woodlyer
Which gost tunnel protocol is harder to be detected by GFW?
Hello There ,
I have a domestic VPS and a foreign VPS . The foreign VPS is running v2ray ( vless + ws + tls or vmess + ws + tls ) . My question is , which gost tunnel scenario between domestic VPS and foreign VPS is the hardest for GFW to detect ? Also I read somewhere that if my foreign v2ray server is using ws or tls , then gost tunnel doesn't work and I should use tcp + http instead .
can you please help me understand :
1 - which gost tunnel works with my foreign VPS v2ray config ( vless + ws + tls or vmess + ws + tls ) ? 2 - which gost tunnel is hardest to detect for GFW ?
Thank you .
از عزیزان ایرانی هم اگر کسی میدونه کدوم تانل gost توسط فیلترینگ دیر تر شناسایی میشه یا کلا شناسایی نمیشه لطفا اطلاع بده . تشکر
-
I don't use vless + ws. I think kcp is very good and fast. kcp + ss is very easy to use.
KCP support not only UDP,but also TCP (only on linux). If your VPS can receive UDP, I recomend you to use KCP tunnel.
In the tunnel, you can use ss, or vless, or vmess. -
At this time. kcp of gost is not detected by GFW. When the kcptun is blocked. Because user count of KCP is little. kcp of gost is a little different with kcptun.
If you want to be faster. you can use hysteria. But kcp is fast enough for you.
Thank you for the information . I will try gost's KCP tunnel to see how it performs but just to be sure , does this mean the foreign VPS can have any v2ray config such as ( vless + ws + tls ) or should it be like vless + kcp since the tunnel mode is kcp ?
I have tryed vless + kcp , It's OK. see: https://github.com/woodlyer/gostExample/tree/main/v2ray
for "vless + ws + tls", tls is used to protect vless. If youf use kcp, there is no need to use tls or ws. ( tls need cert. is hard to use. gost also support tls tunnel maybe you can try it.)
I like ss more than vless. because gost support ss. Almost every v2ray client support ss. ss is much more easy than vless.
When you have a powerful secure KCP tunnel, just use easy ss running in the tunnel. I think.
You can use ss to connect domestic VPS. It will not pass the GFW. It's safe.
Dear friend Generally, the use of protocols based on UDP is not recommended for use in Iran under any circumstances (such as KCP).
Apart from the disruption on udp, dpi Iran with high confidence blocks IPs from protocols with udp base
Use these
relay+tls relay+otls relay+grpc
I know that relay encapsulates the data (although I don't know how and how it does it and how Iranian dpi behaves with it) But I don't know anything about the forward protocol and how it behaves with data (but you can use forward instead of relay)
I have good reports from these two protocols
You can also use forward instead of relay and avoid socks, http proxy, ss, kcp, ws, raw tcp, wms and wmss.
(These are written based on experiences inside Iran, please do not use China as your source!)
@omid-j-d thank you for you advice. kcp support tcp mode too. (only for linux). May be you can try it in Iran.
./gost -L=kcp://:9000?tcp=true
Dear friend Generally, the use of protocols based on UDP is not recommended for use in Iran under any circumstances (such as KCP).
Apart from the disruption on udp, dpi Iran with high confidence blocks IPs from protocols with udp base
Use these
relay+tls relay+otls relay+grpc
I know that relay encapsulates the data (although I don't know how and how it does it and how Iranian dpi behaves with it) But I don't know anything about the forward protocol and how it behaves with data (but you can use forward instead of relay)
I have good reports from these two protocols
You can also use forward instead of relay and avoid socks, http proxy, ss, kcp, ws, raw tcp, wms and wmss.
(These are written based on experiences inside Iran, please do not use China as your source!)
Hello Omid , thanks for the response . You said " I have good reports from these two protocols " . which two do you mean ? relay+tls ?
Also have you used any combination on a server which has many users on it ? if yes , was it detected by GFW ?
my target server is using vless + ws .
@omid-j-d thank you for you advice. kcp support tcp mode too. (only for linux). May be you can try it in Iran.
./gost -L=kcp://:9000?tcp=true
I got good results from kcp (for ten people), but the issue was that due to the buffer it creates, it causes the cost of traffic on Iranian servers to increase (each terabyte is equivalent to $20 in Iran), although the developer himself does not recommend KCP in Iran
Dear friend Generally, the use of protocols based on UDP is not recommended for use in Iran under any circumstances (such as KCP). Apart from the disruption on udp, dpi Iran with high confidence blocks IPs from protocols with udp base Use these relay+tls relay+otls relay+grpc I know that relay encapsulates the data (although I don't know how and how it does it and how Iranian dpi behaves with it) But I don't know anything about the forward protocol and how it behaves with data (but you can use forward instead of relay) I have good reports from these two protocols You can also use forward instead of relay and avoid socks, http proxy, ss, kcp, ws, raw tcp, wms and wmss. (These are written based on experiences inside Iran, please do not use China as your source!)
Hello Omid , thanks for the response . You said " I have good reports from these two protocols " . which two do you mean ? relay+tls ?
Also have you used any combination on a server which has many users on it ? if yes , was it detected by GFW ?
my target server is using vless + ws .
The answer to this question was really complicated. I used several datacenters for my tests (afranet, hostiran, laser). I feel that the situation has completely changed since April 8 and all this is before this. In the Afra Net data center, everything was perfect (unlike now), even I was able to do my work for six months with a normal iptables, but in the Hostiran data center, everything was the opposite, all the methods were blocked in less than a few days, and the maximum duration of IP endurance was about It would be 20 days with fifty users. Now I switched to laser and I realized that it is different in each data center and I can't say in general about forward and relay, the point here is whether we want to encapsulate the data or not. If the answer is yes, we need to use relay (we need to find out if dpi detects relay or not, otherwise use forward.
At this time. kcp of gost is not detected by GFW. When the kcptun is blocked. Because user count of KCP is little. kcp of gost is a little different with kcptun.