Who is the target audience of this software and how does it work? Do non technical users set this up on a VPS provider and then connect to it?
I'd imagine most developers in China would just SSH tunnel their way out.
SSH dynamic port forwarding is no longer working for years. It is so easily picked up by GFW and minutes later it is gone together with the whole SSH connection. So does PPTP and L2TP VPN. GFW has been upgraded so many times for the past few years. The target audience is developers. The install is super simple via one line of `pip install`, the start code for daemon is also one line with the configuration inline or through <10 lines of json. On the client side the author and other contributors developed native clients that allow connection by supplying just 1 password and 1 server address. Super simple and highly reliable to this day.
@olalonde GFW is known to tighten the control on national holidays or any event they see fit. The day after Tianjin explosion, IKEV2 stopped working for 1 day on my network (I was in Beijing). PPTP from time to time suffer the same issue though I couldn't say when. Also check your ip location, I found out one provider was having reliable PPTP connection about a week ago, and it turned out they were just relaying traffic in a data center in China. Those traffic are not blocked by GFW as long as it is domestic and I could only imagine that data center simply forwarded the traffic onward using other means.
I believe that the traffic patterns (up/down request amount and timing) will still look sufficiently different from a 'normal' https connection to be detected and cut off within an hour.
SSH tunnel is just too easy for the GFW to detect, it's so unstable that you cannot even browse the web with it.
Yes, setting up a VPS provider would be the most common way. There are Shadowsocks implementations that supports multiple users so that more than one person can use it simultaneously. There are also commercial solutions for Shadowsocks that you can just purchase an account instead of setting up your own server.
SSH still work, but it's not designed to give a high throughput, so ideally one would not want to watch a youtube clip over SSH. And DPI can identify and kill SSH session when there are too much traffic happening over it (ie. no obfuscation is taking place to hide SSH traffic)
