There are two VPN technologies that are able to survive DPI.
1) ShadowSocks - https://shadowsocks.org
Shadowsocks is a free and open-source encryption protocol project, widely used in China to circumvent Internet censorship. It was created in 2012 by a Chinese programmer named "clowwindy", and multiple implementations of the protocol have been made available since.
2) Outline - https://getoutline.org
Outline VPN is a free and open-source tool that deploys Shadowsocks servers on multiple cloud service providers. The software suite also includes client software for multiple platforms. Outline was developed by Jigsaw, a technology incubator created by Google.
Not strictly a VPN, but you can rent a server for like 5-10 dollars a month and then run shadowsocks, with simple-obfs to get around the great firewall. From my personal experience, speeds are generally pretty quick.
Shadowsocks is a protocol, with several different implementations available.
PIA installs a shadowsocks service on their own servers.
Your VPN data is never passed to or through any server controlled by some shadowsocks organisation - if one even exists.
Same goes for OpenVPN and Wireguard fwiw.
taken from an older thread :
Get the smallest Vultr server in Tokyo with Ubuntu 15.10 64 bit. (vultr.com)
Follow this guide to set it up. ( https://freevps.us/thread-16882.html )
Get a client here to connect to your server. ( https://shadowsocks.org/en/index.html )
worked for me, ive been watching youtube in 1080p for about a month, i get good speed. my internet still sucks but at least i get no vpn problems.
Maybe try Wireguard and SSH tunnelling but both of these can be blocked by enterprise firewalls. I’d give something like Shadowsocks a bash and see.
To be honest the easiest way is to just get an unlimited data plan for your phone in the UK
I would use shadowsocks and proxychains then it will look like regular HTTP traffic but you can tunnel any traffic through the socks v5 proxy (including DNS request). https://shadowsocks.org/en/index.html
I'm not an expert on this, but I checked Dante webpage and if you only want a socks server setup, maybe you can try Shadowsocks. https://shadowsocks.org/en/index.html
I'm using shadowsocks-libev version on my vps to setup a proxy to bypass our national censorship firewall.
Thanks for the report. If you're willing, would you mind sending feedback from within the app and filing a bug on GitHub? We're currently working on improving the desktop clients, so detailed reporting will help us understand what's happening.
In the meantime, you may consider trying another Linux Shadowsocks client to see if you have the same problem.
You must use one of the AEAD Ciphers. Non-AEAD ciphers are easy to break and will get your server blocked quickly.
I suggest chacha20-ietf-poly1305, which is the fastest without specialized AES hardware, designed for mobile.
Also make sure you use long random passwords.
The easiest way to deploy a safe Shadowsocks setup is using the the Outline Manager (https://getoutline.org).
(Disclaimer: I'm one of the creators of Outline)
Try Shadowsocks - https://shadowsocks.org/en/index.html Else, V2ray - https://github.com/v2ray/v2ray-core
I think their are some free Shadowsocks servers but frankly I never got it to work well (somewhat flaky, not sure if too many people or what) so I just paid for my own VPS running V2Ray
In this case, the only advantage of TCP over UDP is the ability to use the 443 port of HTTPS. In case of wirefuard you can do UDP over TCP with a simple software like this.
If the country performs DPI, changing the protocol and the port does not help. So UDP or TCP are the same. You have to use a proxy like shadowsocks.
In my opinion, this is not a point to prefer openVPN over wireguard.
You do not need Icecast, unless you want to or have to. Mpd can output to http directly like 180.56.78.99:4000 (4000 is the port you set in Mpd config as http output)
See this
https://wiki.archlinux.org/index.php/Music_Player_Daemon/Tips_and_tricks#HTTP_streaming
I recommend Wireguard for the reason you mentioned and also the traffic is encrypted. If your goverment is inspecting packets they might still know what you are listening since the traffic wont be encrypted. You probably can get encrypted stream if you set up Icecast, but I think that should be your last resort since it is a bit more involved.
