Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Copper9 Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
How to bypass ISP censorship
(section)
Page
Discussion
English
Read
Edit
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
Edit source
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
= Standard (Non-Obfuscated) Protocols = This category includes the standard, “baseline” protocols for proxies and VPNs. These tools are not designed for censorship circumvention and are the primary targets for blocking. Their distinct protocol “fingerprints” make them easy for DPI systems to identify and filter. They are included here as a baseline to illustrate why the more advanced, obfuscated tools in the next section are necessary. == [https://www.wireguard.com/ WireGuard] == An extremely simple, fast, and modern VPN (Virtual Private Network) protocol. A modern protocol (initial release 2015) that is now part of the Linux kernel. Runs on client and server machines, supported natively or via apps on all major operating systems. It uses state-of-the-art cryptography and has a very small, auditable code base (under 4,000 lines of code). It operates over UDP. '''PROs:''' * <span style="color:green">'''Extremely Fast:'''</span> Significantly higher performance and lower latency compared to OpenVPN, due to its lightweight code and modern encryption. * <span style="color:green">'''Simple & Secure:'''</span> A small code base makes it easier to audit and less susceptible to attack. * <span style="color:green">'''Quick Reconnects:'''</span> Connects and reconnects almost instantly, making it ideal for mobile devices switching between Wi-Fi and cellular data. '''CONs:''' * <span style="color:red">'''Easily Blocked:'''</span> This is its key weakness for censorship. It has a distinct, recognizable protocol fingerprint. It is not designed to bypass DPI and is actively blocked in countries like China and Russia. Protocols like AmneziaWG (modified version of WireGuard designed to prevent DPI) should be used when possible. == [https://openvpn.net/ OpenVPN] == A mature, open-source, and highly configurable VPN protocol. First released in 2001, it has been the industry standard for over two decades. It uses a custom security protocol based on SSL/TLS. It can run over either TCP or UDP, which makes it flexible. '''PROs:''' * <span style="color:green">'''Mature:'''</span> Battle-tested and thoroughly audited for decades. * <span style="color:green">'''Flexible:'''</span> Can be configured to run over any port and use either TCP or UDP. '''CONs:''' * <span style="color:red">'''Easily Blocked:'''</span> Like WireGuard, its handshake is very distinct and easily identified and blocked by DPI systems. * <span style="color:red">'''Slow:'''</span> It is much slower and has higher latency than WireGuard. Its code base is big (400,000+ lines). == [https://en.wikipedia.org/wiki/IKEv2 IKEv2/IPsec] == A secure, standards-based VPN protocol (Internet Key Exchange version 2). Developed by Microsoft and Cisco, and standardized by the IETF. Native to most modern operating systems. It is often used in self-hosted setups (like Algo). '''PROs:''' * <span style="color:green">'''Native Support:'''</span> Supported “out of the box” by Windows, Android, macOS, and iOS. * <span style="color:green">'''Stable:'''</span> Very good at re-establishing a connection quickly when a network drops. '''CONs:''' * <span style="color:red">'''Easily Blocked:'''</span> It is not a circumvention tool and is easily detected and blocked by DPI. == [https://en.wikipedia.org/wiki/SOCKS SOCKS] == A low-level proxy protocol that can route virtually any type of network traffic from any application (SOCKS5 since 1996). A client application sends traffic to a SOCKS5 server, which then forwards it to the final destination. It operates at Layer 5 (the Session Layer). '''PROs:''' * <span style="color:green">'''Extremely Versatile:'''</span> Can handle any type of traffic, including web, P2P, gaming, and email. '''CONs:''' * <span style="color:red">'''Not Encrypted:'''</span> Provides zero encryption by itself. All traffic is sent in the clear and is fully visible to an ISP. * <span style="color:red">'''Trivially Blocked:'''</span> Unencrypted, identifiable traffic is extremely easy for any DPI system to inspect and block. == [https://en.wikipedia.org/wiki/Proxy_server HTTP(S) Proxies / Web Proxies] == A basic, high-level proxy protocol designed exclusively for web (HTTP and HTTPS) traffic. Primarily used by web browsers. It operates at Layer 7 (the Application Layer). '''PROs:''' * <span style="color:green">'''Simple:'''</span> Easy to set up and widely supported by all browsers. '''CONs:''' * <span style="color:red">'''Extremely Limited:'''</span> Only works for web traffic. * <span style="color:red">'''Not Encrypted:'''</span> Provides no encryption for your connection to the proxy (when no HTTPS). * <span style="color:red">'''Not Anonymous:'''</span> HTTP proxies typically add headers (like X-Forwarded-For) that identify the original user's IP address. * <span style="color:red">'''Trivially Blocked:'''</span> Very easy to detect and block.
Summary:
Please note that all contributions to Copper9 Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Wiki on Copper9:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
How to bypass ISP censorship
(section)
Add topic
