Njengoba siya ngokuya sinqatshelwa ukufinyelela izinsiza ezahlukahlukene kunethiwekhi, udaba lokuvimbela ukudlula luya ngokuya lucindezela, okusho ukuthi umbuzo othi "Ungadlula kanjani ukuvimbela ngokushesha?" uba ngobaluleke kakhulu.
Ake sishiye isihloko sokusebenza kahle mayelana nokudlula ohlwini lwabamhlophe lwe-DPI kwesinye icala, futhi mane siqhathanise ukusebenza kwamathuluzi adumile okudlula ibhulokhi.
Qaphela: Kuzoba nezithombe eziningi ngaphansi kwabaphangi esihlokweni.
Umshwana wokuzihlangula: lesi sihloko siqhathanisa ukusebenza kwezixazululo zommeleli we-VPN ezidumile ngaphansi kwezimo eziseduze "nezinhle". Imiphumela etholiwe nechazwe lapha ayihambisani nemiphumela yakho ezinkambini. Ngoba inombolo ekuhlolweni kwesivinini ngokuvamile ngeke incike ekutheni ithuluzi lokudlula linamandla kangakanani, kodwa ekutheni umhlinzeki wakho ulicindezela kanjani.
Indlela yokusebenza
I-3 VPS ithengwe kumhlinzeki wamafu (DO) emazweni ahlukene emhlabeni jikelele. 2 eNetherlands, 1 eJalimane. I-VPS ekhiqiza kakhulu (ngenombolo yama-cores) ikhethiwe kulawo atholakalayo ku-akhawunti ngaphansi komnikelo wamakhredithi ekhuphoni.
Iseva yangasese ye-iperf3 isetshenziswa kuseva yokuqala yesiDashi.
Kuseva yesibili yesiDashi, amaseva ahlukahlukene wamathuluzi e-block bypass asetshenziswa ngayinye ngayinye.
Isithombe sedeskithophu ye-Linux (xubuntu) ene-VNC kanye nedeskithophu ebonakalayo isetshenziswa ku-VPS yaseJalimane. Le-VPN iyiklayenti elinemibandela, futhi amaklayenti e-VPN ahlukahlukene afakiwe futhi ethulwa kuyo ngokulandelana.
Izilinganiso zesivinini zenziwa izikhathi ezintathu, sigxila esilinganisweni, sisebenzisa amathuluzi angu-3: ku-Chromium ngokuhlolwa kwesivinini sewebhu; ku-Chromium nge-fast.com; kusuka kukhonsoli nge-iperf3 nge-proxychains4 (lapho udinga ukufaka ithrafikhi ye-iperf3 kummeleli).
Uxhumano oluqondile "iklayenti" -iseva iperf3 linikeza isivinini esingu-2 Gbps ku-iperf3, kanye nencane kancane ku-fastspeedtest.
Umfundi othanda ukwazi angase abuze, βkungani ungakhethanga i-speedtest-cli?β futhi uzobe eqinisile.
I-Speedtest-cli ibonakale ingathembekile futhi iyindlela enganele yokulinganisa ukuphuma, ngenxa yezizathu engizaziyo. Izilinganiso ezintathu ezilandelanayo zinganikeza imiphumela emithathu ehluke ngokuphelele, noma, isibonelo, ibonise ukuphuma okuphakeme kakhulu kunejubane lechweba le-VPS yami. Mhlawumbe inkinga yisandla sami esigobile, kodwa kubonakala kungenakwenzeka ukwenza ucwaningo ngethuluzi elinjalo.
Ngokuqondene nemiphumela yezindlela ezintathu zokulinganisa (i-speedtest fastiperf), ngibheka izinkomba ze-iperf njengezinembe kakhulu nezithembekile, kanye ne-fastspeedtest njengereferensi. Kodwa amanye amathuluzi okudlula awazange avumele ukuqedela izilinganiso ezingu-3 nge-iperf3 futhi ezimweni ezinjalo, ungathembela ku-speedtestfast.
ukuhlolwa kwesivinini kunikeza imiphumela ehlukene
Ithuluzi
Sekukonke, kwahlolwa amathuluzi okudlula ahlukene angama-24 noma inhlanganisela yawo, ngayinye yazo ngizonikeza izincazelo ezincane kanye nemibono yami yokusebenza nawo. Kepha empeleni, inhloso bekuwukuqhathanisa isivinini sama-shadowsocks (kanye nenqwaba yama-obfuscators ahlukile) i-openVPN kanye ne-wireguard.
