Pre-reading Tips#
Pre-reading Tips⚠#
1. This article does not have strong professionalism and is written based solely on personal experience, for reference only. If there are any errors, please contact me. If you have questions, Google Bing PLZ.
2. This article requires readers to have a certain basic knowledge reserve, to know what they are doing and what they are going to do.
3. Actually, starting to read directly from III. Some Basic Knowledge is also fine.
About GFW & VPN#
What is GFW#
GFW, short for Great Firewall (China's National Firewall), mainly refers to China's automated censorship and filtering monitoring of internet content, a software and hardware system composed of network devices such as computer routers. Due to the comprehensive nature of China's internet censorship, inappropriate websites within China are directly intervened and closed by administrative means. Therefore, the main function of the Great Firewall is to analyze, filter, and block the mutual access of network information inside and outside China.
The above is a basic introduction to GFW. If you want to gain a deeper understanding of the principles of GFW, you can visit the article Principles of GFW.
Why is there GFW#
I've seen this kind of thing a lot, I just want to say that those who understand, understand, and for those who don't, I won't explain much. After all, it's good to know for oneself, just savor it.
Don't come to ask me what's wrong, the interests involved are too great. Saying it won't do any good for either of us, it's better not to know. I can only say that the waters here are very deep, involving many things.
It's very difficult for you to find detailed information yourself; most of it has been deleted online, so I can only say that those who understand, understand.
You get my point, right?
About VPN#
VPN, short for Virtual Private Network, is typically used to extend a private network across a public network, allowing users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The benefits of VPN include enhanced functionality, security, and management of the private network. It provides access to resources that are not accessible on public networks, commonly used by remote office workers. VPN is just a type of encrypted communication technology, a general term. Therefore, it is incorrect to view VPN merely as a tool or technology for bypassing restrictions.
About Bypassing Restrictions#
What is Bypassing Restrictions#
Bypassing restrictions refers to circumventing relevant IP blocks, content filtering, domain hijacking, traffic limitations, etc., to access network content. —— Baidu Encyclopedia
As the name suggests, bypassing restrictions means breaking through the limitations of GFW to access blocked foreign websites. Many people think that bypassing restrictions is simply downloading a “×× accelerator” or “×× VPN”, and then clicking the big switch symbol in the middle of the screen, with a “VPN” label or a small airplane or key symbol appearing in the phone's status bar, allowing access to the external network.
In fact, this kind of bypassing experience is not very good, and this method will not be elaborated on in this article. This article mainly introduces the use of software such as V2Ray and Clash in conjunction with "airports".
My Bypassing Experience#
I first encountered bypassing restrictions around the fifth or sixth grade; it's been a long time, so I don't remember clearly. The only thing I remember is playing on my phone in a vegetable market while waiting for my dad to buy groceries. Out of boredom, I discovered Instagram in the App Store, wanted to play with it, but found that I couldn't register no matter what. So, I followed an online tutorial and began my first experience of bypassing restrictions.
After that, I gradually forgot about bypassing restrictions as I had no need for it.
Fast forward to the winter vacation of my second year of junior high, I suddenly wanted to access YouTube and Twitter, so I found a so-called "accelerator" online and started bypassing restrictions with a classmate. It was also at that time that I registered my Google account, which laid the groundwork for my later purchase of the Pixel series phone. (I highly recommend reading the article Incomplete Experience with Google Pixel)
Since then, I have gone further down the path of bypassing restrictions, learning many new skills and using many new tools, but that's a story for another time.
Some Basic Knowledge#
Some content in this section is reproduced from EdNovas's Blog
What are SS/SSR, What is V2Ray#
SS: The author of SS is clowwindy. About four years ago, he wrote Shadowsocks to bypass restrictions, abbreviated as SS or Shadow Socket. Later, he found this tool very useful, fast, and not easily blocked, so he shared the source code on GitHub, and it became popular. However, later the author was invited for tea, deleted the code, and promised not to participate in maintenance and updates anymore. Now this project has been taken over by other developers and is continuously maintained and updated.
SSR: After the SS author was invited for tea, an account called breakwa11 appeared on GitHub, claiming that SS was easily detected by firewalls, so he made improvements in obfuscation and protocol, making it harder to detect, and it was compatible with SS. The improved project was called Shadowsocks-R, abbreviated as SSR, and then SS users and SSR users naturally divided into two factions, arguing with each other until breakwa11 was doxxed, and he had to delete the SSR code and disband all related groups.
The principles of SS and SSR are the same, which is Socks5 proxy. Socks proxy simply forwards data packets without caring about the protocol, so Socks proxy is much faster than other application layer proxies. Socks5 proxy sends your network data requests through a channel connecting you and the proxy server, which is forwarded to the destination by the server. In this process, you do not go through a dedicated channel; the data packets are sent out and received by the proxy server without additional processing. In simple terms, if you have a proxy server in Hong Kong and want to access Google, your computer sends a request, the traffic goes through the Socks5 connection to your server in Hong Kong, and then your server in Hong Kong accesses Google and sends the result back to your computer, thus achieving bypassing restrictions.
