shadowsocks long opens pages, poor page load

[rdbox]

Please read Wiki carefully, especially / 提问前请先阅读wiki https://github.com/shadowsocks/shadowsocks-windows/wiki/Troubleshooting. Or search from issue board / 或在issue board中搜索 https://github.com/shadowsocks/shadowsocks-windows/issues?utf8=%E2%9C%93&q=is%3Aissue Please answer these questions before submitting your issue. Thanks! / 请按照以下格式描述你的问题

Version(release version or AppVeyor link) / 版本（正式版或基于AppVeyor的链接）

shadowsocks 4.0.10

Environment(Operating system, .NET Framework, etc) / 操作环境（操作系统，.NET Framework等）

Windows 7 .NET 4.7

Steps you have tried / 操作步骤

I myself configured shadowsocks on my server vps

What did you expect to see? / 期望的结果

does not work stably

What did you see instead? / 实际结果

Config and error log in detail (with all sensitive info masked) / 配置文件和日志文件（请隐去敏感信息）

version ss-server shadowsocks-libev 3.2.0 config ss-server

  1 {
  2     "server":"ip_server",
  3     "server_port":8530,
  4     "local_port":1080,
  5     "password":"123",
  6     "timeout":600,
  7     "method":"chacha20-ietf-poly1305",
  8     "fast_open":true,
  9     "plugin":"obfs-server",
 10     "plugin_opts":"obfs=tls;obfs-host=duckduckgo.com"
 11 }

shadowsocks GUI

this kind of site, the sites open long, at the bottom of the browser status bar, I often see a line that goes creating a secure connection And at this moment the page of the site ends with an error

ERR_TIMED_OUT

And we need to refresh the page through F5 many times that the page will load, and we also need to close the shadowsocks forcibly and reopen This creates a lot of problems that need to be done, so that it would not be ???

I'm trying to work from China

[chenshaoju]

There is any log from shadowsocks? Please paste to here.

You can get log by right click paper plane in the taskbar icon tray area, Select Help, And click "Show logs...".

Please hide your server IP address or domain from logs.

[rdbox]

Here's a log what say? shadowsocks.log

[chenshaoju]

The log looks fine.

Please ping your server, how much packet loss (%) and delay (ms).

[rdbox]

Here is a good ping. This problem with https sites, they open for a long time as if freezing for a while.

I can not understand what's the matter, I changed the different ones DNS 1.1.1.1 1.0.0.1 OpenDNS staged too.

Then I went the other way to the server to put my dns server the problem did not go away

Statistics for Ping for 
     Packets: sent = 100, received = 98, lost = 2
     (2% loss)
Approximate reception-transmission time in ms:
     Minimum = 53 msec, Maximum = 173 msec, Average = 61 msec

I need to understand where the problem is, or the local client does not work well or on the server itself the programs ss-server is not stable

[rdbox]

and yes, I'll remind you that I'm in china. Maybe I need some settings?

[chenshaoju]

If you do not use simple-obfs, the https access speed is fine? you need disable it on both sides.

If your server is built by yourself, please use wget or curl test https website access speed on your server?

I'm using plugins too, but I'm using GoQuite.

[rdbox]

Yes I use simple-obfs, I so understand that the Chinese GWF can detect my shadowsocks. You have to use simple-obfs to use it

and what is more effective than simple-obfs or another plug-in?

[jasonliul]

Simple-obfs could be the problem, sometimes it lost response without notice.

[rdbox]

@chenshaoju I started the GoQuiet plugin but here in the logs of the wireshark a file I noticed the packages marked as socks are bad. For this reason, you can easily block traffic

and with the simple-obfs plugin I have not seen this in the logs. What do you think about this issue?

[chenshaoju]

Did you enable TCP Fast Open?

In my case,everything looks fine, include simple-obfs.

[rdbox]

my config

  1 {
  2     "server":"ip_server",
  3     "server_port":8530,
  4     "local_port":1080,
  5     "password":"boobsboobs,
  6     "timeout":600,
  7     "method":"chacha20-ietf-poly1305",
  8     "fast_open":true,
  9     "plugin":"/etc/shadowsocks-libev/gq-server-linux32-1.1.2",
 10     "plugin_opts":"/etc/shadowsocks-libev/gqserver.json"
 11 }

  1 {
  2 "WebServerAddr":"ip_server:443",
  3 "Key":"123",
  4 "FastOpen":true
  5 }
  6

[chenshaoju]

please try to disable TCP fast open in line 8 and 4.

[rdbox]

I noticed efficiency, Internet speed became faster. I think this GoQuiet plugin helped me. Sites with https also began to open faster.

Although I have an idea that the Chinese GWF can again after a while start analyzing my traffic and looking for a vulnerability in it.

How do you think changing the password in the GoQuiet plugin more than 30 characters will be able to enhance encryption? traffic And make it more difficult to recognize

[chenshaoju]

I'm not sure, but it looks like your server IP address has been added to some like "high risk" lists in GFW.

I think long and complex password can defense brute-force crack, and keep your data transfer safe, but I guess GFW is not working like this, brute-force crack is too waste time, most is monitor traffic and block.

To imitating real network traffic, you can set the server port to 443, and use the big company domain name (Like m$) in Go-Quite options.

[rdbox]

it's interesting, but can you for more information on how to use the domain in the plugin? Do I have to buy a domain to register?

[chenshaoju]

no need for buying a domain, you can set it in your client go-quite config file.

in my case:

{
    "ServerName":"cn.bing.com",
    "Key":"<MASK>",
    "TicketTimeHint":3600,
    "Browser":"chrome",
    "FastOpen":false
}

source: https://github.com/cbeuw/GoQuiet/tree/master/config

[rdbox]

can any working domain be written? and another question that is better to use shadowsocks-windows or shadowsocksR I did not understand the difference between them

[chenshaoju]

Yes, Any domain can be work, but NOT recommend use blocked (by GFW) domain.

ShadowsocksR is a branch from Shadowsocks, It's hard to say who is better.

[rdbox]

how to scale the shadowsocks program? If you need developers can do so that shadowsocks would work in 2-3 layers of additional protection?

that traffic would be split into small pieces for 100% encryption. And that it would not be possible to decipher it even with large combing capacity it is possible?

How do you like my idea?...

[chenshaoju]

For now, The encryption used by Shadowsocks is secure http://shadowsocks.org/en/spec/AEAD-Ciphers.html , So multilayer encryption may not necessary.

The Shadowsocks protocol is community decided, for more information please read: https://github.com/shadowsocks/shadowsocks-org/wiki and https://github.com/shadowsocks/shadowsocks-org/issues .

I'm not the developer :) .