Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shadowsocks blocked in Iran? #142

Open
WinkVPN opened this issue Oct 21, 2022 · 9 comments
Open

Shadowsocks blocked in Iran? #142

WinkVPN opened this issue Oct 21, 2022 · 9 comments
Labels
Iran

Comments

@WinkVPN
Copy link

WinkVPN commented Oct 21, 2022

Will Shadowsocks be banned in Iran?
I'm planning to build a vpn app for users in Iran, but I'm not sure if Shadowsocks has been cracked.
@OnceUponATimeInAmerica
Copy link

OnceUponATimeInAmerica commented Oct 22, 2022
edited
Loading

Do not invest time in Shadowsocks! Yes, because it uses SSL (and not the latest version of TLS) it has a obvious wire signature and is easily blocked. In the recent upgraded wave of Internet censorship in Iran, most Shadowsocks servers stopped working.
I would advise going for something almost identical to HTTPS (from a browser) traffic on the wire. Trojan configs and vless v2ray configs are working OK.

@wkrp wkrp added the Iran label Oct 23, 2022
@wkrp
Copy link
Member

wkrp commented Oct 23, 2022

@WinkVPN I recommended taking a look at some of the other threads.

#138

The only requirement is to buy a cheap VPS that is outside of Iran and also accessible by your internet connection.
(you can talk or call with service providers before buying a VPS, to get an IP for ping testing their data center to know whether it's accessible or not)

#140 (comment)

If you have access to both a domestic server and a foreign server, you might try a domestic relay to a foreign Shadowsocks server.

My impression is that blocking has less to do with the Shadowsocks protocol, and more to do with IP address ranges.

@OnceUponATimeInAmerica Shadowsocks is not a TLS-based protocol. You may be thinking of something else.

@nonfdsaofd
Copy link

if the blocking technology in Iran is something similar to the great fire wall of China, then it can be blocked easily.

@OnceUponATimeInAmerica
Copy link

OnceUponATimeInAmerica commented Oct 23, 2022
edited
Loading

@OnceUponATimeInAmerica Shadowsocks is not a TLS-based protocol. You may be thinking of something else.

Yes. Shadowsocks uses the older SSL handshake (and NOT the newer TLS), as far as I know and recall. Do you mean no SSL handshakes are involved either?

@GibMeMyPacket
Copy link

GibMeMyPacket commented Oct 23, 2022
edited
Loading

My impression is that blocking has less to do with the Shadowsocks protocol, and more to do with IP address ranges.

I can simply say this is wrong.
Shadowsocks doesn't work, no matter what VPS or ISP, even if it work via a local CDN (i didn't tested it this way) then it still is all related to the Shadowsocks protocol.
I have tried many different ISP/Country and IPs, Encryptions, Websocket with TLS, QUIC and many more, it's just that Shadowsocks doesn't work. as simple as that.
Tried with the new uTLS option to HTTP2
Doesn't work.

@wkrp
Copy link
Member

wkrp commented Oct 24, 2022

Yes. Shadowsocks uses the older SSL handshake (and NOT the newer TLS), as far as I know and recall. Do you mean no SSL handshakes are involved either?

Shadowsocks is not based on SSL and it is not based on TLS. It is a custom protocol that is independent of SSL and TLS. You can see the protocol description here. There are other variations of Shadowsocks, but as far as I know, none of them use TLS.

It may be that there are software bundles that combine Shadowsocks functionality with other, non-Shadowsocks, TLS-based protocols; and with SIP003 plugins Shadowsocks can be wrapped in any other protocol; but I think when people talk about Shadowsocks being blocked, they are referring to the custom Shadowsocks cryptographic protocol running on TCP.

@gfw-report has a detailed report on the Shadowsocks protocol and how it was being probed by the Great Firewall:

@wkrp
Copy link
Member

wkrp commented Oct 24, 2022

Shadowsocks doesn't work, no matter what VPS or ISP, even if it work via a local CDN (i didn't tested it this way) then it still is all related to the Shadowsocks protocol.

@GibMeMyPacket I cannot dispute your lived experience. I only know what has been reported in other threads like #138 and #140. But the tests you describe are not, by themselves, enough to show that Shadowsocks specifically is being blocked. It could be that everything is blocked to certain IP ranges; that is, it could be that Shadowsocks is not being specially blocked, it is just one of many protocols included in a more general block. A careful test would try other protocols, in addition to Shadowsocks, to certain IP ranges: if the other protocols work, but Shadowsocks does not, that would be evidence that Shadowsocks is being targeted particularly for blocking. But if nothing works, it does not say much about the Shadowsocks in particular.

@GibMeMyPacket GibMeMyPacket mentioned this issue Oct 25, 2022
Open
@asimov1234
Copy link

@wkrp is this method still working in iran?

@wkrp
Copy link
Member

wkrp commented Mar 6, 2024

@wkrp is this method still working in iran?

I'm afraid I don't know.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Iran
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@nonfdsaofd @wkrp @OnceUponATimeInAmerica @GibMeMyPacket @WinkVPN @asimov1234