Differences and Pros & Cons of VPN and SS/SSR#
From the above introduction, you can basically see the differences between VPN and SS/SSR, so which one is better?
Since VPN uses a dedicated channel, it is used for transmitting encrypted data for enterprises, so the traffic characteristics of VPN are very obvious. Firewalls can directly analyze your traffic, and if the characteristics match, they will block it directly. As for whether it will be blocked and to what extent, it depends on luck. (Just like not all criminals are in prison.) Currently, for the purpose of bypassing restrictions, PPTP type VPNs are almost dead, and L2TP is severely interfered with in most areas, making it very unstable.
SS/SSR is specifically designed for bypassing restrictions, while VPN is used for encrypting enterprise data. For VPN, security is the top priority, while for SS/SSR, penetrating firewalls is the top priority, with strong anti-interference, and the traffic is obfuscated, so when the traffic passes through the firewall, it is generally recognized as ordinary traffic. This means you have bypassed restrictions, but the government cannot detect that you are bypassing restrictions. (However, firewalls are also constantly upgrading, and their detection capabilities are certainly improving. But as of now, it is still normally usable.) The starting points and focuses of the two are different; SS/SSR pays more attention to traffic obfuscation and encryption. If you want to browse the internet securely and anonymously, you can use VPN+Tor or SS/SSR+Tor.
One more point regarding security is that domestic VPN service providers can easily have their server logs accessed by the government. If they really do this, everything you did while bypassing restrictions will be laid bare.
What is an "Airport"#
This is actually easy to explain. Many of the SS/SSR clients we commonly use have icons similar to paper airplanes. So sometimes we also refer to this type of software and its derivatives as "little airplanes." These software will use nodes, which are the lines. You can think of them as advanced VPNs that allow you to customize the lines, but they are indeed not VPNs. An airport can be considered a provider of node services.
Local IP (Native IP) & International IP (Broadcast IP)#
Local native IPs provided by local ISP operators have a 100% local affiliation, and the price is relatively high, which can be recognized by services or games restricted to certain areas. Non-local affiliated IPs are allocated to usable areas through broadcasting methods, with a friendly price and a network experience consistent with local IPs. Native IP refers to an IP whose registration address is consistent with the country where the server room is located; conversely, a non-native IP refers to an IP whose registration address does not match the location of the server room, which is commonly referred to as an IP that has been broadcasted.
Websites like Netflix and Spotify have high requirements for IPs (require native IPs), so please pay attention to your choice when purchasing airport services.
Some Software for Achieving Scientific Internet Access and Their Usage#
Some Preparations and Precautions#
⭕ This article mainly discusses the usage methods on Android and Windows. Please explore and learn for MacOS, iOS, and Linux systems on your own. (I only have Android and Windows devices)
⭕ The usage method of SSR software is similar to V2Ray, and the usage method of Surfboard software is similar to Clash. This article mainly discusses the usage methods of V2Ray series and Clash series software, and will not elaborate on others.
⭕ Please ensure that you have at least one airport subscription link before using the software.
⭕ If you cannot understand my tutorial, please climb explore on your own or visit V2ray Graphical Client Usage Tutorial.
⭕ Two free airport recommendations (Note: The speed and security of using free airports may not be guaranteed)
1. A public welfare program from Github-Freefq
2. iKuuu airport, 50G free traffic per month, more traffic can be obtained by signing in daily.
V2RayNG-Android#
1️⃣ Download the V2Ray software installation package from Github or Google Play. It is not recommended to install from other places to avoid downloading an outdated version of the software or encountering unnecessary risks.
2️⃣ Click the "≡" icon in the upper left corner of the software, click "Subscription Settings", then click the "+" icon in the upper right corner, add the subscription address from the airport, and click "√" to save after adding.
3️⃣ Return to the main interface of the software, click the "⋮" icon in the upper right corner, click "Update Subscription", and wait for the nodes to appear after refreshing.
4️⃣ Click the "⋮" icon in the upper right corner again, and click "Test All Configurations for True Connection" to test the node latency. A green "×××ms" represents the latency of that node, while a red "-1ms" indicates that the node is currently unavailable.
5️⃣ Select a node and start using it.
V2RayN-Windows#
1️⃣ Download the V2Ray-Core core program from Github and extract it to any directory.
2️⃣ Download the V2RayN graphical interface from Github and extract it to the directory where the core program is located.
3️⃣ Click V2RayN.exe to run it.
4️⃣ Click "Subscription" in the top menu bar of v2rayN - "Subscription Settings" - "Add", fill in the corresponding content in the remarks and address bar, and confirm.
5️⃣ Return to the main interface of the program, click "Subscription" - "Update Subscription" again.
6️⃣ Press "Ctrl" + "A" to select all nodes, right-click and click "Test Server True Connection Latency" to test the node latency.