Kulesi sihloko, ngeke ngixoxe ngokuningiliziwe ngombuzo othi "indlela engcono kakhulu yokufihla ithrafikhi ukuze unganqanyulwa," ngoba ukuvimba ukudlula kuyisinyathelo esisebenzayo - sizivumelanisa nalokho okusetshenziswa yi-censor futhi senze ngale sisekelo.
Imiphumela
Strongswanipsec
Ngokubona kwami, kulula kakhulu ukusetha futhi kusebenza ngokuzinza. Enye yezinzuzo ukuthi i-cross-platform ngempela, ngaphandle kwesidingo sokubheka amakhasimende endaweni ngayinye.
landa - 993 mbits; layisha - 770 mbits
Umhubhe we-SSH
Mhlawumbe ngamavila kuphela angabhalanga ngokusebenzisa i-SSH njengethuluzi lomhubhe. Enye yezinto ezimbi "i-crutch" yesisombululo, i.e. ukulithumela kuklayenti elikahle, elihle kuyo yonke inkundla ngeke kusebenze. Izinzuzo ukusebenza kahle, asikho isidingo sokufaka noma yini kuseva nhlobo.
landa - 1270 mbits; layisha - 1140 mbits
I-OpenVPN
I-OpenVPN ihlolwe ngezindlela zokusebenza ezi-4: tcp, tcp+sslh, tcp+stunnel, udp.
Amaseva e-OpenVPN alungiswa ngokuzenzakalelayo ngokufaka i-streisand.
Ngokufika lapho umuntu angahlulela khona, okwamanje yimodi yesitune kuphela ekwazi ukumelana nama-DPI athuthukile. Isizathu sokwanda okungavamile kokuphumayo lapho kugoqwa i-openVPN-tcp ku-stunnel akucaci kimi, ukuhlola kwenziwa ngokugijima okuningana, ngezikhathi ezahlukene nangezinsuku ezahlukene, umphumela wawufana. Mhlawumbe lokhu kungenxa yezilungiselelo zesitaki senethiwekhi ezifakiwe lapho kuthunyelwa i-Streisand, bhala uma unemibono yokuthi kungani lokhu kunjalo.
openvpntcp: landa - 760 mbits; layisha - 659 mbits
openvpntcp+sslh: landa - 794 mbits; layisha - 693 mbits
i-openvpntcp+stunnel: landa - ama-mbits angu-619; layisha - 943 mbits
openvpnudp: landa - 756 mbits; layisha - 580 mbits
Vula ukuxhuma
Akulona ithuluzi elidume kakhulu lokudlula izithiyo, lifakiwe kuphakheji ye-Streisand, ngakho-ke sinqume ukuyihlola nayo.
ukulanda - 895 mbits; layisha 715 mbps
I-Wire Guard
Ithuluzi le-hype elidumile phakathi kwabasebenzisi baseNtshonalanga, abathuthukisi bephrothokholi baze bathola ezinye izibonelelo zokuthuthukiswa ezivela ezikhwameni zokuvikela. Isebenza njengemojula ye-Linux kernel nge-UDP. Muva nje, amakhasimende amawindi avele.
Yaqanjwa ngumdali njengendlela elula, esheshayo yokubuka i-Netflix ngenkathi ungekho ezifundeni.
Ngakho okuhle nokubi. Izinzuzo: iphrothokholi eshesha kakhulu, ukufakwa kalula nokucushwa. Ukungalungi - umthuthukisi akazange aqale ukuyidala ngenhloso yokweqa izithiyo ezinkulu, ngakho-ke i-wargard itholwa kalula ngamathuluzi alula, kuhlanganisa. i-wireshark.
