Open WinkVPN opened 1 year ago
OnceUponATimeInAmerica
commented
1 year ago Do not invest time in Shadowsocks! Yes, because it uses SSL (and not the latest version of TLS) it has a obvious wire signature and is easily blocked. In the recent upgraded wave of Internet censorship in Iran, most Shadowsocks servers stopped working. I would advise going for something almost identical to HTTPS (from a browser) traffic on the wire. Trojan configs and vless v2ray configs are working OK.
wkrp
commented
1 year ago @WinkVPN I recommended taking a look at some of the other threads.
The only requirement is to buy a cheap VPS that is outside of Iran and also accessible by your internet connection. (you can talk or call with service providers before buying a VPS, to get an IP for ping testing their data center to know whether it's accessible or not)
https://github.com/net4people/bbs/issues/140#issuecomment-1282597610
If you have access to both a domestic server and a foreign server, you might try a domestic relay to a foreign Shadowsocks server.
My impression is that blocking has less to do with the Shadowsocks protocol, and more to do with IP address ranges.
@OnceUponATimeInAmerica Shadowsocks is not a TLS-based protocol. You may be thinking of something else.
nonfdsaofd
commented
1 year ago if the blocking technology in Iran is something similar to the great fire wall of China, then it can be blocked easily.
OnceUponATimeInAmerica
commented
1 year ago @OnceUponATimeInAmerica Shadowsocks is not a TLS-based protocol. You may be thinking of something else.
Yes. Shadowsocks uses the older SSL handshake (and NOT the newer TLS), as far as I know and recall. Do you mean no SSL handshakes are involved either?
GibMeMyPacket
commented
1 year ago My impression is that blocking has less to do with the Shadowsocks protocol, and more to do with IP address ranges.
I can simply say this is wrong. Shadowsocks doesn't work, no matter what VPS or ISP, even if it work via a local CDN (i didn't tested it this way) then it still is all related to the Shadowsocks protocol. I have tried many different ISP/Country and IPs, Encryptions, Websocket with TLS, QUIC and many more, it's just that Shadowsocks doesn't work. as simple as that. Tried with the new uTLS option to HTTP2 Doesn't work.
wkrp
commented
1 year ago Yes. Shadowsocks uses the older SSL handshake (and NOT the newer TLS), as far as I know and recall. Do you mean no SSL handshakes are involved either?
Shadowsocks is not based on SSL and it is not based on TLS. It is a custom protocol that is independent of SSL and TLS. You can see the protocol description here. There are other variations of Shadowsocks, but as far as I know, none of them use TLS.
It may be that there are software bundles that combine Shadowsocks functionality with other, non-Shadowsocks, TLS-based protocols; and with SIP003 plugins Shadowsocks can be wrapped in any other protocol; but I think when people talk about Shadowsocks being blocked, they are referring to the custom Shadowsocks cryptographic protocol running on TCP.
@gfw-report has a detailed report on the Shadowsocks protocol and how it was being probed by the Great Firewall:
wkrp
commented
1 year ago Shadowsocks doesn't work, no matter what VPS or ISP, even if it work via a local CDN (i didn't tested it this way) then it still is all related to the Shadowsocks protocol.
@GibMeMyPacket I cannot dispute your lived experience. I only know what has been reported in other threads like #138 and #140. But the tests you describe are not, by themselves, enough to show that Shadowsocks specifically is being blocked. It could be that everything is blocked to certain IP ranges; that is, it could be that Shadowsocks is not being specially blocked, it is just one of many protocols included in a more general block. A careful test would try other protocols, in addition to Shadowsocks, to certain IP ranges: if the other protocols work, but Shadowsocks does not, that would be evidence that Shadowsocks is being targeted particularly for blocking. But if nothing works, it does not say much about the Shadowsocks in particular.
asimov1234
commented
3 months ago @wkrp is this method still working in iran?
wkrp
commented
3 months ago @wkrp is this method still working in iran?
I'm afraid I don't know.
Will Shadowsocks be banned in Iran? I'm planning to build a vpn app for users in Iran, but I'm not sure if Shadowsocks has been cracked.