7️⃣ Select a node on your own, right-click and click "Set as Active Server".
8️⃣ Find the v2rayN icon in the taskbar at the bottom right of the desktop, right-click - select "Enable Http Proxy", then right-click the v2rayN icon again - expand "Http Proxy Mode" - select "Enable Http Proxy and Automatically Configure Proxy Server (Global Mode)".
Clash-Android#
1️⃣ Download the Clash software installation package from Github or Google Play.
2️⃣ Click the "One-click Import Clash" button on the airport website or click the "Configuration" button in Clash to import the subscription link yourself. Click the 🔁 icon in the upper right corner to update the subscription link.
3️⃣ Return to the main interface, click the "Click to Start" button, and then click "Proxy". Click the ⚡ button in the upper right corner to test latency. "×××ms" represents the latency of that node, while "timeout" indicates that the node connection has timed out and is unavailable.
4️⃣ Select a node and start using it.
Clash-Windows#
1️⃣ Download the software installation package from Github and install it.
2️⃣ Click the "One-click Import Clash" button on the airport website or click the "Configuration" button in Clash to import the subscription link yourself. Click the 🔁 icon after configuration to update the subscription link.
3️⃣ Click "Proxy", then click the "WiFi" button in the upper right corner to test node latency. "×××ms" represents the latency of that node, while "timeout" indicates that the node connection has timed out and is unavailable.
4️⃣ Select a node, click the left "General", and turn on the switch after "System Proxy" to use it.
Advanced Software Usage and Problem Solving#
Advanced Usage#
Both V2Ray and Clash clients support optimizing encrypted nodes, bypassing mainland LAN addresses, per-application proxying, displaying speed, traffic detection, logging, and other functions. Please explore on your own.
Some Problem Solving#
This section only addresses problems I have encountered. If this article cannot solve your problems, Google PLZ. Before troubleshooting, please ensure that your basic settings are the same as those mentioned above and that you have successfully used the node service before.
⭕ V2Ray.exe has stopped working
When running V2Ray on Windows 7, you may encounter the prompt "V2Ray.exe has stopped working." Download NET Framework 4.7.2 to resolve this.
⭕ V2RayN shows "Node Update Failed"
Find the v2rayN icon in the taskbar at the bottom right of the desktop, right-click - "HTTP Proxy" - "Disable HTTP Proxy" and try updating the nodes again.
⭕ Accessing websites shows proxy errors after closing the software on Windows (taking Windows 10 as an example)
Open "Settings" - "Network and Internet" - "Proxy", and turn off the "Use a proxy server" button.
⭕ When starting V2RayN, a Privoxy Error Fatal Error: can't bind to 0.0.0.0:1081: (error number 0) pops up
This Zhihu article analyzes this very well.
⭕ Error "bind: An attempt was made to access a socket in a way forbidden by its access permissions."
This may be due to recent updates enhancing security policies on ports. Open Control Panel - Firewall - Advanced Settings - Outbound Rules - New - Port, add all UDP and TCP ports, and allow connections. Restart the computer.
⭕ Various other issues
Restart the software, restart the computer, search online, uninstall and reinstall. (16-character maxim)
Setting Up Your Own V2Ray Service#
First, you need to have your own server, using Debian, Ubuntu, or CentOS systems.
1) Install the Curl dependency package. Execute the command on Ubuntu/Debian:
apt-get update -y && apt-get install curl -y
Install the Curl dependency package. Execute the command on CentOS:
yum update -y && yum install curl -y
2) Install the V2Ray one-click installation script. Execute the command as follows:
bash <(curl -s -L https://git.io/v2ray.sh)
Just keep pressing the "Enter" key to install.
After installation, enter the command: v2ray to manage it.
If you are using CentOS, you need to manually open the port when setting up the V2Ray server. The command is as follows:
View the opened ports: firewall-cmd --list-ports
Open server port: firewall-cmd --zone=public --add-port=1688/tcp --permanent
Close server port: firewall-cmd --zone=public --remove-port=1688/tcp --permanent
Restart the firewall: firewall-cmd --reload
Conclusion#
Quoting a passage from a Zhihu article:
Inside and outside the wall, people outside want to rush in, while people inside want to escape. If you have no necessary needs, you can carry out all legal activities without bypassing restrictions, and all the information you want to know can be found, although it may not be so convenient. For example, a certain Baidu browser in China is often filled with junk and ads, and its information search capability is truly hard to comment on, but it is still usable.
If you are very interested in news, politics, the latest technology, etc., then the world outside the wall offers more choices and possibilities. You can learn and discuss with top professors from prestigious universities; you can find people around the world who share the same interests as you to communicate and experience the impact and excitement of cultural differences; you can also delve into the words of ordinary people and feel the real language and expression behind the news media. Of course, there will definitely be various problems and challenges, but in summary, you will have choices, more choices, and also more of your own thoughts.
We Choose To Go To The Moon.