If you do not want to use Wireguard, then setup proxy server on the VPS and use proxy to access to VPS stream, but not all apps on mobile platforms support proxy stuff, like this
https://shadowsocks.org/en/index.html (but do not click on this if you are worried about surveilance, you should read it via your VPS)
Assuming you have a computer at your home outside China and are willing to leave it on during your trip, instead of paying for one of those VPNs look into something Shadowsocks. It's a bit of work to set up, but instead of tunneling traffic through known VPN endpoints that China is routinely trying to block, it just encrypts individual packets and sends them to your unknown home computer which is likely so low volume that the admins of the Great Firewall are never going to notice.
Your home computer then actually makes the connection to wherever you really wanted to go, gets the data, and sends it back to your in China (encrypted again).
Last trip one of my friends set it up, and 3-4 of us used it constantly for everything; it worked much better than the paid VPNs a couple of us had signed up for before the trip.
Use the generator on here under "Try it yourself". You enter the uncrypted key and it will give you an encrypted key/QR you can add to outline
​
So you have two options now: stunnel or you can use ssh through shadowsocks (https://shadowsocks.org/en/index.html) proxy using this guide:
https://unix.stackexchange.com/questions/416010/ssh-through-shadowsocks
1) a VPN provides more features to obscure your personality when browsing the web. Even though there might be no censorship where you live the ISP + owner of the wifi knows more or less what you're doing. With either shadwsocks or a vpn they don't know what you're doing.
2) Server implementation I dunno what shadowsocksr is exactly, however all github repos I found had their last changes 2+ years ago --> I would use the official one since its still beeing developed actively
Eh, not a computer wiz by any stretch of the imagination.
Super, super, easy. It is not like this kid setup his own ShadowSocks, he just downloaded it.
Hi Elliot, Would you mind connecting with the 1.2.1 client, and sending feedback through the app? Some more technical data gets to us when you submit through the app, and it might help us troubleshoot. If the problem that you are experiencing is that you seemingly connect successfully but nothing loads, would you mind running "route print" on the Windows terminal, and sending me the outcome on private message? Thanks!
Regarding operating as a browser-only VPN: We currently don't have plans to support two modes, but you CAN use the Shadowsocks Windows client, that does operate as a browser-only VPN: https://shadowsocks.org/en/download/clients.html
I would give that a shot :)
Now that Russian Censorsip has banned Google Play, OCSP checks for SSL certificates and other useful things, just using socks5 proxy for mobile client is not enough. So I added single-command installation of shadowsocks to https://selivan.github.io/socks. It consumes less battery, than OpenVPN.
Now that Russian Censorsip has banned Google Play, OCSP checks for SSL certificates and other useful things, just using socks5 proxy for mobile client is not enough. So I added single-command installation of shadowsocks to https://selivan.github.io/socks. It consumes less battery, than OpenVPN.
You might want to look at Google Jigsaw's Outline at https://getoutline.org It is one of the easiest self hosted VPN setups you can find based on Shadowsocks. It could be up and running in minutes with better/more hardened security than most systems and much harder to block via firewalls/double NAT.
Besides that, IKEv1 vs. IKEv2 suggests you should be aiming for v2.
https://shadowsocks.org/en/index.html
ShadowSocks is probably the best option here. Super simple to setup, authentication, choose which encryption method you're comfortable with, and it can even be installed as a non-root user on free hosting where you have shell access. This is advantageous because these systems have tens of thousands of users and offer shell access without any personally identifiable information.
The only thing I suggest doing is specifying the ShadowSocks log location to your home directory and setup a shred daemon to shred the logs every few seconds;
> [screen -dmS shredder] {watch -n10} (shred -fu shadowsocks.log)
[] = create a named screen session called "shredder" (as daemon)
{} = run postceding command 1 times every 10 seconds until forever
() = force shred shadowsocks.log
by overwriting the data 3x and then rm
the file after its done
It's not the most secure solution you have at your disposal, but it's entirely free and works very well. Because of the nature of the systems you also get herd immunity.
Any proxy software which supports Linux will work as well but I recommend using OpenVPN instead since it's more secure and still not hard to setup. Though a proxy could be ok as well if you just want to get around geoblocks. Here's the shadowsocks tutorial https://shadowsocks.org/en/download/servers.html
And OpenVPN access server is actually even easier to setup.