngexesha elifanayo uhlukanise indawo yokungena kunye nokuphuma kwe-traffic - umboneleli ubona ukuba i-traffic yakho iya kwidilesi ye-CDN IP, kunye nokuthanda ngokugqithiseleyo kwimifanekiso kufakwe kulo mzuzu kwidilesi ye-IP ye-VPS. Kufuneka kuthiwe yi-s-obfs nge-CF esebenza ngokungathandabuzekiyo, ngamaxesha athile ayivuli ezinye izixhobo ze-HTTP, umzekelo. Ngoko ke, kwakungenakwenzeka ukuvavanya ukulayisha usebenzisa i-iperf nge-shadowsockss-obfs+CF, kodwa ngokujonga iziphumo zovavanyo lwesantya, i-output ikwinqanaba le-shadowsocksv2ray-plugin-tls+CF. Andincamathiseli izikrini ezivela kwi-iperf3, kuba... Akufanele uthembele kubo.
ukukhuphela (isantya) - 887; layisha (isantya esiphezulu) - 1154.
Khuphela (iperf3) - 1625; layisha (iperf3) - NA.
v2ray-plugin
I-V2ray-plugin ithathe indawo yee-obfs ezilula njengeyona "obfuscator" ephambili ye-ss libs. Ngokungafaniyo nee-obfs ezilula, ayikabikho kwindawo yokugcina, kwaye kufuneka ukhuphele i-binary edityaniswe kwangaphambili okanye uziqokelele ngokwakho.
Ixhasa iindlela zokusebenza ezi-3: okungagqibekanga, i-HTTP websocket (ngenkxaso ye-spoofing headers yendawo ekuyiwa kuyo); tls-websocket (ngokungafaniyo ne-s-obfs, le yitrafikhi ye-tls epheleleyo, ebonwa nguye nawuphi na umva womncedisi wewebhu kwaye, umzekelo, ikuvumela ukuba uqwalasele ukupheliswa kwe-tls kwiiseva ze-cloudfler okanye kwi-nginx); quic - isebenza nge-udp, kodwa ngelishwa ukusebenza kwe-quic kwi-v2rey kuphantsi kakhulu.
Phakathi kweenzuzo xa kuthelekiswa ne-obfs elula: iplagin ye-v2ray isebenza ngaphandle kweengxaki nge-CF kwimowudi ye-HTTP-websocket nayo nayiphi na i-traffic, kwimo ye-TLS igcwele i-TLS traffic, ifuna izatifikethi zokusebenza (umzekelo, ukusuka kwi-Let encrypt or self -tyikityiweyo).
shadowsocksv2ray-plugin-http: download - 1404 mbits; layisha 1938 mbits.
shadowsocksv2ray-plugin-tls: khuphela - 1214 mbits; layisha 1898 mbits.
shadowsocksv2ray-plugin-quic: download - 183 mbits; layisha 384 mbits.
Njengoko besenditshilo, i-v2ray inokuseta iiheader, kwaye ngaloo ndlela unokusebenza nayo nge-CDN engumqobo ebuyela umva (cloudfler umzekelo). Ngakolunye uhlangothi, oku kuyinkimbinkimbi ukufunyanwa kwetonela, kwelinye icala, inokunyusa kancinane (kwaye ngamanye amaxesha inciphise) i-lag - konke kuxhomekeke kwindawo yakho kunye nabancedisi. I-CF okwangoku ivavanya ukusebenza nge-quic, kodwa le ndlela ayikafumaneki (ubuncinci kwiiakhawunti zasimahla).
shadowsocksv2ray-plugin-http+CF: download - 1284 mbits; layisha 1785 mbits.
shadowsocksv2ray-plugin-tls+CF: khuphela - 1261 mbits; layisha 1881 mbits.
Cloak
Esi siqwenga sisiphumo sophuhliso olongezelelweyo lweGoQuiet obfuscator. Ilinganisa itrafikhi ye-TLS kwaye isebenza nge-TCP. Okwangoku, umbhali ukhulule inguqu yesibini yeplagin, i-cloak-2, eyahluke kakhulu kwisambatho sokuqala.
Ngokomphuhlisi, uguqulelo lokuqala lweplagin lusebenzise i-tls 1.2 indlela yokuphinda iqalise iseshoni ukonakalisa idilesi yendawo ekuyiwa kuyo ye-tls. Emva kokukhululwa koguqulelo olutsha (iwotshi-2), onke amaphepha e-wiki kwi-Github achaza le ndlela acinyiweyo; akukho nto ikhankanyiweyo koku kwinkcazo yangoku yokufihlwa kwe-obfuscation. Ngokwenkcazo yombhali, inguqulelo yokuqala ye-shred ayisetyenziswanga ngenxa yobukho "bobuthathaka obubalulekileyo kwi-crypto." Ngexesha lovavanyo, kwakukho kuphela inguqu yokuqala yengubo, iibhinari zayo zisekho kwi-Github, kwaye ngaphandle kwayo yonke enye into, ubuthathaka obubalulekileyo abubalulekanga kakhulu, kuba I-shadowsox ibhala i-traffic ngendlela efanayo nangaphandle kwengubo, kwaye i-cloac ayinayo impembelelo kwi-crypto ye-shadowsox.
i-shadowsockscloak: ukukhuphela - 1533; layisha - 1970 mbits
Kcptun
isebenzisa i-kcptun njengothutho kwaye kwezinye iimeko ezikhethekileyo ivumela ukuphumeza okwandisiweyo kwe-throughput. Ngelishwa (okanye ngethamsanqa), oku kubaluleke kakhulu kubasebenzisi abavela e-China, abanye babaqhubi babo beselula batyhala kakhulu i-TCP kwaye bangayichukumisi i-UDP.
I-Kcptun ilambile ngamandla, kwaye ilayisha ngokulula ii-zion cores ezi-100 kwi-4% xa ivavanywa ngumthengi omnye. Ukongeza, iplagin "icotha", kwaye xa usebenza nge-iperf1 ayigqibi iimvavanyo ukuya ekupheleni. Makhe sijonge uvavanyo lwesantya kwibhrawuza.
shadowsockskcptun: khuphela (speedtest) - 546 mbits; layisha (isantya) 854 mbits.
isiphelo
Ngaba ufuna iVPN elula, ekhawulezayo yokumisa itrafikhi kumatshini wakho wonke? Emva koko ukhetho lwakho ngumgcini. Ngaba ufuna iiproxies (kwitonela ekhethiweyo okanye ukwahlula ukuhamba komntu obonakalayo) okanye ngaba kubaluleke kakhulu kuwe ukuba ugxininise i-traffic ekuthinteleni okunzulu? Emva koko jonga kwi-shadowbox ene-tlshttp obfuscation. Ngaba uyafuna ukuqiniseka ukuba i-Intanethi yakho iya kusebenza okoko nje i-Intanethi isebenza konke konke? Khetha i-proxy traffic ngokusebenzisa ii-CDN ezibalulekileyo, ukuvimba okuya kubangela ukungaphumeleli kwesiqingatha se-Intanethi kwilizwe.
Itheyibhile yePivot, ihlelwe ngokukhuphela
umthombo: www.habr.com