Giter Club home page Giter Club logo

Comments (3)

avatar commented on June 26, 2024

The posts I've read here say that TLS-in-TLS results in proxy detection by the GFW Iran as well as the GFW China.

When you say "vless tcp http" you may be thinking of Xray Reality. If you use that configuration, you must configure your Xray Reality server correctly. You must prevent traffic to the proxy server from returning back through the firewall to your own country. That would flag your IP address as an obvious proxy server. Also, only certain SNI names work for Xray Reality. I do not have an up-to-date list of which SNI names work.

For Iran, IP blocking seems to be as big a problem as protocol detection. In fact, proxy blocking is often blamed on protocol detection, whereas the blocking is more likely to be due to IP blocking. The GFW Iran partitions IP addresses into 3 subsets:

  • "Blacklist" consists of IPs that are completely blocked.
  • "Whitelist" consists of IPs that are allowed.
  • "Graylist" consists of all other IP addresses. These are subject to throttling and packet loss.

ISPs may gradually move graylisted IP addresses into the blacklist, if they discover the AS is commonly used for proxy servers. In other words, what your IP neighbors do may impact your own proxy server, through no fault of your own.

You can find links to Xray Reality tutorials on the GitHub README page for Xray-core.

from bbs.

omid-j-d avatar omid-j-d commented on June 26, 2024

Thank you for your good explanation. You are right, this has happened to me many times and I have also heard it. Let's say I'm six months ago and reality doesn't exist at all because I have another method in mind and I'll share the results later. What I am concerned about is dpi, suppose I want to connect to Instagram and use the vless tcp http method, and I consider that the firewall has become suspicious and wants to analyze my packets, the question is, since vless It doesn't have encryption, is it enough to hide what http does? Or dpi analyzes it and finds traces of Instagram in my packets? Although I think the second option is correct, of course, in your opinion, using flow vision does not solve the problem of TLS-in-TLS?

from bbs.

asimov1234 avatar asimov1234 commented on June 26, 2024

@omid-j-d hi , this method not working now, and i'm suffering from gfw, would you mind tell me what's your choice now?

from bbs.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.