VPN-virtual private network, is to establish a private network on a public network for encrypted communication. It uses the
encrypted tunneling protocol to achieve private message security effects such as confidentiality, sender authentication,
and message accuracy. This technology can use insecure networks (such as the Internet) to send reliable and secure
messages. It should be noted that whether the message is encrypted or not can be controlled. Virtual private network
messages that are not encrypted are still in danger of being stolen.
SS-The author of SS is Clowwindy. About two years ago, he himself wrote shadowsocks, abbreviated as ss, or shadowsock, to
overcome the wall. Later, I was invited to have tea, and then I deleted the source code on github. But now you can still
find the code.
SSR-Not long after the SS author was invited to have tea, an account called breakwa11 (POWA) appeared on github and
released an upgraded version of SS-SSR, the full name is shadowsocks-R. SSR is not only compatible with SS, but also has
improved obfuscation and protocol, making data less likely to be detected by firewalls, and less likely to be discovered
over the wall.
The principle of SS and SSR are the same, that is, socks5 proxy. The socks proxy simply transmits data packets, so the
socks proxy is much faster than other application layer proxies. The socks5 proxy is to pass your network data request
through a channel between you and the proxy server, and the server forwards it to the destination. In this process, you do
not pass through a dedicated channel, just the data packet is sent out and then the proxy server Received, there is no
additional processing in the whole process. In layman's terms, now you have a proxy server in Hong Kong. For example, if
you want to access google now, your computer sends a request, and the traffic is sent to your server in Hong Kong through
the socks5 connection, and then your server in Hong Kong visits google, and then send the visit results back to your
computer, so that you can overcome the wall.
Because VPN is a dedicated channel, it is used to transmit encrypted data to the enterprise, so the traffic characteristics
of VPN are obvious. Take OPENVPN as an example. I will not go into more details here. The traffic characteristics are
obvious, and the firewall will analyze you directly. If the characteristics match, block it directly. In terms of
overcoming the wall, PPTP-type VPNs are almost dead, and most areas of L2TP have serious interference and are unstable.
The purpose of SS/SSR is to circumvent the wall, while the purpose of VPN is to encrypt corporate data. For VPN, security
is the first priority, and for SS/SSR, firewall penetration is the first. The anti-interference is strong, and the traffic
is obfuscated. When all the traffic passes through the firewall, it is basically recognized as ordinary traffic, which
means that you have overrun the wall, but the government cannot detect that you are overrun the wall. The starting point
and focus of the two are different. SS/SSR pays more attention to obfuscated encryption of traffic.
Which is better, SS or SSR? After checking, Shenzhen is using precise SS protocol identification technology to ban VPN
Internet access. If it finds any use of VPN, it will stop broadband, and then resume broadband after writing a guarantee.
Operators directly monitor your network access from the source. Any web sites and data browsed are monitored, and it's luck
to get over the wall.
The emergence of the SSR version changed the simple TCP packet sending mode of SS, using UDP and TCP conversion to minimize
the characteristics of the protocol flow, while obfuscating and customizing the protocol interface, making the flow
invisible and difficult to detect, especially in the later redirection Parameters, you can even disguise Twitter traffic as
bing traffic for packet transmission.
No comments:
Post a Comment