I-wireguard protocol ku-wireshark
ukulanda - 1681 mbits; layisha 1638 mbps
Kuyathakazelisa ukuthi umthetho olandelwayo we-warguard usetshenziswa kuklayenti leqembu lesithathu le-tunsafe, okuthi, uma lisetshenziswa neseva efanayo ye-warguard, linikeze imiphumela emibi kakhulu. Kungenzeka ukuthi iklayenti le-Windows wargard lizobonisa imiphumela efanayo:
tunsafeclient: landa - 1007 mbits; layisha - 1366 mbits
I-OutlineVPN
Uhlaka luwukusetshenziswa kweseva ye-shadowox kanye neklayenti enokusetshenziswa kubonwa okuhle nokulula okuvela ku-jigsaw ye-Google. Ku-Windows, iklayenti le-outline limane liyisethi yezisonga ze-shadowsocks-local (iklayenti le-shadowsocks-libev) kanye ne-badvpn (inambambili ye-tun2socks eqondisa yonke ithrafikhi yomshini kummeleli wamasokisi wasendaweni).
I-Shadowsox yake yamelana ne-Great Firewall yase-China, kodwa ngokusekelwe ekubuyekezweni kwakamuva, lokhu akusenjalo. Ngokungafani ne-ShadowSox, ngaphandle kwebhokisi ayisekeli ukuxhuma i-obfuscation ngama-plugin, kodwa lokhu kungenziwa ngesandla ngokucubungula iseva neklayenti.
landa - 939 mbits; layisha - 930 mbits
Abathandwa
I-ShadowsocksR iyimfoloko ye-Shadowsocks yasekuqaleni, ebhalwe nge-Python. Ngamafuphi, yibhokisi lethunzi lapho izindlela ezimbalwa zokufihlwa kwethrafikhi ziphinwe khona ngokuqinile.
Kukhona izimfoloko ze-ssR ku-libev nokunye. Ukusebenza okuphansi kungenzeka kungenxa yolimi lwekhodi. I-shadowsox yasekuqaleni ku-python ayisheshi kakhulu.
shadowsocksR: landa ama-mbits angama-582; layisha 541 mbits.
Ama-Shadowsocks
Ithuluzi le-Chinese block bypass elenza okungahleliwe ithrafikhi futhi liphazamise ukuhlaziya okuzenzakalelayo ngezinye izindlela ezimangalisayo. Kuze kube muva nje, i-GFW ayizange ivinjwe; bathi manje ivinjiwe kuphela uma i-relay ye-UDP ivuliwe.
I-Cross-platform (kunamakhasimende anoma iyiphi iplatifomu), isekela ukusebenza ne-PT efana ne-obfuscators kaThor, kukhona okumbalwa kwayo noma okuguqulelwe kuyo ama-obfuscators, ngokushesha.
Kunenqwaba yokuqaliswa kwamaklayenti we-shadowox namaseva, ngezilimi ezahlukene. Ekuhloleni, ama-shadowsocks-libev asebenze njengeseva, amaklayenti ahlukene. Iklayenti leLinux elishesha kakhulu liphenduke ama-shadowsocks2 ekuhambeni, lasakazwa njengeklayenti elizenzakalelayo ku-streisand, angikwazi ukusho ukuthi amafasitela-ama-shadowsocks akhiqiza kangakanani. Ezivivinyweni eziningi ezengeziwe, i-shadowsocks2 isetshenziswe njengeklayenti. Izithombe-skrini ezihlola ama-shadowsocks-libev ahlanzekile ayenziwanga ngenxa yokusalela okusobala kwalokhu kuqaliswa.
shadowsocks2: ukulanda - 1876 mbits; layisha - 1981 mbits.
shadowsocks-rust: landa - 1605 mbits; layisha - 1895 mbits.
I-Shadowsocks-libev: ukulanda - ama-mbits angu-1584; layisha - 1265 mbits.
Ama-obfs alula
I-plugin ye-shadowsox manje isisesimweni "esinciphile" kodwa isasebenza (yize ingasebenzi kahle njalo). Ithathelwe indawo kakhulu i-v2ray-plugin. Iphazamisa ithrafikhi noma ngaphansi kwe-websocket ye-HTTP (futhi ikuvumela ukuthi uphathe unhlokweni wendawo, wenze sengathi ngeke ubukele i-pornhub, kodwa, isibonelo, iwebhusayithi yoMthethosisekelo weRussian Federation) noma ngaphansi kwe-pseudo-tls (pseudo). , ngenxa yokuthi ayisebenzisi noma yiziphi izitifiketi, i-DPI elula kakhulu njenge-nDPI yamahhala itholwa njengokuthi βtls no cert.β Kumodi ye-tls, akusakwazeki ukukhohlisa izihloko).
Kuyashesha impela, kufakwe ku-repo ngomyalo owodwa, okulungiselelwe kalula, kunomsebenzi owakhelwe ngaphakathi (uma ithrafikhi evela kuklayenti elingeyona elula-obfs iza echwebeni elilalela i-simple-obfs, iyidlulisela ekhelini. lapho ucacisa khona kuzilungiselelo - njengalokhu Ngale ndlela, ungagwema ukuhlola ngesandla kwe-port 80, isibonelo, ngokumane uqondise kabusha kuwebhusayithi ene-http, kanye nokuvimbela ngokusebenzisa ama-probes wokuxhumana).
shadowsockss-obfs-tls: ukulanda - 1618 mbits; layisha 1971 mbits.
shadowsockss-obfs-http: ukulanda - 1582 mbits; layisha - 1965 mbits.
Ama-obfs alula kumodi ye-HTTP angaphinda asebenze ngommeleli we-CDN reverse (isibonelo, i-cloudflare), ngakho-ke kumhlinzeki wethu ithrafikhi izobukeka njengethrafikhi ye-HTTP-plaintext eya ku-cloudflare, lokhu kusivumela ukuthi sifihle umhubhe wethu kangcono, futhi ngesikhathi esifanayo hlukanisa indawo yokungena kanye nokuphuma kwethrafikhi - umhlinzeki ubona ukuthi ithrafikhi yakho iya ekhelini le-CDN IP, futhi ukuthanda okweqisayo ezithombeni kubekwa ngalesi sikhathi kusuka ekhelini le-VPS IP. Kumele kushiwo ukuthi i-s-obfs nge-CF esebenza ngokungaqondakali, ngezikhathi ezithile ingavuli ezinye izinsiza ze-HTTP, isibonelo. Ngakho-ke, akukwazanga ukuhlola ukulayisha usebenzisa i-iperf nge-shadowsockss-obfs+CF, kodwa uma kubhekwa imiphumela yokuhlolwa kwesivinini, ukuphuma kusezingeni le-shadowsocksv2ray-plugin-tls+CF. Anginamathiseli izithombe-skrini ezivela ku-iperf3, ngoba... Akufanele uthembele kubo.
ukulanda (okushesha) - 887; layisha (isivinini) - 1154.
Landa (iperf3) - 1625; layisha (iperf3) - NA.
i-v2ray-plugin
I-V2ray-plugin ithathe indawo yama-obfs alula njenge-obfuscator βesemthethweniβ eyinhloko yama-ss libs. Ngokungafani nama-obf alula, ayikabikho kumakhosombe, futhi udinga ukulanda kanambambili ohlanganiswe ngaphambilini noma uzihlanganisele wena.
Isekela izindlela zokusebenza ezi-3: okuzenzakalelayo, i-websocket ye-HTTP (esekelwa izihloko ze-spoofing zomsingathi wendawo); tls-websocket (ngokungafani nama-s-obfs, lena ithrafikhi egcwele ye-tls, ebonwa yinoma iyiphi iseva yewebhu yommeleli ehlanekezelwe futhi, isibonelo, ikuvumela ukuthi ulungiselele ukunqanyulwa kwe-tls kumaseva e-cloudfler noma ku-nginx); quic - isebenza nge-udp, kodwa ngeshwa ukusebenza kwe-quic ku-v2rey kuphansi kakhulu.
Phakathi kwezinzuzo uma kuqhathaniswa nama-obfs alula: i-plugin ye-v2ray isebenza ngaphandle kwezinkinga nge-CF kumodi ye-HTTP-websocket nganoma iyiphi ithrafikhi, kumodi ye-TLS iyithrafikhi ye-TLS egcwele, idinga izitifiketi zokusebenza (isibonelo, kusuka ku-Let's encrypt or self -isayiniwe).
shadowsocksv2ray-plugin-http: ukulanda - 1404 mbits; layisha 1938 mbits.
shadowsocksv2ray-plugin-tls: landa - 1214 mbits; layisha 1898 mbits.
shadowsocksv2ray-plugin-quic: download - 183 mbits; layisha 384 mbits.
Njengoba bese ngishilo, i-v2ray ingasetha izihloko, futhi ngaleyo ndlela ungakwazi ukusebenza nayo ngokusebenzisa i-CDN yommeleli ehlanekezelayo (i-cloudfler ngokwesibonelo). Ngakolunye uhlangothi, lokhu kuhlanganisa ukutholwa komhubhe, ngakolunye uhlangothi, kungakhuphuka kancane (futhi ngezinye izikhathi kunciphise) i-lag - konke kuncike endaweni yakho namaseva. I-CF okwamanje ihlola ukusebenza nge-quic, kodwa le modi ayikatholakali (okungenani kuma-akhawunti amahhala).
shadowsocksv2ray-plugin-http+CF: landa - 1284 mbits; layisha 1785 mbits.
shadowsocksv2ray-plugin-tls+CF: landa - 1261 mbits; layisha 1881 mbits.
I-Cloak
I-shred ingumphumela wokuthuthukiswa okuqhubekayo kwe-GoQuiet obfuscator. Ilingisa ithrafikhi ye-TLS futhi isebenza nge-TCP. Okwamanje, umbhali ukhiphe inguqulo yesibili ye-plugin, i-cloak-2, ehluke kakhulu kwengubo yokuqala.
Ngokonjiniyela, inguqulo yokuqala ye-plugin isebenzise indlela ye-tls 1.2 yokuqalisa kabusha iseshini ukumosha ikheli lendawo ye-tls. Ngemva kokukhishwa kwenguqulo entsha (iwashi-2), wonke amakhasi e-wiki ku-Github achaza le nqubo asusiwe; akukho okushiwo ngalokhu encazelweni yamanje yokubethela kwe-obfuscation. Ngokwencazelo yombhali, inguqulo yokuqala ye-shred ayisetshenziswanga ngenxa yokuba khona "kobungozi obubucayi ku-crypto." Ngesikhathi sokuhlolwa, kwakukhona kuphela inguqulo yokuqala yengubo, amabhanari ayo asekhona ku-Github, futhi ngaphandle kwakho konke okunye, ukukhubazeka okubalulekile akubalulekile kakhulu, ngoba I-shadowsox ibhala ithrafikhi ngendlela efanayo nangaphandle kwejazi, futhi i-cloac ayinawo umthelela ku-crypto ye-shadowsox.
I-shadowsockscloak: ukulanda - 1533; layisha - 1970 mbits
Kcptun
isebenzisa i-kcptun njengokuthutha futhi kwezinye izimo ezikhethekile ivumela ukufeza ukwanda kokusebenza. Ngeshwa (noma ngenhlanhla), lokhu kubaluleke kakhulu kubasebenzisi abavela e-China, abanye o-opharetha beselula babo abacindezela kakhulu i-TCP futhi bangathinti i-UDP.
I-Kcptun ikulambele kakhulu, futhi ilayisha kalula ama-zion cores angu-100 ku-4% lapho ihlolwa iklayenti elilodwa. Ngaphezu kwalokho, i-plugin "ihamba kancane", futhi uma isebenza nge-iperf1 ayiqedi ukuhlolwa kuze kube sekugcineni. Ake sibheke ukuhlolwa kwesivinini kusiphequluli.
shadowsockskcptun: landa (speedtest) - 546 mbits; layisha (isivinini) 854 mbits.
isiphetho
Ingabe udinga i-VPN elula, esheshayo ukumisa ithrafikhi kuwo wonke umshini wakho? Khona-ke ukukhetha kwakho kungu-warguard. Ingabe uyawafuna ama-proxies (okukhetha umhubhe noma ukuhlukaniswa kokugeleza komuntu obonakalayo) noma ingabe kubaluleke kakhulu kuwe ukuthi ufihle ithrafikhi ekuvinjweni okungathi sΓna? Bese ubheka i-shadowbox ene-tlshttp obfuscation. Ingabe ufuna ukuqiniseka ukuthi i-inthanethi yakho izosebenza inqobo nje uma i-inthanethi isebenza nhlobo? Khetha ithrafikhi ye-proxy ngokusebenzisa ama-CDN abalulekile, ukuvimba okuzoholela ekuhlulekeni kwesigamu se-intanethi ezweni.
Ithebula le-Pivot, lihlelwa ngokulanda
Source: www.habr.com